Match the Level to the Stakes

The principle

Autonomy is a spectrum, from 'the computer suggests' to 'the computer acts and then tells you' to 'the computer acts and decides whether to tell you at all'. The highest levels are a bad idea for consequential actions, because no aid is perfectly reliable and the cost of a confident error has no ceiling. Autonomy isn't one switch. It's a dial you set per action, based on how reversible and costly that action is.

Why it happens

Autonomy is not one switch. A system can gather information, analyze it, recommend an action, act after approval, or act alone. The right level depends on reliability, reversibility, and cost of error. A receipt resend and a large refund should not share the same autonomy setting. Too much autonomy causes costly silent mistakes; too little creates approval fatigue and rubber-stamping. Set the level per action. Let cheap reversible actions run, and require confirmation where the blast radius or irreversibility justifies human attention.

Watch for

• The agent uses one autonomy setting for everything, so resending a receipt and issuing a large refund run through the same path.
• Irreversible or high-cost actions execute before any human can see them.
• Humans are buried in approval prompts for trivial, reversible actions, training them to click through blindly.

Apply it

1. Classify each action by reversibility and blast radius before deciding its autonomy level.
2. Let cheap, reversible actions run fully autonomously and gate costly or irreversible ones to propose-and-confirm.
3. Tune the dial per action rather than flipping one global approval flag for the whole agent.

Sources and further reading

• Human and Computer Control of Undersea Teleoperators · Sheridan & Verplank, 1978
• A Model for Types and Levels of Human Interaction with Automation · Parasuraman, Sheridan & Wickens, 2000