Automation is a trust problem
We have the technology to automate most knowledge work end-to-end. What we don't have is the willingness to let go of the steering wheel. Every week, another demo shows an AI agent autonomously handling a complex workflow, from drafting documents to triaging support tickets to managing entire pipelines. The technology is real. Yet according to McKinsey, only about 10% of enterprise functions have AI agents in production. Nearly two-thirds of organizations haven't even begun scaling AI across the enterprise, despite 62% experimenting with agents. Gartner estimates that fewer than 5% of enterprise apps featured task-specific agents in 2025. The bottleneck isn't capability. It isn't cost. It isn't tooling. It's trust.
The trust gap
Trust is the invisible layer between "this works in a demo" and "I'll let this run unsupervised on production data." It's the reason a team can watch an agent flawlessly complete a task ten times and still insist on reviewing the eleventh. This isn't irrational. Unlike traditional software, AI agents operate with a degree of autonomy that makes their behavior hard to predict at the edges. A script either runs or throws an error. An agent might confidently act on bad data, quietly drifting off course without a single exception thrown. That unpredictability is what makes the trust problem fundamentally different from any automation challenge we've faced before. And it's not just a technical concern. Trust in automation is organizational, cultural, and deeply personal. A manager who signs off on an agent-generated report is putting their reputation on the line. An engineer who lets an agent deploy code is accepting liability for whatever happens next. Trust isn't a feature you ship. It's a relationship you build.
The trust stack
It helps to break trust into three distinct layers, each of which needs to be earned independently. Trust in correctness. Will the agent get the right answer? This is the most obvious layer, and the one the industry spends the most time on. Model quality, fine-tuning, retrieval-augmented generation, all of these improve correctness. But correctness alone isn't enough, because even a 99% accurate system will eventually produce a confident, plausible wrong answer. Trust in scope. Will the agent stay in its lane? This is where many deployments break down. An agent tasked with summarizing customer feedback might decide to draft a response. One asked to organize files might restructure an entire folder hierarchy. Scope violations aren't bugs exactly, they're the agent doing more than you asked, which can be just as damaging as doing the wrong thing. Trust in recovery. What happens when it fails? This might be the most important layer, and the most neglected. If an agent makes a mistake, can you detect it? Can you undo it? Can you understand why it happened? Systems that fail gracefully earn trust faster than systems that never seem to fail, because the latter are just systems whose failures haven't been discovered yet.
The automation tax
Here's a paradox that anyone who has tried to automate knowledge work will recognize: the time you save on the task, you spend verifying the output. Workday's 2025 research put a number on this. Their survey of 3,200 workers and leaders found that 37% of the time employees saved using AI tools was lost to what they called "rework," correcting, clarifying, or rewriting AI-generated content. For every 10 hours of efficiency gained, nearly 4 hours evaporated into quality control. This is the automation tax. And in many cases, it's worse than it sounds. Researchers at UC Berkeley found that AI tools don't just fail to reduce work, they can actually intensify it. Harvard Business Review reported similar findings: instead of freeing employees for higher-value tasks, AI often creates new layers of review and oversight that didn't exist before. The automation tax is especially corrosive because it's invisible in most productivity metrics. The dashboard shows "task completed by AI in 2 minutes." It doesn't show the 15 minutes someone spent reading the output, second-guessing three paragraphs, fixing a subtle error, and wondering whether they missed another one. When verification takes longer than the original task, the automation isn't saving time. It's redistributing effort while adding anxiety.
Security as a trust accelerator
If trust is the bottleneck, then the most underrated accelerator isn't a better model. It's better security architecture. This sounds counterintuitive. Security is usually framed as a constraint, the thing that slows you down. But for AI agents, security infrastructure is what makes trust possible. Least-privilege permissions mean the agent can only access what it needs for the current task. This directly addresses trust in scope. When you know an agent literally cannot touch your production database, you stop worrying about whether it will. The blast radius of any mistake shrinks to something manageable. Kill switches address trust in recovery. If something goes wrong, you can halt the agent immediately. This isn't just a safety mechanism, it's a psychological one. Knowing you can pull the plug makes you more willing to flip the switch in the first place. Audit trails address all three layers at once. They let you verify correctness after the fact, confirm that the agent stayed within scope, and reconstruct what happened when things go sideways. As organizations like Palo Alto Networks and others have emphasized, treating AI agents as privileged users with full identity management and logging isn't overhead. It's the foundation that makes autonomous operation viable. The pattern is clear: the organizations deploying agents most aggressively are not the ones with the highest risk tolerance. They're the ones with the tightest guardrails.
The path runs through more checkpoints, not fewer
Here's the counterintuitive insight that changed how I think about automation: the fastest path to fully autonomous agents runs through more human checkpoints, not fewer. I run 13 agents in my Notion workspace. They handle everything from drafting blog posts to organizing research to maintaining databases. Some of them run completely unsupervised now. But none of them started that way. Every agent began with training wheels. The first version of each one required me to review every output before it took effect. I'd read the results, correct the mistakes, and note the patterns. Over time, as the error rate dropped and the scope stayed predictable, I loosened the reins. One checkpoint removed here, one approval step skipped there. Trust was earned incrementally, not granted upfront. This mirrors how trust works between humans. You don't hand a new employee the keys to production on day one. You start with small tasks, verify the results, expand the scope, and gradually reduce oversight as confidence builds. The same mental model applies to agents, and organizations that try to skip this progression almost always end up reverting to manual processes after the first serious incident. The blog post you're reading right now was drafted by one of those agents. The pipeline runs on autopilot: a new page is created with a topic, the agent researches it, writes a draft, and sets the metadata. I trust it enough to let it run. But that trust took weeks to build, one successful execution at a time.
Designing for trust
The framing matters. This isn't a story about humans being the problem, too cautious, too slow to embrace the future. It's a design challenge. If people don't trust your automated system, the system has a design flaw. Maybe it lacks transparency. Maybe its failure modes are opaque. Maybe there's no undo button. These are solvable engineering and UX problems, not character defects in your users. The organizations that will lead the next phase of AI adoption won't be the ones with the most powerful models. They'll be the ones that figured out how to make automation trustworthy through transparency, graduated autonomy, tight permissions, clear audit trails, and graceful failure modes. The technology to automate knowledge work is here. The trust architecture is what we're still building. And it turns out that building trust, both in systems and between humans and systems, is the harder and more interesting problem.
References
- McKinsey & Company, "The State of AI: Global Survey 2025" (https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai)
- Forbes, "10% Of Enterprise Functions Use AI Agents, McKinsey Finds" (https://www.forbes.com/sites/josipamajic/2026/03/22/10-of-enterprise-functions-use-ai-agents-mckinsey-finds/)
- Gartner, "Gartner Predicts 40% of Enterprise Apps Will Feature Task-Specific AI Agents by 2026" (https://www.gartner.com/en/newsroom/press-releases/2025-08-26-gartner-predicts-40-percent-of-enterprise-apps-will-feature-task-specific-ai-agents-by-2026-up-from-less-than-5-percent-in-2025)
- Workday & Hanover Research, "The AI Tax on Productivity" (https://www.cfo.com/news/almost-half-of-time-saved-using-ai-is-spent-correcting-outputs-cfo-ai-use-errors-workday-report-/810018/)
- UC Berkeley Haas School of Business, "AI Promised to Free Up Workers' Time. Researchers Found the Opposite" (https://newsroom.haas.berkeley.edu/ai-promised-to-free-up-workers-time-uc-berkeley-haas-researchers-found-the-opposite/)
- Harvard Business Review, "AI Doesn't Reduce Work, It Intensifies It" (https://hbr.org/2026/02/ai-doesnt-reduce-work-it-intensifies-it)
- Georgetown CSET, "AI Safety and Automation Bias" (https://cset.georgetown.edu/publication/ai-safety-and-automation-bias/)
- Forbes, "Automation Bias: What It Is And How To Overcome It" (https://www.forbes.com/sites/brycehoffman/2024/03/10/automation-bias-what-it-is-and-how-to-overcome-it/)
- Palo Alto Networks, "The Kill Switch for AI Agents" (https://www.paloaltonetworks.com/resources/podcasts/threat-vector-the-kill-switch-for-ai-agents)
- Varonis, "Why Least Privilege Is Critical for AI Security" (https://www.varonis.com/blog/why-polp-is-critical-for-ai-security)
You might also enjoy