I suppose owners will be motivated to have the thing do the driving (and so seek defeat devices and such), but at least the software can have "do nothing" as a safety mode if it manages to detect that the vehicle is not configured as expected.

And maybe the software can be designed to be coupled to a vehicle dynamics model that can be updated.