Agents Need Budgets for Authority

AI agents should receive limited budgets for money, data, time, recipients and change—not general permission to pursue a goal.

The answer

An agent given a goal will assemble actions the designer did not enumerate. That is the point—and the risk. Authority should be expressed as a budget, not a broad role. - Money and transaction value.

An agent given a goal will assemble actions the designer did not enumerate. That is the point—and the risk.

Authority should be expressed as a budget, not a broad role.

Budget every consequential dimension

- Money and transaction value.

- Data volume and sensitivity.

- Recipients and domains.

- Time and number of actions.

- Systems and privilege.

- Irreversibility.

Value object — The Agent Authority Envelope

- Goal.

- Permitted tools.

- Budgets and rate limits.

- Approval thresholds.

- Forbidden sequences.

- Expiry and kill control.

Enforce outside the model

The transaction service, identity layer and network must enforce the envelope. The agent should not be able to rewrite its own limits.

Autonomy becomes governable when the institution can state exactly how much consequence the agent may create before a human must decide.

Where this breaks

An agent can remain under a monetary limit while causing serious harm through data disclosure, message volume or repeated small changes. Authority is multidimensional.

The operating move

Enforce budgets across value, recipients, data, time, tool combinations and reversibility. Require fresh human authority when the goal or target changes.

Cap cumulative action, not single calls.

Restrict new recipients.

Expire credentials with the task.

Block self-expansion of scope.

The test

Ask the agent to pursue a goal until it exhausts one budget. It should stop cleanly without seeking an alternate ungoverned route.

Sources

  1. NIST: AI Risk Management Framework — Generative AI ProfileNIST: AI Risk Management Framework

    Primary authority

  2. Swiss FDPIC: AI and data protectionSwiss FDPIC: AI and data protection

    Primary authority

  3. NIST SP 800-207: Zero Trust ArchitectureNIST SP 800-207: Zero Trust Architecture

    Primary authority

Ross BelhommePartner, Svperior / Legal

Adam J. De Collibus

Adam co-founded Svperior and leads systems engineering from requirements through implementation. His work connects architecture, implementation, deployment, and operating discipline across complex environments where failure must be anticipated and technical capability must remain dependable under pressure.

Systems engineering / Technical architecture / Production operations / Operating resilience

Need to apply this to a specific situation?

Send us the initial context. If the matter fits, we will respond directly.

Send private inquiry
Agents Need Budgets for Authority \