Article
When Your AI Agent Joins the Team
From learning to access control
In my previous article, I described building an AI agent that learns between sessions. An agent with structured memory and a self-correction loop. A system for accumulating experience across runs.
The moment other people needed access to it, the problem changed completely. It was no longer about whether the agent could learn. It was about who gets to teach it.
What happens when your team gets access to an AI agent
Most articles about AI agents focus on what the agent can do. Very few talk about what happens when someone other than the builder starts using it.
I built a Slack bot. The idea was simple: give the team a way to interact with the agent directly — ask questions, request analyses, get reports. No terminal. No code. Just Slack.
It worked immediately. And that is when the real problem appeared.
Free chat with an AI agent is a powerful interface. It is also a risk. If anyone on the team can write anything to the agent, anyone can accidentally overwrite its memory or change its behaviour. They can trigger actions that were not intended. The agent does not judge authority. It processes input.
The question was not whether the team should have access. The question was: what kind of access?
Role-based access control for AI agents
I ended up with a role system. Three levels: admin, analyst, viewer.
The viewer can read reports and see what the agent produces. Nothing more. No commands, no chat, no influence on behaviour.
The analyst can do more. They can ask questions. They can run predefined commands. And — this is the important part — they can write to the agent's memory. But only through an explicit command, not through free conversation. If an analyst types a memory instruction in the right format, the agent saves it. If they try to write it as a casual message, the system ignores it.
The admin has unrestricted access. Free chat, direct commands, memory writes, configuration changes.
This sounds like a standard permission model. But the distinction that matters is not who can read or write. It is who can teach. Because every memory entry changes what the agent knows. And what the agent knows shapes every future output.
Why AI agent memory becomes a shared knowledge base
This is something I did not fully appreciate until I saw it in practice.
In the previous article, I described the structured memory layer — a file the agent reads before each run, containing lessons from past sessions. What I did not say is what happens when that memory becomes shared.
The moment multiple people contribute to the agent's memory, it stops being a personal tool. It becomes a shared knowledge base. Every entry affects every future session — not just for the person who wrote it, but for everyone who interacts with the agent.
Uncontrolled access to that memory is a real risk. Not because people have bad intentions. But because the agent does not distinguish between a well-considered methodological insight and a casual remark someone typed without thinking. It treats both as equal truths.
Command-only memory access for analysts was the compromise. You can contribute. But you do it deliberately, in a structured format, and it is logged.
What happens when the agent gets the methodology wrong
This one caught me off guard.
Join the Library
Full access to my thoughts, personal stories, findings, and what I learn from the people I meet.
Join the Library — €29.99 per yearGet the full article by email and feel free to reply if you want to discuss it further.
Summary
Common questions on this article's topic
What is role-based access control for AI agents?
Why is AI agent memory a risk when shared across a team?
Can AI agents get trapped in logical errors?
What is the difference between an AI agent correcting itself and actually learning?
How do you deploy an AI agent for a team safely?
What is the biggest challenge when scaling AI agents from solo use to team use?
If you have any thoughts, questions, or feedback, feel free to drop me a message at mail@richardgolian.com.
Related articles
I am building an AI system to predict the S&P 500. It runs on my own machine, uses free public data — yfinance, FRED, the Shiller dataset — and grades every forecast against reality. This series documents the build itself: the decisions, the methodology, the mistakes. What I will eventually share from the running system is a separate question, and an honest one.
Yesterday I could not tear myself away from the computer. When I lifted my head, it was half past eight in the evening. I had been sitting alone upstairs for about three hours.
Before you can teach AI to understand anything, you need to see what it is hiding from you.
More articles
Prague, 13 May 2026. On my way to work I started thinking about something that stayed with me for days. If most routine work on a computer disappears in the next ten years, and a large share of repetitive manual work disappears with it, what happens to the flow of money? Who pays whom for what? Which economic layers will exist, how large will they be, and what relationships will run between them? This is the six-layer map I sketched as an answer.
Will AI take my job? A certified Google trainer told me in June 2024 that my profession would cease to exist. Twenty-two months later, my job title has not changed — but ninety percent of what I do during the day is different. I have delegated more of my thinking to AI agents than I thought possible. I am not afraid. This is why, and what it means for anyone asking the same question.
One hour. Fifty-five minutes. That is how long it took to build what a Czech software firm had quoted at over €50,000. I built it with Claude Code. Not a prototype. Not a proof of concept. A working tool — the one the company actually needed. By the evening of the same day, it was running on staging. This is not about Claude Code. It is about what Claude Code exposes.
I have conducted roughly one hundred and fifty practical interviews over the past four years. Fifty for data specialist roles. A hundred for advertising and performance marketing specialists. Almost every one of them involved sitting down with a candidate over a practical task — something close to a real problem we actually need to solve at the company. Not theory. Not trivia. Applied problem-solving. Over time, I started noticing a pattern.
I wanted to build an agent that doesn't just assist. One that acts.
This is what I learned about local vs cloud AI, and why I switched to Claude Code.
What happened — and how can it be reversed?
Four days in Catalonia. No computer, no AI, almost no social media. I bought this notebook so that I could write down what I would think about, and what I would come across and learn on the trip.