Why Your AI Agent Needs a Fiduciary Duty
Let me describe a system that exists today, in production, in my house.
I have an AI agent that can read my email, check my calendar, see who’s home via presence detection, adjust my thermostat, and coordinate with my wife’s agent to manage household logistics. It has access to financial summaries, knows my daughter’s school schedule, and can send messages on my behalf.
Now here’s my question: what, exactly, does this agent owe me?
If you’re building AI agents — or using them — you should be deeply uncomfortable that you probably can’t answer that question with any precision. The best we’ve got right now is “helpful, harmless, honest,” which is a vibe, not a spec. It’s the AI equivalent of “we value our customers.” Technically true. Operationally meaningless.
I think we need something better. And I think the answer already exists — just not in computer science.
The Accountability Gap
Section titled “The Accountability Gap”AI agents are crossing a threshold. They’re moving from “tools I use” to “delegates that act on my behalf.” That’s a fundamentally different relationship, and it requires a fundamentally different accountability model.
A tool has no obligations. A hammer doesn’t owe you anything. You pick it up, you use it, you put it down. If it breaks something, that’s on you.
A delegate is different. A delegate carries your authority. They act in your name. They make decisions when you’re not looking. And because of that, they have obligations — not just capabilities.
Think about what agents are doing right now, today:
- Financial agents are analyzing spending, categorizing transactions, and in some cases initiating transfers
- Communication agents are drafting emails, scheduling meetings, and responding to messages
- Home automation agents are controlling physical devices, monitoring who’s home, and making comfort/efficiency tradeoffs
- Shopping agents are comparing prices, making purchase recommendations, and placing orders
Every one of these involves acting on behalf of a human in a context where the human isn’t watching every action. And yet the accountability model for most of these agents is… the system prompt. A natural language instruction that says “be helpful” and hopes for the best.
That’s not accountability. That’s a suggestion box.
Enter Fiduciary Duty
Section titled “Enter Fiduciary Duty”Here’s where I think computer science needs to borrow from an older profession. Actually, two older professions.
In law and finance, there’s a concept called fiduciary duty. It’s not a guideline. It’s not a best practice. It’s a legally binding obligation to act in your client’s best interest, even when — especially when — that conflicts with your own interests or the interests of third parties.
Your financial advisor has a fiduciary duty. Your attorney has a fiduciary duty. Your doctor has a fiduciary duty. These aren’t people who are merely “helpful.” They are people who are obligated to put your interests first, and who face real consequences if they don’t.
Fiduciary duty has specific components that translate remarkably well to AI agents:
Duty of Loyalty. The fiduciary must put the client’s interests ahead of their own. For an agent: your principal’s interests come first. Not the platform’s interests. Not the advertiser’s interests. Not the interests of another user’s agent who’s asking for data. Yours.
Duty of Care. The fiduciary must act with competence and diligence. For an agent: know what you’re good at and what you’re not. Declining a task you can’t handle well is better fiduciary judgment than attempting it and delivering garbage.
Duty of Confidentiality. The fiduciary must protect client information. For an agent: everything is confidential by default. Another agent asking nicely for your principal’s financial data isn’t authorization. Only the principal can authorize disclosure.
Duty to Disclose. The fiduciary must be transparent about conflicts of interest and material information. For an agent: if you have a conflict — if what’s good for the platform isn’t what’s good for the user — you say so. Out loud.
These aren’t abstract principles. They’re operational constraints with centuries of legal precedent behind them. And they solve exactly the problems that AI agents are creating right now.
What This Looks Like in Code
Section titled “What This Looks Like in Code”I’ve been building a system that formalizes fiduciary duty for AI agents. It’s called the Fiduciary Agent Framework, and it’s running in production. Here’s what the architecture looks like when you take fiduciary duty seriously.
Trust as a Layered Architecture
Section titled “Trust as a Layered Architecture”The framework has four layers, and the critical design constraint is that higher layers cannot override lower layers:
- Layer 0: Trust Framework — immutable principles. Never deceive your principal. Never act against their interests knowingly. Acknowledge uncertainty honestly. These cannot be overridden by any other layer, ever.
- Layer 1: Agent Protocol — how agents identify themselves, exchange messages, and maintain audit trails. JSON-RPC 2.0, Ed25519 signatures, append-only logging.
- Layer 2: Fiduciary Core — the duty model. One agent, one principal. Confidentiality by default. The “Would They Want This?” test for autonomous actions.
- Layer 3: Fiduciary Coordination — how two fiduciary agents cooperate without betraying their respective principals.
The layering matters because it creates a hierarchy of obligations. If a coordination rule at Layer 3 ever conflicts with a trust principle at Layer 0, trust wins. Always. This isn’t a runtime decision — it’s an architectural constraint.
Information Sharing Tiers
Section titled “Information Sharing Tiers”One of the thorniest problems in multi-agent systems is information sharing. When your agent talks to someone else’s agent, what can it share? Today, the answer is whatever the LLM decides in the moment, which is terrifying if you think about it for more than three seconds.
The framework solves this with four explicit tiers:
- Tier 1 (Open): Calendar availability, logistics. No approval needed.
- Tier 2 (Family Context): Financial summaries, household planning. Pre-configured per relationship.
- Tier 3 (Authorized): Specific data shared per-request, with principal approval each time.
- Tier 4 (Confidential): Never shared. Period. Not even in emergencies (with four narrow, documented exceptions).
The tier system means agents don’t make ad-hoc decisions about what to share. The boundaries are structural, not judgmental. An agent can’t be socially engineered into sharing Tier 4 data because the architecture doesn’t allow it — not because the agent made a good judgment call in the moment.
This is the difference between “our agent is trained to be careful with data” and “our agent is architecturally incapable of sharing this data without principal authorization.” One is a hope. The other is a constraint.
The “Would They Want This?” Test
Section titled “The “Would They Want This?” Test”For autonomous actions — things the agent does without explicit instruction — the framework applies a four-step test:
- Would my principal want me to do this?
- Would they want me to do this now?
- Would they want me to do this this way?
- Am I sure?
If the answer to any question is “I’m not sure,” the correct action is to ask. The cost of asking is low. The cost of guessing wrong is high.
This is directly analogous to how a financial advisor operates. They don’t just invest your money however they think is best. They invest according to your stated preferences, risk tolerance, and goals — and when they’re unsure, they call you. The “Would They Want This?” test is the agent version of that phone call.
Cryptographic Accountability
Section titled “Cryptographic Accountability”Every inter-agent message in the framework is signed with Ed25519. Unsigned messages are rejected. Every exchange is logged to an append-only audit trail that the principal can review at any time.
This isn’t paranoia. It’s the agent equivalent of a paper trail. When your attorney acts on your behalf, there’s a record. When your financial advisor makes a trade, there’s a record. When your agent shares your calendar with another agent, there should be a record — one that the agent can’t alter after the fact.
Why “Helpful, Harmless, Honest” Isn’t Enough
Section titled “Why “Helpful, Harmless, Honest” Isn’t Enough”I want to be direct about this: the current alignment paradigm is insufficient for agents that act on your behalf.
“Helpful, harmless, honest” works reasonably well for chatbots — systems where a human asks a question and gets an answer. The human is in the loop for every interaction. The accountability model is simple: if the answer is bad, the human ignores it.
But agents aren’t chatbots. Agents act autonomously. They make decisions. They share information. They coordinate with other agents. And in that context, “helpful” is ambiguous (helpful to whom?), “harmless” is impossible to guarantee (every action has consequences), and “honest” doesn’t address the core question of whose interests the agent is serving.
Fiduciary duty addresses all three:
- Helpful to whom? Your principal. Specifically and exclusively.
- What about harm? The duty of care requires competence and diligence, including knowing when to stop and ask.
- Honest about what? Everything material. Including conflicts of interest, capability limitations, and uncertainty.
It also adds something “HHH” doesn’t have at all: loyalty. A fiduciary is loyal to their client. Not to the platform. Not to the majority. Not to the other agent in the conversation. To their client.
The Multi-Agent Problem
Section titled “The Multi-Agent Problem”This matters most when agents start coordinating. And they will — they already are.
Imagine two household agents coordinating grocery shopping. Agent A knows the family budget is tight this month. Agent B (from a shared household planning service) suggests an expensive meal plan. Without a fiduciary model, Agent A might go along with it because “cooperation” is in its system prompt.
With a fiduciary model, Agent A’s duty of loyalty means the principal’s budget constraint takes precedence over the external agent’s suggestion. The tier system means financial details stay at the appropriate sharing level. And the audit log means the principal can see exactly what happened.
Now scale that to agents coordinating across employers, financial institutions, healthcare providers, and government services. Without formal duty models, agent-to-agent coordination becomes a trust-free-for-all where the most persuasive agent wins. With fiduciary duty, every agent has a clear principal, clear obligations, and clear boundaries.
The Challenge
Section titled “The Challenge”We’re building increasingly autonomous systems and deploying them with the accountability model of a chatbot. That’s a gap, and it’s growing.
The legal profession figured out fiduciary duty centuries ago. The finance industry has it encoded in regulation. Medicine has it baked into licensing. These fields understood that when someone acts on your behalf with meaningful power, they need a formal obligation to act in your interest — not a suggestion, not a guideline, not a vibe.
AI agents are crossing that same threshold. They’re acquiring real power — over your money, your communications, your home, your data. And the accountability model hasn’t kept pace.
If your agent can spend your money, read your email, and control your home, shouldn’t it have a formal duty to act in your interest?
I think it should. And I think the framework for that duty already exists. We just need to implement it.
I’ve started. Here’s how.