Researchers propose new framework for AI agent authority in CI/CD pipelines

A new research paper titled "From Assistance to Agency: Rethinking Autonomy and Control in CI/CD Pipelines" (accepted to AIware 2026) tackles the fundamental challenge of how much decision-making power to give AI agents in software delivery pipelines. The authors—Marcus Emmanuel Barnes, Taher A. Ghaleb, and Safwat Hassan—introduce a critical distinction: data-plane authority covers localized interventions (e.g., patch generation, test reruns), while control-plane authority affects pipeline configuration, deployment policies, and approval gates. They argue that current agentic CI/CD systems operate mainly at the data plane under "bounded autonomy," with safety achieved through surrounding governance infrastructure rather than intrinsic agent guarantees. This creates a widening gap between rapid deployment momentum and lagging evaluation methodologies.

Based on analysis of research prototypes and industrial platforms, the paper identifies three recurring patterns: constrained autonomy as the dominant design, external governance as the primary safety mechanism, and a mismatch between deployment speed and rigorous evaluation. The authors propose a forward-looking research agenda focused on four urgent areas: control-plane safety and governance mechanisms (the most critical open problem), formalization of autonomy boundaries, evaluation frameworks, and human-agent coordination. For enterprises integrating AI into CI/CD, this work provides a shared vocabulary to discuss risk and delegation—crucial as agents move from assistance to true agency in production systems.