AIFC-031: AI Autonomy and Intensity

Status: Draft 0.1 Standard: AI-First Community Standard Abbreviation: AIFC Builds on:

• AIFC-000 Manifesto of an AI-first community
• AIFC-001 Core Concepts
• AIFC-003 Values and Purpose
• AIFC-020 Human-Managed AI
• AIFC-021 AI as External Expert Capacity
• AIFC-022 AI-NDA Boundary
• AIFC-023 AI as Team Member
• AIFC-024 Human Capability Reserve
• AIFC-030 AI Capacity Planning

Purpose of this document: Define AI Autonomy and AI Intensity as two separate governance dimensions, and describe how an AIFC community should set, review, escalate, and de-escalate them.

1. Purpose of this document

This document explains two different questions:

How much AI is involved?
How independently may AI act?

The first question is AI Intensity.

The second question is AI Autonomy.

They must not be confused.

A community may use AI heavily while keeping autonomy low. It may also use AI rarely but allow a narrow agent to act autonomously inside a strict boundary.

AIFC requires both dimensions to be governed explicitly.

2. Core principle

The core principle of this document is:

AI Intensity and AI Autonomy are separate controls.
High AI use must not automatically mean high AI autonomy.

AI may help deeply without owning decisions.

AI may act independently only where purpose, scope, risk, data, approval boundaries, auditability, fallback, and ownership are explicit.

3. Definitions

AI Intensity

AI Intensity is the overall degree of AI involvement in a community, workflow, team, or task.

It answers:

How much is AI used here?

AI Autonomy

AI Autonomy is the degree to which AI may act without continuous human confirmation inside approved rules, scope, budget, and guardrails.

It answers:

What may AI do on its own?

Minimum requirement

An AIFC community must distinguish AI Intensity from AI Autonomy.

4. AI Intensity vs AI Autonomy

AI Intensity and AI Autonomy can vary independently.

Examples:

High intensity, low autonomy:
AI helps with many drafts, summaries and reviews, but humans approve all significant changes.

Low intensity, high autonomy:
A small agent automatically performs one low-risk maintenance check inside strict rules.

Example

An AI documentation assistant may be used every day to propose improvements.

That is high intensity.

But if it cannot publish or change the source of truth without review, its autonomy remains limited.

Minimum requirement

AI governance must define both intensity and autonomy for significant AI workflows.

5. AI intensity scale

AIFC may use a 0-100 percent scale for AI Intensity.

0 %   - no AI
25 %  - AI-assisted
50 %  - AI-supported workflows
75 %  - agent-assisted operation
100 % - high-intensity AI operation

0 % - No AI

Work is performed without AI.

Useful for fallback, training, sensitive work, or deliberate human practice.

25 % - AI-assisted

AI helps with selected tasks, but the workflow remains mainly human.

50 % - AI-supported workflows

AI is a normal part of the workflow, but humans still drive the process.

75 % - Agent-assisted operation

AI agents support recurring work and generate significant outputs.

100 % - High-intensity AI operation

AI is deeply embedded in the workflow.

This requires strong governance, review, fallback, and Human Capability Reserve.

Minimum requirement

High AI Intensity must trigger review of dependency, review capacity, cost, and fallback.

6. AI autonomy scale

AIFC may use a 0-100 percent scale for AI Autonomy.

0 %   - no autonomous action
25 %  - AI proposes only
50 %  - AI drafts, human approves
75 %  - AI executes approved low-risk actions
100 % - AI operates within strict pre-approved boundaries

0 % - No autonomous action

AI may assist, but does not act.

25 % - AI proposes only

AI creates suggestions, summaries, analyses, or proposals.

50 % - AI drafts, human approves

AI prepares artefacts or changes, but a human must approve before they become active.

75 % - AI executes approved low-risk actions

AI may execute reversible, low-risk actions inside approved rules and review gates.

100 % - AI operates within strict pre-approved boundaries

AI may act independently only inside a narrow, pre-approved, auditable, revocable, and risk-assessed boundary.

100 % autonomy is not absence of governance.

Minimum requirement

AI Autonomy must be bounded by purpose, scope, risk, auditability, fallback, and owner.

7. Contextual autonomy

Autonomy is contextual.

The same AI agent may have different autonomy for different actions.

Example:

Detect missing metadata: 75 %
Draft change proposal: 50 %
Change active workflow: 0 %
Access Operational DNA: 0 % unless explicitly approved

Minimum requirement

AI Autonomy should be defined by action type, not only by agent or tool.

8. Risk-based autonomy

Autonomy must decrease as risk increases.

Risk factors include:

• customer impact,
• financial impact,
• legal impact,
• security impact,
• values impact,
• data sensitivity,
• Operational DNA access,
• reversibility,
• impact on other communities,
• source-of-truth impact.

Minimum requirement

High-risk actions must require human or governance approval.

9. Reversibility

Reversibility affects autonomy.

Reversible actions

Examples:

• tagging a draft,
• creating a proposed task,
• classifying public content,
• generating a report draft,
• suggesting a cleanup item.

Reversible low-risk actions may allow higher autonomy.

Hard-to-reverse actions

Examples:

• deleting source-of-truth content,
• changing permissions,
• publishing externally,
• modifying Operational DNA,
• making a financial commitment,
• changing customer-facing behavior.

Hard-to-reverse actions require lower autonomy and stronger approval.

Minimum requirement

Autonomy must be lower for hard-to-reverse actions.

10. AI intensity by work type

AI Intensity should differ by work type.

Development / change work

AI can help with design, code, tests, documentation, and review. Critical changes still need human review.

Maintenance work

AI can be highly useful for detecting drift, debt, missing owners, and stale artefacts.

Support work

AI can help with triage and drafting, but customer-facing outputs require careful review.

Governance work

AI can prepare analysis and proposals, but decisions remain human or community owned.

Security work

AI may support detection and analysis, but sensitive data and critical actions require strict boundaries.

Minimum requirement

AI Intensity must be appropriate to the work type and risk.

11. AI intensity by data sensitivity

Data sensitivity constrains AI Intensity.

Public data may allow higher intensity.

Internal data requires purpose and boundary.

Restricted data requires stronger governance.

Operational DNA requires explicit approval.

Minimum requirement

AI Intensity over non-public data must respect the AI-NDA Boundary.

12. AI intensity and Human Capability Reserve

High AI Intensity can weaken human capability if people stop practicing, understanding, and reviewing the work.

The community should compensate high AI Intensity with:

• human skills,
• AI-free practice,
• fallback drills,
• review calibration,
• junior learning paths,
• source-of-truth documentation.

Minimum requirement

High AI Intensity must be assessed for impact on Human Capability Reserve.

13. AI intensity and source of truth

High AI Intensity creates more AI-generated know-how.

If useful outputs remain in chat, agent memory, or vendor tools, the community loses ownership of learning.

Minimum requirement

High AI Intensity must include a rule for returning durable know-how to the source of truth.

14. AI autonomy and approval boundaries

AI Autonomy must be governed by approval boundaries.

Approval boundaries define:

• what AI may do alone,
• what AI may draft,
• what requires human approval,
• what is forbidden,
• what must be logged,
• what triggers escalation.

Example

AI may classify a draft document.
AI may propose a new owner.
AI may not change the source-of-truth owner field without review.

Minimum requirement

Every significant autonomous AI workflow must define approval boundaries.

15. AI autonomy and human override

Higher autonomy requires stronger human override.

Humans or accountable governance must be able to:

• pause the agent,
• reduce autonomy,
• revoke permissions,
• reject outputs,
• switch to AI-off fallback,
• close the AI engagement.

Minimum requirement

Autonomous AI workflows must have human override.

16. AI autonomy and auditability

Autonomous AI actions must be auditable in proportion to risk.

Audit may include:

• action performed,
• input used,
• model or tool used,
• owner,
• approval state,
• output,
• affected artefacts,
• rollback or revocation path.

Minimum requirement

Autonomous AI actions with significant impact must leave an audit trail.

17. AI intensity and cost

Higher AI Intensity usually increases cost.

Cost includes money, tokens, compute, review, governance, attention, security, and dependency.

Minimum requirement

High AI Intensity must have cost visibility.

18. Dynamic adjustment

AI Intensity and AI Autonomy should be adjustable.

They may change when:

• risk changes,
• budget changes,
• review capacity changes,
• data sensitivity changes,
• a model or vendor changes,
• incidents occur,
• Human Capability Reserve weakens,
• the community enters another operating mode.

Minimum requirement

Significant AI workflows must have a path for adjusting intensity and autonomy.

19. AI autonomy escalation

Autonomy may be increased only through governance.

Escalation should consider:

• evidence of reliability,
• audit results,
• risk assessment,
• review capacity,
• fallback,
• owner approval,
• data boundary,
• Human Capability Reserve.

Minimum requirement

AI Autonomy must not increase silently.

20. AI autonomy de-escalation

Autonomy must be reducible.

De-escalation may be needed when:

• incidents occur,
• outputs degrade,
• costs rise,
• review capacity falls,
• risk increases,
• AI-NDA Boundary changes,
• trust is lost,
• fallback is missing.

Minimum requirement

Every autonomous AI workflow must have a de-escalation path.

21. AI intensity slider

An AI intensity slider is a human-understandable control for changing the level of AI involvement.

It may be implemented as:

• settings,
• operating modes,
• workflow rules,
• cockpit control,
• governance policy,
• agent configuration.

The slider is useful only if it maps to real behavior.

Minimum requirement

If a community exposes an AI intensity slider, the underlying behavior must be defined.

22. AI intensity profile

An AI intensity profile describes the AI involvement in a workflow, team, product, or community.

It may include:

• intensity level,
• work types affected,
• data used,
• tools or agents,
• review expectations,
• fallback,
• source-of-truth rules.

Minimum requirement

High-intensity AI areas should have an explicit intensity profile.

23. AI autonomy profile

An AI autonomy profile describes what an AI agent or workflow may do independently.

It may include:

• action types,
• autonomy level per action,
• approval rules,
• forbidden actions,
• audit requirements,
• override path.

Minimum requirement

Autonomous AI agents should have an explicit autonomy profile.

24. Relationship with AI Operating Modes

Operating modes combine intensity, autonomy, capacity, risk, and fallback.

For example:

• Conservative Mode usually lowers intensity and autonomy.
• Balanced Mode keeps moderate intensity with review gates.
• Aggressive Mode may raise intensity inside approved boundaries.
• Mission Mode temporarily raises intensity for a defined objective.
• Emergency AI-Off Mode lowers intensity to protect the community.

Minimum requirement

Operating mode changes must update or reference intensity and autonomy settings.

25. Relationship with AI Retrospective

AI Retrospective should review whether intensity and autonomy were appropriate.

Questions:

• Did AI help?
• Was autonomy too high or too low?
• Did review capacity hold?
• Did costs match value?
• Did dependency increase?
• Did human capability weaken?

Minimum requirement

AI Retrospective must be able to recommend intensity or autonomy changes.

26. Relationship with Human Cockpit Layer

The Human Cockpit Layer should make AI Intensity and AI Autonomy visible.

It may show:

• current intensity,
• current autonomy,
• active operating mode,
• approval boundaries,
• review load,
• incidents,
• de-escalation controls,
• fallback status.

Minimum requirement

Significant AI Intensity and AI Autonomy must be human-visible.

27. Suggested metadata

Example metadata:

ai_governance_profile:
  id:
  title:
  status: draft | active | under_review | paused | archived
  owner:
  scope:
  ai_intensity_level: 0 | 25 | 50 | 75 | 100
  ai_autonomy_level: 0 | 25 | 50 | 75 | 100
  autonomy_by_action:
  data_sensitivity:
  ai_nda_boundary:
  approval_rules:
  audit_required: true | false
  human_override:
  fallback:
  review_cycle:
  last_reviewed:

This structure is illustrative.

The final schema should be defined in the agent-actionable layer of the standard.

28. Anti-patterns

AIFC rejects the following anti-patterns.

28.1 Accidental autonomy

AI gains permissions because nobody restricted it.

28.2 One global AI level

The community sets one AI level for everything regardless of risk.

28.3 High autonomy without audit

AI acts independently without traceability.

28.4 High intensity without Human Capability Reserve

AI becomes deeply embedded while human ability quietly degrades.

28.5 Autonomy used to compensate for lack of reviewers

AI is allowed to act because humans have no time to review.

28.6 Slider without governance

An AI setting exists but does not map to approved behavior.

28.7 Operational DNA high autonomy

AI can modify or interpret Operational DNA without explicit approval.

28.8 No de-escalation path

Autonomy can increase but cannot be reduced.

28.9 Autonomous external output

AI publishes externally without review.

28.10 Autonomy without fallback

AI performs critical work with no non-AI recovery path.

29. Minimal requirements

In the area of AI Autonomy and Intensity, an AIFC community must at minimum:

1. Distinguish AI Intensity from AI Autonomy.
2. Define both for significant AI workflows.
3. Use intensity levels appropriate to work type and risk.
4. Use autonomy levels appropriate to action type and risk.
5. Reduce autonomy for hard-to-reverse actions.
6. Respect data sensitivity and AI-NDA Boundaries.
7. Assess high AI Intensity for Human Capability Reserve impact.
8. Return durable AI-generated know-how to the source of truth.
9. Define approval boundaries for autonomous AI.
10. Provide human override.
11. Make significant autonomous actions auditable.
12. Provide cost visibility for high AI Intensity.
13. Allow dynamic adjustment.
14. Require governance for autonomy escalation.
15. Provide autonomy de-escalation.
16. Define real behavior behind any intensity slider.
17. Connect intensity and autonomy to operating modes.
18. Review intensity and autonomy during AI Retrospective.
19. Make significant settings visible in the Human Cockpit Layer.

30. Summary

AI Intensity and AI Autonomy are the two sliders of AI governance.

Intensity asks how much AI is involved.

Autonomy asks what AI may do on its own.

Confusing them creates risk.

AIFC therefore says:

Use AI deeply where it creates value.
Do not confuse use with authority.
Raise autonomy only inside approved boundaries.
Keep review, audit, override, fallback and human capability intact.

AI Autonomy and Intensity turn AI use into adjustable governance rather than unmanaged acceleration.