Trusting AI does not mean believing it is always right.
Trusting AI means knowing:
- what it can do,
- what it cannot do,
- when it must ask,
- what evidence it used,
- who approved the action,
- how to inspect what happened.
That is a very different kind of trust.
The bank analogy
A bank does not trust employees by giving everyone vault access.
It creates roles:
- teller,
- supervisor,
- auditor,
- fraud analyst,
- branch manager.
Each role can do different things. Some actions need approval. Some require evidence. Everything leaves a record.
AI agents need the same structure.
Five levels of authority
Use this simple ladder:
| Level | Plain English | Example |
|---|---|---|
| Look | AI reads or summarizes | ”Find the order” |
| Draft | AI prepares but does not send | ”Draft the email” |
| Ask outside | AI calls an external service | ”Check shipping status” |
| Act for user | AI does something on delegated authority | ”Schedule the meeting” |
| High-impact act | AI changes money, access, legal state, or sensitive data | ”Issue refund” |
In ContextOS, these are approval modes: read_only, local_write, network, delegated, and destructive.
Non-technical leaders can use this ladder in meetings. It makes risk concrete.
Ask: what should require a gate?
A gate is a moment where AI must pause and ask.
Gate examples:
| Situation | Why gate? |
|---|---|
| Money moves | Financial risk |
| Customer receives message | Relationship risk |
| Account access changes | Security risk |
| Employee data used | Privacy risk |
| Legal or compliance claim made | Regulatory risk |
| Ambiguous policy | Judgment risk |
| Missing evidence | Accuracy risk |
The gate is not a failure. It is part of the system.
What an approval should show
A useful approval request includes:
- proposed action,
- reason for action,
- evidence used,
- policy or rule,
- possible side effect,
- what happens if rejected,
- who is approving,
- final receipt.
Bad approval:
Approve refund?
Good approval:
Approve INR 9,000 refund for Order 123. Evidence: identity verified, order delivered late by 6 days, refund policy section 4.2 applies, amount exceeds self-serve threshold. If approved, payment system will issue refund once with idempotency key R-912.
The second version lets a human take responsibility.
Receipts matter
After AI does important work, it should leave a receipt.
ContextOS calls this a DecisionRecord.
A receipt answers:
| Receipt question | Why it matters |
|---|---|
| What work was requested? | Scope |
| What evidence was used? | Grounding |
| What tools were called? | Action trace |
| What policy applied? | Governance |
| Who approved? | Accountability |
| What changed? | Impact |
| Can we replay it? | Audit and learning |
If the system cannot produce a receipt, it should not perform important work.
Boundaries are not bureaucracy
Boundaries make AI useful.
Without boundaries, people either overtrust the system or refuse to use it.
With boundaries, people know:
- this AI can summarize but not send,
- this AI can draft but not approve,
- this AI can recommend but not execute,
- this AI can execute only under this threshold,
- this AI must escalate these cases.
Clear boundaries increase adoption because users understand the tool.
Trust checklist for business teams
Before launching AI into a workflow, ask:
- What can it read?
- What can it draft?
- What can it send or change?
- What requires approval?
- What evidence is mandatory?
- What must it refuse?
- What receipt does it leave?
- Who reviews mistakes?
- How can we stop or roll back the system?
These questions are enough to find most hidden risks.
Common misunderstanding
People often think the choice is:
Fully automate or do nothing.
The better choice is:
Decide which parts can be assisted, drafted, delegated, or gated.
Most good AI systems start by helping humans do better work. They earn more authority over time.