How much do you trust AI agents?

It cannot be trusted.

You can nuture your prompts, setup restrictions in the prompts - make sure you use the right cli tools to run the agents.

BUT. There will be a time where one of these links break. If it is AI going rougue - if it is the big companies building the cli tools autoupdating your tools to take over your computer/vps/infrastructure. It will happen.

So the only thing you can do is create os-restrictions for the AI to realm freely in. API-keys should be restricted, only allowing it to access what it is building on - and can be a sandboxed environment so it can only break e.g. the test-environment...

As someone building with AI agents every day (I run Aitinery, an AI travel planner), I'd say trust depends entirely on the domain and the guardrails you put in place. For low-stakes, creative tasks like planning a trip itinerary, I trust agents quite a lot — if the AI suggests a slightly wrong restaurant, no real harm done, and you can always adjust. For finances or health? Hard pass, at least for now. The real unlock for trust isn't making agents smarter — it's making them transparent. In our product, we show users exactly which data sources the AI used (Google Maps, real train schedules, verified reviews), so they can verify. When users understand WHY the agent made a recommendation, trust goes way up. The black box problem is the real enemy of trust, not the accuracy itself.

I only let them run very specific tasks, nothing too personal and certainly nothing health or finance related. On the one hand because I'm not convinced the tech is up to snuff yet, on the other hand and I'm not convinced I'm skilled enough myself to use them. Currently I don't even let my agents run anything unless I'm at my desk myself, so I can intervene immediately when necessary : )

I’m somewhere in the middle on this.

I’m very comfortable letting AI agents handle bounded, reversible work — things like drafting, sorting, research passes, even some light automation. Where I still draw a hard line is anywhere the blast radius is high if something goes wrong.

The three buckets I personally keep off-limits:

• anything that can move money without human confirmation

• long-lived identity or biometric data

• private communications that would be damaging if leaked or misrouted

In practice the question for me isn’t “do I trust AI?” it’s how tightly is the scope constrained and how observable is the system.

One thing I’ve noticed working around privacy-sensitive setups (I help out occasionally with a small infra shop called Hiderox) is that most problems don’t come from the model being “malicious” — they come from people giving agents too much ambient authority too early.

AI is great as a copilot inside guardrails.
I’m still cautious about handing it the keys to the house.

I trust AI agents for low-stakes help like summarizing, sorting info, or drafting a first pass. But if it’s spending money, touching private data, or acting on my behalf, I want clear visibility and an easy way to approve, pause, or undo actions.

This topic is close to my heart. I'm actually building a web-app (a visual management system) using agentic coding tools (what that one guy called vibe coding).

It's a bloody great app and I know I've built something incredible... that doesn't have AI integrated into it, at all.

Because it's built for physical operations, it will involve people adding sensitive data, like business data, personal data, actual locations.... and maybe I'm old school still but I don't think AI should be given default control over that stuff.

Using AI to build the underlying system is one thing (also I cannot wait to have a human team instead of just me and a bunch of LLMs etc), but asking it to input, store, manage and recall data that we need to stay the same (same data, same location, etc) from one moment to the next... NOPE. I don't even have plans to integrate AI even as an assistant.

honestly i think the trust issue comes down to scope. i trust ai way more when its doing one specific thing really well vs trying to be a general assistant that touches evrything. like i built speakeasy which uses ai to convert articles to audio - its just doing text to speech, nothing else. and astrologica generates daily horoscope podcasts from your birth chart - the ai only sees your chart data and makes audio from it. both are pretty narrow in scope so theres not much that can go wrong. but the idea of giving an ai agent full access to my email or bank account? absolutely not lol 😅 i think the best ai tools rn are the ones that stay in their lane

as someone building ai-powered products, my trust framework is basically: high trust for generation, low trust for decisions

i use ai (claude specifically) to generate content in astrologica (astrologica.app) — it creates personalised daily horoscope podcasts from your birth chart. the ai generates the script, but there's a human-designed pipeline around it: the prompts are carefully crafted, the output is structured, and the audio rendering is deterministic. the ai does the creative bit, the system constrains it

i also vibecoded most of the apps i've built (speakeasy, astrologica, wordplay) with claude. trust it for writing code i can review? absolutely. trust it to deploy code without me looking? not yet

the pattern i see working: ai does the heavy lifting on content generation and code writing, humans set the guardrails and make the judgment calls. the tools that respect this boundary are the ones i actually use daily

the products where ai just... does whatever with no structure? those are the ones i don't trust 🤷

Trust depends entirely on the failure cost. I am building an AI-powered data extraction tool, and here is how I think about it:

Low stakes, high trust: I let AI handle pattern recognition, data structuring, and repetitive extraction tasks. If it gets a field wrong, the cost is a re-run. The speed gain is enormous.

Medium stakes, verify: AI-generated code or API integrations get a human review before deployment. I trust the first draft but never the final output.

High stakes, no trust yet: Anything involving user billing, data deletion, or security decisions. The current generation of AI is confidently wrong often enough that unsupervised access to irreversible actions is a bad idea.

The real shift I have seen: AI agents are not replacing trust in humans. They are replacing tolerance for tedious work. I used to manually write CSS selectors and XPath queries for web scraping. Now AI handles that. Not because I trust it more -- because the task was never worth my attention in the first place.

The question is not "do you trust AI agents" but "which tasks were never worth your manual effort anyway?"

The mental model I use: trust scales with reversibility, not just sensitivity. Read-only tasks (research, summarize, draft) = high trust. Reversible writes (save a file, create a draft) = medium trust with a review step. Irreversible actions (send, delete, book, pay) = human confirmation required, always. The "sensitive data" framing misses the cases where the data isn't sensitive but the action can't be undone — a confidently wrong agent doing something permanent is the actual failure mode worth guarding against.