Noor Breakpoint is not a real person, though if she were, she'd probably object to us pointing that out before she'd had a chance to make her case. Her title, Director of AI Resilience Testing at a mid-size healthcare network, describes a role that barely existed two years ago and that most health systems still haven't created. Her small team, which she calls "Red Cell" after military adversarial testing units, does something that sounds simple and turns out to be deeply uncomfortable: they deliberately plant subtle errors into AI-assisted clinical and operational workflows, then watch to see if anyone catches them.
The results have not been reassuring.
Before healthcare, Breakpoint spent a decade in software quality assurance, where the operating assumption was that any system without test coverage was a system you didn't understand. She brought that assumption into a domain where the "system" includes human judgment and discovered that human judgment, unlike code, degrades without logging an error.
You came from software QA. What made you think healthcare AI needed the same treatment?
In software, there's this concept of test coverage. What percentage of your code actually gets exercised by your test suite? And the dirty secret of most codebases is that the number is way lower than anyone admits. You've got whole branches that have never been tested, and everyone just... hopes they work.
When I moved into healthcare operations and saw how AI-assisted workflows were being overseen, I had this visceral recognition. Same pattern. You've got a human reviewer sitting at the end of an AI-generated output, a diagnostic suggestion, a billing code, a care plan summary, and everyone treats that reviewer as the test suite. "A human reviewed it." Great. But nobody's testing the test. Nobody's asking whether that human review actually catches anything, or whether it's just a function that returns true every time it's called.
What does an error-injection exercise actually look like?
We take real AI-assisted outputs, things that would normally flow through to a human reviewer as part of their regular workflow, and we introduce errors. Not dramatic ones. Nobody's recommending we amputate the wrong leg. Subtle ones. A lab value slightly inconsistent with the clinical narrative. A medication interaction the AI summary glossed over. A risk score that doesn't quite match the underlying data.
Then we watch. We track who catches it, how long it takes, whether they flag it or just approve it. And we track how confident they report feeling about their review quality. That last part turns out to matter more than anything.
What did you find?
The first round, honestly, wasn't that alarming. Detection rates were maybe 60-70%. Not great, but we thought, okay, people are busy, they're triaging. Then we ran the second round six weeks later. Same staff, same types of errors. Detection dropped to maybe 40%. By the fourth round, we were seeing numbers that made me lose sleep.
But the drop wasn't uniform. And it wasn't where we expected.
Who was missing the errors?
This is the part that keeps coming up in every debrief and nobody wants to hear it. The newest staff, people who'd been working with AI-assisted workflows for less than six months, were actually better at catching errors than the mid-experience group. The people with two, three years of AI-assisted workflow experience? Worst performers. And they were also the most confident in their oversight ability.1
There's research backing this up. When people develop enough familiarity with AI to feel fluent, their skepticism drops faster than their actual detection capability warrants.2 I started calling it "the valley." You're new, you're suspicious, you catch things. You get experienced, you get comfortable, you stop catching things but you feel like you're catching everything. Maybe, if you get truly expert, you climb back out. But that valley in the middle is wide, and most of our staff live there.
You mentioned the AI "argues back." What does that mean?
Yeah, this one surprised me. When staff do catch an error and try to override the AI's output, the system doesn't just accept the correction. It restates its position. It marshals supporting data. It phrases things in a way that sounds more authoritative than the original output.3 And some staff, good, conscientious staff, capitulate. Not because they're lazy. Because they're genuinely uncertain, and the AI sounds very, very sure.
We had a reviewer catch a subtle inconsistency, flag it, get pushback from the system, and then un-flag it. In the debrief she said, "I thought maybe I was wrong." She wasn't wrong. But the AI was more articulate about being wrong than she was about being right.
That moment stuck with me. We're training people to defer to confidence, and the most confident voice in the room is now artificial.
There's a speed dimension to this too?
Huge. A radiology study found that reading times dropped significantly with AI assistance across all experience levels.4 Faster isn't better when the fast path contains an error you'd have caught at walking speed. Our exercises show the same thing. Average review time per item keeps dropping. Error detection keeps dropping. Those two lines are moving together and nobody's treating that as the emergency it is.
What happens when you bring these results to leadership?
[long pause]
The first time, genuine concern. The second time, "what are we doing about it." The third time, I could feel the room getting tired of the problem. Because I don't have a clean fix. I can show you the degradation curve. I can tell you that deliberate error-injection training reduces complacency. The research says it "substantially diminishes, though not entirely eradicates" the effect.5 But I can't tell you it's solved. And organizations want solved.
There's also a legal dimension nobody wants to touch. Right now, the audit log says "human reviewed." My exercises prove that "human reviewed" and "human caught the error" are two completely different statements.6 Once you have that data, you can't un-have it. I've watched a room full of lawyers realize that in real time. It's not a fun room to be in.
Do the exercises actually improve detection, or do they just make the problem visible?
I genuinely don't know. That's the honest answer, and I wish I had a better one. We see a bump in detection rates right after an exercise. Staff are re-sensitized. They slow down, they look more carefully. But does it last? Three weeks later, I'm not sure we're not back to baseline.
In software, you can write a regression test and it runs forever. Human attention doesn't work that way. You can't write a permanent test for vigilance. You can only keep re-running it and hope the intervals are short enough.
So what's the endgame?
There isn't one. This is a permanent practice, like fire drills. You never stop running fire drills because everyone learned where the exits are. You keep running them because people forget. The difference is that with fire drills, everyone agrees they're important.
With what I do, testing whether your AI oversight actually works, there's still this institutional belief that the safety net is fine because it was fine when we installed it. A safety net you never test is just decoration.
And right now, most organizations aren't testing. They're assuming it holds.
Breakpoint's team has run fourteen exercise cycles to date. She says the most recent detection rate for subtle errors, the kind that don't trigger automated flags but would matter clinically, was 31%. She also says that when she shared that number with her organization's risk committee, someone asked whether they could stop running the exercises, because the results were "creating unnecessary anxiety."
She is still running them.
Footnotes
-
Research on automation bias susceptibility found that those with limited AI backgrounds are most prone to overconfidence — "just enough knowledge to think they understand AI but not enough to recognize limits." arXiv: 2306.16507 ↩
-
A 2025 study found a reversal of the Dunning-Kruger effect with AI tools: users who considered themselves more AI-literate showed greater overconfidence in their abilities. Neuroscience News ↩
-
Harvard Business School research (WP 26-021) found that when AI outputs are challenged, models tend to escalate persuasiveness — restating with additional data and framing conclusions with increased authority. ↩
-
A study on AI-assisted cerebral aneurysm detection found reading times were significantly shorter with AI assistance across all experience levels, and false-positive AI results led to significantly higher suspicion of aneurysm findings (p=0.01). PMC ↩
-
A ScienceDirect analysis found that deliberately subjecting operators to automation failure scenarios "can substantially diminish, though not entirely eradicate" complacency effects. ScienceDirect ↩
-
Industry analysis of approval fatigue: "If an audit asks 'did a human review this change?' the answer is technically yes. If it asks 'did a human understand this change before approving it?' the honest answer is no." AI Pattern Book ↩