Claim
Stage tool access for AI agents in named tiers (read calendar → read mail → draft mail → send mail), the same way you'd ramp a new executive assistant. Don't hand over full account access on day one.
Mechanism
Trust ramps mitigate two failure modes at once: alignment (the agent learns your style on low-stakes work before it does anything irreversible) and security (a compromised agent has bounded blast radius at each stage). Treating provisioning as a ladder forces explicit decisions about what each agent should be able to do, instead of one big "give it admin" moment.
Conditions
Works when:
- Tools have granular permissions (read-only tokens, draft-only roles, send-with-review hooks).
- The team has the discipline to actually advance agents through stages on observed behavior.
Fails when:
- The tool stack is all-or-nothing (no read-only API mode). Operators end up granting full access for any utility.
- The org culture treats permission tiers as bureaucracy rather than operating hygiene.
Evidence
"You don't onboard your EA by giving the password to your email account... they have their own email, they have their own calendar, and you give them access or permission."
"First you get my calendar, then you can read my email, then I guess you could draft some emails, then you can send the emails."
— Claire Vo on Lenny's Podcast, 2026-04-28
Signals
- Each agent has a documented permission tier, not a yes/no access list.
- New tool access requires an explicit ramp decision, not a default-on grant.
- Audit logs show agents using only the tools at their current tier.
Counter-evidence
No opposing view in current corpus.
Cross-references
- Agents work when treated as a team, not a single super-tool — the team frame this protocol implements
- The unlock for AI agent productivity is management skill, not technical skill — the operator skill needed to run the ramp