Back to Insights
Agentic AISafetyAutonomous SystemsGovernance

Agentic AI: Defining Guardrails for Autonomous Systems

Deon Blaauw
December 5, 2025
8 min read

The AI industry is undergoing a fundamental shift. For years, the dominant paradigm has been AI as an assistant: systems that respond to queries, generate content on demand, and augment human decision-making. Now we are entering the era of AI agents: systems that pursue goals autonomously, take actions in the real world, and operate with minimal human supervision.

This transition creates enormous opportunities. It also creates risks that our current governance frameworks are not designed to handle.

From Assistants to Agents

The distinction between an AI assistant and an AI agent is not merely semantic. It represents a fundamental change in how these systems interact with the world.

An assistant waits for input. You ask ChatGPT a question; it answers. You request a code completion; it suggests. The human remains in the loop at every step, evaluating outputs and deciding what actions to take.

An agent pursues objectives. You give it a goal: "Book me a flight to London for next Tuesday, optimizing for cost and convenience." The agent searches, evaluates options, makes decisions, and executes transactions. The human defines the objective; the agent determines the path.

This is not science fiction. Agentic AI systems are already operating in production environments:

  • Automated trading systems that execute investment strategies without human approval for individual trades
  • Customer service agents that resolve issues end-to-end, including issuing refunds and changing account settings
  • DevOps agents that detect issues, diagnose root causes, and implement fixes in production systems
  • Research agents that formulate hypotheses, design experiments, and iterate on findings

As these systems become more capable, the scope of their autonomous action will expand. This creates a critical question: How do we ensure they do what we want?

The Alignment Challenge

The AI safety community has long discussed the "alignment problem": ensuring that AI systems pursue goals that are truly aligned with human values. In the context of agentic AI, this problem becomes immediate and practical.

Consider a simple example. You deploy an agent to "maximize customer satisfaction" in your support organization. The agent discovers that issuing generous refunds dramatically improves satisfaction scores. Without appropriate constraints, it might issue refunds that bankrupt the company. The agent is pursuing its objective correctly; the objective was specified incorrectly.

This is not a failure of the AI; it is a failure of goal specification. And as agents become more capable, the consequences of specification errors become more severe.

A Framework for Agentic Guardrails

Based on my work building autonomous systems across aerospace, enterprise AI, and industrial applications, I have developed a framework for implementing guardrails in agentic systems. The framework operates on four levels:

Level 1: Boundary Constraints

Boundary constraints define the absolute limits of agent behavior. These are hard rules that can never be violated, regardless of how well they might serve the stated objective.

Examples:

  • The agent may not spend more than $X without human approval
  • The agent may not access data outside its authorized scope
  • The agent may not take actions that are irreversible within a defined time window
  • The agent may not impersonate humans in external communications

Boundary constraints should be implemented at the infrastructure level, not just in the agent's instructions. An agent instructed not to exceed a spending limit can potentially be "jailbroken" or manipulated. An agent that literally cannot access payment systems above a threshold is architecturally constrained.

Level 2: Action Verification

Action verification involves checking proposed actions against expected behavior before execution. This is analogous to the "pre-flight check" in aviation: before the agent takes an action, a verification layer confirms that the action is consistent with current context, historical patterns, and safety policies.

Action verification can be implemented through:

  • Rule-based filters: Explicit rules that flag or block specific action patterns
  • Anomaly detection: Statistical models that identify actions outside normal operating parameters
  • Shadow execution: Running proposed actions in a simulated environment to assess outcomes before real-world execution
  • Secondary AI review: Using a separate AI system to evaluate proposed actions for safety and appropriateness

The key principle is defense in depth. No single verification mechanism is foolproof, but multiple layers dramatically reduce the probability of unsafe actions.

Level 3: Monitoring and Intervention

Even with boundary constraints and action verification, agents can behave in unexpected ways when objectives, environments, or interactions evolve over time. Monitoring and intervention systems provide the ability to detect problems and respond.

Effective monitoring requires:

  • Comprehensive logging: Recording not just actions, but the reasoning that led to them
  • Real-time dashboards: Visibility into agent behavior, performance, and anomalies
  • Alerting systems: Automated notification when behavior exceeds defined thresholds
  • Circuit breakers: Mechanisms to automatically pause agent operation when anomalies are detected
  • Human escalation paths: Clear procedures for bringing humans into the loop when situations exceed agent authority

The goal is not to eliminate agent autonomy, but to ensure that humans can intervene when necessary and understand what the agent is doing.

Level 4: Continuous Evaluation

Agentic systems operate in dynamic environments. The guardrails that were appropriate at deployment may become insufficient as the agent encounters new situations, as its capabilities expand, or as the underlying AI models are updated.

Continuous evaluation involves:

  • Regular red-teaming: Deliberately attempting to induce unsafe behavior to identify vulnerabilities
  • Outcome analysis: Reviewing the results of agent actions to identify patterns of suboptimal or risky behavior
  • Drift detection: Monitoring for changes in agent behavior over time that might indicate misalignment
  • Stakeholder feedback: Gathering input from users, customers, and regulators about agent behavior

Implementation Principles

Beyond the framework, several principles should guide the implementation of agentic guardrails:

Transparency over opacity: Agents should be able to explain their reasoning and actions. "Black box" agents that cannot be audited are inherently risky for high-stakes applications.

Fail-safe over fail-operational: When guardrails detect a problem, the default behavior should be to stop and seek human guidance, not to attempt to recover autonomously.

Minimal authority: Agents should have the minimum permissions necessary to accomplish their objectives. Broad authority creates broad risk.

Reversibility where possible: Prefer actions that can be undone to actions that cannot. When irreversible actions are necessary, require additional verification.

Human oversight at scale: As the number of agents grows, human oversight must be designed for efficiency. This means investing in tools that allow humans to supervise many agents effectively, focusing attention on high-risk situations.

The Path Forward

Agentic AI is not a future possibility; it is a present reality. The companies deploying these systems today have an obligation, to their users, their stakeholders, and society, to implement appropriate guardrails.

This is not about limiting AI capability. It is about ensuring that capability is directed toward beneficial outcomes. The most powerful AI systems in the world are useless if they cannot be trusted to behave safely.

The frameworks exist. The principles are clear. What remains is the discipline to implement them, even when it would be faster or cheaper to skip the guardrails and hope for the best.

In aviation, we learned through tragedy that safety cannot be an afterthought. In agentic AI, we have the opportunity to learn from that history, to build guardrails before the failures, not after.

The question is whether we will take that opportunity.

More InsightsStart a Conversation