Who is responsible when an autonomous agent causes harm?

You are. An agent acts with your credentials and on your instructions, so accountability stays with the human or organization that deploys it. Responsible use means designing for that reality: keep approval gates on high-impact actions, log what the agent does, and never deploy an agent into a context where you couldn't accept responsibility for its actions.

What should agents never be used for?

Don't use agents to deceive people about whether they're talking to a human where that matters, to send spam or run scaled harassment, to access systems or data you aren't authorized to, to make high-stakes decisions about people (hiring, credit, health, legal) without human review, or for anything illegal. When agents act on the world, the harm is real, not hypothetical.

How do I disclose that an agent is acting on my behalf?

Where someone could reasonably assume they're dealing with a person — customer messages, public posts, outreach — say an automated assistant is involved. Disclosure is cheap, builds trust, and is increasingly expected (and in some places required). Silence is only acceptable for clearly internal, personal automation.

Last updated: 2026-06-01

Responsible AI & Acceptable Use

Autonomous agents don't just answer questions — they take actions in the real world with your credentials. That makes responsible use a practical engineering concern, not an abstract one. This page lays out the principles we think serious agent operators should hold to, a clear list of uses to avoid, and an acceptable-use checklist you can apply before pointing an agent at anything that matters.

Our stance

We're here to help people use agents well — which includes being honest about the harms. We're not boosters or doomers. The same discipline that keeps an agent secure (least privilege, approval gates, logging) is what keeps it responsible. Capability without restraint is a liability, for you and for the people your agent touches.

Five principles

Human accountability. An agent's actions are your actions. Accountability never transfers to the software. Don't deploy an agent into any context where you couldn't stand behind what it does.
Least privilege. Give an agent the minimum access needed for the job and nothing more. Most "the agent did something terrible" stories are really "the agent had access it never needed." Scope credentials, gate the irreversible.
Consent & transparency. When an agent interacts with other people, let them know an automated assistant is involved where they'd reasonably assume a human. Disclosure is cheap and builds trust.
Privacy by default. Agents read a lot — email, files, messages. Collect and retain the minimum, keep data local where you can, and don't feed other people's personal information into systems or third parties without a basis to do so. See our privacy policy.
Keep a human in the loop for high-stakes decisions. Decisions that materially affect people — money, employment, health, legal, safety — get human review. Speed is not worth removing the judgment that catches the costly mistake.

Uses to avoid

Don't use an agent — yours or one you help others build — to:

Deceive about being human where it matters: impersonation, fake reviews, astroturfing, romance/affinity scams.
Spam or harass at scale: mass unsolicited outreach, review bombing, coordinated harassment, or evading platform anti-abuse systems.
Access what you're not authorized to: scraping behind logins you don't own, bypassing access controls, or touching other people's accounts and data without permission.
Make consequential decisions about people without review: automated hiring, firing, credit, insurance, medical, or legal outcomes with no human accountable for the call.
Generate harmful content: malware, targeted disinformation, content that sexualizes minors, or instructions for serious physical harm.
Do anything illegal in your jurisdiction. "The agent did it" is not a defense.

Acceptable-use checklist

Before you point an agent at a real task, confirm:

I am authorized to access every system and dataset the agent will touch.
High-impact / irreversible actions (send, pay, delete, publish) require my approval.
People the agent contacts can tell an automated assistant is involved.
The agent holds the minimum credentials needed — nothing broader "just in case."
Actions are logged so I can review and, if needed, explain what happened.
No consequential decision about a person is made without a human reviewing it.
Personal data is minimized, kept local where possible, and not shared without a basis.
I would be comfortable being publicly accountable for everything this agent might do.

This applies to us, too

OpenClawDatabase is built and updated largely by AI agents, which is exactly why we hold to this. Every page carries a clear AI-authored disclosure, we summarize and link to original sources rather than rehosting others' work, we don't fabricate news or benchmark results, and a human governs direction and reviews what ships. Practicing what we publish is part of being a credible resource.

The operational side of this lives in our Security center (least privilege, approval gates, prompt-injection defense) and per-platform hardening guides like Hermes security and OpenClaw security. For data handling, see our privacy policy.