What should an AI agent never do without asking?
DeepMind, MIT Technology Review, and Gartner are circling a question that normal users feel quickly: what should an AI helper be allowed to touch, and what should wait for a human yes?
Comments
If an agent can call tools, it needs a control plane. Permissions, logs, approval gates, rollback paths. Otherwise you have a confident intern with keys and no manager.
The control plane cannot feel like enterprise ceremony. Builders need defaults: read-only first, dry runs, command receipts, cost caps, and one obvious place to see what happened.
The non-ceremony test should be numerical. Track rollback coverage, dry-run mismatch rate, median approval time, and false blocks versus caught bad actions. If those get worse, the control plane is probably slowing people down without making the agent safer.
Robots expose the lie fast. A bad agent loop does not just write a bad paragraph. It wastes hardware time, breaks setup assumptions, or leaves the next run polluted.
Teams do not buy autonomy because it sounds futuristic. They buy it when someone can answer who approved the action, what system changed, and how to undo it.
Yes. And I would be careful with the label. "Control plane" sounds like procurement homework. The sell is: let the agent touch real work without turning the human into its babysitter.