When AI Agents Start to Act, Trust Becomes Infrastructure

On May 29, Tynapse took part in GStar Summit 2026: AI & Humanity, held in Ho Chi Minh City, Vietnam. Tynapse co-founder and Head of AI Dr. Myungsub Choi gave a talk titled "From Focusing Lenses to Focusing Risks." He shared how an engineer who once built camera autofocus came to think about safety and trust in agentic AI, and how that line of questioning leads to the Runtime Trust Layer that Tynapse is building.

Tynapse co-founder and Head of AI Dr. Myungsub Choi presenting at GStar Summit 2026
▲ Tynapse co-founder and Head of AI Dr. Myungsub Choi presenting at GStar Summit 2026

The theme of GStar Summit 2026 was AI & Humanity. More than 1,000 participants — researchers, founders, engineers and students — gathered, and the conversation spanned models and agents, education, accessibility, science, healthcare, space, climate and human responsibility. What stood out most was the energy of Vietnam's AI community. Beyond simple curiosity or hype, there was a strong sense of people seriously asking and debating where AI should go.

More than 1,000 participants gathered at GStar Summit 2026
▲ More than 1,000 participants gathered at GStar Summit 2026

Tynapse's talk leaned a little more technical than most. But the question we wanted to raise was closely tied to the theme of the whole event.

When an AI agent moves beyond answering and starts to act in real work, what makes that system trustworthy?

A question that began with camera autofocus

The talk began with a story about camera autofocus.

Almost everyone has experienced a camera hunting back and forth, unable to lock focus in a dark room. Autofocus is a technology that has been refined for a very long time. Contrast Detection Autofocus (CDAF), for example, moves the lens to find the point where image contrast is sharpest, while Phase Detection Autofocus (PDAF) uses the phase difference on the sensor to estimate the focus direction more quickly.

The problem is low-light environments. When light is scarce, image contrast weakens and the phase signal from the sensor becomes unstable. The very signals that focus depends on start to blur.

One of the problems Dr. Choi worked on at Samsung Electronics was exactly this low-light autofocus. Where traditional signal-processing approaches struggled, he applied a lightweight neural network trained on data. To fit the constraints of a product, the work started from a MobileNet-class lightweight model and went further, considering even smaller architectures and tightly constrained compute.

The offline evaluation results were good. The learning-based autofocus model locked focus more reliably than the conventional approach across many difficult conditions, and average performance improved as well.

Judging by the demo alone, it looked like a success.

But the moment we tried to ship it in a real product, a harder question appeared.

A good model and a trustworthy system are not the same thing

From the product's point of view, what mattered was not simply "does it focus better."

The questions that really mattered were these:

  • Can we trust the focus we just locked?
  • Should we search a little more?
  • When should we fall back to the conventional method?
  • How should the system admit that the current scene is uncertain?

A neural network can output something that looks like confidence, such as a softmax probability. But that does not mean the value faithfully reflects real uncertainty. The model could be more accurate on average, yet it did not express well enough when it was unsure.

In other words, the model's performance improved, but its confidence was not production-ready.

This experience is deeply connected to how Tynapse looks at agentic AI today. At the demo stage, average performance, accuracy and a smooth showcase seem to matter. In production, the questions change.

  • Rather than "is it good on average," what matters is how it behaves in the worst case.
  • Rather than "is accuracy high," what matters is whether that confidence can be trusted.
  • Rather than "did the demo succeed," what matters is whether failure is handled safely.

Ultimately the unit changes. It should be viewed not as a single model output, but as a decision of the system as a whole.

The core lesson from autofocus was this:

Reliability does not mean higher accuracy alone. It is the ability to know when a system can be wrong, and to handle that situation safely.

The same problem returns in AI agents

A few years later, while building an agentic RAG system for internal knowledge work, a similar problem appeared again.

This system was an agent that retrieved documents, summarized them, reasoned based on context, and helped users move on to their next task. It was less a chatbot that merely generates answers, and more a system that finds information, makes judgments and proposes the necessary actions within a workflow.

In the PoC it was impressive. It retrieved well, summarized well, and the answers were fairly fluent. It looked like it could genuinely help with real work.

But the moment we thought about production, the same question from the autofocus days returned.

Can we trust this agent's judgment inside a real workflow?

In autofocus, a high softmax probability looked like confidence. In AI agents, smooth, well-structured sentences look like reasoning. The problem is that neither of these guarantees real trust.

Models can be wrong. That in itself is nothing new. The more dangerous part is that they can look confident even when they are wrong.

A frequently cited simple example is the "car wash test." A user asks, "I want to wash my car, and the car wash is 50 meters away. Should I walk or drive?" At a glance, 50 meters is close, so "walk" sounds plausible. But to wash the car, the car has to be at the car wash, so the answer that matches the intent is to drive.

Individual tests like this are sometimes solved by newer models over time. The point is not any single test. In real work, far more complex context omissions occur, and the agent can still produce a very natural and confident answer in those situations.

The problem shifts from "is it in focus" to "can we trust this judgment." That is, the problem of focus confidence expands into the problem of decision confidence.

Three frictions that surface in production

When connecting agentic AI to real workflows, there are three frictions Tynapse pays close attention to.

The first is consistency. If an agent chooses a different decision path every time, even when given similar questions and similar context, that becomes a problem in production. In a demo, this variation can look like flexibility. In real work, flexibility can turn into instability.

The second is grounding. RAG helps reduce hallucination because it makes the model refer to documents. But retrieving relevant documents does not mean the final judgment is always sound. The retrieved material can be correct while the answer goes beyond what that evidence supports.

The third is tool use. Once an agent moves beyond generating sentences and begins to call tools or advance a workflow, the nature of mistakes changes. A wrong answer can be corrected, but a wrong approval, a wrong notification, wrong data access or a wrong action carries real operational risk.

Suppose we ask an agent, "Can we approve this vendor?" The retrieved documents say "SOC 2 is still missing" and "contract review is still in progress." In one run, the agent decides it "should hand this to a human for review." In another run, with the same context, it decides "approval is fine."

Now the problem is not the sentence quality of the answer. The problem is the entire decision path.

Which sources were referenced, which tools were called, which policies should have applied, and at which point a human should have stepped in. This whole path becomes the unit of trust.

You can only control what you can see

When people talk about agentic AI safety, much of the discussion starts with policy or guardrails. They matter, of course. But Tynapse believes there is a first layer that sits ahead of them.

That layer is observability.

To apply a policy, you first have to see what the system did. To audit, behavior first has to be recorded. For a human to intervene, you have to know at which point the risk arose.

Looking only at the final answer is not enough. You need to see which documents the agent referenced, which reasoning path it took, which tools it called, where it spent a long time, and which policy should have applied.

This kind of decision-path trace is not just a debugging tool. It is the foundation of trust that lets agentic AI enter real work.

If you cannot see it, you cannot explain it. If you cannot explain it, you cannot audit it. If you cannot audit it, it is hard to operate responsibly.

Runtime Trust Layer: between AI intent and AI action

This line of thinking leads to the Runtime Trust Layer that Tynapse is building.

If an AI agent judges and acts in real work, that judgment must not remain a black box. This is even more true in domains where responsibility must be clear, such as finance, security, operations, customer interactions and internal knowledge management.

Tynapse places a trust layer between what the AI "intends to do" and what it "actually does."

AI intent → Runtime Trust Layer → AI action

The From Focusing Lenses to Focusing Risks talk
▲ The "From Focusing Lenses to Focusing Risks" talk

The role of this layer can be described in four parts.

First, judgments must be inspectable. People must be able to understand what context an agent used and what decision it made.

Second, actions must be auditable. It must be possible to later reconstruct which tools were called, what results came back, and through which path the final action was reached.

Third, the system must be governable. Predefined policies must apply at execution time, and risky actions must be automatically restricted or escalated for review.

Fourth, it must be safe to integrate into real work. Where uncertainty is high or risk is large, there must be a point at which a human can intervene.

What Tynapse focuses on is not making the model itself bigger. It is building an execution layer that observes, records and controls the behavior of increasingly powerful AI agents so they can be used safely inside an organization's real work.

A form of trust for AI & Humanity

The overarching theme of GStar Summit was AI & Humanity. Many speakers and panelists discussed how AI could affect education, accessibility, science, healthcare, climate, space and human values. Tynapse's talk leaned toward the more technical end, but we believe the problem of trust we work on is, in the end, a human problem too.

As AI takes on more work, human responsibility does not disappear. Instead, the form of that responsibility changes. Even if a person does not carry out every step directly, they must be able to understand what happened, trace a wrong decision, and intervene when needed.

That is why trust in agentic AI cannot be satisfied by abstract value statements alone. It has to be implemented inside real systems. What judgment was made must be visible, what action was executed must remain on record, which rules applied must be verifiable, and in risky moments a human must be able to step back into the center of the decision.

That is also the message Tynapse wanted to convey at GStar Summit 2026.

Performance takes us to an impressive demo. But trust takes us to a responsible production service.

Building more powerful AI matters, and so does building a structure that lets us understand, audit and control that AI. Tynapse aims to fill the gap between them with the Runtime Trust Layer.

About Tynapse

Tynapse builds a Runtime Trust Layer platform that helps enterprises adopt AI agents safely in real work. By observing an AI agent's judgments, recording its actions, applying policies, and letting humans intervene at the necessary moments, Tynapse supports the trustworthy production deployment of agentic AI.