Human in the Loop
Human in the Loop
The pattern of keeping a human approval/review step inside an agentic workflow. Default operating model in 2026 enterprise AI per all three CXOTalk sources in this wiki.
When humans should stay in the loop (per CIO Agenda 2026 (CXOTalk))
- High-risk, low-frequency decisions (Tim Crawford: "I don't think I want a fully autonomous surgeon anytime soon.")
- Regulated functions (healthcare signoffs, legal review, finance approval)
- Anywhere the cost of a single wrong action exceeds the speed benefit
When humans should be removed (same source, same speakers)
- Time-critical functions where damage compounds while waiting (cybersecurity incident response)
- Low-risk, high-frequency tasks where review doesn't add signal
- Bounded use cases with reliable verification (see Bounded vs Unbounded Tasks)
The three-force model (Praveen, Agentic AI in the Enterprise (Praveen Akkiraju, CXOTalk))
- Workflow nature — bounded → less human; unbounded → more human
- Regulatory environment — even bounded tasks may require humans for accountability
- Harness quality — see Harness (LLM Agents); better harness → safer to remove humans
The Blitzy phased playbook (Autonomous Software Development with Blitzy (CXOTalk))
"You don't just flip a switch to full autonomy. That doesn't work that way. You have to build trust through a phased human-in-the-loop approach."
Stages:
- Trust-building: high-effort, low-risk friction (lang upgrades, doc gen, test gen)
- Role transition: developers shift from creators → editors → orchestrators
- New human role: prompt design + architecture review + execution validation
"Risk is too high for now" — the iterative go/no-go pattern
From Ben Mayrides (CISO, Cvent) in Governing AI Agents at Scale (Glean + Cvent, CXOTalk): H-I-T-L decisions should never be flat "no" — always time-bounded:
- "Risk is too high for now" keeps the door open
- Tech evolves, use cases evolve, delegation chains pop up
- Go/no-go is iterative, not one-and-done
- Cvent's working example: declined to deploy Anthropic Claude Co-work in regulated environments — for now
Operationally: pair every "not yet" decision with the conditions under which it would change.
The accountability case for HITL (Keen)
Five AI Risks That Can Get You Fired (IBM Technology) adds the missing accountability framing the other sources sidestep:
- Unauthorized agentic AI is named as a top-five firing risk. The example: an agent "inadvertently sending out an email without a human in the loop to verify it first", or deleting a production file in a database
- HITL isn't just risk-mitigation — it's the accountability seam. When the agent acts without a human, the question "whose name is on this?" gets harder to answer
- The Zombie AI Agent failure mode is HITL gone to zero by neglect, not by design — and is firing-conversation territory
The Cherny/Boris view (next section) and Keen's view aren't in direct contradiction — Boris is arguing model improvements eventually eat the guard work; Keen is arguing the accountability role of HITL is independent of model quality. Worth distinguishing as a refinement.
Open question
Boris Cherny predicts the opposite trajectory (Boris Cherny on Coding Is Solved (Sequoia AI Ascent)): as models improve, all the human-in-loop scaffolding (prompt-injection guards, permission modes, review steps) becomes less important because the model just does the right thing. This is a directional disagreement worth tracking — see also the contradiction noted on Harness (LLM Agents).
Sources
- Agentic AI in the Enterprise (Praveen Akkiraju, CXOTalk)
- CIO Agenda 2026 (CXOTalk)
- Autonomous Software Development with Blitzy (CXOTalk)
- Governing AI Agents at Scale (Glean + Cvent, CXOTalk)
- Five AI Risks That Can Get You Fired (IBM Technology)
- GCC Philippines Summit 2026 (PHx) — the GCC-scale instance: Agentic Team Archetypes (human-led → human-in-the-loop → fully agentic)