The 5 Laws of AI Harness

Foundational, non-negotiable principles. Each law is independently violatable — a specific architectural decision can breach each one individually.

Law 1: Agents Are Identities, Not Tools

An autonomous agent that reasons, plans, and executes across systems is an operational identity.

It must be provisioned, credentialed, scoped, and revoked with the same rigor applied to human identities — and with stricter constraints appropriate to its autonomy. Just as Least Privilege limits what a user can access, Least Agency limits what an agent can decide and act on. An agent must be granted only the minimum decision scope, tool access, and action authority required to accomplish its mission — nothing more.

Treating an agent as a feature or a workflow is an architectural mistake with operational consequences.

Least Privilege limits access. Least Agency limits autonomy. AI Harness defines the third leg of the governance trilogy.

Law 2: Enforce at Runtime

Control must happen during execution — not only before it, not only after.

Pre-execution authorization cannot anticipate autonomous decisions made mid-chain. Post-execution detection cannot undo actions already taken. Runtime is the only enforcement window that matches the continuous, adaptive nature of autonomous agent behavior.

Law 3: Governance Must Span Systems

No single system can govern an autonomous agent alone.

An agent operates across identity, infrastructure, security, and data systems simultaneously. Governance scoped to any one domain cannot see or constrain cross-system behavior. Enforcement must coordinate across every domain the agent touches — in real time.

Law 4: Trust Does Not Travel

Trust does not transfer automatically between agents.

Every handoff — whether delegation, orchestration, tool invocation, or subagent spawning — is a trust boundary. The agent on the receiving end inherits the task, not the authority. Every participant in an interaction chain must be independently identified, independently authorized, and independently governed.

Law 5: Humans Retain the Right to Intervene

At every layer of an agentic system, a human must be able to inspect, interrupt, and override.

This is not a fallback. It is a design requirement. Any architecture that makes human intervention technically difficult or operationally impractical has failed the AI Harness standard — regardless of how sophisticated its automated governance is.

Origin Principle

These five laws derive from a single assertion:

Autonomous AI agents are a new class of enterprise actor. Authorizing them is necessary. Governing them — continuously, at runtime, across systems, at the level of behavior — is non-negotiable.