The real risk with AI agents starts the moment they stop drafting and start acting

The real dividing line for AI agents isn't "simple vs. advanced." It's whether the agent only drafts, or actually acts. If it drafts an email, summarizes a file, or suggests a follow-up, the risk is mostly review quality. But once it sends under someone's name, updates a CRM, books something, changes a record, or posts publicly, the whole question changes — from "is the agent smart?" to "what can it do on its own, what needs a human yes, what should it never touch, and who's accountable when it acts wrong?" Most teams I've looked at are skipping that boring control layer entirely. The part I'm most interested in is drift. A workflow starts as "agent drafts, human approves." Then the human approves faster. Then faster. Then the approval is a rubber-stamp. Functionally, confirm became auto — but nobody ever decided that. I've seen this pattern show up in practice, not just in theory, and it's where I think a lot of real agent risk is going to appear. For the agents you're building or using — where do you draw the line between auto, confirm, and forbidden?