AI agents can trigger real-world actions. Why don’t we have execution authorization yet?

While experimenting with autonomous agents recently, I keep running into a pattern that feels oddly familiar from distributed systems history. A lot of current discussion around agent reliability focuses on: better prompting model alignment sandboxed execution environments tool-use