GPUJet Agent Permission Ladder
Give the agent only the next safe permission, not full autonomy.
The safest way to build AI agents is to move one permission level at a time. Do not jump from a private draft assistant to a public autonomous system. Each step needs stronger logs, limits, approvals and rollback.
| Permission step | What it can do | Required control | When to move up |
|---|---|---|---|
| 1. Observe | Read input, summarize, classify or explain. | No external action, no publishing, no sending. | When summaries and classifications are consistently useful. |
| 2. Draft | Create replies, outlines, posts, checklists or recommendations. | Human must review before anything is sent or published. | When drafts require only small edits. |
| 3. Suggest action | Recommend a next step, tool, reply, label or escalation. | Decision stays with the human. | When suggestions are accurate and low-risk. |
| 4. Prepare action | Prepare email, post, ticket update, file change or API request. | Approval required before execution; full log stored. | When approval logs show reliable behavior. |
| 5. Limited execute | Execute narrow, reversible actions inside strict limits. | Budget cap, rate limit, rollback, monitoring and alerts. | Only after production-style testing. |
| 6. Blocked | Money movement, destructive edits, account changes, private data exposure or public irreversible actions. | Do not allow for beginner agents. | Requires expert governance, audit and policy review. |
AI Agent Risk Levels
AI Agent Risk Levels is a GPUJet framework for deciding how much power an AI agent should have. The safest beginner path is not full autonomy. It is a gradual path from draft-only output to limited, logged and approval-based actions.
This page helps beginners understand when an AI agent is safe to test, when it needs human approval, and when it should not be connected to real systems yet.
The five AI agent risk levels
| Level | Name | What the agent can do | Beginner rule |
|---|---|---|---|
| Level 0 | Draft-only agent | Creates drafts, summaries, outlines, classifications or recommendations. | Best first step for almost every beginner project. |
| Level 1 | Suggestion agent | Suggests an action but does not execute it. | Safe for research, planning and decision support. |
| Level 2 | Approval-required agent | Can prepare an action, but a human must approve before execution. | Good for support replies, content drafts and internal workflows. |
| Level 3 | Limited autonomous agent | Can execute narrow, reversible actions inside clear limits. | Only after logging, testing, alerts and rollback exist. |
| Level 4 | High-risk agent | Can affect money, production data, accounts, public publishing or critical systems. | Not suitable for beginners without strict governance and expert review. |
Why risk levels matter
Many AI agent mistakes happen because the tool receives too much permission too early. A beginner agent that summarizes documents is very different from an agent that sends emails, edits WordPress posts, changes server files or connects to payment systems.
Risk levels make the setup easier to discuss. Instead of asking whether an agent is “safe” in general, ask what level it belongs to, what it can touch, what it can change, how it is logged and how quickly it can be disabled.
Recommended beginner path
- Start at Level 0 with draft-only output.
- Add logs for every input, tool call, output and approval result.
- Move to Level 1 when suggestions are accurate and useful.
- Move to Level 2 only when approval, rollback and cost limits exist.
- Avoid Level 3 and Level 4 until the workflow is tested and monitored.
Examples by use case
| Use case | Safe first level | Why |
|---|---|---|
| WordPress outline generator | Level 0 | It creates content drafts but does not publish. |
| Support reply assistant | Level 0 or Level 2 | It can draft replies, but sending should require approval. |
| OpenClaw test workflow | Level 0 | Safe testing should happen before connecting real accounts. |
| Cloud cost monitor | Level 1 | It can warn and suggest, but should not delete resources automatically at first. |
| Trading bot assistant | Level 0 or Level 1 | Analysis and alerts are safer than automated execution. |
GPUJet rule: the more real-world power an agent has, the more logging, approval, rollback and cost control it needs.
Continue learning
Next step
After choosing the risk level, run the go-live checklist.
Risk levels explain how much power an agent should have. The go-live checklist confirms whether the workflow is logged, limited, reversible and safe enough to use outside a private test.
Open Go-Live Checklist