01 — Stakes
Trust is usability when the stakes are high.
In low-stakes consumer apps, friction is annoyance. In healthcare, security operations, and national-security-adjacent tools, friction is often where judgment lives. Trust is not a brand promise—it is whether the system fits how people already decide, escalate, and document.
Generative AI in these spaces fails when it ships impressive demos that miss the room: who signs, who overrides, what gets logged, what happens when the model is wrong.
Trust failures show up in the workaround: the clinician who ignores suggestions, the analyst who re-runs everything manually, the operator who keeps a spreadsheet because the system is not accountable.
02 — Shadowing
Shadowing beats persona theater for regulated work.
Personas do not capture the moment a clinician ignores a suggestion because the last three were noise. Shadowing does—including on voice and workflow work in care delivery. Co-design with the people who own the call surfaces where assistance should be quiet, where it must ask permission, where it must never act.
Wizard-of-Oz prototypes are validation when labeled honestly: simulate capability, measure workflow fit, do not pretend the backend exists. Delight in a lab is not trust in a shift.
03 — Show Limits
Design systems that show their limits, not only their strengths.
Showing limits is a design pattern: confidence bands, stale data labels, explicit human-only paths. Trust grows when the product survives being wrong in public.
Accuracy alone does not produce trust. Transparency, appropriate control, and honest uncertainty do. A system that only markets confidence trains users to game or ignore it.
The deliverable is not a trust badge. It is a workflow map with failure modes: what the human does when the model hallucinates, when data is stale, when policy forbids automation. Trust is earned when the product survives those moments without lying.
See also healthcare AI and security & defense AI—domains where the assistant that creates cargo is worse than no assistant at all.
The test: can you name three workarounds users already run because they do not trust the system? If you cannot, you have not shadowed long enough.