Instead of relying solely on human oversight, Bret Taylor advocates a layered "defense in depth" approach for AI safety. This involves using specialized "supervisor" AI models to monitor a primary agent's decisions in real-time, followed by more intensive AI analysis post-conversation to flag anomalies for efficient human review.
Related Insights
To avoid failure, launch AI agents with high human control and low agency, such as suggesting actions to an operator. As the agent proves reliable and you collect performance data, you can gradually increase its autonomy. This phased approach minimizes risk and builds user trust.
Frame AI independence like self-driving car levels: 'Human-in-the-loop' (AI as advisor), 'Human-on-the-loop' (AI acts with supervision), and 'Human-out-of-the-loop' (full autonomy). This tiered model allows organizations to match the level of AI independence to the specific risk of the task.
Purely agentic systems can be unpredictable. A hybrid approach, like OpenAI's Deep Research forcing a clarifying question, inserts a deterministic workflow step (a "speed bump") before unleashing the agent. This mitigates risk, reduces errors, and ensures alignment before costly computation.
Instead of building a single, monolithic AGI, the "Comprehensive AI Services" model suggests safety comes from creating a buffered ecosystem of specialized AIs. These agents can be superhuman within their domain (e.g., protein folding) but are fundamentally limited, preventing runaway, uncontrollable intelligence.
Avoid deploying AI directly into a fully autonomous role for critical applications. Instead, begin with a human-in-the-loop, advisory function. Only after the system has proven its reliability in a real-world environment should its autonomy be gradually increased, moving from supervised to unsupervised operation.
To improve the quality and accuracy of an AI agent's output, spawn multiple sub-agents with competing or adversarial roles. For example, a code review agent finds bugs, while several "auditor" agents check for false positives, resulting in a more reliable final analysis.
Most AI "defense in depth" systems fail because their layers are correlated, often using the same base model. A successful approach requires creating genuinely independent defensive components. Even if each layer is individually weak, their independence makes it combinatorially harder for an attacker to bypass them all.
Rather than relying on a single AI, an agentic system should use multiple, different AI models (e.g., auditor, tester, coder). By forcing these independent agents to agree, the system can catch malicious or erroneous behavior from a single misaligned model.
Fully autonomous AI agents are not yet viable in enterprises. Alloy Automation builds "semi-deterministic" agents that combine AI's reasoning with deterministic workflows, escalating to a human when confidence is low to ensure safety and compliance.
A comprehensive AI safety strategy mirrors modern cybersecurity, requiring multiple layers of protection. This includes external guardrails, static checks, and internal model instrumentation, which can be combined with system-level data (e.g., a user's refund history) to create complex, robust security rules.
