Gemini Spark arrived with a safety story front and centre: the agent pauses and asks for human approval before high risk actions, runs each task in an isolated environment, and routes traffic through a gateway with data loss prevention. Claude based agents can be built with the same guardrails, and in many cases stricter ones. The honest version of the comparison is that agent safety is mostly about design choices your team makes, not the brand on the box.
Google made a wave of these announcements at I/O 2026, and the dust has settled enough to judge them properly. Plenty of Australian owners are now asking whether Spark's built-in approval model makes it the safer choice, or whether a Claude agent with explicit controls is the better fit. This guide keeps it practical, with the trade offs that actually affect the decision rather than the marketing.
How Gemini Spark handles safety
Spark's model is opinionated. Google decides which categories of action count as high risk, and the agent stops for approval when it hits one. Each task runs in a short lived, isolated environment that is torn down afterwards, and enterprise traffic passes through an agent gateway where data loss prevention rules can block sensitive content. For a team with no existing AI governance, those defaults are a real safety net.
Approval prompts before actions Google classifies as high risk
Isolated, short lived task environments per job
Data loss prevention on the enterprise gateway
Safety in a Claude based agent
With a Claude based agent you set the same kinds of controls explicitly, which suits teams that want to own the rules rather than inherit them. You decide which actions always need a human, not a vendor's default list. You decide where data is processed, which matters for Privacy Act obligations and for APRA regulated firms with data residency requirements. And the audit trail lives in your systems, in a format your compliance team can actually read.
You define which actions need approval, per workflow, not per vendor default
You control where data is processed and stored
You own the audit trail and can hand it to a regulator
The controls that matter most
Whichever platform you pick, a small set of controls prevents most accidents. The pattern we see across Australian deployments is that incidents come from missing rules, not weak models. An agent that can email anyone, touch any system, and act without sign-off will eventually do something expensive, regardless of whose logo is on it.
A written list of actions a human must always approve
Hard limits on which systems and recipients the agent can touch
Logging that a named person actually reviews each week
A kill switch someone non-technical can operate
How to get the decision right
Strategy questions go wrong when they are settled by a demo or a headline rather than your own evidence. A short, structured trial on real work removes most of the guesswork and gives you something you can defend to a board or a business partner later. Safety claims in particular deserve testing: ask each platform to do something it should refuse, and watch what happens.
Write down the decision and who owns it
Test approval behaviour on real tasks, not vendor demos
Set a review date so the call is not permanent
Keep a short record of why you chose what you chose
Common mistakes to avoid
The biggest errors here are strategic, not technical. Teams assume a vendor's safety defaults cover their specific risks, or they bolt an agent onto a critical workflow before anyone has agreed what it is allowed to do. A little discipline up front avoids the costly version of each.
Assuming vendor defaults match your risk profile
Granting an agent more access than the task needs
Ignoring where data is processed and stored
Treating approval fatigue as a reason to switch approvals off
Skipping a written rule, so staff each do their own thing
Never testing what the agent does when it should refuse
What this means for Australian businesses
An agent that sends a payment, deletes records or emails the wrong client without approval can cause damage worth far more than $100,000, and for an APRA regulated firm the regulatory exposure can dwarf the direct loss. The licence fee is the cheap part. For a Sydney business weighing Spark against a Claude based build, spend your design effort on the approval rules, because that is where safety actually lives.
We define approval rules per action, matched to your risk
We constrain which systems an agent can reach
We make logs readable and make sure someone reviews them
Key takeaways
If you remember nothing else about ai agent safety for your Australian business, hold on to these points:
Spark ships opinionated safety defaults; Claude agents let you own the rules
The controls that matter are approvals, access limits, logs and a kill switch
Test safety behaviour on real tasks before you standardise
Match the tool to the task, keep a human on high stakes work, and review the choice as models change
Talk to a Claude specialist
Automata AI is a Sydney based consultancy that helps Australian businesses put Claude to work safely. If you are designing approval rules for an agent, book a short brainstorm and we will map the guardrails before the agent touches anything live.
