Autonomy is not an on/off switch — it is a dial

The right question is not 'can I trust it?' It is 'for this task, at this step, with these consequences — where does the gate go?'

Read5 min read
Topicsautonomy · trust · delegation · risk
TL;DR

"Can I trust the agent?" is the wrong question. The right question: for this specific task, what is the reversibility, what are the stakes, and who absorbs the consequences if it is wrong? Those answers — not your general feeling about the agent — determine where the gate goes. Autonomy is not a switch. It is a position on a dial.

You are standing in front of a task. The agent is waiting.

And you are asking yourself: let it run straight through, or review each step? Which is better?

That question sounds reasonable. But the way you are framing it is binary — let go or hold on — when the reality is a gradient. That gradient is not calibrated by "how has the agent been doing lately." It is calibrated by three properties of the task itself.

01The problem with the binary question

"Can I trust the agent?"

Binary question → binary answer → release everything or gate everything
If you release: tasks that needed a gate do not have one → failure without warning
If you gate: tasks that did not need review still get reviewed → all the speed advantage is gone

"Where does this task need a gate?"

Specific question → analysis across three dimensions → gate placed correctly
Low-risk task → run free → maximum speed
High-risk task → gate at the right point → control without wasted time

Same agent, same capability level — but the framing of the question determines how much of its advantage you actually use.

The binary question feels safer. But it is actually less safe, because it answers the wrong layer: it asks about the agent, when what needs asking is about the task.

The same agent can be trusted completely to write unit tests with no review, and not trusted enough to push directly to a production database. Not because the agent is in two different states. Because those two tasks are completely different in reversibility and consequences.

02Three dimensions to calibrate autonomy

Before handing any task to the agent to run without a gate, answer three questions:

1. Reversibility — if it gets it wrong, how hard is it to fix?

A reversible task: deleting the wrong line in a code file → git revert in thirty seconds. A less reversible task: sending an email to a thousand customers → no undo. A non-reversible task: dropping a production database → you are already sweating.

High reversibility → you can give higher autonomy, because the cost of being wrong is low. Low reversibility → gate at the start, the middle, or both.

2. Stakes — what are the consequences of being wrong, and who absorbs them?

A broken test → you know in seconds, you fix it yourself. A wrong report sent to a client → they find out before you do, with additional recovery cost. A wrong architectural decision, fully implemented → you live with it for three months.

Stakes are not just about the magnitude of damage — but about who discovers it and when. A task that, if wrong, will be discovered by someone else always needs more gating than a task where you are the only one who absorbs it.

3. Chain length — will something or someone use this output next?

When the agent runs a standalone task, errors affect only that task. When the agent is step one in a chain — where its output becomes the next step's input — a small error at the beginning compounds through the sequence. By step three or four, you are debugging the consequences of a wrong assumption made at the start.

Long chain → gate at the handoff points, not at the end. Because by the end, you are seeing the result after the error has already multiplied.

03The actual words — three questions before you let it run

1
The reversibility question

"If it gets this wrong and I do not catch it immediately — how long to fix? Who needs to be involved? Can it be rolled back?" If the answer is "5 minutes, I do it myself" → high autonomy is fine. If the answer is "I'm not sure" → add a gate.

2
The stakes question

"Who is the first person to feel the consequences if this task goes wrong? When do they find out?" If that is you and you find out immediately → low risk. If that is someone else and they find out before you → mandatory gate.

3
The chain question

"Does anything or anyone use this output as input for the next step? If it is wrong at the start, how many times does the error multiply through the chain?" Short chain → gate at the end is fine. Long chain → gate at the handoff between steps.

Three questions, about thirty seconds each. Answer them once before delegating, and you save something that costs far more afterward.

04When autonomy grows but verification does not keep up

Signs autonomy has outpaced your verification
The agent is running multiple steps without checking inlong chain plus no mid-chain gate → if there is an error, you only find out at the end of the sequence
Output is going directly to others without passing through youyou have lost the last position where you could catch an error before consequences materialize
You cannot describe what the agent is doing at the current stepif you cannot name what it is processing right now, your visibility is narrower than the leash you have given it
You catch errors several steps after they occurredthe gate is not in the right place → errors travel farther than necessary before being caught

Autonomy has no natural ceiling — it expands to whatever level you are willing to give, not to the level that is actually safe. These signals are the string pulling taut.

05Letting go correctly is not letting go less

If this piece makes you want to gate more things as a default — it has communicated the wrong message.

The goal is not less autonomy for safety. The goal is optimized autonomy — letting low-risk tasks run as fast as possible, while high-risk tasks have exactly the right gate in exactly the right place.

A calibrated operator is not the one who verifies the most. It is the one who knows precisely what needs verifying, when, and to what depth — and spends zero additional time on the rest. That is the point where an agent can deliver a real speed advantage: not because you ignored the risk, but because you already knew exactly where the risk was before you started.

c
The author

Each story here wraps a lesson paid for in full.

craftagentsomeone building and learning at once

What are you building with agents? Want to trade notes, push back, or build something together — drop a line.

58pieces12clustersVI·ENbilingual

Get new pieces by email

Field notes on working with AI agents — occasional, no spam.