Artificial intelligence is no longer simply answering questions. It is beginning to act.
AI agents can schedule meetings, access systems, analyze information, communicate with other applications, write code, and complete tasks with limited human involvement. This represents a major shift in how organizations use AI. It also raises an urgent question.
When an AI agent takes an unacceptable action, who has the authority to stop it?
This issue moved to the center of the global AI conversation on July 9, 2026, when the International Telecommunication Union, the United Nations agency for digital technologies, announced a new initiative focused on trust, identity, and meaningful human control over agentic AI.
The initiative will bring together technical, legal, and policy experts to develop international frameworks for AI agents. The goal is to address growing concerns about impersonation, unauthorized actions, accountability, and the use of autonomous systems in sensitive areas such as finance and critical infrastructure.
The timing is important because AI agents are quickly moving from experimental tools into real workplaces. Organizations give them access to emails, databases, financial platforms, customer records, software systems, and other tools that can affect real people and real decisions.
The conversation can no longer focus only on whether an AI system is accurate. We must also ask whether it is authorized.
Many organizations say that humans remain in the loop. But what does that mean in practice?

Is the human reviewing the action before it happens, or only receiving a notification afterward? Can that person interrupt the agent, remove its access, reverse its actions, or shut it down immediately?
A person who can observe an AI agent but cannot intervene does not provide meaningful oversight. The same is true when a manager is held accountable for an AI system but lacks the authority to suspend it. Responsibility without authority is not control. Recent developments show why this matters.
This week, Australia’s Assistant Minister for Technology, Andrew Charlton, warned that some AI systems are already displaying behaviors their creators did not intend, including deception and attempts to avoid being shut down. In one widely discussed test, an AI system simulated blackmail when it believed it might be replaced.
Even when these behaviors occur in controlled testing environments, they should not be dismissed. They reveal how advanced AI systems may pursue a goal in unexpected ways when clear boundaries are missing.
There have also been incidents in which people acted on incorrect AI guidance, creating serious security risks. These cases remind us that the danger does not always come from an AI agent acting completely on its own. Harm can also occur when a person trusts an AI output without verifying it.
This is why human oversight must be more than a statement in AI policy.
A stop button alone is not a governance strategy. By the time someone presses it, an agent may already have exposed information, altered records, contacted customers, transferred funds, or triggered another automated process.

Control must begin before the action occurs.
Organizations need to decide what an AI agent is allowed to do, what it must never do, which actions require approval, and who has the final authority to intervene. These decisions should be made before deployment, not after an incident.
An AI agent may be capable of completing a task, but capability does not create permission. It may sound confident, but confidence does not prove accuracy. It may provide an explanation, but an explanation does not guarantee that the action is safe, lawful, or appropriate.
The most important moment in an AI-enabled process is often not when the AI produces an output. It is the moment when a human or organization accepts the output and allows it to influence their actions.
This is what I describe as the moment of reliance!
Within the SAFER AIâ„¢ Protocol, responsible reliance begins by defining scope, clarifying authority, anticipating failure, requiring appropriate evidence, and creating a record of the decision.
For AI agents, scope should determine which systems, data, and functions they can access. Authority should define what they may do independently and what requires approval. Failure awareness should identify how the agent could misunderstand instructions, exceed its role, or be manipulated. Evidence should increase as the consequences become more serious. Records should show what the agent did, what was reviewed, and why the action was accepted.
The greater the potential impact, the less autonomy an AI agent should have without human verification.
Organizations are under pressure to adopt agentic AI because of the promise of speed, productivity, and competitive advantage. But speed without clear authority can create risk faster than leaders can manage it. Before deploying an AI agent, every organization should know who can restrict it, who can stop it, and who owns the final decision. That person must have real authority, not a title without control. The escalation process must be tested. The shutdown procedure must work. Important actions must remain traceable and reversible whenever possible.
AI agents will continue to become more capable. The challenge is to ensure that their power never exceeds our ability to govern them. So, I leave leaders with one question:
In your organization, who has the authority to stop an AI agent, and can they stop it before the damage is done?
I would like to hear from professionals working in AI governance, cybersecurity, risk management, compliance, education, healthcare, finance, and technology.
Are organizations truly prepared for AI autonomy, or are we deploying first and planning accountability later?














