Hand-off Protocols: Human-in, Human-on, Human-out

2026-05-07
Section 2 · Trust ArchitectureThe interface between human and machine

Three hand-off postures. Pick one per workflow.

Borrowed from autonomous-systems literature. The label is not just rhetoric — each posture implies a different UI, a different staffing model, and a different liability story.

Co-pilot

Human in the Loop

The human approves each consequential action before it executes. The agent proposes; the human commits.

Use when

Zone 2–3 actions. Regulated outputs. Anything where “undo” is expensive or impossible.

Design rules

  • ·Show the proposed action AND the alternatives the agent considered
  • ·Show the evidence the agent used — the reviewer cannot evaluate a decision without seeing inputs
  • ·Force a non-default click; never auto-accept after a timeout
  • ·Track approval latency as a primary KPI — slow approvals kill the model

The failure mode

Approval fatigue. Reviewers click through hundreds of identical-looking proposals and miss the one that matters.

Supervisor

Human on the Loop

The agent acts autonomously within bounds; the human monitors a stream of outcomes and intervenes by exception.

Use when

Zone 1–2 actions at high volume. Steady-state operations. Observability is mature.

Design rules

  • ·Define the bounds explicitly — rate, value, scope — and make crossing them a Trajectory Halt
  • ·Surface anomalies, not activity. The dashboard should be quiet by default
  • ·Sample-review a percentage even when nothing trips — silent degradation is the enemy
  • ·Document escalation paths before they are needed

The failure mode

Automation complacency. The dashboard is green for ten months and the human stops looking. Then it goes red and nobody is watching.

Owner-only

Human out of the Loop

The agent acts without per-decision oversight. Humans review aggregate outcomes, set objectives, and tune policy.

Use when

Zone 0 actions only, at this stage of the industry. Read-only research, internal drafts, low-stakes summarization.

Design rules

  • ·Hard ceiling on blast radius — no path from this agent to systems of record
  • ·Independent evaluator running on every Nth output, with alerting on quality drift
  • ·Periodic red-team review — adversarial testing on a fixed cadence
  • ·A clear written charter answering: who is accountable for what this agent does?

The failure mode

Drift without detection. The agent's outputs slowly degrade, the cost slowly creeps, nobody notices because nobody is looking.

The honest truth: most enterprise agents in 2026 should be human-in-the-loop today, with a deliberate path to human-on-the-loop as evidence accumulates. Skipping a stage to look ambitious is how incidents get made.