Agentic Autonomy Expansion Criteria
Define standardized criteria for incrementally widening an AI agent's autonomy thresholds after initial deployment, ensuring that autonomy expansions are deliberate, evidence-based, and approved through the same governance process as initial deployment.
Objective
Prevent autonomous capability creep by requiring that any expansion of an agent's decision authority, tool access, or approval-gate removal is governed by explicit criteria, a track record of safe operation, and documented approval.
Maturity Levels
Initial
Agent autonomy expands informally as engineers add tools or remove approval gates without a governance process. There is no tracking of autonomy changes over time.
Developing
Autonomy expansions require engineering approval but not governance review. Criteria for when expansion is appropriate are not defined.
Defined
A formal autonomy expansion policy defines the criteria for widening an agent's decision authority or tool access. Expansion requires evidence of safe operation over a defined period, a risk assessment of the proposed expansion, and sign-off from the AI governance function.
Managed
All autonomy expansions are logged in the agent deployment register. The governance function reviews the aggregate autonomy profile of the agent portfolio quarterly. Unauthorized expansions are flagged by the audit process.
Optimizing
Autonomy expansion criteria are quantified where possible (e.g., minimum 30 days of operation with zero Severity 1-2 incidents before approval gate removal). A graduated autonomy model defines predefined expansion tiers, each with specific criteria and sign-off requirements.
Evidence Requirements
What an auditor or assessor would expect to see for this control.
- —Documented autonomy expansion policy defining criteria for each category of expansion.
- —Autonomy expansion log for each agent, recording each expansion, the criteria met, and sign-off details.
- —Evidence of AI governance function sign-off for all expansions in the past 12 months.
Implementation Notes
Why autonomy creep is a distinct risk
Agents often start with conservative autonomy constraints that are loosened over time as they prove reliable. This is reasonable in principle but dangerous without governance structure. Each expansion is individually small but cumulatively significant. By the time an agent has had 10 small autonomy expansions, its operational profile may be materially different from what was approved at deployment — with no single expansion having triggered formal review.
Defining expansion criteria
For each category of autonomy expansion, define:
- Minimum operating period: How long must the agent operate at its current autonomy level before expansion is permitted? (30 days is a common baseline.)
- Incident threshold: What is the maximum number and severity of incidents permitted before expansion is disqualified? (Common: zero Severity 1-2 incidents in the operating period.)
- Human review rate: For agents with human approval gates, what fraction of decisions are being escalated? High escalation rates may indicate the agent is not ready for expanded autonomy.
- Audit log review: Has the audit log been reviewed and confirmed clean for the operating period?
Categories of autonomy expansion
- Tool access addition: Agent gains access to a new tool (new API, new database, new service).
- Permission scope expansion: Agent's existing tool access is widened (e.g., write permissions where it previously had read-only).
- Approval gate removal: A human approval step is removed for a category of action the agent previously had to route to a human.
- Rate limit increase: Agent is permitted to take more actions per unit time.
- Spend or impact threshold increase: Agent is permitted to authorize larger transactions or affect a larger scope of data.
Each category should have its own criteria, since the risk profile differs.
Graduated autonomy model
Consider defining predefined autonomy tiers (e.g., Tier 1 through Tier 4) with specific capability profiles for each tier. Agents are promoted through tiers rather than having ad hoc changes. Tier promotion requires meeting defined criteria and governance sign-off. This makes the expansion process predictable and auditable.
Example Implementation
Agentic Autonomy Expansion Criteria (excerpt)
Policy version: 1.0 | Approved by: AI Governance Committee | Effective: 2026-01-15
Expansion category: Approval gate removal
| Criterion | Requirement |
|---|---|
| Minimum operating period | 45 days at current autonomy level |
| Severity 1-2 incidents | Zero in the operating period |
| Severity 3 incidents | Fewer than 3 in the operating period, all closed with remediation |
| Human escalation rate | Below 5% of agent decisions in the past 30 days |
| Audit log review | Complete, reviewed by security function, no anomalies |
| Required sign-off | Technical owner + AI governance function + CISO (for agents with write access) |
Expansion log: Customer Refund Processing Agent
| Date | Expansion type | Previous state | New state | Criteria met | Approved by |
|---|---|---|---|---|---|
| 2026-03-01 | Approval gate removal | All refunds require human review | Refunds ≤$100 auto-approved | 60 days clean operation; 2.1% escalation rate | J. Reyes, C. Müller |
| 2026-05-15 | Spend threshold increase | Auto-approve ≤$100 | Auto-approve ≤$250 | 75 days clean operation; 1.8% escalation rate | J. Reyes, C. Müller, T. Okafor |
| 2026-06-01 | Tool access addition | CRM read, Payments write | + Loyalty API read | Risk assessment completed; new tool read-only | J. Reyes, C. Müller |