The Trust Ladder: how to onboard AI agents like new colleagues
In this article
What data should we let them access? What if the agent gets it wrong? What holds organisations back is rarely the technology — it's the uncertainty. Think of AI agents as new colleagues and extend their remit one rung at a time, along the Trust Ladder.
What data should we let them access? What if the agent gets it wrong? These are the questions that most often stop organisations from getting started with AI agents. What holds them back is rarely the technology — it's the uncertainty.
Like hiring someone new
An AI agent is like a star intern. Knowledgeable, quick-thinking, eager to help — but with no experience of how your business actually works.
No sensible manager gives an intern full authority on day one. You start with well-defined tasks. You let them show what they can do, then extend their responsibility one rung at a time.
The same logic works for AI agents. The question then isn't which agent should we build? It's what level of responsibility feels reasonable for us today?
What shapes the level of responsibility?
When deciding how much an AI agent should be allowed to do, there are four questions to ask:
- What data can the agent read, and where does it live? Public sources, internal documents, or operational data in your live systems?
- Can the agent change anything, or only read? Read-only is always safer.
- Who sees the output? Only your team, or is the agent part of a customer-facing process?
- How involved is a human in the decisions? Do you sign off on every decision, or does the agent act independently within set boundaries?
The Trust Ladder below combines these dimensions into four steps — from lowest risk to most independent agent.
The Trust Ladder: four steps
Step 1: Public data, internal use
The agent works with public or synthetic data — open sources or made-up test data — and only your team uses it. It reads, summarises, suggests — but accesses nothing sensitive. The risk is minimal, and you learn how agents actually behave.
Example: A competitor intelligence agent that tracks what your competitors are doing and flags changes worth watching.
Step 2: Protected internal data, internal use
Now the agent can read standardised internal documents — policies, process documentation, FAQs — and support employees across more of the organisation. It's still internal use, and the same GDPR rules and access controls that apply to any employee apply here too. The agent suggests answers or drafts, which a human reviews and approves before it goes anywhere.
Example: A proposal writer agent that drafts a first proposal from meeting notes and your own templates — the salesperson reviews and sends.
Step 3: Real data, read-only — in customer-facing processes
Here the agent steps into your live systems — CRM, finance, operations — and is put to work in processes that involve customers, suppliers or partners. The agent still can't change anything. It reads, analyses, flags — and a human decides what happens next in the business.
Example: A customer anomaly agent that analyses weekly sales data and flags customers whose buying patterns have dipped — the store manager decides how to follow up.
Step 4: Real data, the agent acts
The agent gets write access within clear boundaries. This isn't about giving up control — it's about moving it, from each decision to the framework around the agent. Boundaries can be spending limits, approved counterparties, automatic stop conditions, or specific exceptions that are always escalated to a human.
Example: An invoice agent that creates and sends invoices automatically from delivery data, within agreed rules.
What changes at each step
Here's what actually changes from step to step:
| Step | Data | Permissions | Reach | Your role |
|---|---|---|---|---|
| 1 | Public or synthetic data from open sources | Reads | Internal team | Reads and interprets |
| 2 | Protected internal documents | Reads & suggests | Multiple departments | Approves each response |
| 3 | Real operational data in your live systems | Reads & flags | Customer-facing processes | Makes decisions |
| 4 | Real operational data in your live systems | Writes & acts | Customer-facing processes | Sets the framework, oversees |
Common objections
"We need an AI strategy first."
You don't need an AI strategy to get started. Your first agent project often becomes the start of the strategy, not the result of it. It's hard to build a strategy around something you've never tried.
"What if it makes a mistake?"
That's why you start at step 1. And that's why there's still a human in the loop all the way through step 3. At the lower steps, mistakes are reversible — the agent suggests, you decide.
"We don't have the budget for it."
An agent at step 1 costs less than you think. Often less than a couple of meetings about whether to do it.
The core principle
Trust is built step by step. It's true of new colleagues. It's true of AI agents too. You don't need to know where you're going to take the first step — and the first step is usually less disruptive than it sounds.
Curious which rung you're on today? We'd be glad to talk it through.
