Worker Safety and Review
Review AI output before using it in customer, finance, legal, or operational decisions.
AI workers can help with repeatable review work, but their output should still be reviewed by a person.
Treat AI output as draft assistance until a responsible user confirms it. This is especially important when a worker can read sensitive context or call tools.
The review owner is accountable for how the output is used. Do not let an ownerless worker influence customer, finance, HRM, legal, or public work.
Use safety review before activating a worker, after changing instructions, and after any failed or surprising run. The goal is to make sure the worker has a clear job, limited access, and a human owner.
Safety review is not only for new workers. Review again when a connected module, workflow, template, mailbox, or finance process changes because the worker may still follow old assumptions.
Review Required
Review worker output before using it for:
- Customer communication.
- Finance decisions.
- Legal documents.
- Payroll or HR decisions.
- Record updates.
- Workflow changes.
- Public content.
Keep Access Scoped
Give workers the least context and tool access needed for the job. Broad access makes review harder and increases the chance the worker acts outside its intended purpose.
Remove tools before editing instructions when a worker is too broad. Narrower access reduces the impact of a bad prompt or unexpected record.
Context and tool access should match the job. A worker that writes ticket summaries does not need finance tools. A worker that drafts invoice follow-up should not update HRM records. If you cannot explain why a source or tool is enabled, remove it before production use.
Use Draft and Paused Statuses
Keep new workers in Draft while testing. Use Paused when a worker should stop being used until a person reviews its instructions or access.
Safety Checklist
Before enabling a worker:
- Review instructions for scope and tone.
- Confirm context sources are necessary.
- Confirm tool access is the minimum needed.
- Run a small test.
- Review run detail and output.
- Decide who owns ongoing review.
If output affects customers, finance, HRM, legal, or public content, keep a human approval step in the process.
Approval Gates
Use an approval step when a worker drafts or updates:
- Customer-facing replies.
- Invoice, estimate, payment, or refund language.
- Contract, proposal, or legal content.
- Employee, payroll, or leave information.
- Public pages, forms, or document templates.
The approval owner should review the source record and the generated output, not only the final text. This catches cases where the worker used the wrong contact, outdated invoice, or unrelated file.
Ongoing Review
Review active workers on a schedule. Check recent runs, failed runs, tool access, and whether the worker still matches the process it was created for.
Pause workers that are no longer owned, no longer understood, or connected to a workflow that changed.
Review workers after changing CRM stages, finance settings, HRM policies, workflow actions, or connected apps because their assumptions may no longer match the workspace.
Troubleshooting
If a worker produces output outside its scope, narrow instructions, remove unneeded context, and reduce allowed tools before running it again.
If a worker repeatedly fails, review run detail before changing several settings at once. The failure may come from missing permissions, missing context, or an invalid source record.
Stop Conditions
Pause a worker immediately if it sends unexpected messages, creates duplicate records, updates the wrong field, uses private context in a public response, or continues running after the owning process changed.
After pausing, capture a recent run example, clean up any side effects, narrow access, and test on one low-risk record before making the worker active again.