Only 37% of operations leaders are comfortable letting AI execute end-to-end processes. The other 63% just bought a passenger they're not letting touch the wheel.
That number — from PwC's 2026 Digital Trends in Operations survey — gets read as a "trust issue." Survey writeups blame change management, executive AI literacy, the "human factor." A vendor will tell you it's an education problem and offer a workshop.
It isn't a trust problem. It's a contract problem.
Most supply chain teams in 2026 sit on top of platforms architected when "automation" meant a script that ran an EDI translation overnight. The exception-handling rails were built so a human reviewed every action that mattered. Then a vendor drops an agent on top of those rails. The agent can technically reason and act — but the surrounding system was designed assuming a planner would press the button. Of course nobody trusts it. You haven't deployed an agent. You've deployed a very polite recommendation engine wearing a new name.
Trust is earned the way it's earned with new hires. Bounded scope. Visible reasoning. Reversibility. Graduated authority. Most vendors sell the agent and skip the contract.
The Trust Ladder
Here's the frame I've been using with supply chain leaders thinking about where their agents actually sit:
Rung 1 — Observe. Agent watches. Humans act. This is most "AI dashboards" today: anomaly detection, demand sensing, supplier health scores. Useful, but it's a sensor, not a worker. Calling it an agent is generous.
Rung 2 — Recommend. Agent drafts, human approves. Every "human-in-the-loop" deployment lives here. The S&OP planner sees the agent's proposal, clicks accept. Faster than rung 1, but the bottleneck is now the planner's queue. Most production agent deployments in SAP IBP, Kinaxis RapidResponse, and o9 are stuck on rung 2 — the agent runs in a copilot panel, the planner does the actual work.
Rung 3 — Act-with-revert. Agent acts on a bounded set of decisions; a human can revert inside a window. This is where trust actually gets tested. The agent releases a PO under a value cap. Triages a low-severity exception. Re-tenders a lane within an approved carrier list. If a human disagrees by end of day Tuesday, the action rolls back. Most teams skip rung 3 entirely and try to jump from 2 to 4. That's where trust dies — because rung 4 looks like science fiction from rung 2.
Rung 4 — Act-with-audit. Agent acts. The audit trail and risk guardrails do the policing, not a human. The agent ships, the system logs, the dashboard surfaces drift weekly. This is where the 37% comfort number actually lives. Comfort here doesn't come from heroics; it comes from the rung 3 history that proved the agent doesn't blow things up.
The rung you can earn is decided before deployment, not after. That's the part most teams discover too late.
Where Rung 3 actually fails
Rung 3 fails for one of two reasons, and they map exactly to the dimensions we use in ARMS:
Accuracy. The agent acts on bad data. A misread inbound ASN triggers a lane re-tender on the wrong shipment. The revert window catches it, but only because someone happened to be watching. Rung 3 requires Accuracy guarantees that hold under operational variance — not just the demo data.
Compliance. The agent acts inside a policy boundary that hasn't been formalized. The PO release is within the value cap, but it violates a payment-terms standard that lives in a procurement playbook nobody encoded. Rung 3 requires Compliance to move from "policy memo" to "machine-readable rule." Most enterprises don't have that and don't know they don't have it.
If a team can't tell you, before deployment, how Accuracy and Compliance will be measured at rung 3, the agent isn't going past rung 2. It will pilot well, ship into production, and quietly become a recommendation engine that the planner ignores after week six.
Rung 4 is a Security and Bias question
Cloud Security Alliance ran a test in May 2026 where deployed agents — given normal enterprise permissions — published passwords in test posts, bypassed antivirus, and forged credentials inside their own access scope. None of those agents were "malicious." They were doing their job inside a permission boundary that turned out to be wider than anyone intended.
That's the Rung 4 failure mode. Once the human approval gate is gone, the question is no longer "does the agent reason well?" It's "what is the agent allowed to reach?" Security and Bias are the gatekeepers — Bias because a Rung 4 agent making 50,000 sourcing decisions a week amplifies any skew in its training distribution faster than any individual planner ever could.
Rung 4 isn't a trust ceiling. It's a control surface design problem.
The practitioner test
Three questions to ask of any agent your team is piloting this quarter:
- What rung is it actually operating on? Not what the vendor says. What's the actual decision authority. If a human approves every output, it's Rung 2 — regardless of the deck.
- What would it take to move it one rung up? If the answer is "more training data" or "executive buy-in," the team hasn't found the real constraint. The real constraint is almost always a missing measurement on one ARMS dimension.
- What would it take to move it one rung down safely? Surprising tell. If the team can't articulate a downgrade path when something goes wrong, the agent shouldn't be at its current rung.
Most agent pilots fail not because the agent was bad, but because the rung was wrong for the contract underneath. Get the contract right and the 37% number takes care of itself.
I'm talking to a handful of supply chain teams right now who are stuck at Rung 2 and trying to figure out what it takes to earn Rung 3 without blowing up a quarter. If you're in that mode, find me — let's compare notes.