Software Design Catalog
Agentic AI
Back to Catalog
Agentic AI Safety & Control

Cost-Aware Action Delegation

Classify every agent action by risk/cost and route each tier to a different approval policy, bounding the autonomy surface per-action instead of by...

Intent & Description

🎯 Intent

Classify every agent action by risk/cost and route each tier to a different approval policy, bounding the autonomy surface per-action instead of by one global flag.

📋 Context

An agent has access to a mixed action surface: reading a file, calling a search API, sending an email, modifying a CRM record, refunding an order, terminating a cloud resource. A single ‘auto-approve everything’ flag treats sending an email the same as refunding $10,000. A single ‘require approval for everything’ flag turns the agent into a typing-assist tool.

💡 Solution

Tag every action with a risk tier (low / medium / high, or a richer scheme). Map each tier to an approval policy: low → auto-execute, medium → confirm with the user, high → require human reviewer with explicit sign-off. The tier can be conditional on parameters (refund > $1000 → high). The agent’s action surface is the union of permitted (tier, policy) pairs; the runtime enforces the policy independently of the agent’s reasoning. Make the classifier itself reviewable — actions and their tiers are configuration, not prompt content.

Real-world Use Case

  • The agent’s action surface spans actions of materially different blast radius.
  • Operators need an audit trail of what risk class each executed action was in.
  • Some actions are parameter-conditional and would be misclassified by a single tier per action.

Source

View Original Source →
Advantages
  • Autonomy decisions are per-action and per-parameter, not one switch.
  • Approval fatigue collapses for low-tier actions while high-tier risk gets attention.
  • Risk tier is auditable in traces; postmortems can ask why a high-tier action ran without sign-off.
Disadvantages
  • Tier assignment is a judgment call; misclassification (high marked as low) is a real attack surface.
  • Parameter-conditional tiers add complexity to the classifier and to traces.
  • Tier inflation — teams who get burned move actions up; over time the medium tier engulfs everything.
Previous
224 of 322
Next