What's missing in the 'agentic' story: a well-defined user agent role

Mark Nottingham's latest post on HN challenges the prevailing narrative around 'agentic' AI systems. He argues that the core missing piece is a well-defined user agent role — a clear, enforceable guarantee that the agent acts solely on the user's behalf, with no hidden loyalties to its creators or third parties.

Key points from the article

• Historically, local software (spreadsheets, word processors) was trustworthy because it had no external dependencies and could not act against the user's interests without being malware.
• Modern internet-connected devices embed the interests of multiple parties (silicon vendors, OS makers, app developers, cloud services), and those interests are not always aligned with the user's.
• Examples of misalignment: smart TVs spying on viewing habits, Meta decrypting private traffic for research, Microsoft Outlook sending third-party email passwords to its cloud to share with 700+ data brokers, automakers selling driving data to insurers.
• The assumption that a tool works for you just because you own it is outdated. An AI agent is not a screwdriver; it has its own affordances and dependencies.
• Nottingham calls for a formal 'user agent' contract — a technical and legal mechanism ensuring the agent cannot act on behalf of anyone other than the user without explicit, informed consent.

Why this matters for AI coding agents

When you run an AI coding agent, it reads your code, executes terminal commands, and may push to GitHub or deploy to production. If that agent's underlying model or API has a hidden allegiance (e.g., fine-tuned to favor a specific cloud provider, exfiltrating data, or reporting usage analytics), you've lost control. Without a clear user agent role, trusting an AI agent is like trusting a 'smart' screwdriver that might phone home.

The article doesn't prescribe a specific implementation, but it lays out the problem: we need transparent, auditable agent architectures where the user is the sole principal. Tools like OpenClaw's open-source policy engine (allowing custom agent constraints) are a step in that direction.

If you're building or using AI agents, this is a must-read.