Kaitelos logoKAITELOS

Maintaining Authority Over Probabilistic Systems

February 23, 20269 min read

On building automation and agent workflows that stay aligned with human judgment, even when everything is uncertain.

We used to build things that either worked or didn’t. We were children of the binary, living in a world of doors that were either open or closed. The worst thing that could happen was that someone had locked one.

Now, more and more of what we build lives in the gray. We ask systems questions and they answer, not with certainty, but with a mathematically optimized shrug. We don’t get truth; we get distributions. Then we, fallible, distracted and under-caffeinated, have to stay “in charge” of all this.

In this new way of working, authority is not about knowing. It’s about owning decisions made under uncertainty.

And that, it turns out, is much harder.

The quiet horror of “the system will handle it”

Picture a small team in a glass-walled office, late at night, running on delivery apps and optimism. They’re wiring up an automation workflow for their operations: emails, approvals, API calls, some agents that intelligently route work.

Someone makes a suggestion, “We’ll just let the system handle that.”

You can feel the subtle permission granted in that sentence. The shoulders drop a little. The hard questions fade to a tasteful, muted gray. What is “that”? Edge cases. Ambiguities. Human lives intersecting with our software in ways we didn’t storyboard.

In a deterministic system, “the system will handle it” can sometimes be honest. If X, do Y. If the disk is full, we know to emit this error, on that screen, in whatever format. We can trace the path like a thread through a loom.

In a probabilistic system, like an agent deciding which customer message to escalate or whether to run a workflow or not, “the system will handle it” really means:

“We will not be present when this decision is made, and we would prefer not to think about it.”

This is where authority quietly slips away. Not with a coup, but with a series of small abdications.

Probabilistic systems are not oracles, they are co‑workers

We like to talk about “AI” as if it were a disembodied mind, shimmering above the org chart, dropping down answers like fortune cookies.

But a more honest picture is this: you've hired a brilliant, eccentric intern with infinite stamina, mild hallucinations, and an improv background.

You do not:

  • Hand them your production database credentials
  • Give them root access to your infrastructure
  • Let them email customers without review on day one

Instead, a more sane approach would be:

  • Start them in a small, supervised role
  • Define what “good work” looks like
  • Create feedback loops when they get things wrong
  • Expand their responsibilities as your trust becomes earned, not assumed

Maintaining authority over probabilistic systems is strangely similar. The system will never be “done learning”; it will only ever be less wrong than it used to be. Authority doesn’t mean “it never makes mistakes.” It means: “When it is wrong, it is wrong inside a fence I built on purpose.”

The measure of your authority is not how often the system is right, but how predictable its wrongness is, and how gracefully you can recover from it.

Three layers of control (and where they fail)

When we build agent systems and automation workflows, we tend to mix three distinct layers of control into an undifferentiated stew:

  • Policy: What we are allowed to do
  • Intent: What we are trying to do
  • Mechanism: How we are doing it

Probabilistic systems love to entangle these. A single model output may silently encode all three:

“Given everything I’ve seen, and your vague prompt about ‘keep customers happy’, and these 40 undocumented assumptions, I’ve decided to refund this order and send a heartfelt apology in your brand voice.”

If that goes badly (say we refunded a fraudulent order, or apologized for the wrong thing) where do we aim our blame? The model weights? The prompt? The product manager’s hand‑wavey notion of “delight”?

To maintain genuine authority, we have to force these layers apart in the design of our systems.

1. Policy: what will we absolutely not delegate?

Every serious automation or agent system should begin with a brutally clear list of non‑delegable decisions.

Not “things the model might be bad at,” but things that are, by their nature, moral or strategic enough that no amount of statistics can convert them into a purely technical problem.

Examples:

  • “We never deny a benefit without a human reviewing the case.”
  • “We never transfer more than $X without dual authorization.”
  • “We never alter legal or compliance language automatically.”

These are fences, not hints. You don’t “tell the model” about them and hope it behaves. You build system borders that cannot be crossed without a human key.

Without this layer, your authority is already gone. You’re asking a probabilistic engine to enforce values it cannot feel, only approximate.

2. Intent: can you say what the system is trying to do in one hard sentence?

The next layer is intent: what is this agent, this workflow, this orchestrator actually for? Not in the marketing sense (“streamlining operations at scale”), but in the grim, courtroom sense: “If this went badly and we had to explain it to someone who is angry and not impressed by your architecture diagram, what would we say this thing was trying to do?”

If you can’t express the intent in one hard, non‑decorative sentence, you are already drifting.

For example:

  • Weak intent: “The system helps agents respond to tickets more efficiently.”
  • Strong intent: “The system proposes draft responses for low‑risk, high‑volume tickets, but never sends without human approval.”

That “but never” clause is a small act of authority. It’s a hand still holding the leash.

When designing agent workflows, the danger is that we let the model’s capabilities define the intent: “Well, it can classify and summarize and generate and call tools, so let’s have it…do everything?”

Capability is not intent. A probabilistic system can do almost anything occasionally. That is not the same as being responsible for doing it.

3. Mechanism: how do we keep the system on a short leash?

Only after policy and intent are pinned down should we talk mechanism: tools, prompts, models, retrievers, orchestrators, queues, retries, all the little gears.

This is where “maintaining authority” can sound suspiciously boring, because it often means:

  • Narrowing the freedom of the model, not expanding it
  • Adding friction where everyone in the room wants “end‑to‑end automation”
  • Instrumenting decisions so thoroughly that you can later answer, with evidence, “Why did it do that?”

Some concrete patterns:

  • Guardrails as code, not vibes: Permissions, limits, and constraints should live in code and configuration, not in prompts that say “please be safe.”
  • Tight tool contracts: Tools the agent can call should have precise, typed inputs and outputs, with validations that can fail loudly.
  • Human checkpoints by design: Certain tool calls require explicit human approval, no matter how confident the model is. Confidence is not conscience.
  • Explainability hooks: Log not just what happened, but why the system thought it was a good idea—inputs, intermediate reasoning (where feasible), and key features.

Mechanism is where we admit a hard truth: a powerful probabilistic model, wired carelessly, will happily do the wrong thing with great fluency and apparent conviction.

Our job is to make it difficult for it to do the wrong thing, and easy for us to catch it when it does.

The emotional problem: we want to stop thinking

There is also, lurking under the architecture diagrams, a softer problem.

Humans are tired.

The promise of automation is not just “fewer clicks.” It is the fantasy that the hardest parts of the job can be handed off to something that does not feel the dread we do.

So when an agent says, with breezy confidence, “I’ve handled that for you,” we want to believe it. We want that belief so badly that we will often accept obviously fragile designs, just to avoid confronting the fact that no system can permanently relieve us of the burden of judgment.

Maintaining authority over probabilistic systems is, in part, an emotional discipline:

  • Refusing the comfort of abdication
  • Choosing to stay cognitively present at the points where it would feel so good to say, “Just let it run”
  • Designing our tools to force us to notice when decisions are sharp, irreversible, or ethically loaded

In other words, we must design not just for failure modes in code, but for failure modes in ourselves.

Building agent systems that keep you in the loop (for real, not in the slide deck)

Everyone claims their system is “human in the loop.” It’s become a decorative phrase, like “artisan” on a bag of potato chips.

But if you strip away the slogans, a genuine human‑in‑the‑loop agent system has at least these qualities:

  • Humans have veto power over irreversible actions. If the system can’t be stopped, you are not “in the loop”; you are in the audience.
  • Operators can understand decisions at the level they are accountable for. They don’t need to decode tensors, but they need a narrative: “We did X because Y seemed true given Z.”
  • The loop is fast enough that intervention is meaningful. If you only learn about mistakes in quarterly reports, you are not in a loop; you are reading an autopsy.
  • The system exposes uncertainty instead of hiding it. Confidence, alternative options, and known blind spots are made visible, not optimized away for aesthetic smoothness.

Notice how many dashboards, agent frameworks, and automation platforms fight against this. They sell you “hands‑off” when you actually need hands‑available, mind‑engaged.

How to know you’ve lost authority

Some quick diagnostics:

  • If you can’t answer “What is this system for?” in one sentence that includes at least one explicit limitation, you’ve ceded authority to the fog.
  • If no one on the team can explain, in plain language, when the system is not allowed to act, you’ve built a perpetual motion machine of blame.
  • If your logs can tell you that something happened but not why, you’ve turned your own product into a mystery novel you’re too tired to finish.
  • If the person on call feels more like a spectator than an operator, authority has quietly migrated into the code, where no one can quite reach it.

Authority is not a title, or an org chart box. It’s the lived ability to say, with evidence: “We chose this. We knew it might go wrong this way. And here is how we will change it now that it has.”

A modest standard for authority

Let’s set aside the fantasy of perfect control. Probabilistic systems will surprise us. Agents will improvise. Maybe the standard we should aim for is simpler:

  • We know what the system is trying to do.
  • We know what it is never allowed to do.
  • We can see, after the fact, why it did what it did.
  • When it hurts someone, a human being can stand up and say, “That was on us,” and then change the system so that particular hurt becomes far less likely.

That is not omniscience. It is not safety in the absolute sense.

But it is authority: the willingness to remain morally and practically answerable for choices made in our name, even when those choices were made by software operating in the gray.