HeliumHelium AI

Bees Do's & Don'ts

Deploying autonomous agents is different from using a chat tool. These rules apply before you activate any Bee — single agent or a multi-agent team.

Autonomous doesn't mean unsupervised. It means the rules are clear enough that the agent doesn't need to ask every time. Set those rules before activation, not after something goes wrong.

Deploying autonomous Bees

✓ Do

  • Define the agent's scope explicitly before activation.
  • Set approval steps for consequential actions (emails sent, code pushed, messages posted).
  • Review agent outputs on a regular cadence, especially early in a deployment.
  • Revoke integration access you no longer need.
  • Start with a read-only team (research + summarise) before granting permission to send or publish.
  • Grant only the integrations the agent actually needs for the task.
  • Monitor the audit log in the dashboard for unexpected actions.
  • Keep a human in the loop for any output that drives real business decisions.

✕ Don't

  • Activate a Bee on a business-critical workflow without explicit limits.
  • Assume "autonomous" means "unsupervised".
  • Grant broad permissions and forget about them.
  • Skip human sign-off on actions that send communications or modify live data.
  • Ignore approval requests — read the full details (recipient, body, etc.) before approving.
  • Assume the agent's first output on a new task is production-ready.
  • Let an agent with web-browsing access skip your review before sending data externally.
  • Grant more integrations than the task requires.

The approval system in practice

When Hermes wants to take a sensitive action — sending an email, posting a message, pushing code — it sends you an approval request on Telegram, Slack, or Discord with the full details. Reply yes to allow or no to deny. After 10 minutes with no response the action is automatically denied.

If Hermes just browsed the web and is now asking to send data externally, this is the prompt injection defense working correctly — read the approval request carefully before responding.

Before activation

Define scope, set approval steps, grant only needed integrations

During operation

Read approval requests fully, review outputs regularly, check audit log

Ongoing

Revoke unused access, expand permissions only after trusting the output

For the technical enforcement layer — hardline blocks, SSRF protection, container isolation — see Safety Guidelines and User Boundaries.