The autonomy spectrum:
Designing AI that knows its place

Not all AI actions should have equal autonomy. This is something I had to learn the hard way — and once I understood it, it changed how I design every AI experience I work on.

Here's the problem: most product teams treat AI autonomy as a binary. Either the AI does the thing, or it doesn't. Either it's automated, or it's manual. This creates two failure modes — AI that's so cautious it's useless, or AI that's so aggressive it's terrifying.

​

The reality is that AI autonomy exists on a spectrum. And where you place a specific AI action on that spectrum should be a deliberate design decision — not a default, not a technical constraint, and definitely not whatever the engineer found easiest to implement.

How much autonomy an AI action should have is a design decision. It should be made intentionally, not inherited from the implementation.

The five levels of AI autonomy I design with:

Level 1 — Suggest and wait. The AI surfaces a recommendation. The human decides whether to act. No automation. Used for: high-stakes decisions, first-time experiences, situations where the cost of error is high. Example: "Your facility registration expires in 30 days. Renew now?"

​

Level 2 — Suggest and pre-fill. The AI makes a suggestion and pre-populates a field or action — but the human must confirm before anything is committed. Used for: form completion, document validation, data entry assistance. Example: auto-completing an FDA code based on product category, with the user confirming the selection.

​

Level 3 — Act and show. The AI takes an action and immediately shows what it did — with a clear undo. Used for: low-stakes, reversible actions where speed matters. Example: auto-sorting a document list by compliance risk level, with a visible "sorted by AI" indicator and one-click revert.

​

Level 4 — Act and notify. The AI acts in the background and notifies the user afterwards. Used for: routine, well-understood tasks with low error cost. Example: auto-flagging a supplier's expired certificate and adding it to the compliance task list.

​

Level 5 — Fully autonomous. The AI acts without notification. Used sparingly, only for fully reversible, zero-stakes actions where the human has explicitly granted permission. In enterprise products, I rarely go here.

​

The decision of which level to use is determined by three factors: the stakes of the action (what's the cost if the AI is wrong?), the reversibility (can the user undo it easily?), and the user's expertise (does a power user want less friction than a new user?). These three factors together almost always tell you where on the spectrum an action should sit.

​

When I designed the AI features for the FDA compliance platform, I mapped every single AI interaction to this spectrum before writing a single design brief. Smart onboarding suggestions sat at Level 2. Compliance risk flags sat at Level 1. Document sorting sat at Level 3. Renewal reminders sat at Level 4. Nothing sat at Level 5 — because in regulatory compliance, there is no such thing as a zero-stakes action.

The teams that get AI autonomy right are the ones who treat "how much should the AI do here?" as a first-class design question — asked and answered before any wireframes are drawn.

Which level of autonomy causes the most conflict in your product team discussions? I'd love to know where the hard debates happen.