Risk
Excessive Agency
An AI system can take actions that exceed its reliability, authorization, or oversight model.
agents authorization human approval
Exposure
Excessive Agency appears when an AI system can do more than the organization can safely observe, constrain, or reverse. Examples include sending messages, modifying records, purchasing services, deploying code, changing access, or escalating workflow decisions.
The risk is not autonomy by itself. The risk is autonomy granted before the system has bounded permissions, clear owners, approval gates, and evidence trails.
Signals
- The AI system can execute actions without separating recommendation from execution.
- Service accounts have broad permissions because least privilege was inconvenient.
- Human review exists only after the action has already happened.
- The rollback path is unclear or manual.
Failure pattern
Capability is mistaken for authority. The model may misunderstand context, follow hostile instructions, optimize the wrong objective, or produce a plausible plan that exceeds its mandate.
Related controls
- Start with read-only access where possible.
- Separate recommendation from execution.
- Require Human-in-the-Loop approval for high-impact actions.
- Use scoped service accounts and explicit action limits.
- Define rollback, notification, and post-action review requirements.