
My LinkedIn background runs through investment analysis, derivatives and structured products, operations, portfolio construction, and risk management. Those fields teach an unfashionable lesson: a strong thesis does not justify unlimited exposure. Survival depends on position size, liquidity, limits, and knowing what would invalidate the trade.
Agent systems need the same discipline. A model can be impressive on average and still create unacceptable loss in one poorly bounded action.
§1Translate the risk vocabulary
| Market practice | Agent-system equivalent |
|---|---|
| Position size | Permission scope and blast radius |
| Stop-loss | Observable stop condition |
| Liquidity | Ability to reverse or roll back |
| VaR / stress test | Expected and tail-case failure analysis |
| Independent risk | Fresh reviewer or human approval |
| Mark to market | Live-state verification |
§2Size autonomy by reversibility
- Read-only inspection: broad autonomy is usually safe; evidence is the output.
- Local reversible edits: allow execution inside named files with tests and a clean diff.
- Preview deployments: allow when production is isolated and the result can be inspected.
- Messages, payments, permissions, production releases: require an explicit human gate at action time.
§3Design for the outlier
Average accuracy is not the control. Ask what happens when the agent selects the wrong repository, follows stale context, misreads an external instruction, or stops at a false success signal. Then cap the exposure before that case occurs.
The goal is not to eliminate every loss. It is to make one bad decision observable, reversible, and too small to end the system.
§4Use the same loop every time
- Define the action and maximum consequence.
- Choose the smallest sufficient permission.
- Name the invalidation and stop conditions.
- Observe live state while the action runs.
- Close with independent evidence.
- Record the outcome so the next limit can change.
Steal this
- Capability never implies unlimited authority.
- Size permissions by reversibility and consequence.
- Put approval gates at the moment of external action.
- Stress-test the tail case, not only the happy path.
- Let outcomes change the next risk limit.