Confirm Before Acting

The most important safeguard for agentic AI systems is requiring explicit human confirmation before any consequential action. Consequential actions include: sending communications (emails, messages, posts), making purchases or financial transactions, modifying or deleting data, sharing information with third parties, accessing accounts or systems, installing software, running code.

The right flow looks like this: the AI prepares the action and presents it for your review. You see exactly what the AI is about to do. You read it. You verify it's appropriate. Then and only then do you approve it. The action doesn't happen without your explicit consent.

This applies especially during the early period of using any new agentic tool. Even if you eventually build confidence in a tool and adjust the confirmation requirements, start by requiring your approval for every significant action. This habit lets you identify if the agent is behaving unexpectedly — including behavior driven by prompt injection or other compromise.