SAIL 2.0

/

AI Policy & Safe experimentation (Plan)

/

Missing Autonomy-Level Classification

1.11

.

Missing Autonomy-Level Classification

sail
1.11
Risk

Missing Autonomy-Level Classification

Description

Agents lack a documented autonomy tier (e.g., supervised, semi-autonomous, fully autonomous) that drives the intensity of controls, oversight, and human-in-the-loop requirements.

Example

A fully autonomous agent with merge authority is deployed under the same control regime as a supervised summarization assistant, with no required human approval gates.

Assets Affected

AI Policy

AI Agent

Agent Config

Mitigation
  • Define agent autonomy tiers in policy
  • map control intensity (HITL, action authorization, sandboxing) to each tier
  • document and review tier classification per agent.
Standards Mapping
  • ISO: A.5.2, Clause 6.1.2
  • OWASP agentic: ASI10
  • EU AI Act: Art. 6, Art. 14
  • DASF: Agents-Core 13.7
  • AIUC-1: C001