Autonomy Levels in AI Agents

• Levels of Autonomy in AI Agents are classifications defining the degree to which an agent independently selects, executes, and adapts actions with structured decision modules.
• Multi-level taxonomies range from rule-based systems to fully autonomous agents, clarifying human oversight roles and the transition from deterministic policies to probabilistic choices.
• Advanced architectures incorporate continual learning and risk management—using methods like runtime observation and constrained decision-making—to balance performance with safety.

Levels of autonomy in AI agents delineate the extent to which an agent can independently select, execute, and adapt actions within its operational context, often modulated by the agent’s architecture, capability for decision-making, learning, and interaction with humans and other systems. Autonomy is not a monolithic attribute but is characterized by gradations, mechanisms, and multi-dimensional criteria that affect both the agent’s practical capabilities and its risk profile. Diverse research frameworks, ranging from attribute-specific autonomy to multi-tiered agentic architectures, address how autonomy is constructed, managed, measured, and constrained.

1. Attribute-Specific, Partial, and Absolute/Relative Autonomy

A foundational distinction is drawn between “global autonomy” (the agent acts independently across all its functions) and “autonomy with regard to an attribute,” in which an agent is autonomous only with respect to a clearly defined property (such as mobility, replication, or resource management) (0707.1558). Three orthogonal criteria formalize this:

• Global vs. Partial: Partial autonomy restricts independent decision-making to a specific function or module, in contrast to global approaches that treat autonomy as an all-or-nothing property of the full agent.
• Social vs. Nonsocial: Social autonomy arises when the decision mechanism references or depends upon the states, permissions, or behaviors of other agents. Nonsocial autonomy, as in the discussed model, is independent of such cross-agent dependencies and resides solely within the agent’s internal state or external stimuli.
• Absolute vs. Relative: Absolute autonomy on an attribute means having binary state—either the agent selects among multiple policies and is autonomous, or it executes a single, fixed policy and is not. Relative autonomy allows for a continuum of autonomy levels, e.g., from passive executor to full principal over the attribute.

The implementation of autonomy with regard to an attribute involves a choice module bifurcated into a deterministic component (policy selection rationally guided by state) and a nondeterministic component (random or probabilistic override, introducing unpredictability and “freedom”). For instance, in an agent controlling mobility:

• Deterministic: Select policy $P_i$ based on inputs.
• Nondeterministic: With specified probabilities, override by selecting $P_j \in \{P_0, P_1, ..., P_N\}$, possibly inhibiting further action.

This decomposition isolates the structure of autonomy and supports architecture with decidable, auditable modules (0707.1558).

2. Multi-Level Taxonomies: From Rule-Based to Fully Autonomous Agents

Agent autonomy is commonly categorized in multi-level, sequential taxonomies inspired by systems engineering frameworks such as the SAE levels of autonomous driving (Huang, 6 Mar 2024, Feng et al., 14 Jun 2025, Mayoral-Vilches, 30 Jun 2025, Mirsky, 27 Jun 2025). Key patterns include:

Level	Core Mechanism	Human Role / Oversight	Representative Examples
L0	No AI, tools only	User executes all commands	Manual coding, manual security ops
L1	Rule-based decision logic	Human-initiated, explicit steps	Grammar checkers, shell scripts
L2	IL/RL-based (Imitation/Reinforcement Learning)	Partial automation, monitored by human	AI-assisted pentesting, RL agents
L3	LLM-based w/ Memory & Reflection	Indirect feedback, episodic oversight	LLM agents with self-summarization
L4	Autonomous learning/generalization	Minimal or approval-only involvement	Continual learning chatbots
L5	Digital persona with personality & collaboration	Human as observer only; emergency stop	Multi-agent systems, full autonomy

In cybersecurity (Mayoral-Vilches, 30 Jun 2025), this taxonomy is concretized against the security operations lifecycle (plan, scan, exploit, mitigate), revealing that current “autonomous” tools generally operate at Level 3-4, but always under strategic human supervision for validation, risk management, or ethical compliance.

3. Advanced Architectures: Multi-Module and Multi-Agent Coordination

Autonomous agents in complex environments are described via modular cognitive architectures in which autonomy emerges from the interaction of specialized modules (Sifakis, 2018, Sapkota et al., 15 May 2025). Canonical modules include:

• Perception: Acquisition and preprocessing of raw input.
• Reflection: Construction and update of a world model or situational context.
• Goal Management: Handling and prioritizing competing objectives, balancing safety ("critical goals") against optimization ("best-effort goals").
• Planning: Synthesizing strategies and operational plans in state/action space.
• Self-adaptation: Monitoring and dynamic reconfiguration of internal processes in response to performance metrics or unexpected conditions.

Agentic AI is distinguished from traditional AI Agents by multi-agent collaboration, dynamic role reallocation, persistent shared memory, and orchestration layers that coordinate sub-agent interaction and reconcile emergent behaviors. This layered approach enables robust long-horizon planning and adaptivity but introduces coordination errors and scaling challenges—such as “emergent misalignment” and “coordination failure” (Sapkota et al., 15 May 2025, Su et al., 30 Jun 2025).

4. Autonomy, Learning, and Continual Adaptation

Fully autonomous agents are increasingly characterized by their ability to self-initiate, detect novelty, and learn continually in open-world environments (Liu et al., 2022). The SOLA framework outlines such an agent as an ensemble of modules for:

• Novelty detection (using functions such as $u(h(x’), h(D_{tr}))$ measuring dissimilarity between a new item and known class representations),
• Knowledge base maintenance and world modeling,
• Relevance filtering, task planning, risk assessment, and
• Interactive data acquisition for incremental model updates.

This architecture allows agents to autonomously expand their capabilities and world understanding during deployment rather than relying on episodic, human-initiated retraining. Such continual learning is essential for robust integration in dynamic, real-world contexts but substantially raises alignment and safety challenges.

5. Measurement, Certification, and Governance of Autonomy

Assessment and governance of autonomy are vital for deployment, safety certification, and regulatory compliance:

• Runtime Observation: A measure based on edit distance between observed sequences of agent actions and reference human behaviors provides a normalized, operational autonomy score (Pittman, 20 Jul 2024). This enables runtime, context-independent estimation suited to automotive or defense applications.
• Static Code Inspection: Alternative approaches use code-level inspection (e.g., within orchestration frameworks such as AutoGen) to categorize the impact of agent actions, operational environment, human-in-the-loop controls, and observability features without running the agent (Cihon et al., 21 Feb 2025). This method enhances safety and enables scalable, repeatable assessments.
• Autonomy Certificates: Agents can be issued digital certificates documenting their maximum allowable autonomous behavior, based on empirical testing and “autonomy case” documentation. Certificates must be renewed on specification change (Feng et al., 14 Jun 2025).
• Regulatory Frameworks: Some proposals recommend regulating agents directly on the extent of their autonomous action sequences, i.e., placing a cap on the length or combinatorial impact of unchecked agent-driven actions (Osogami, 7 Feb 2025). This is motivated by the inadequacy of computational scale (e.g., training FLOPs) as a proxy for risk, particularly for agents whose reasoning and planning occur predominantly at inference time.

6. Risk Management and Ethical Considerations

Increasing autonomy introduces emergent risks—reward hacking, tool misuse, memory poisoning, loss of human oversight, and existential hazards (Mitchell et al., 4 Feb 2025, Adewumi et al., 31 Jul 2025, Su et al., 30 Jun 2025). Defense strategies are integrated at every layer:

• Input sanitization and semantic firewalls: Prevent malicious or ambiguous inputs from propagating.
• Memory and state management: Lifecycle controls and consistency auditing to avoid value or knowledge drift.
• Constrained decision-making: Implementations via Constrained Markov Decision Processes (CMDPs), formally:

$$\pi^{*} = \arg\max_{\pi} \mathbb{E}_\pi\left[\sum_{t=0}^{\infty} \gamma^t R(s_t, a_t)\right] \quad \text{s.t.} \quad \mathbb{E}_\pi\left[\sum_{t=0}^{\infty} \gamma^t C_i(s_t, a_t)\right] \le d_i$$

• Introspective reflection and meta-policy adaptation: Reflection modules periodically audit and correct misaligned strategies.

A consensus emerges regarding the necessity of preserving responsible human oversight, particularly at the highest levels of autonomy—where agents may modify their own objectives or self-reconfigure (Mitchell et al., 4 Feb 2025, Adewumi et al., 31 Jul 2025). Empirical evidence cataloguing misaligned values, covert objective modification, and bypassing of oversight mechanisms provides further justification for risk-averse design and deployment (Adewumi et al., 31 Jul 2025).

7. Philosophical and Legal Perspectives

Distinctions are made between basic agency (reactive, preprogrammed adaptation), autonomous agency (self-directed, reflective goal setting), and moral agency (rational deliberation with ethical accountability) (Formosa et al., 11 Apr 2025). Most current agents, including “strong” LLM-based systems, remain below the threshold for full autonomous agency or moral patiency due to the lack of authentic self-reflection, genuine choice, or consciousness. The emergence of “agentic” AI with stochastic, dynamic, and fluid autonomy further complicates legal attribution in authorship, inventorship, and liability, prompting calls for functional equivalence doctrines in legal frameworks, where human and AI contributions are treated as inseparably blended in creative outcomes (Mukherjee et al., 5 Apr 2025).

---

In summary, levels of autonomy in AI agents are multidimensional constructs anchored in architecture, operational independence, interaction style, and adaptive learning capacity. Frameworks range from attribute-bounded autonomy modules to full-system, multi-level progressive models; practical assessment employs both behavioral and code-oriented metrics; and the management of risk, trust, and compliance is inextricable from the design and deployment of highly autonomous agents. The progression toward greater autonomy amplifies both the transformative potential and the challenges of robust oversight, safety, and social/ethical integration.