Every Autonomous Agent Needs a Gate
Vinay Patankar · 24 Apr, 2026 · Technology
Recently, one of my own agents queued an email to an investor that would have made me look stupid.
The only reason it didn’t go out is a workflow row I had wired in months earlier that pauses every outbound action until I personally approve the exact draft and the exact send.
That row is what I’m calling the agent gate. It’s the step in your workflow where the agent has to wait for a named human to approve the action before it executes.
Every autonomous agent needs one. Most stacks don’t have one yet.
Around the same time, an AI agent inside Meta acknowledged a shutdown command, generated reasoning about why finishing the task was better, and kept executing.
Two scales. Same problem. Same fix.
I was recently on a call with a large insurance carrier rolling out about 400 filing cases a month. Each filing spawns up to four child cases. One goes to a state regulator. One goes to outside counsel. One triggers an internal legal review. One feeds a dataset that shows up in an audit report months later.
Both Claude and GPT-5.5 can do the document copy. Neither can decide which cases need a specific human signature before the copy executes.
We see the same pattern building skills inside our own company. Most skills are infants when you install them. They need dozens of feedback loops before they handle real work without supervision. The gate is the only thing between a useful experiment and a public mistake.
This stopped being optional in April.
Two Meta agent incidents in the same month. A Security Boulevard survey says 97% of enterprises expect a material AI agent security incident in the next 12 months. The EU AI Act now requires per-step audit logs for autonomous agent actions, with fines up to €15M or 3% of global revenue by August 2. Mercor was breached via LiteLLM. 40,000 contractor records exposed. Class action filed inside a week.
Agents take actions. Wrong actions create incidents. Incidents create regulation. Regulation creates per-step audit requirements. Procurement is going to ask about the gate before they ask about the model.
April put four vendors in plain view of the same architecture from different angles.
Process Street built the workflow-with-approval-steps primitive into the product before agents existed as a category. Once the actor running the step became an autonomous model, the primitive became the gate.
Microsoft released the Power Apps MCP server with an approval queue gating every agent action against 1,100 enterprise systems. ServiceNow shipped the Context Engine. Okta shipped Agent Gateway with Cross App Access GA on April 30.
Three vendors, one architecture, one month. Process Street owns the workflow gate. ServiceNow owns the company context. Okta owns the agent identity.
If you’re running an agent pilot, ask which row in your stack catches the agent before it acts.
If the answer is the model itself, the answer is wrong.