Agents Are Not One Thing (jlmr.dev)

The concept of "agents" in artificial intelligence is evolving, with a significant distinction made between three archetypes: personal, team, and autonomous. Each type presents unique trust boundaries and requires distinct identity, audit, and credential management stories. The author illustrates the limitations of treating agents as a singular entity, emphasizing that personal agents, tailored to individuals and their data, can inadvertently restrict scalability and security when cast as multi-tenant. This is not just an operational oversight; it can lead to significant risks when the requirements shift, as the architecture demands early decisions for proper governance. The discussion underscores the importance of proper credentialing and authorization at each stage. For team agents, which operate on behalf of groups and share access to collective resources, relying on personal API keys is insufficient and can create accountability issues. Autonomous agents add another layer of complexity, necessitating precise mandates and task-scoped permissions to ensure that actions are auditable and safely executable on behalf of users. Ultimately, the article warns that the governance framework of AI agents must be chosen wisely from the outset, as errors at the personal level can escalate to catastrophic failures in more complex, autonomous scenarios.