The contractor with admin access: how we actually oversee AI agents
By The Lucidrail Team · 2026-07-17
Picture hiring a contractor. On their first day you hand over admin access to your production systems, API keys for every external service you use, permission to send email as your company, and authorization to make purchases on your behalf. Then you agree to find out what they did once a month, from the invoice. Nobody would run a business this way.
But that is the default arrangement for an AI agent in production. The agent holds all of those powers. Your window into what it is doing — right now, today — is a feeling and a bill that arrives after the fact.
This is not an incident story. Nothing has to blow up for the arrangement to be a mistake. The setup itself is the problem, and once you picture it as the contractor version, it is hard to unsee.
What you have actually handed over
An agent is not a script following a fixed path. It decides what to do next. So each capability you grant is real authority, not a feature sitting unused. For a typical production agent, the list looks like this:
A human contractor holding that same bundle would get a check-in on day one, another at the end of week one, and a second pair of eyes on every large action. The agent gets a monthly statement. The powers are identical; the oversight is not even close.
- Admin access to production systems
- API keys for external services
- Permission to send email as your company
- Authorization to make purchases on your behalf
The dashboard is a credit-card statement
One team put it plainly. Running seventeen agents, they realized they could not say what those agents were spending until the bill came:
We run 17 AI agents at Artificial Lab. One day we realized we had no idea what they were spending… The UI for all of that spending was our credit card statement. Once a month. After the fact. — peiyaooo, on building an agent spend-approval tool (Show HN)
The tell is not the surprise. It is that the statement was the only instrument they had — a record that arrives once a month, after the money is gone. That is not oversight. It is reconciliation.
“Completely out of my control”
The same gap shows up as a feeling, even for a single paying user. On a public issue for a widely used coding agent, one person described watching usage climb while they were not even working:
The usage appears to continue increasing even when I am no longer actively working… completely out of my control as a paying user. — hayefmajid, on a Claude Code GitHub issue
What he asked for is the revealing part. Not more power, and not a bigger budget. Just a way to audit consumption by session, process, and tool — the ability to see what already happened and attribute it to something. The contractor analogy again: you are not asking the worker to do less. You are asking to be able to look.
Most teams never wire this up
You might assume this is a solved problem for any serious team. It is not. By one practitioner's count, only about one in five teams instrument agent observability from the start. Four in five are running the contractor-with-no-check-in arrangement — usually not by choice, but because seeing and capping an agent fleet is upfront work that nobody did.
The question that cuts through all of it is short. Would you run a human this way? If the answer is no, the agent version is not different. It is just quieter, right up until the bill lands.
This is the arrangement we set out to fix at Lucidrail: one console that shows what every agent in your fleet is doing and spending right now, per-company budgets with hard caps that stop a runaway before it bills, and an audit trail where every action traces back to the goal that prompted it. On the security side, a dispatch seam is designed to keep the most sensitive secrets from ever reaching the agent at all. The point is not to give the agent less to do — it is to give the contractor a manager.