This post is from the WWDC26 Foundation Models Q&A.
Apple demonstrated agentic behavior (e.g., the Passwords app changing credentials on the user's behalf), and Siri AI can now take systemwide actions in apps.
- Is there a first-class confirmation API for App Intents — a way to mark an action as requiring explicit user approval before execution, with a standard confirmation surface — or must developers build their own confirmation UI inside the intent?
- For irreversible or high-impact actions, what is Apple's recommended pattern to prevent the model from executing them autonomously, and can an intent declare a risk/sensitivity level the system respects?
- When Siri AI invokes an action, what authentication/authorization context is available to the intent (biometric gate, user-presence assertion), and how should an app require step-up auth for sensitive operations?
- Is there a supported audit trail for actions taken via Siri AI on the user's behalf, so an app can show the user what was done and when?
- How does the system handle an action that fails or partially completes during an agentic, multi-step flow?
