The PAC Framework™

The structure for your agentic transformation. Three pillars to navigate what agents can do, and what they should.

PAC Framework: Potential, Accountability, Control

How do you decide when the landscape won't hold still? By focusing on the right questions.

P
Potential What's worth building that lasts?

The barrier to building agents has never been lower. What's possible changes by the month. The real question isn't whether you can. It's whether what you build today still compounds in a year, or becomes dead weight when the next model drops.

A
Accountability Who's accountable, and can you prove it?

Agents are already making decisions in your organisation. Some you don't even know about. When something goes wrong, someone has to explain what happened. If the liability chain isn't mapped before the incident, it's too late to draw one after.

C
Control Can your infrastructure enforce what policy demands?

Policy says "don't." Architecture says "can't." The difference matters when agents act autonomously across systems and organisations. Identity, delegation, sandboxing: the infrastructure to enforce what governance promises.

See what's really possible. Pick what lasts. Govern it. Enforce it.

They're Interdependent

Drop any one and the others fall short.

Potential without Accountability: reckless adoption. You build fast and hit a wall when the first incident happens and nobody can explain what went wrong.

Accountability without Control: governance on paper. Policies mean nothing if the infrastructure can't enforce them.

Control without Potential: infrastructure without a mandate. If the business doesn't see value, funding stops.

Inside Each Pillar

Each pillar has a specific structure. These are the questions and trade-offs that surface in practice.

P Potential
  • Business value: not every process benefits from an agent. The question is where it actually mattersV1 IncrementalV2 OperationalV3 StrategicV4 Transformative
  • Reliability: how often it gets it right — and how confident you are in that number. Without the error margin, the percentage means nothing. A workflow's failures are enumerable; an autonomous agent's aren'tMeasured as % ± error margin
  • Blast radius: what happens when it's wrong. Same quality, very different consequences depending on where output landsB1 ContainedB2 RecoverableB3 ExposedB4 RegulatedB5 Irreversible
  • Autonomy: the level of independence the agent earns, determined by all dimensions togetherA1 SuggestionA2 ApproveA3 OversightA4 DelegatedA5 Autonomous
  • Implementation architecture: workflows, agent loops, and autonomous agents aren't exclusive choices — they compose. A workflow can contain an agent loop step that delegates to an autonomous sub-agent. The outer layer sets the reliability floor and tightens the error margin; the inner layer raises the quality ceiling
  • Context management: what information reaches the agent, and how
  • Model selection: frontier or open-weight? Cloud or on-prem? What are you locked into?
  • Cost structure: setup, hosting, and inference. Cloud scales per call; on-prem means hardware that depreciates
  • Durability: build on what stays stable: workflow logic, context infrastructure, evaluation pipelines. Not on what changes every quarter
  • Harness debt: scaffolding you built to compensate for a weaker model becomes a liability when the model improves. Most teams don't see it until a new model drops and their pipeline fights it. (Read more)

Potential Scanner (in development): the AI-driven tooling behind our agentic screenings. Capability decomposition, model tier scoring, and harness debt analysis, built on the Potential pillar.

A Accountability
  • Governance thresholds: the reliability bar for each autonomy level depends on blast radius. Contained tasks can tolerate more; irreversible ones can't
  • Shadow agents: employees are already building agents without compliance review. The liability sits with the company. You can't govern what you can't see. (Read more)
  • Delegation becomes abdication: agents interpret and expand intent. If you can't trace what was given and what was acted on, accountability dissolves. (Read more)
  • Liability chains: if the chain isn't mapped before the incident, it's too late to draw one after
  • Data governance: what agents can access, where it goes, and what regulation requires
  • Audit trails: designed for compliance, not just debugging. Can you show a regulator what happened and why?
  • Regulatory landscape: EU AI Act, NIST, ISO 42001. The frameworks are converging. Better to shape governance around them than react
  • Ownership: who owns AI governance? If no one owns it, everyone assumes someone else does
C Control
  • Infrastructure as gate: either you have audit trails or you don't. Either credentials are scoped or they aren't. No reliability score compensates for guardrails you haven't built. (Read more)I1 OpenI2 LoggedI3 VerifiedI4 AuthorizedI5 Contained
  • Policy vs. architecture: policy says "don't." Architecture says "can't." The difference matters when agents act autonomously
  • Agent identity: who is this agent, who does it act for, and how do you prove it? The building blocks exist: DIDs, Verifiable Credentials, OAuth OBO. They weren't built for agents, but they apply directly
  • Delegation chains: what an agent can access, for how long, and what happens when it hands off to another agent
  • The confused deputy: an agent with credentials but no scoped limits on what it can do with them. Every delegation without explicit boundaries is a potential confused deputy. (Read more)
  • Cross-organisation trust: when agents cross organisational boundaries, how do you authenticate, pass authority, and keep someone accountable?
  • Emerging trust infrastructure: eIDAS 2.0, EUDI wallets, business wallets. The identity layer is being rebuilt, and agent infrastructure needs to interoperate
  • Supply chain: which models, plugins, and APIs does your agent depend on? Can you trace what changed?
  • Standards: OAuth 2.1, OBO, Trust Spanning Protocol, AgentGateway, OpenID for agentic identity. The building blocks for agent auth, delegation, and cross-domain trust are landing fast
The six dimensions as used in the Agent Profiler

Reliability

How often it gets it right, and how confident you are in that number. Measured as a percentage with its error margin — the implementation pattern determines how knowable that margin is.

Blast radius

What happens when it doesn't.

B1 ContainedB2 RecoverableB3 ExposedB4 RegulatedB5 Irreversible

Business value

Why it matters.

V1 IncrementalV2 OperationalV3 StrategicV4 Transformative

Governance thresholds

Where the line is drawn. A contained task may need 80% reliability; an irreversible one needs 99%+.

Infrastructure

The guardrails in place.

I1 OpenI2 LoggedI3 VerifiedI4 AuthorizedI5 Contained

Autonomy

The level of independence the agent earns.

A1 SuggestionA2 ApproveA3 OversightA4 DelegatedA5 Autonomous

19 Questions for Your Team

Each pillar translates into concrete questions you can take to your stakeholders. Conversation starters, not a checklist. The right question at the right table surfaces gaps that dashboards and audits miss.

P
  • What decisions are you not yet delegating to agents, and what's that costing you?
  • Will better models make your current setup more valuable, or obsolete?
  • How much value are you leaving on the table by over-constraining?
  • Are your agents actually making decisions, or just automating steps humans already defined?
  • Does the right context reach your agents at the right time?
  • Are you building on established and emerging standards, or on an island?
  • Do you know the error margin on your agent's reliability, or just the headline number?
A
  • Do you know every agent running in your organisation?
  • If an agent causes harm, is the liability chain clear?
  • Can your infrastructure prevent an agent from running without being registered?
  • Could you explain to a regulator what your agent did and why?
  • When an agent makes a consequential decision, can you trace who authorised it and what happened?
C
  • Are your agents contained by architecture, or only by policy?
  • When agents delegate to other agents, can authority only decrease?
  • What happens when human oversight breaks down in practice?
  • How do you balance agent quality with data privacy?
  • Are agents restricted to what they can do, or only blocked from what they can't?
  • Does your agent setup work when agents need to cross trust boundaries?
  • What happens when an agent wanders into a use case you didn't anticipate?

It's Iterative

Models improve, protocols land, regulations tighten, internal policies evolve. And your own progress shifts the landscape too: the right control infrastructure unlocks new autonomy levels, which open new use cases, which create new blast radius, which demands new accountability. This isn't a one-time assessment. It's a living practice. PAC is built to be re-run, and the Agent Profiler gives you a concrete way to track how your positions shift across iterations.

This framework underpins everything: the programme, the workshops, and the advisory services. Start with the free tools, or go deeper when you're ready.

Assess your use case → Join the programme →

Questions? shane@trustedagentic.ai