Le Duy Khuong (Daniel)

Series: hitl-agentic-systems · Part 2

AI / Agentic Systems

Why We Need Humans in the Loop

When to let the agent run autonomously and when to require human review; cost of wrong action vs cost of review.

2026-03-095 min read

Post 2 in the HITL in Agentic Systems series. Post 1 established that agentic systems differ from chatbots, and that when an agent acts on real systems (sending mail, changing DB, deploy) we need “stop points”. This post goes deeper on when to put humans in the loop: the rule of cost of wrong action vs cost of review, and when autonomous is enough.


Opening: A story of agent autonomy gone wrong

A team used an agent to automate deploy: the agent read the ticket, ran build, ran tests, then deployed to staging. All went well until the agent misread the branch — instead of deploying develop to staging, it deployed to production. Minutes later, customers reported issues. Emergency rollback, post-mortem, and the question: why was there no “human review” step before production deploy? Similar stories happen with bulk email (wrong template), or data-deletion scripts (wrong environment). The common lesson: cost of a mistake (financial, reputation, time to fix) is often higher than the cost of one human click “approve” before the action runs. This post clarifies how to think about that trade-off and where to place gates.


1. Opening story — when the agent decides alone

Value: After this section you feel the real impact of the agent acting without a human review step: wrong-environment deploy, wrong data deleted, bulk email with wrong content. That builds intuition: some actions must “stop” for human check before execution.

Challenges: Pressure to “automate everything” — everyone wants the agent fast and few manual steps. But speed cannot be traded for uncontrolled risk. Balancing speed and safety requires clear classification: which actions can be left to the agent, which must go through a human.

Design: Classify actions by impact:

  • Read-only: Read data, search, read calendar — errors usually only affect what is shown, rarely cause hard-to-fix damage.
  • Write / side-effect: Write DB, send email, create task, deploy — each action can be irreversible or costly to fix. This is where we consider an approval gate.
  • Destructive vs reversible: Delete data, production deploy are destructive or high-impact; creating drafts, sending mail in sandbox can be reversible or low-impact.

Solution: Simple rule: when cost of wrong autonomous action > cost of human review, we need a gate. “Cost” here is not only money — it includes time to fix, reputation, compliance, legal risk. One wrong production deploy can cost a day of rollback and lost customer trust; one human approve can cost tens of seconds. That comparison decides whether to add a gate.

Implementation: In system design, list the “action types” the agent can perform; for each, ask: if the agent gets it wrong, what is the cost to fix? If that cost is greater than the cost of human review (time × frequency), add an approval gate. Post 3 defines HITL and approval gate; post 4 covers the state machine.


2. Cost of wrong action vs cost of review

Value: You get a qualitative (and when possible quantitative) frame: cost when the agent is wrong vs cost when a human must review. So you know when HITL is “worth it” — not everything needs a gate, but for high-impact actions a gate is usually cheaper than an incident.

Challenges: Measuring cost is hard: “cost of wrong” depends on domain (finance, healthcare very high; internal tools lower). Some organizations accept higher risk for speed; others require compliance so almost every write goes through a human. The threshold varies by context.

Design: A simple framework — table or checklist:

Action typeRisk if wrongHITL?
Read / search / reportLow (wrong info)Usually no
Send email to 1 (sandbox)LowPolicy-dependent
Bulk email, deploy stagingMediumConsider
Deploy production, delete data, financial txHighGate recommended

Solution: Classify by best practice:

  • Always require approve (or very restricted): Destructive actions (delete data), financial (transfer, transaction), production deploy, bulk outbound communication.
  • Conditional (by threshold): E.g. confidence score below X → human review; above X → auto-approve. Post 11 covers confidence bands.
  • No gate: Read-only, sandbox, easily reversible and low-impact actions.

Implementation: Apply to 2–3 familiar domains: (1) Deploy: staging can be auto, production should go through a gate. (2) Email marketing: test to one person can be auto, large list should have content and list reviewed. (3) Read report / summarize: usually no gate. After classifying, design the flow: which steps the agent does, which steps wait for a human.


3. When is autonomous enough?

Value: Not everything needs a human in the loop. You will know when autonomous is enough: read-only actions, in sandbox, easy rollback, not compliance-critical. Avoid “if there’s an agent there must be a gate everywhere” — gates have cost (latency, effort); only add them when needed.

Challenges: The boundary of “autonomous enough” can be fuzzy: org A accepts auto-deploy to staging, org B still wants human approval. It depends on risk culture and internal policy.

Design: Checklist questions:

  • Is the action reversible? (Easy rollback means lower risk.)
  • Is there compliance or audit requirement? (Banking, healthcare often need a clear trace of who approved.)
  • Frequency and impact? (One wrong move affecting 1 user vs 10,000 users is different.)
  • Environment? (Sandbox vs production differ clearly.)

Solution: Autonomous is enough when: low impact, reversible, not compliance-critical, and (per org) a small error rate is acceptable. Otherwise — high impact, hard to fix, or mandatory audit — HITL is needed. Post 3 defines HITL and approval gate; post 11 summarizes trade-offs and best practice.

Implementation: In the series roadmap: post 3 (what is HITL, approval gate), post 4 (state machine), post 5 (queue and channel), then post 11 (when HITL is needed, when not; SLA, timeout, confidence bands). Post 2 ends with the message: comparing cost of wrong action vs cost of review is the basis for deciding where to put gates.


Next: What Is Human-in-the-Loop? — definition and approval gate (post 3).

LDK

Le Duy Khuong

AI Transformation & Digital Strategy. Writing about agentic systems, engineering leadership, and building in public.