“Fully automatic” is a good sales line and a poor operating model. In every serious IT operation, there are decisions whose consequences are too big to leave to a machine without controls. The right answer is not less automation — but automation with a clearly defined intervention point for the human.
This pattern is called human-in-the-loop. It is less spectacular than full autonomy, but it is what works in practice.
What human-in-the-loop concretely means
The human is in the loop when an automated process seeks human approval at a defined point before proceeding. Three properties matter:
- A defined point: the human is not asked “sometime”, but at a clearly designated moment — typically immediately before an irreversible or far-reaching action.
- A clear question: the process does not ask “is this OK?”, it presents a concrete decision: “Should action X with parameter Y be executed? Rationale: …”.
- A clear consequence: if the human does not respond within a defined time window, something defined happens — either abort, escalation, or pre-approval for non-critical actions.
Without these three properties, “human-in-the-loop” becomes either micromanagement (the human is constantly asked) or theatre (the human just waves through what the machine would have done anyway).
When the human stays in the loop
The rule of thumb: the larger the blast radius of an action, the more likely human approval is needed. Concretely:
- Actions on production systems with potentially broad impact (restart of critical services, failover, schema changes) — always with approval.
- Security-relevant configuration changes (firewall rules, IAM permissions, key rotations) — always with approval.
- Data-affecting actions (migration, cleanup, bulk update) — always with approval.
- Standard actions with known risk (log rotation, cache warmup, routine tests) — no approval, autonomous execution.
The line shifts with the maturity of the setup. What needs approval at the beginning can move into the autonomous bracket after three months of successful observation — recorded, not silent.
What a practical approval workflow looks like
In the projects we have seen, a simple pattern has proven itself:
- Preparation by the AI. The agent recognises that an action is necessary or sensible. It prepares it — full parameters, verified preconditions, documented rationale.
- Structured request. Approval is requested via a channel the responsible team already uses — chat, ticket, dedicated approval channel. Content: what, why, with which parameters, what happens if nothing is done.
- Reply with contextual information. The approver sees all relevant data directly — no need to look up three other systems.
- Execution with receipt. After approval, the agent executes and returns a structured receipt — duration, result, follow-up actions if any.
- Audit trail. Every step is recorded with timestamp, approver and rationale.
That sounds elaborate but is not in practice. A well-designed approval request takes less than a minute — and replaces the much longer time the human would have spent preparing the action themselves.
Why impact is often paradoxically larger
It sounds counter-intuitive at first, but we see it regularly: setups with human-in-the-loop are often more productive than fully automatic ones — even when approval time is included.
Three reasons:
- Trust builds faster. When the team sees it participates in important decisions, the agent gets used more overall — even in areas where it could act autonomously.
- Errors are caught earlier. With every approval, an experienced human briefly looks at the proposal. If the agent “goes off the rails” (e.g. because data sources changed), it shows up earlier — before it causes broad damage.
- The line moves healthily. Instead of “all autonomous” vs. “all manual”, a sincerely negotiated boundary emerges that moves with experience. The result is more automation in more places — not less.
What remains in the end
Human-in-the-loop is not a vote of no confidence against AI. It is the sensible acknowledgement that responsibility for IT decisions lies with humans — legally, organisationally and ethically — and that there are better and worse ways to exercise that responsibility in operations.
A good AI-supported IT administration is not one where nobody is involved any more. It is one where the right people are involved exactly where it matters — and no longer in the sorting, searching and typing that AI can do better.