--- title: Capability-Autonomy-Risk Triangle synced_from_vault: true vault_source: 03-living-docs/patterns/Capability-Autonomy-Risk-Triangle.md public: true type: pattern category: design-philosophy tags: - pattern - ai - agents - autonomy - risk - design created: 2026-05-16T00:00:00.000Z --- ## Core Concept For AI agents, you can optimize for **two of three**: capability, autonomy, risk. You cannot have all three. | | | | |-|-|-| | **High capability** + **High autonomy** | → | **High risk** | | **High capability** + **Low risk** | → | **Low autonomy** (human checkpoints, narrow scope, mandatory logging) | | **High autonomy** + **Low risk** | → | **Low capability** (the agent can't do much that matters) | This is the **"good / fast / cheap, pick two"** of the AI era. It's the planning framework for deploying agents inside organizations. --- ## The Logic - **Capability** is what the agent can do. More capable = larger blast radius if it goes wrong. - **Autonomy** is the latitude the agent has to act without human checkpoints. More autonomous = fewer chances to catch mistakes. - **Risk** is what the organization absorbs when the agent does something wrong, costly, or irreversible. A capable agent acting freely will *eventually* do something costly. A minimal agent acting freely is fine — but it doesn't move the needle. The only way to combine capability with safety is to **trade autonomy** for human/system checkpoints. > *"A highly autonomous agent incurs more risk for the organization the more capable it is. A minimal agent is able to act freely with little risk."* — Robbie McKinstry, DevGuide conference takeaway (May 2026). See source. --- ## How to Apply When deploying any AI agent (Claude Code, Codex, in-house agents, vendor agents), ask: 1. **What's the blast radius if it does the wrong thing?** (Estimates risk.) 2. **How capable does it need to be to deliver value here?** (Sets the capability target.) 3. **How much autonomy can I give it given (1) and (2)?** (Forces explicit autonomy choice rather than default-high.) Then choose the structural lever: | Goal | Lever | |------|-------| | Reduce risk without losing capability | Add checkpoints, narrow scope, mandatory logging, dry-run modes | | Increase autonomy without raising risk | Make the action reversible, sandbox it, or pre-commit to constraints (Autonomy-Through-Constraints) | | Raise capability without raising risk | Split the work — high-capability *plan*, low-autonomy *execute* ([Build-AI-Run-Deterministic](/patterns/build-ai-run-deterministic)) | **The triangle explains why "AI doesn't replace lawyers" reads wrong.** The right framing is: capability is already there; the question is how much autonomy a firm can stomach. Low-autonomy + high-capability AI (great research assistant) is shipping today. High-autonomy + high-capability AI (acts on the client's behalf) is gated by risk, not by model quality. --- ## Where I've Seen It - **Show Notes (CEO/CTO split):** Claude has high capability, low autonomy — Dave reviews and executes. The triangle is the design rationale, even before it had a name. See _index. - **WCP Cloud read-only SSH guardrail (May 2026):** Reducing autonomy (writes still require Dave's hands) while keeping read capability. Recently relaxed for read-only operations, writes still gated. 2026-05-11 Show Notes digest postmortem originated the explicit guardrail. - **DO AI adoption strategy:** High-capability tools (Claude, Cursor) deployed inside structured workflows (low operational autonomy) reduces org risk. The "AI defibrillator demo" (Defibrillator-Demo) is a capability proof; the workflow constraints (pipeline skills, code review, prod boundaries) are the autonomy throttle. - **Pipeline skills (Discovery → Architecture → Gameplan → Tests → Implementation → Review):** Each stage is a checkpoint. The agent has high capability *within* a stage but low autonomy *across* stages — the human decides when to advance. The triangle is the design pattern. - **Trabian's Mesh (May 9 demo):** Build-time AI capability, run-time deterministic execution. Same idea: split the triangle by phase ([Build-AI-Run-Deterministic](/patterns/build-ai-run-deterministic)). --- ## Related Patterns - Autonomy-Through-Constraints — the **structural lever** that lets you raise autonomy without raising risk. Constraints + mandatory logging = trust mechanism. Intent-based leadership applied to agent design. - [Augmentation-Over-Automation](/patterns/augmentation-over-automation) — operates in the **high-capability / low-autonomy** zone of the triangle. The "augmentation mindset" is implicitly accepting the trade-off. - [Build-AI-Run-Deterministic](/patterns/build-ai-run-deterministic) — **splits the triangle by phase.** High autonomy at build time (write the workflow, generate the spec). Low autonomy at runtime (deterministic execution). Lets you compose otherwise-incompatible corners of the triangle. - Context-Not-Control — context shapes **capability** without granting autonomy. A useful insight for keeping capability up while autonomy stays bounded. - [Personal-Minimums](/patterns/personal-minimums) — agent equivalent: establish autonomy ceiling when clear-headed; do not raise it under pressure. - [AI-Ready-Engineering](/patterns/ai-ready-engineering) — code health, TDD, supervisory workflows are the **substrate** that makes the high-capability / low-autonomy zone viable in the first place. Without the substrate, the trade-off collapses. - [Vibe-Coding-to-Agentic-Engineering](/patterns/vibe-coding-to-agentic-engineering) — the mature form of agent deployment that operates inside the triangle's safe corner. - Augmentation-Thesis — Engelbart/Kay heritage and the case for designing for human-machine handoff points (the autonomy lever). --- ## Cross-References