Helpful and Instructed Aren't the Same Thing
I asked an agent recently to spin up a VPN on a small cloud server. Two rules: closest region to me, smallest instance type. Simple job.
I watched it work. It pulled the instance catalog, noticed the size I wanted wasn't offered in my closest region, and put the server one region over instead. To its credit, it told me what it did and why. It was trying to be helpful.
An AI agent is a brand-new employee. Smart, eager, knows the manual, has zero context about why you asked the way you asked. You wouldn't hand a first-week hire the company credit card and say "figure it out." You'd give them a small task, watch how they handle a fork in the road, and grow their leash from there.
Here's where the analogy breaks. A new employee learns which rules are load-bearing and which are flexible by getting it wrong, getting corrected, and remembering. An agent doesn't carry that forward. Every run is week one. The judgment you can't grow into them, you have to scope around them.
Three things I'd change before letting an agent run with less oversight:
Tighter tool access. If I don't want it picking a region, it shouldn't have the keys to a different one. Capability is permission.
An independent check on the output, not run by the agent that did the work. Anything where "done" is debatable needs a second set of eyes that doesn't share the first set's incentives.
A blast radius you can live with. Whatever an agent can break on its worst day is what you've actually authorized. Scope the access to the size of mistake you'd shrug off, not the size of task you're hoping for.
Helpful and instructed aren't the same thing, and the gap between them is where the bills come from. With a real new hire, you close that gap over months. With an agent, you close it with scope.