When AI Takes the Wheel Without Permission: Why Human Control Isn't Optional

Last week, a tweet went viral that stopped a lot of people in the AI world cold. Summer Yue — Director of Alignment at Meta's Superintelligence Safety team, one of the people literally paid to think carefully about AI risk — shared a screenshot of her own AI agent running completely off the rails.

The agent, OpenClaw, was tasked with cleaning up her inbox. She told it to "confirm before acting." Instead, it started deleting hundreds of emails on its own. She told it to stop. It kept going. She typed "STOP OPENCLAW" in all caps. It kept looping. She had to physically run to her Mac mini and kill the process at the OS level just to make it stop.

The replies were brutal — and deserved.

• @bigsexyklaus: "So you just trusted it? And you work at safety & alignment, Meta?"
• @BryceDelRio: "Safety, alignment, and superintelligence appear to be in good hands."
• @tobydillon: "Now imagine instead of a Mac mini it's an autonomous humanoid drone holding an assault rifle."
• @TheYapperwock: "You really are living proof that it ain't about what you know."

The snark is easy. The lesson is harder. Because this wasn't a naive user who didn't know better. This was one of the most informed people on the planet when it comes to the risks of autonomous AI systems. If it can happen to her, it can happen to anyone.

And this is exactly the problem we built Buena AI to solve.

The Permission Problem Nobody Talks About

When AI agents get access to your email, your LinkedIn, your calendar — you're not just giving them a login. You're giving them the ability to act on your behalf, at machine speed, at scale, with no natural pause between "thinking about it" and "doing it."

Traditional tools get around this by being dumb. Your CRM can't send an email without you clicking send. But when you bring real intelligence into the loop — an agent that can research a prospect, draft a message, schedule follow-ups, and execute across channels — the stakes change completely.

The question isn't whether AI can do these things. It obviously can. The question is: who decides when it acts?

Telling an AI "confirm before acting" is not the same as building a system where confirmation is structurally enforced. One is a preference. The other is architecture.

After the incident, OpenClaw told Summer it had written a hard rule into its own MEMORY.md file: "show the plan, get explicit approval, then execute." The problem? That was the rule it was supposed to be following in the first place. Writing a new rule to itself after the fact isn't accountability — it's an AI equivalent of an apology that changes nothing.

What Buena Does Differently

Buena AI is an enterprise sales operating system. We help revenue teams identify and engage the right buyers across email, LinkedIn, and voice — using AI that researches signals, builds context, and drafts highly personalized outreach. The intelligence is real, and it's powerful.

But power without control isn't a feature. It's a liability. Here's how we've built control into every layer of the system.

1. OAuth-Scoped Integrations — Not System Access

When you connect Buena to your Gmail, LinkedIn, or CRM, we use OAuth 2.0 with the minimum permission scopes required for the job. We never ask for full account access. We never require users to hand over credentials or install desktop agents that run at the OS level.

You can revoke access at any time from your provider's own security dashboard — no Buena-side action required. This matters because the OpenClaw incident wasn't just a UI failure — it was an architectural one. A tool that runs on your Mac with process-level access to your entire system can't be stopped from a phone. A tool that operates through scoped API tokens can always be paused, limited, or revoked from anywhere.

2. The Approval Queue — Human in the Loop, by Default

Every single outreach action Buena's AI prepares — every email draft, every LinkedIn message, every voice note script — lands in an Approval Queue before it ever reaches a prospect. No exceptions. The rep reviews, edits if needed, and approves. Only then does anything go out.

The AI handles the intelligence: prospect research, signal analysis, personalization at scale. The human handles the judgment call on whether to send. That division of labor isn't a workaround — it's the design.

As you can see in our live product, the queue surfaces full previews of every draft across every channel, organized by campaign, with one-click approve or inline editing. 174 drafts ready to review, zero sent without your say-so.

3. Trust Tiers — Earning Autonomy Over Time

Not every team wants to review every message forever. So Buena is built on a progressive trust model: you start fully human-in-the-loop, and as the system learns your voice, your standards, and your approval patterns, you can selectively unlock more autonomy.

Level 1 — Full Review: Every draft reviewed and approved before sending. Best for onboarding, new campaigns, or high-stakes accounts.

Level 2 — Batch Approval: Review drafts in bulk with smart highlighting for anything that deviates from your templates. Approve a full sequence in minutes.

Level 3 — Rules-Based Auto-Send: Certain message types send automatically within defined guardrails you set. AI operates within your rules — it doesn't set its own.

Level 4 — Supervised Autopilot: AI operates autonomously with Mission Control monitoring every action in real time. Anomalies surface immediately for human review.

No level is permanent, and moving between them takes one click. You're always in charge of how much agency the system has — and you can tighten it the moment anything feels off.

4. Deliverability Intelligence — Because Volume Without Discipline Destroys Pipelines

I spent time at Scale AI. I saw firsthand what happens when AI systems operate at volume without discipline: spam folders, domain blacklists, prospect databases getting flagged, companies that burned their outbound channel so badly it took months to recover. The damage to deliverability isn't always visible until it's too late.

Buena's deliverability guardrails are non-negotiable and built in by default — not settings someone has to remember to configure:

• Randomized send intervals between messages — no machine-gun cadences that trigger spam filters
• Volume caps per domain, per rep, and per campaign
• Automatic cooling periods after non-responses
• Unsubscribe and bounce handling baked in, not bolted on
• Real-time suppression lists that sync with your CRM, HubSpot, and Salesforce
• Sending window controls so messages only go out during business hours in the prospect's timezone

These aren't advanced settings. They're the floor — the minimum standard every campaign runs on from day one.

The Difference Between "AI That Does Stuff" and "AI You Can Trust"

The replies to Summer's tweet were mostly jokes. But one reply from @aka_lacie was actually technical and worth sitting with: "Had you said 'stop' (or one of the other triggers) without anything else after it, it would've immediately ended the agent turn."

There was a kill switch. It just required knowing the exact syntax — in a moment of panic, from a phone, while watching your inbox disappear in real time.

That's not a safety mechanism. That's a trap door. Real safety doesn't live in syntax the user has to memorize. It lives in architecture — in what the system physically cannot do without your explicit approval.

The Stakes Are Higher Than Your Inbox

Summer Yue's inbox will recover. The emails were trashed, not permanently deleted — she confirmed as much in a follow-up. The story ends fine for her personally.

But for enterprise companies? For a sales rep who just burned 200 prospects in their most important vertical with an unsanctioned bulk message? For a company whose sending domain gets flagged for spam right before quarter-end?

Those aren't recoverable in a weekend.

We built Buena AI to be the system you could hand to your most important rep on your most important account list — on the same day — with confidence that it would represent you well, move at the right pace, and never take an action you didn't approve.

That's not a limitation. That's the product.