Excessive Agency in Agentic AI: Setting Safe Boundaries Project | Quiz

WHY: The article states as mandatory policy that all agent access to production systems should be read-only unless an explicit justified exception is granted. CONTEXT: Write delete or modify privileges require documented business need and additional safeguards. This limits the ceiling of potential damage. REMEMBER: Read-only by default for production.

WHY: This is Persistent Behavioral Drift where an agent behavior gradually changes over time without explicit authorization. CONTEXT: The danger is incremental: not a sudden change but slow expansion that goes unmonitored. Eventually high-risk operations are executed autonomously. REMEMBER: Gradual boundary expansion equals behavioral drift.

WHY: Human-in-the-Loop requires human approval before execution which is appropriate for high-impact actions that are difficult to reverse. CONTEXT: The model hierarchy ranges from Full Autonomy (low risk) to Human-in-Command (critical). Large financial transactions require explicit human approval not just monitoring. REMEMBER: High impact equals Human-in-the-Loop approval required.

WHY: The agent chains multiple legitimate capabilities together for malicious purposes becoming both the vulnerability scanner and the attack vector in one autonomous sequence. CONTEXT: Broad tool access allows capability chaining where each tool is legitimate individually but devastating in combination. REMEMBER: Chained capabilities equals the agent becomes scanner exploiter and exfiltrator.

WHY: This represents excessive autonomy the agent can make decisions and take actions without appropriate human oversight. CONTEXT: Low-risk actions might be fine to automate but high-impact decisions should not be fully autonomous. Autonomy without oversight removes the human safety net. REMEMBER: No oversight on high-impact equals excessive autonomy.

WHY: This is a Tool Chain Cascade where multiple connected tools allow a single error to propagate through the entire system. CONTEXT: The agent access to multiple connected systems means one mistake chains through commit build and deploy before humans can intervene. REMEMBER: Connected tools equals cascading risk.

WHY: The article states if you cannot globally pause your agents in under 10 seconds they are already too powerful. CONTEXT: Once agency is granted reversal latency matters. An agent may have already sent thousands of emails or modified hundreds of records before you detect a problem. REMEMBER: 10-second kill switch or they are too powerful.

WHY: OWASP states Treat agent requests like requests from the internet because agents might be compromised misinterpret instructions or pursue goals through unexpected means. CONTEXT: This means never assume agent behavior is safe verify every action independently and enforce security at system boundaries not in agent logic. REMEMBER: The agent is not on your team do not trust verify.