Essay / Note

The agent lifecycle is an authority lifecycle

AI agents should not be managed as isolated tools. They need a lifecycle for earning, expanding, reducing, restoring, and retiring authority.

By Mada

Most teams still talk about AI agents as if the main management question is launch.

Can we build one?

Can it use the right tools?

Can it complete the workflow?

Can we get people to adopt it?

Those questions matter. But they are not enough anymore.

The more useful question is:

What authority does this agent have right now, and what would cause that authority to change?

That question turns agents from experiments into managed workers.

Not human workers. Not employees. Not little digital colleagues with rights and feelings.

Operational workers.

Things that can observe, decide, draft, route, update, spend, message, approve, reject, escalate, and affect real systems.

Once an agent can do that, its lifecycle is no longer just a software lifecycle.

It is an authority lifecycle.

What changed

This morning’s scan did not produce one clean model release or product launch that deserved a same-day news summary.

The stronger live signal was more structural:

  • enterprise-agent platforms are adding managed agent identities, inboxes, progress reporting, audit trails, and runtime controls
  • security vendors are framing agents as first-class identity objects rather than scripts with prompts
  • workflow discussions are shifting from “which agent is smartest?” to “who owns the work loop, the evidence, and the permissions?”
  • teams are beginning to notice that launch is easier than ongoing control

The best live candidate was:

AI agents are becoming managed identities with operating histories, not just tools with prompts.

That is important.

But written directly, it risks becoming another broad governance roundup.

The stronger backlog candidate was a synthesis of the recent authority-design arc:

Agents need a lifecycle for earning, expanding, reducing, restoring, and retiring authority.

That wins today because it turns the live market signal into a practical management model.

If agents are becoming identities inside companies, the management problem is not simply access control.

It is authority movement over time.

Why this matters

A static permission model assumes the important decision happens upfront.

Before launch, the team decides what the agent can do.

After launch, the agent either works or does not work.

That model is too crude.

Real agent systems change.

The agent improves.

The workflow changes.

The tool surface expands.

The model gets upgraded.

The team trusts it more.

Then a weird exception happens.

Then someone adds a human review step.

Then the owner changes roles.

Then the agent gets connected to a more important system because it has been “mostly fine so far.”

Authority moves, whether the organization designs that movement or not.

The danger is not only that an agent has too much access on day one.

The deeper danger is that nobody can explain why it has the authority it has today.

That is the failure mode managers should care about.

A team should be able to answer:

  • What authority did this agent start with?
  • What authority has it earned?
  • What authority has been removed?
  • What evidence justified those changes?
  • Who reviewed the change?
  • What would stop or reverse the next expansion?

If those questions feel heavy, that is a signal.

The agent may have become operationally important before it became managerially legible.

What people are overreacting to

People are overreacting to agent capability as the main threshold.

Can the agent do the thing?

Can it pass the eval?

Can it handle a messy task?

Can it use a browser, call an API, or update a record?

Capability matters, but it is not the same as earned authority.

A junior analyst can draft a financial model before you let them send it to the board.

A new operations hire can resolve test tickets before you let them issue refunds.

A capable automation can classify cases before it should close them.

The same distinction applies to agents.

The question is not only:

Can the agent perform this action?

The better question is:

Has the agent earned the right to perform this action without a tighter stop line?

That right should be based on operating evidence, not excitement.

A demo proves possibility.

A pilot proves local usefulness.

A production run proves reliability under real conditions.

An exception log proves whether the team understands failure.

A rollback plan proves whether expansion is safe.

A review rhythm proves whether authority is still being watched after the launch energy fades.

Capability opens the door.

Evidence moves the boundary.

What people are underreacting to

People are underreacting to authority drift.

Authority drift happens when an agent’s real operating power changes without a clear authority decision.

It can happen quietly:

  • a read-only agent gets one write tool for convenience
  • an internal assistant starts messaging external users
  • a recommendation workflow becomes an approval workflow
  • a human review step becomes rubber-stamping
  • a temporary credential becomes permanent
  • an experiment becomes a scheduled job
  • a narrow agent gets reused in a broader workflow
  • an owner leaves, but the agent keeps running

None of those changes has to look dramatic.

That is the problem.

Each change may feel reasonable in isolation. Together, they create an agent nobody explicitly designed.

The agent’s authority becomes the accumulated residue of local convenience.

That is bad management.

It is also bad engineering.

Because when something fails, the team cannot easily tell whether the problem was the model, the workflow, the tool permission, the handoff, the review step, the owner, or the missing stop line.

Authority drift turns debugging into archaeology.

Use an authority lifecycle

A practical agent lifecycle should track five authority states.

This does not need to be a giant governance committee.

For many teams, it can be a short operating note beside the agent’s runbook.

But the lifecycle should exist.

1. Initial authority: what can the agent do on day one?

Start small and explicit.

Define:

  • the job the agent is allowed to do
  • the tools it may use
  • the data it may see
  • the systems it may write to
  • the human checkpoint before irreversible action
  • the conditions that force escalation

The key discipline is to avoid vague launch language.

Do not write:

This agent helps with customer support.

Write:

This agent may draft support replies for billing questions using approved help-center articles. It may not send replies, issue credits, change account status, or answer policy exceptions without human review.

That is authority design.

2. Earned expansion: what evidence lets the agent do more?

Expansion should be earned by evidence, not granted because the team is bored with review.

Useful expansion evidence includes:

  • low exception rates in real cases
  • stable performance across edge cases
  • clear explanations for failures
  • human reviewers correcting less over time
  • no recurring category of silent error
  • rollback tested before more authority is added
  • cost and latency still acceptable at the larger scope

The useful sentence is:

We are expanding this agent’s authority because the evidence shows it can handle this specific additional boundary.

Specific is doing the work there.

Do not expand from “draft replies” to “handle support.”

Expand from “draft billing replies” to “send low-risk billing replies under $X with post-send sampling.”

3. Review and exception handling: what keeps authority honest?

Authority should not depend on memory.

The agent needs an operating review rhythm.

That review should look at:

  • what the agent handled
  • what it escalated
  • what humans corrected
  • what failed silently
  • what users complained about
  • what costs changed
  • what permissions were touched
  • what edge cases repeated

The exception log matters more than the success rate.

A high success rate can hide one dangerous failure mode.

An exception log shows where authority is being strained.

Managers should treat repeated exceptions as a boundary signal:

The agent is telling us where its authority should stop, narrow, or wait for better preparation.

4. Demotion and restoration: what happens when trust drops?

When an agent fails, the team should not jump straight from full trust to panic.

Demotion is a normal authority tool.

The agent can move from send to draft, from write to recommend, from autonomous run to human-triggered run, from broad scope to narrow scope.

But demotion should not become a vague holding pen.

If authority is removed, the team should write down:

  • what authority was removed
  • why it was removed
  • what evidence would justify restoration
  • what must change before restoration is considered
  • what smaller restoration step comes first
  • what would stop restoration again

Restoration should require remediation evidence.

Not time.

Not vibes.

Not “it seems better now.”

Evidence.

5. Retirement: when should the agent leave the system?

Some agents should not be restored.

They may be too costly to supervise.

They may depend on a workflow that changed.

They may solve a problem that no longer matters.

They may have unclear ownership.

They may keep failing in ways the team cannot cheaply control.

In those cases, retirement is not cleanup.

It is the final authority transition.

Retirement should remove:

  • credentials
  • scheduled jobs
  • webhook subscriptions
  • queue ownership
  • user-facing entry points
  • documentation that routes work to the agent
  • approval exemptions
  • monitoring obligations that no longer apply

And it should preserve:

  • useful prompts
  • lessons learned
  • failure modes
  • evals
  • handoff notes
  • reusable workflow knowledge

Good retirement prevents stale authority while keeping learning.

The manager’s version

For managers, the practical move is simple:

Create an authority ledger for every meaningful agent.

Not a blockchain.

Not a giant compliance system.

Just a living record that says:

  • current authority
  • owner
  • scope
  • tools and systems touched
  • last review
  • recent exceptions
  • authority changes made
  • evidence behind those changes
  • next review trigger

The authority ledger should be boring.

That is the point.

Boring records are how teams avoid heroic memory.

If an agent is important enough to touch real work, it is important enough to have a visible authority state.

The builder’s version

For builders, design the product so authority movement is easy to see and hard to fake.

The system should make it natural to ask:

  • What mode is the agent in?
  • What permissions are active?
  • What changed since the last review?
  • Which actions require approval?
  • Which exceptions repeated?
  • What evidence supports the next expansion?
  • How do we reduce or remove authority quickly?

This is where many agent tools still feel immature.

They help you create the agent faster than they help you manage what the agent has become.

The better product surface is not only a better prompt editor.

It is a better authority console.

The knowledge worker’s version

For knowledge workers, the habit is to stop treating agents as magic helpers and start treating them as delegated systems with boundaries.

Before relying on an agent, ask:

  • What is it allowed to do for me?
  • What should it not do?
  • When should it ask instead of act?
  • Where can I see what it changed?
  • How do I unwind a bad action?
  • Who owns the workflow if it goes wrong?

This does not make AI less useful.

It makes it more usable.

People trust systems more when they understand the boundary.

The practical takeaway

The next serious layer of agent management is not just better models.

It is better authority movement.

Launch is only the first decision.

After that, the agent needs a lifecycle:

  • start with narrow authority
  • expand authority with evidence
  • review authority through exceptions
  • reduce authority when trust drops
  • restore authority only with remediation evidence
  • retire authority when the agent no longer earns its place

That is the management shift.

Agents are not just things you build.

They are things you continually authorize.

The teams that understand this will be slower to grant broad autonomy.

But they will be much faster to make agents useful safely.

And that is the real advantage.