How much do you trust AI agents?

The distinction I keep coming back to is read vs. write access, and reversible vs. irreversible actions.

I'm comfortable letting AI read almost anything — it needs context to be useful. What I'm careful about is what it can do with that context. Reading a medical bill is fine. Autonomously disputing a claim on my behalf is a different matter.

Building in the document space, I've landed on a model where AI suggests and humans confirm — every action is a one-click approval, never an autopilot. That's not a limitation, it's actually the right UX: the AI does the cognitive work of reading and understanding, and I stay in control of what happens next.

The trust question isn't really about AI — it's about the design of the human-AI loop. In anything I build, the AI does the cognitive heavy lifting: reading, understanding, extracting meaning. But nothing happens until I say so. Suggestion without action is a very different thing from autonomy.

human in loop would be better idea, where human reviewing/verifying steps of the agent and let agent do rest of the work

recently I wrote an article for CLI, and of course all scripts I checked on my computer. I used Claude for that purposes. But I checked it on my computer, and showed it to my friend, who is a specialist in that field. So I would say I'm using it daily, but I'm checking everything. It still does mistakes.

Great points, Nika. We’re definitely moving from AI as a "search box" to AI as a "manager," and that shift requires a much higher level of digital hygiene.

I agree that finances and biometric data are the biggest red lines right now. Even if the AI model itself is secure, the "agentic" nature means it is interacting with third-party APIs and tools, which creates more links in the chain where a security breach could happen.

Beyond what you mentioned, I’d add unsupervised legal or high-stakes decision-making. While AI is great at drafting, letting an agent execute a contract or file a legal document without a "human-in-the-loop" review is a massive liability.

The news about Sapiom is wild—funding the agents instead of the founders really highlights how much we’re starting to treat these entities as autonomous economic actors. It makes you wonder: if the agent makes a bad "investment" with those funds, who is ultimately accountable?

That is indeed a super interesting topic and important one..

I have to say I would start small and let an agent option to execute small tasks only at first and only with clear boundaries and guidelines.

I would first make sure that I have a way to log and track any change of course..

sensitive information I would still keep close to heart..

I don't. I am building a super nice set up with Claude Code and skills but with the human in the center. I decide what gets shipped, AI recommends.

I don’t have a background in coding, so I really, really wanted to hand over all the keys to the chat agent so he could set everything up himself. But every time, I held myself back because I’d heard scary stories about AI deleting entire projects. Maybe someday I’ll trust it. But for now, I’m setting everything up manually - it’s not that hard with the instructions.

I trust AI agents with execution, not with irreversible decisions.

Research, drafts, repetitive implementation, structured workflows? Yes.
Payments, legal commitments, private health data, confidential relationships? Not without hard boundaries.

Building in this space made me believe the winning products won’t be the most autonomous ones.
They’ll be the ones with the best trust model.

honestly same.

one thing I keep running into isn’t even autonomy risk.
It’s tiny structural failures in agent output. especially JSON that’s almost valid but breaks pipelines.

I ended up building a small fixer for that because I got tired of debugging commas and quotes from API / LLM responses all day.

curious if others here are still manually repairing those or just retrying generations?

I think trust is the wrong frame. I trust a calculator too but I still check the output before sending the invoice.

the way I think about it: agents get access to anything where the downside of a mistake is fixable. drafting emails, sourcing candidates, summarizing docs, scheduling. all fine. the blast radius of a bad output is low and you can catch it before it goes anywhere.

what they don't get: anything where a single wrong action is irreversible. moving money, sending legal docs, deleting data, communicating on my behalf without review. not because the AI is bad but because there's no undo button.

the Sapiom thing is interesting but "AI agents buying their own tools" sounds like a solution looking for a problem. if my agent needs a tool, I'll buy it. I don't need my agent to have a credit card.