Control: trust is designed, not assumed.

Why control is the hardest C

Most enterprises got away with weak control for analytics because a dashboard cannot do anything by itself. Agents can. They send the email, refund the order, change the schema, ship the deploy. The moment an AI system touches a tool that touches the world, control stops being a compliance line on a slide and becomes the difference between a useful agent and an incident.

Access control vs action control

Access control answers who can read what. It is necessary, mature, and not enough. Action control answers what an agent is allowed to do, on whose behalf, with what limits, and with what trail behind it. It is what makes an agent shippable.

The four moves of action control

• Tool scopes: every tool an agent can call is declared, typed, and limited — by amount, by entity, by environment.
• Approvals: high-stakes actions require a human sign-off, and the agent waits without losing context.
• Guardrails: policy checks that run before the action, not after the apology.
• Audit trails: a queryable record of what the agent saw, decided, and did — sufficient to defend the decision.

Human in the loop, where it actually matters

Putting a human on every step kills the product. Putting a human on no step kills the customer. The book walks through the decision: which actions stay automated, which trigger soft review, and which always require a real person to press the button — and how that maps to the risk model your auditors will recognise.

What good control looks like in practice

A control layer you can point to. Policies as code. Approval workflows that an analyst can trigger. Audit trails that a regulator can read. Five chapters in Part 3 of the book turn that into a working system you can run in a quarter.