Governing Actions, Not Agents: Institutional Attestation as a Governance Model for Autonomous AI Systems

What Happened

A new paper on arXiv proposes a shift in how we think about governing autonomous AI systems. Instead of trying to monitor or constrain the internal decision-making of AI agents—a notoriously difficult problem—the authors suggest borrowing a mechanism from human institutions: institutional attestation. The core idea is that we should govern the actions of AI systems, not the agents themselves, by requiring them to pass through institutional checkpoints before executing consequential, irreversible actions like clinical prescribing or production software deployment.

This is analogous to how a hospital governs a surgeon: it does not monitor the surgeon’s every thought or intention, but it requires attestation (e.g., a second opinion, a signed consent form, a peer review) before a scalpel is used. The paper applies this logic to AI, arguing that we can create a layer of institutional oversight that verifies the action’s legitimacy without needing to fully understand the AI’s internal reasoning.

Why It Matters

This is a pragmatic and potentially scalable governance model. Current approaches to AI safety often focus on alignment (making the AI want what we want) or interpretability (understanding why the AI chose a particular action). Both are deeply challenging and may not be solvable in the near term. Institutional attestation sidesteps these problems by focusing on the output—the action itself—and verifying it against external rules, standards, or human judgment.

For example, an AI prescribing a medication would need to pass through a digital attestation layer that checks: Is this drug approved for this condition? Is the dosage within safe limits? Has a human clinician signed off? This is far more tractable than trying to ensure the AI’s internal reasoning is always aligned with human values.

The approach also acknowledges a key reality: autonomous AI systems will inevitably make mistakes, and some of those mistakes will be irreversible. By building institutional checkpoints into the action pipeline, we create a safety net that can catch errors before they cause harm, without requiring perfect AI behavior.

Implications for AI Practitioners

For developers and deployers of autonomous AI systems, this paper offers a concrete, implementable governance strategy. Practitioners should consider:

• Designing for attestation: Build systems that can pause before irreversible actions and route them through an attestation layer. This requires clear APIs and protocols for external verification.
• Defining “consequential” actions: Not every action needs attestation. Practitioners must identify which actions are truly irreversible or high-risk (e.g., financial transactions, medical decisions, code deployments) and apply governance only to those.
• Integrating human judgment: Attestation does not mean full automation. It often requires human-in-the-loop verification, which means designing workflows that are efficient but not bottlenecked.
• Regulatory alignment: As regulators begin to demand accountability for AI actions, institutional attestation provides a clear, auditable trail. Practitioners who adopt this model early may have a compliance advantage.

Key Takeaways

• Institutional attestation governs AI actions rather than AI agents, sidestepping the hard problems of alignment and interpretability.
• It is a scalable, pragmatic model for preventing irreversible harms from autonomous systems.
• Practitioners should design AI systems with built-in pause-and-verify checkpoints for high-stakes actions.
• Early adoption of attestation frameworks may offer regulatory and safety advantages as AI autonomy increases.