How much do you trust AI agents?
With the advent of clawdbots, it's as if we've all lost our inhibitions and "put our lives completely in their hands."
I'm all for delegating work, but not giving them too much personal/sensitive stuff to handle.
I certainly wouldn't trust something to the extent of providing:
access to personal finances and operations (maybe just setting aside an amount I'm willing to lose)
sensitive health and biometric information (can be easily misused)
confidential communication with key people (secret is secret)
Are there any tasks you wouldn't give AI agents or data you wouldn't allow them to access? What would that be?
Re. finances – Yesterday I read this news: Sapiom raises $15M to help AI agents buy their own tech tools – so this may be a new era when funds will go rather to Agents than to founders.
Replies
I completely agree with your point of view! I also strongly don't want AI to have access to too much sensitive personal information about me, especially financial information and details of some of my private accounts. In addition, I am not very confident about the information provided by AI. Although the Agent now has capabilities such as online search and RAG, it still may have illusions or fail to accurately interpret my needs, not providing me with accurate information, or even fabricating information to fulfill my requirements. I will not completely rely on AI for my very important papers and research in my work.
trust is the wrong unit. what matters is reversibility. an agent that drafts an email, fine. an agent that sends payment instructions, not without a second pair of eyes and an audit trail. i grade actions on two axes, blast radius and reversibility, and only the bottom-left quadrant runs without human approval. the failure mode i see most is teams giving agents broad tool access in week one because the demo is impressive, then walking it back after the first incident. easier to start narrow and earn surface area than to claw it back after something is wrong in production.
DCP
I don’t think agents should be trusted with direct sensitive access. They should get permissions, limits, and logs.
The areas I wouldn’t hand over raw access to are wallets/private keys, API keys with billing, inbox/DMs, health data, and anything involving identity or money movement.
The pattern I prefer is: agent asks → user/policy approves → vault signs or performs the scoped action → everything is logged and revocable.
This is the exact reason I’m building DCP, a local permission vault for agents. The agent can request access, but secrets stay encrypted locally, and the user keeps control.
Curious whether people would tolerate that approval flow, or if it feels too high-friction.