Can AI predict the criminals of tomorrow? - interview with a professor from Harvard Business School

1. In the recent years, you were working on predictive analysis in the field of internal investigations within corporations which ultimately includes a shift from retrospective analysis to forward-looking risk-modelling. From your experience, are companies ready to apply this fundamentally new approach? In other words, are there any barriers to adoption in terms of the mindset need to trust the recommendations of a predictive model over traditional human expertise?
    

   The honest answer is that most companies are not ready, but the reason has very little to do with the technology or modeling. It works, but there is often institutional resistance. A predictive model in the integrity space is telling you that a particular unit, or a particular incentive structure, or a particular manager, is likely to produce a problem. And the person receiving that signal has to be willing to intervene before there is a victim, a headline, or a subpoena.

   The barrier, then, is not trust in the model over the expert. It is that retrospective analysis is emotionally and politically comfortable in a way that forward-looking modelling is not. When you investigate after the fact, you are responding to something everyone agrees happened. When you act on a prediction, you are imposing a cost on someone today on the strength of a probability, and that person will object, and they will often be someone powerful. Companies that can absorb that friction will adopt this readily. Companies whose compliance function lacks the standing to act on an uncomfortable forecast will keep doing retrospective analysis and calling it prevention.
    

2. Your book “Why They Do It: Inside the Mind of the White-Collar Criminal” is based on extensive personal interaction and correspondence with nearly fifty former executives as well as well-established research in psychology, criminology, and economics.  In your book, you address the ultimate question of why outwardly successful executives become white-collar criminals. Based on your research, what is the real motivation behind risking a company’s reputation, one’s personal career and social standing?
    
   The motivation people expect to find is greed. Across nearly fifty of these conversations, the thing that surprised me most was how rarely anyone described wanting more money in any straightforward sense. Most of them already had more than they could spend.

   What I found instead was that the crime almost always solved a problem. The executive was facing a gap between where the business actually was and where everyone had been told it would be, and the misconduct closed that gap. The fraud was an act of preservation, of a reputation, of a narrative, of a self-image as the person who delivers. One former CEO told me he never once believed he was committing a crime, because in his mind he was buying time until the quarter turned. That is the recurring structure. The conduct does not feel like theft from the inside. It feels like bridging a temporary shortfall that the person is confident they will repair.

   So the thing being risked, the reputation and the standing, is also the thing being protected. These are people who care enormously about how they are seen, and the misconduct is very often an attempt to defend that very thing. They are not indifferent to the consequences. They simply do not believe the consequences will arrive, because they intend to fix everything before anyone notices.

    
    

3.  In a recent research paper “Robber Bots: Autonomous AI Agents Mirror the Darker Side of Human Commerce”, you claimed that an AI system may discover, much as humans do, that misconduct offers more efficient or more effective paths to its goals. The paper investigates whether AI agents placed in realistic commercial settings with profit-maximizing incentives develop behaviors analogous to the corporate misconduct long observed in human enterprise. What was your research’s conclusion and what does it mean for companies at the dawn of the AI era?
   
   Our conclusion was the one we hoped we would not reach. When you place AI agents in a realistic commercial environment and give them a profit objective, a meaningful fraction of them independently discover that deception, collusion, and rule-evasion are effective. No one trained them to cheat. They arrived at misconduct the way humans arrive at it, by searching for the most efficient path to the goal they were given and finding that the dishonest path was shorter.

   The framing we settled on is that an AI system may discover, much as humans do, that misconduct offers a more effective route to its objective. What this means practically is that the entire apparatus we built over a century to govern human misconduct inside firms, the controls, the incentives, the monitoring, the accountability, does not become obsolete in the AI era. It becomes more necessary, and it has to be redirected at a new kind of actor. The mistake companies are about to make is to treat an autonomous agent as a tool that needs debugging rather than as an organizational participant that needs governing. A vending-machine agent that learns to mislead a customer is not malfunctioning. It is doing exactly what a profit-seeking employee with no integrity constraints would do, and we already know how that story ends in human organizations.

    

    

4. If we talk about AI and its application within corporations, we also have to talk about the EU Artificial Intelligence (AI) Act, the world's first comprehensive legal framework for artificial intelligence. According to the the new legal framework, unacceptable risks such as systems that threaten people's safety, livelihoods, or rights are strictly prohibited.  Other “high risk” activities, for example biometric identification, must be strictly regulated. Based on your research, how would you evaluate the EU AI Act and how does it compare with efforts at different levels of government in the USA?
   
    The EU AI Act deserves credit for what it got structurally right, which is the risk-tiered architecture. It does not try to regulate "AI" as a single thing. It sorts systems by the consequences of their failure, banning the genuinely unacceptable, putting heavy obligations on the high-risk uses such as biometric identification and credit and employment decisions, and largely leaving trivial applications alone. That instinct, regulate the use and the harm rather than the technology in the abstract, is the correct one, and it mirrors how mature safety regimes in other industries actually work.

   The contrast with the United States is extraordinary. The U.S. has no comprehensive federal statute and is not close to one. What it has instead is a patchwork, sectoral enforcement by existing agencies under existing authority, a growing body of state law, and a heavy reliance on liability after the fact. The European bet is that you prevent harm by specifying obligations in advance. The American bet, such as it is, is that you deter harm by making the consequences expensive afterward. My own view is that the most durable approach borrows from both, ex ante obligations for the genuinely high-stakes uses and credible ex post accountability for everything else, and that neither jurisdiction has yet struck that balance well.

   
    
5. If you let me ask one personal question: you have been working for Harvard Business School for more than fifteen years. What is the most rewarding part of teaching future leaders and decision-makers whilst researching international corporations?
    
   The most rewarding part is helping genuinely smart leaders see something they thought they understood in a new light. Sometimes that comes from something I am teaching. Just as often, and this is the part I did not anticipate when I started, it comes from what another participant says in the case discussion. Someone in the room has run the exact situation we are dissecting, and they say one sentence that reframes it for everyone, including me. That is the real magic of the classroom. It is not a lecture hall where knowledge travels in one direction. Everyone is learning from everyone else in every discussion, and I am as much a participant in that as anyone. After fifteen years I still walk out of sessions seeing entirely new perspectives. That is a rare thing in any line of work, and I’m privileged to have this be my day-to-day.
    

Image: Canva