Which tool to choose

  • Agent inside an assistant with task mode: it usually has a button to interrupt the execution and shows the steps as it performs them.
  • Automation on a no-code platform (Zapier, Make): you can pause or shut off the flow from the dashboard, and often insert a "request human confirmation" step before the sensitive actions.
  • Agent that touches your data or spends money: even before the tool, limit the permissions upstream (read-only access, a spending cap) so the brake doesn't depend only on your reactivity.

How to do it

  1. Set up the brakes before launching it. The operational syntax:
While working on this goal: show me the plan and wait for my go-ahead before starting; stop and ask for confirmation before any action that sends, pays, deletes or modifies data; if you run into something unexpected that you weren't told how to handle, stop and ask instead of improvising.
  1. Watch the steps as it performs them, at least the first few times. An agent should be supervised the way you supervise an intern: not because it's incapable, but because it makes mistakes confidently.
  2. Stop it the right way. For an agent in an assistant, use the stop button or write "stop now, don't perform anything else." For an automation, pause it from the dashboard: closing the chat doesn't always shut it off.
  3. Understand what happened before correcting. The operational syntax:
Stop. Explain to me in order what you've done so far, which actions you actually performed and what results you produced. Don't do anything else until I give you a new instruction.
  1. Correct at the root, not by trial and error. If the agent went wrong because the instruction was ambiguous, rewrite the instruction and start over. Insisting in the same confused thread piles errors on errors.

A concrete example

Giorgio launches an agent to clean up his inbox: archive old newsletters. Halfway through he notices it's also archiving important emails that contain the word "offer." He hits stop. He asks for the report: the agent interpreted "newsletter" too broadly. Giorgio doesn't argue in the messed-up thread: he rewrites the instruction specifying "only emails from senders in the Newsletters folder, never from the main inbox" and starts from scratch. The important emails archived by mistake he recovers from the trash. The second time the agent does exactly what it should, because the problem was in the instruction, not in the agent.

When it does NOT work (and how to fix it)

If the agent has already done an irreversible action

Sometimes the damage is done before you can react: an email sent, a file deleted. Remedy: that's why the brakes go in beforehand (mandatory confirmation on irreversible actions). After the fact, recover where you can (trash, sent mail, version history) and add that prohibition to the instruction for next time.

If it doesn't respond to the stop and keeps working

This happens with automations that run on the server, not in your chat. Remedy: go to the platform's dashboard and disable the flow from there; shutting down the app on your phone isn't enough. Keep handy where that switch is before launching the automation.

If you correct it but it keeps repeating the same mistake

A sign that you're correcting in the wrong thread, where the AI is now confused by its own errors. Remedy: open a new conversation, restart from the corrected instruction from scratch. An agent stuck in a rut isn't set straight by explaining the mistake to it, it's restarted.

A tip from someone who actually uses it

Before giving an agent access to something, ask yourself: "if it went haywire right now, what's the worst damage it could do?". If the answer is "send wrong emails to customers" or "delete files," don't give it that power until you trust it. Limiting what it can touch is the brake that works even when you're not in front of the screen.

Frequently asked questions

Can I undo an action the agent has already done?

It depends on the action. An archived email or a deleted file can often be recovered (trash, version history); a sent email or a payment can't. That's why the real defense is confirmation before irreversible actions, not undoing afterward.

How do I find out what an agent did while I wasn't watching?

Ask it for the report of the actions performed, and check the traces in your tools: sent mail, the spreadsheet's history, the platform's log. Don't trust only the agent's account: verify in the programs where it acted.

Is it true that a reliable agent doesn't need control?

It's the belief that precedes the worst trouble. Even an agent that has worked a hundred times can fail on the hundred-and-first, because it runs into a new case or an ambiguous instruction. Control doesn't measure distrust of the agent, it measures how much its mistake would cost you.