The "trust ladder": how to gradually expand an agent's authority
· Avery NXR
When teams deploy a new agent, the most common debate is: how much authority should this agent have?
Too little → the agent is useless because every action requires human approval. Too much → the agent does scary things on day one because nobody trained it on the edge cases.
The right answer isn't fixed. It's a TRUST LADDER — the agent's authority gradually expands as evidence of reliability accumulates.
Here's how to build the trust ladder for any new agent.
The 5 rungs of the trust ladder
Rung 1: Observation only.
The agent runs in the background, processes inputs, but takes NO action. It generates outputs (drafts, classifications, recommendations) that go to a review queue. Nothing happens automatically.
Purpose: validate that the agent's outputs are good enough to consider before giving it any authority.
Duration: 1-2 weeks (or until 50-100 sample outputs reviewed).
What you measure: Output quality. Specifically: would you have agreed with the agent's recommendation on each input?
Rung 2: Drafts for human send.
The agent produces drafts (emails, responses, etc.) that go to a human reviewer. The reviewer can edit and send, or reject and re-draft.
Purpose: agent contributes value but a human controls every action.
Duration: 2-4 weeks (or until 200-500 drafts reviewed and most are approved with minimal editing).
What you measure: % of drafts approved with minimal edit, % rejected entirely, time saved on drafting vs. doing from scratch.
Rung 3: Autonomous for low-stakes, draft for high-stakes.
The agent makes its own decision and takes action on low-stakes cases (clearly within its competence). For higher-stakes cases, it still drafts for human review.
Purpose: agent absorbs the bulk of routine work. Humans focus on cases that need judgment.
Duration: 1-2 months (until 500-1,000 autonomous actions and a low rate of issues).
What you measure: error rate on autonomous decisions, frequency of human-overrides on the draft cases.
Rung 4: Autonomous for most, draft for edge cases.
The agent makes its own decision and takes action on most cases. Only the genuinely ambiguous or high-stakes cases get human review.
Purpose: agent is operating reliably at scale. Human attention is focused on the genuinely hard cases.
Duration: ongoing.
What you measure: error rate, edge case identification accuracy, audit ledger insights.
Rung 5: Autonomous with audit, periodic human spot-check.
The agent operates fully autonomously. Audit ledger captures everything. Humans periodically sample to catch drift.
Purpose: maximum agent leverage with appropriate ongoing oversight.
Duration: ongoing, indefinitely.
What you measure: periodic sample accuracy, audit ledger anomalies, downstream effects on customers/processes.
Why the ladder matters
Without the ladder, teams make one of two mistakes:
Mistake A: Skip to rung 4 immediately. "It's just an AI agent, what could go wrong?" Plenty. The agent does something bad on day 5. Team loses trust. Rolls back the deployment. Has to rebuild from scratch.
Mistake B: Get stuck on rung 1 indefinitely. "We need to be careful." So the agent runs in observation mode forever. Team never gets the leverage benefit. Eventually wonders why they bothered.
The ladder is the middle path. Gradual expansion of authority as evidence accumulates.
How long each rung takes
This varies by:
→ Stakes. Higher-stakes work justifies longer time at each rung. A support triage agent might progress faster than an outbound email agent.
→ Volume. Higher-volume work generates evidence faster. A 100-event/day agent climbs faster than a 5-event/day agent.
→ Risk tolerance. Conservative teams take longer. Aggressive teams climb faster (with more risk).
→ Detection capability. If you can detect errors quickly, you can move faster. If errors only surface weeks later, move slowly.
Rough guidelines:
→ Low-stakes, high-volume (e.g., classification): rung 1→2 in days, rung 2→3 in weeks, rung 3→4 in months → Medium-stakes, medium-volume (e.g., support drafting): rung 1→2 in weeks, rung 2→3 in months, rung 3→4 if ever → High-stakes, lower-volume (e.g., customer-facing communications): might stay on rung 2 indefinitely
There's no universal right answer. Match the ladder progression to your specific situation.
The mechanics
For each rung, here's what you actually configure:
Rung 1 (observation): Agent runs, output goes to a designated location (Slack channel, file, ticket queue). No external action taken. No emails sent. No CRM updates. Just observe-and-report.
Rung 2 (draft for send): Agent runs, output goes to a draft state. Human reviewer gets notified, can edit and send (or reject). Track which drafts get approved.
Rung 3 (autonomous low-stakes): Configure rules for which cases the agent can autonomously handle. Below confidence threshold → human review. Above confidence threshold → action. Track autonomous actions.
Rung 4 (autonomous most): Tighten the human-review threshold. Only the genuinely uncertain cases route to humans. Most actions are autonomous.
Rung 5 (autonomous with audit): Remove most human-review triggers. Keep audit ledger comprehensive. Schedule periodic spot-checks (weekly samples).
Avery NXR supports all five rungs via configuration. Confidence thresholds, conditional routing, audit ledger — these are the levers.
When to GO DOWN the ladder
The ladder isn't one-way. Sometimes you need to drop the agent back to a more restrictive rung:
→ After an error. If an autonomous agent does something wrong, drop to drafts-only while you investigate and fix.
→ After a context change. If the agent's environment changes (new products, new policies, new types of inputs), restart at a lower rung until the agent demonstrates fitness for the new context.
→ After staff changes. If the human responsible for reviewing the agent changes, drop a rung temporarily while the new reviewer builds trust.
→ After an audit finding. If an audit reveals patterns of concern, lower the rung and address the patterns before re-climbing.
Dropping the rung isn't failure. It's appropriate response to changed circumstances.
What the ladder enables organizationally
Teams that adopt the trust ladder explicitly tend to handle agent deployment more maturely:
Stakeholder conversations get easier. "We're deploying at rung 2" is clearer than "we're deploying an AI agent." Stakeholders understand the authority being granted.
Measurement is built in. Each rung has explicit metrics. Teams know when they're ready to climb.
Recovery is structured. When things go wrong, dropping a rung is a known move, not a panic response.
Trust grows visibly. The team SEES the agent earning more authority over time. Trust isn't abstract; it's grounded in observed behavior.
A specific example: Marcus (resume screening)
When we deployed Marcus internally:
Week 1 — Rung 1. Marcus processed resumes, scored them, posted recommendations to Slack. No interview invitations sent. Hiring manager reviewed each recommendation, sent invitations manually.
Week 2-3 — Rung 2. Marcus drafted personalized invitation emails for strong matches. Hiring manager reviewed each draft, edited if needed, sent.
Week 4-6 — Rung 3. Marcus autonomously sent invitations to candidates with score >8.5/10. Drafts for 6-8.5 range. Hiring manager handles the autonomous-sent invitations review post-hoc.
Month 2-3 — Rung 4. Marcus handles 95%+ of decisions autonomously. Only borderline cases flag for hiring manager. Hiring manager periodically reviews audit ledger.
Month 4+ — Rung 5. Marcus operates autonomously. Hiring manager spot-checks weekly via audit ledger.
This took ~3 months total. Each rung was earned with evidence. We've stayed on rung 5 for the past several months without issues.
When the ladder doesn't apply
Some agents shouldn't progress past rung 2:
→ Customer-facing communications that could harm relationships. → Anything affecting brand voice in public channels. → High-stakes decisions where errors aren't recoverable. → Workflows where the agent's input changes character frequently.
For these, drafts-with-human-review is the right permanent state. Don't try to climb the ladder where the work doesn't allow it.
The principle
Agent authority should be earned, not assumed. The trust ladder gives you a framework for earning it gradually.
Teams that skip the ladder make expensive mistakes. Teams that stick on the bottom rungs never get leverage. The ladder is the structured middle path.
For every new agent you deploy, ask: where on the ladder does this start? When will I evaluate readiness to climb? What's the trigger for dropping back if something goes wrong?
Answering those questions before deployment makes the deployment more likely to succeed.
→ avery.software — Free Desktop tier. The platform built for the trust ladder approach.