Capability-Autonomy-Risk Triangle
Core Concept
For AI agents, you can optimize for two of three: capability, autonomy, risk. You cannot have all three.
| High capability + High autonomy | → | High risk |
| High capability + Low risk | → | Low autonomy (human checkpoints, narrow scope, mandatory logging) |
| High autonomy + Low risk | → | Low capability (the agent can’t do much that matters) |
This is the “good / fast / cheap, pick two” of the AI era. It’s the planning framework for deploying agents inside organizations.
The Logic
- Capability is what the agent can do. More capable = larger blast radius if it goes wrong.
- Autonomy is the latitude the agent has to act without human checkpoints. More autonomous = fewer chances to catch mistakes.
- Risk is what the organization absorbs when the agent does something wrong, costly, or irreversible.
A capable agent acting freely will eventually do something costly. A minimal agent acting freely is fine — but it doesn’t move the needle. The only way to combine capability with safety is to trade autonomy for human/system checkpoints.
“A highly autonomous agent incurs more risk for the organization the more capable it is. A minimal agent is able to act freely with little risk.” — Robbie McKinstry, DevGuide conference takeaway (May 2026). See source.
How to Apply
When deploying any AI agent (Claude Code, Codex, in-house agents, vendor agents), ask:
- What’s the blast radius if it does the wrong thing? (Estimates risk.)
- How capable does it need to be to deliver value here? (Sets the capability target.)
- How much autonomy can I give it given (1) and (2)? (Forces explicit autonomy choice rather than default-high.)
Then choose the structural lever:
| Goal | Lever |
|---|---|
| Reduce risk without losing capability | Add checkpoints, narrow scope, mandatory logging, dry-run modes |
| Increase autonomy without raising risk | Make the action reversible, sandbox it, or pre-commit to constraints (Autonomy-Through-Constraints) |
| Raise capability without raising risk | Split the work — high-capability plan, low-autonomy execute (Build-AI-Run-Deterministic) |
The triangle explains why “AI doesn’t replace lawyers” reads wrong. The right framing is: capability is already there; the question is how much autonomy a firm can stomach. Low-autonomy + high-capability AI (great research assistant) is shipping today. High-autonomy + high-capability AI (acts on the client’s behalf) is gated by risk, not by model quality.
Where I’ve Seen It
- Show Notes (CEO/CTO split): Claude has high capability, low autonomy — Dave reviews and executes. The triangle is the design rationale, even before it had a name. See _index.
- WCP Cloud read-only SSH guardrail (May 2026): Reducing autonomy (writes still require Dave’s hands) while keeping read capability. Recently relaxed for read-only operations, writes still gated. 2026-05-11 Show Notes digest postmortem originated the explicit guardrail.
- DO AI adoption strategy: High-capability tools (Claude, Cursor) deployed inside structured workflows (low operational autonomy) reduces org risk. The “AI defibrillator demo” (Defibrillator-Demo) is a capability proof; the workflow constraints (pipeline skills, code review, prod boundaries) are the autonomy throttle.
- Pipeline skills (Discovery → Architecture → Gameplan → Tests → Implementation → Review): Each stage is a checkpoint. The agent has high capability within a stage but low autonomy across stages — the human decides when to advance. The triangle is the design pattern.
- Trabian’s Mesh (May 9 demo): Build-time AI capability, run-time deterministic execution. Same idea: split the triangle by phase (Build-AI-Run-Deterministic).
Related Patterns
- Autonomy-Through-Constraints — the structural lever that lets you raise autonomy without raising risk. Constraints + mandatory logging = trust mechanism. Intent-based leadership applied to agent design.
- Augmentation-Over-Automation — operates in the high-capability / low-autonomy zone of the triangle. The “augmentation mindset” is implicitly accepting the trade-off.
- Build-AI-Run-Deterministic — splits the triangle by phase. High autonomy at build time (write the workflow, generate the spec). Low autonomy at runtime (deterministic execution). Lets you compose otherwise-incompatible corners of the triangle.
- Context-Not-Control — context shapes capability without granting autonomy. A useful insight for keeping capability up while autonomy stays bounded.
- Personal-Minimums — agent equivalent: establish autonomy ceiling when clear-headed; do not raise it under pressure.
- AI-Ready-Engineering — code health, TDD, supervisory workflows are the substrate that makes the high-capability / low-autonomy zone viable in the first place. Without the substrate, the trade-off collapses.
- Vibe-Coding-to-Agentic-Engineering — the mature form of agent deployment that operates inside the triangle’s safe corner.
- Augmentation-Thesis — Engelbart/Kay heritage and the case for designing for human-machine handoff points (the autonomy lever).