Autonomy Levels: From Human-Approved to Fully Autonomous

2026-03-25

The first question every team asks when deploying an AI agent with email capabilities is simple: "How do we know it won't send something we don't want it to?"

The answer isn't "trust the model" or "write better prompts." The answer is autonomy levels — infrastructure controls that determine when your agent can send email independently and when it needs human approval first.

Most platforms give you two options: the agent sends everything automatically, or you review every single email manually. Both extremes break down in production. Full automation is risky with new agents. Full manual review doesn't scale.

Molted's autonomy system gives you three levels of control, each designed for different stages of agent maturity and trust. You start cautious and relax restrictions as your agent proves reliable.

The three autonomy levels

Think of autonomy levels as training wheels for email-capable AI agents. Level 1 is maximum safety with human oversight. Level 3 is full automation. Level 2 bridges the gap with smart selective approval.

Level 1: Full approval

Every outbound email requires explicit human approval before delivery. No exceptions.

curl -X PATCH https://api.molted.email/v1/agent/mailboxes/mb_abc123/autonomy \
  -H 'Authorization: Bearer your-api-key' \
  -H 'Content-Type: application/json' \
  -d '{"autonomyLevel": 1}'

When your agent calls the send API, the email lands in an approval queue instead of going out immediately. An operator reviews the content, recipient, and context, then approves or rejects the send. The agent waits.

What gets queued: Everything. Welcome emails, password resets, sales outreach, support replies, internal notifications. If the agent authored it, a human sees it first.

Use this when: You're testing a new agent, deploying to a sensitive audience, or working in a regulated environment where email compliance requires human oversight.

Typical timeline: 2-4 weeks while you validate the agent's judgment, tone, and adherence to business rules.

Level 2: First-contact approval

Only the first email to a new recipient requires approval. Subsequent emails to the same recipient go out automatically.

curl -X PATCH https://api.molted.email/v1/agent/mailboxes/mb_abc123/autonomy \
  -H 'Authorization: Bearer your-api-key' \
  -H 'Content-Type: application/json' \
  -d '{"autonomyLevel": 2}'

The system tracks which recipients your agent has successfully emailed before. First contact with alice@bigcorp.com requires approval. Follow-up emails to Alice go out automatically, assuming the first interaction was approved.

What gets queued: First messages to new recipients, re-engagement emails after long dormancy periods, and any email that would restart a conversation thread.

Use this when: Your agent has proven reliable in tone and content, but you want oversight on new relationship initiation. Ideal for sales agents, customer success agents, and any agent that creates new business relationships.

Typical timeline: Indefinite. Many teams run level 2 permanently for outbound agents as a balance between efficiency and risk management.

Level 3: Full auto

All emails go out automatically. No human approval required.

curl -X PATCH https://api.molted.email/v1/agent/mailboxes/mb_abc123/autonomy \
  -H 'Authorization: Bearer your-api-key' \
  -H 'Content-Type: application/json' \
  -d '{"autonomyLevel": 3}'

Your agent operates independently, subject only to policy enforcement (rate limits, suppression lists, compliance rules). Approval queues are empty. Emails flow through the normal delivery pipeline.

What gets queued: Nothing, unless a policy rule blocks the send (rate limit exceeded, recipient suppressed, template not approved).

Use this when: Your agent is battle-tested, handles edge cases gracefully, and operates in a controlled environment with well-defined templates and recipients.

Typical timeline: After 4-8 weeks of successful operation at levels 1 and 2, depending on your risk tolerance and use case.

When to use each level

The right autonomy level depends on four factors: agent maturity, business risk, recipient sensitivity, and operational capacity.

Agent maturity progression

Start every new agent at level 1, regardless of how sophisticated your prompt engineering is. Even the best-trained agent needs validation in your specific business context.

Week 1-2 (Level 1): Human approval catches prompt injection attempts, off-brand language, inappropriate tone, factual errors, and context misunderstanding. You're not just checking the email — you're evaluating whether the agent understood the situation correctly.

Week 3-4 (Level 2): Move to first-contact approval once the agent consistently produces acceptable emails. You still catch relationship-formation mistakes (wrong prospect, inappropriate timing, tone mismatch with lead temperature) but gain efficiency on follow-ups.

Month 2+ (Level 3): Graduate to full autonomy only after the agent demonstrates reliable judgment across multiple scenarios. The agent should handle edge cases gracefully and escalate appropriately when uncertain.

Business risk assessment

Match autonomy levels to the potential impact of a poorly-sent email.

High-stakes scenarios (stick with Level 1):

  • Sales agents reaching enterprise prospects
  • Legal communication or compliance-related messages
  • Crisis communication or sensitive customer issues
  • Any email that creates financial commitments or contracts

Medium-stakes scenarios (Level 2 is ideal):

  • Customer onboarding sequences
  • Product education and feature announcements
  • Routine support and success outreach
  • Lead nurturing and trial activation emails

Low-stakes scenarios (Level 3 works well):

  • Internal notifications and system alerts
  • Routine transactional emails (password resets, order confirmations)
  • Well-templated drip campaigns with proven content
  • Automated responses to common support queries

Operational considerations

Your team's capacity for reviewing approval queues affects which level makes sense.

A five-person startup can't manually approve every email from multiple agents. A 200-person company with dedicated operations teams can afford more oversight.

Small teams: Move to level 2 or 3 quickly. Use good templates, clear escalation rules, and robust monitoring instead of manual approval.

Large teams: Consider keeping high-value agents at level 1 or 2 permanently. The cost of review is worth the risk mitigation for business-critical email.

24/7 operations: Level 1 and 2 require human operators available to review queues. If your agents need to send outside business hours, you need either follow-the-sun coverage or autonomy level 3 for time-sensitive emails.

Implementation examples

Beyond setting the autonomy level, you need monitoring and escalation workflows that match your governance model.

Approval queue monitoring

Set up alerts for queue depth and approval latency:

# Check approval queue status
curl -X GET https://api.molted.email/v1/send/approvals?mailboxId=mb_abc123 \
  -H 'Authorization: Bearer your-api-key'

{
  "pending": [
    {
      "id": "approval_xyz789",
      "mailboxId": "mb_abc123",
      "recipientEmail": "prospect@bigcorp.com",
      "subject": "Following up on our demo conversation",
      "submittedAt": "2026-03-25T09:15:00Z",
      "expiresAt": "2026-03-26T09:15:00Z",
      "isFirstContact": true,
      "riskScore": 0.2
    }
  ],
  "counts": {
    "pending": 1,
    "expired": 0,
    "approved": 47,
    "rejected": 3
  }
}

Monitor pending count and set alerts if it exceeds your team's review capacity. Track expired approvals as a signal that your review process is too slow for the agent's sending volume.

Escalation workflows

Configure what happens when approvals expire or agents need guidance:

# Configure HITL timeout behavior
curl -X PUT https://api.molted.email/v1/agent/config/hitl \
  -H 'Authorization: Bearer your-api-key' \
  -H 'Content-Type: application/json' \
  -d '{
    "enabled": true,
    "timeoutHours": 12,
    "onTimeout": "reject",
    "escalationEmail": "ops-team@yourcompany.com"
  }'

Set timeoutHours based on your review SLA. For customer-facing agents, 2-4 hours might be appropriate. For internal agents, 24 hours gives more flexibility.

Dynamic autonomy adjustment

Automatically adjust autonomy based on agent performance:

# Check agent performance metrics
curl -X GET https://api.molted.email/v1/analytics/agent-performance?mailboxId=mb_abc123&period=7d \
  -H 'Authorization: Bearer your-api-key'

{
  "approvalRate": 0.94,
  "rejectionReasons": ["tone", "timing", "factual_error"],
  "escalationRate": 0.02,
  "avgApprovalTime": "1.2h",
  "totalSends": 156
}

If approvalRate stays above 95% for two weeks, consider moving from level 1 to level 2. If rejectionReasons include serious issues like factual errors or compliance violations, stay at level 1 longer.

Beyond basic autonomy

Autonomy levels are the foundation, but production deployments need additional controls that work alongside level configuration.

Template-based autonomy

Some emails are safer than others, regardless of autonomy level. Consider template-specific overrides:

# Allow specific templates to bypass approval even at level 1
curl -X PATCH https://api.molted.email/v1/templates/tpl_welcome123 \
  -H 'Authorization: Bearer your-api-key' \
  -H 'Content-Type: application/json' \
  -d '{
    "approvalRequired": false,
    "reason": "Well-tested welcome sequence, safe for auto-send"
  }'

Password reset emails, order confirmations, and other transactional templates can often auto-send even when the agent is otherwise at level 1 or 2.

Recipient-based autonomy

Internal emails are lower-risk than external ones. Configure different autonomy rules based on recipient domain:

# Configure domain-based autonomy overrides
curl -X PUT https://api.molted.email/v1/agent/mailboxes/mb_abc123/autonomy-rules \
  -H 'Authorization: Bearer your-api-key' \
  -H 'Content-Type: application/json' \
  -d '{
    "defaultLevel": 2,
    "domainOverrides": {
      "yourcompany.com": 3,
      "partner-companies.com": 1
    }
  }'

This configuration uses level 2 for most recipients, level 3 for internal emails, and level 1 for sensitive partner communications.

Time-based autonomy

Reduce autonomy outside business hours when approval staff isn't available:

# Configure time-based autonomy rules
curl -X PUT https://api.molted.email/v1/agent/mailboxes/mb_abc123/schedule \
  -H 'Authorization: Bearer your-api-key' \
  -H 'Content-Type: application/json' \
  -d '{
    "businessHours": {
      "timezone": "America/New_York",
      "schedule": {
        "monday": {"start": "09:00", "end": "17:00"},
        "friday": {"start": "09:00", "end": "17:00"}
      },
      "autonomyLevel": 3
    },
    "afterHours": {
      "autonomyLevel": 1,
      "emergencyBypass": ["password_reset", "security_alert"]
    }
  }'

During business hours, the agent operates at level 3. After hours, it requires approval unless sending specific emergency templates.

Production considerations

Autonomy levels solve the trust problem, but they create operational challenges that you need to plan for.

Queue management becomes critical

At levels 1 and 2, your approval queue becomes a bottleneck. Size your operations team appropriately:

  • Level 1: Plan for 2-5 minutes per approval (reading context, checking content, making decision)
  • Level 2: Plan for 1-3 minutes per first-contact approval (focusing on relationship appropriateness)
  • Level 3: Plan for zero queue time but more monitoring and escalation handling

If your agent generates 50 emails per day at level 1, budget 2-4 hours of daily review time. Most teams underestimate this initially.

False positives hurt agent effectiveness

An overly cautious human reviewer can handicap an otherwise effective agent. Train reviewers to focus on actual problems (compliance violations, factual errors, relationship damage) rather than stylistic preferences.

Track approval latency and rejection reasons. If average approval time exceeds 4 hours or rejection rate exceeds 10%, your review process needs calibration.

Autonomy creep is real

Teams often get comfortable with level 1 approval workflows and never graduate agents to higher autonomy levels, even when performance justifies it. Set concrete graduation criteria upfront:

  • Level 1 → Level 2: 95%+ approval rate for 100+ emails, fewer than 2 serious rejections
  • Level 2 → Level 3: 98%+ approval rate for 200+ first-contact emails, demonstrated escalation judgment

Review autonomy levels monthly and adjust based on data, not comfort level.

Autonomy levels give you a systematic way to deploy AI agents safely without sacrificing operational efficiency. Start conservative, measure performance, and gradually increase autonomy as your agents prove reliable.

The goal isn't to keep agents on training wheels forever. The goal is to build confidence in their judgment through controlled exposure to real scenarios. Done right, most agents graduate to level 2 or 3 within weeks while maintaining the safety net of policy enforcement and escalation workflows.

Molted's autonomy system handles the infrastructure so you can focus on training effective agents instead of building approval workflows from scratch. Start your free trial or read the docs to see how autonomy levels work in practice.

Keep reading

Written by Magnus Junghard