Part 3: Who Controls the Money (And Who Is Liable)?
Agents are no longer just “chatting.” They are transacting. Stripe payments, autonomous procurement, and automated cloud resource allocation are the new baseline. But the industry’s financial governance for agents is currently a blank page.
It is not enough to ask, “Can this agent call the payment API?” We’ve solved that. The real question is: “ Should this agent spend $50,000 on cloud compute at 2 AM without human escalation? ”
1. Financial Governance is Tool Call Parameter Governance
We must move beyond binary tool permissions toward parameter-level policies.
- The Old Way: “The agent has permission to use the Stripe Tool.”
- The AGT Way: “The agent can call the Stripe Tool, but the amount parameter cannot exceed $X, and the recipient must be on a pre-approved whitelist. Anything else triggers a hard block.”
In the Agent Governance Toolkit (AGT), cost is a first-class citizen. We prioritize deterministic caps (hard budget limits) first, using non-deterministic anomaly detection only as a secondary fallback.
2. Human-in-the-loop is a 2026 Fiction
The EU AI Act and global safety standards often mandate “human oversight.” But let’s look at the Manager’s Math:
AGT benchmarks show 47,000 governed actions per second across 1,000 concurrent agents. No human, no matter the team size, can “oversee” that in real-time. If you put a human in the hot path of an autonomous system, you aren’t governing; you’re bottlenecking.
The Evolution: We must move from Human-in-the-loop to Human-over-the-loop:
- Humans define the boundaries: We set the policies and constraints.
- Humans monitor the health: We build dashboards for system-wide SLOs.
- Humans investigate the anomalies: We respond to alerts, not individual actions.
This is the same maturation process we saw in infrastructure. We don’t approve every packet in a firewall; we set the rules and monitor the telemetry. Agent governance must follow the same path.
3. AGT as the Underwriting Layer for AI Insurance
Insurance giants like Munich Re, Armilla AI, and Coalition are entering the AI liability space. However, premiums remain volatile because they lack standardized governance telemetry.
AGT produces exactly what they need: Append-only, hash-chained, tamper-evident audit trails with full action attribution.
This isn’t just a log; it’s Underwriting Data. By showing insurance companies exactly how policies were enforced and how trust scores evolved over time, we build the necessary bridge between technical telemetry and actuarial models.
4. Who is Liable for the “Bug”?
When a coding agent ships a vulnerability, where does the buck stop?
- *The Developer who approved the PR? * Yes.
- *The Company that deployed the agent? * Yes.
- The Agent Framework? No. They provide tools, not decisions.
- The Toolkit? Only if the engine failed to enforce a set policy.
Liability follows the decision-maker, not the enforcement mechanism. This is why AGT puts policies outside the toolkit. The toolkit is the enforcement engine; the user is the policy author. Liability stays with the human who defines what “Safe” looks like.
What’s Next?
In Part 4, we face the supply chain. The next SolarWinds won’t be a library; it will be a malicious MCP Server. We’ll talk about the “Decision BOM” and how to trace the root cause of a failed agent decision.
Originally published at https://www.linkedin.com.
Top comments (0)