The 40th principle: who verifies the other 39?
Taras Bakusevych just published the best applied synthesis of human–AI interaction design to date. It has two blind spots — and they're where the next five years of trust work will happen.
Last week, Taras Bakusevych published 39 Principles for Designing Human–AI Interaction — and if you design AI products for a living, you should read it before you read this. It is the most complete applied synthesis of the field I've seen: Horvitz's mixed-initiative work, Microsoft's 18 guidelines, Google PAIR, IBM's generative AI principles, all compressed into one framework a product team can actually use.
Three things elevate it above the usual listicle.
Model specs as design canon
He treats OpenAI's Model Spec and Anthropic's Claude Constitution as designer reading. Genuinely new: model specs govern behavior, not interfaces — and they lead on exactly what the older HCI literature predates. Honesty about the system's own nature. No hidden agendas. Preserved human oversight.
Sycophancy as a design problem
Citing Sharma et al., he notes models systematically cave when challenged — and that human feedback itself rewards flattery over truth. His conclusion: honest pushback must be designed in as an interface affordance, because the model's defaults tilt toward agreement.
Provenance over confidence
The counterintuitive gem. Confidence numbers, even meaningless ones, inflate trust in wrong answers. Evidence — the source passage, the changed lines, the tool trace — calibrates it. That single principle would improve half the AI dashboards shipping this quarter.
On the second point he's describing, from the model side, exactly what our Heuristic 07 — Appropriate Assertiveness demands from the product side: pushback is professional, and blind compliance is a failure mode. On the third, it's the argument of Can I Prove What the Agent Did? compressed into four words.
This is not a takedown. It's a completion.
Because all 39 principles rest on one unexamined assumption, and that assumption is expiring.
The unexamined assumption
Every principle assumes a human on the other side of the glass.
Read the framework again and notice the shape of it: a human types, a system responds, an interface mediates. Suggest or act. Show the diff. Ask when uncertain. Design the wait. That was a safe axiom in 2019, when Microsoft published its guidelines. It was still reasonable in 2024. In 2026, it's a hole. Two questions the article never asks:
What happens when the user is an agent?
Who proves the system actually follows any of these principles?
These aren't edge cases. They're the two fronts where trust work is moving fastest — and where the design community is, so far, mostly absent.
Blind spot 01
The agent is now the user.
Bakusevych's principles govern how your product's AI behaves toward humans. But the traffic hitting your brand increasingly isn't human. Shopping agents comparing your offer against three competitors. Research agents summarizing your category for a buyer who will never visit your site. Procurement agents reading your documentation to decide whether you make a shortlist. It's the shift we mapped across YC's Spring 2026 batch: the agents got jobs, and one of those jobs is evaluating you.
Almost every principle in the framework has a mirror image on the brand side — and the mirror is unbuilt.
| The principle (human side) | The mirror (agent side) | Where the mirror lives at auxfirst |
|---|---|---|
| P4 · state capabilities & limits | Publish machine-readable capability claims an agent can parse, compare, and act on — not marketing copy it has to guess through. | capabilities.json · the AI info page |
| P10 · provide provenance | Structure your provenance so an agent can verify it. An agent doesn't hover over a citation — it finds checkable evidence or it discounts you. | the Authorship Layer |
| P7 + P9 · signal & represent the AI honestly | Identity as an artifact, not an aspiration: who operates this agent, on whose behalf, with what permissions, accountable to whom. | Agent Identity Cards |
| P27 + P28 · escalation & refusal | Machine-legible refusal and escalation paths — an agent needs to know when you'll say no, and who to hand off to. | Heuristics H06–H07 |
| P35 · separate instructions, data, tools, actions | Your website, API, and content are now inputs to someone else's agent. You are inside another system's trust boundary — designed for it or not. | Agentic API Experience |
At auxfirst we call this discipline AUX — agentic experience design. Because when both sides of an interaction can be synthetic, "represent the AI's nature honestly" stops being a UX nicety and becomes the handshake protocol of commerce. Concretely: picture a checkout where the "user" is a shopping agent acting for a customer. Which of the 39 principles applies? Nearly all of them — inverted. The agent needs your capability claims, your provenance, your refusal paths, your escalation design. It just needs them in a form no Figma file has ever specified.
Blind spot 02
Principles without proof.
Here is the harder problem. All 39 principles are voluntary interface choices. Every single one can be claimed in a keynote and absent from the product. The framework has no answer to the only question a buyer, a regulator, or a partner agent actually asks: who checked?
We've seen this movie. Web accessibility had principles for a decade — thoughtful, well-sourced, widely ignored. It took WCAG conformance levels, audit practices, and legal teeth to turn principles into a market. Accessibility didn't become real when designers agreed it mattered. It became real when conformance became verifiable.
AI interaction design is at the pre-WCAG stage. Bakusevych has written an excellent set of principles. What the field lacks is the conformance layer: named trust tiers, testable requirements, attestation that a system actually does what its interface implies. That's the gap we're building toward — in the open with TrustKit and the Trust Harness, and in a working draft we call the Trustworthy Agent Protocol (TAP): normative requirements instead of aspirations, trust tiers instead of vibes, continuous monitoring instead of a one-time badge. The formula is simple:
The clock
The regulatory deadline is louder than the article admits.
One date is conspicuously missing from the piece: August 2026. That's when the EU AI Act's transparency obligations bite — one month after publication. And under those obligations, a chunk of the framework quietly changes category:
| P7 · signal the AI's role explicitly | Disclosure duty for AI systems interacting with people. |
| P9 · represent the AI's nature honestly | The same duty, stated from the other side. |
| P24 · show whose rule the system follows | Transparency about system behavior and its constraints. |
| P33 · data use explicit, permissioned, revocable | Runs straight into GDPR-adjacent obligations — which never went away. |
In the EU, these are no longer design advice. They're compliance requirements with enforcement attached. Which means the 39 principles aren't just a better-UX argument anymore — they're a compliance roadmap the article doesn't realize it drew. The teams that treat trust design as a legal perimeter will spend less and ship calmer than the teams that treat it as polish.
The ceiling
Where the ladder stops.
One more quiet limit. Bakusevych's "Calibrated Trust" — the strongest category in the framework — ends at appropriate reliance: the user trusts the system exactly as much as it deserves. Necessary. Not sufficient. In our Trust Architecture, appropriate reliance covers the first two stages. The commercial value lives higher.
A framework that stops at reliance treats trust as a UX property. Treated as an asset, it's a growth engine — and it's the only durable moat when every competitor has access to the same models. That's the argument we've made since the manifesto: a safe agent isn't automatically a trusted one, and a relied-upon agent isn't yet an advocated-for one.
So keep the 39. Then demand the 40th.
Print them. Run your next design review against them — they're the best floor the field has. Then demand the 40th from your organization: make conformance verifiable. Because an agent evaluating your product won't read your design principles. A regulator won't accept your intentions. And a customer whose agent got burned won't care how thoughtful your interface was.
The interface is where trust is experienced. Verification is where trust is earned.
Want to know if your product would pass?
The Agent Experience Audit runs your agent against the auxfirst heuristics and trust architecture — a trust scorecard, the failure modes, and a prioritized fix list. The "who checked?" question, answered.
Explore the audit →Sources & further reading
Method · Bakusevych's article was verified at the cited URL on 7 July 2026 (published 30 June 2026); principle numbers follow his numbering. External sources link to their canonical homes. The Trustworthy Agent Protocol (TAP) is an auxfirst working draft — requirements and AI-Act mapping in development, not yet published; TrustKit is the published, open piece of that work.