Field note · AI governance
Human-in-the-Loop, On-the-Loop, Out-of-the-Loop — and Human-in-the-Lead
AI-in-the-loop. Human-in-the-loop. Human-on-the-loop. Human-out-of-the-loop. Four phrases that get used interchangeably in strategy meetings and mean four very different things in production. Here is a clear map — plus a fifth level the industry keeps missing, and the one that actually decides whether your system is safe to ship.
The short version
Autonomy isn’t one dial from “human does everything” to “AI does everything.” It’s five distinct arrangements, each answering one question differently: who acts, who approves, and who is accountable when it goes wrong? Pick the level by consequence and reversibility — not by how impressive the demo looks. And whatever level you pick, a named human has to stay in the lead: able to direct it, and able to stop it.
Why the words matter
Most arguments about AI autonomy are really arguments about vocabulary. One person says “human-in-the-loop” and means a person glances at a dashboard once a day. Another hears it and pictures someone approving every single action. They agree on the phrase and ship two completely different risk postures. In a regulated enterprise, that gap is where audits fail and incidents are born.
So before the design conversation, get the words exact. There are four positions on the classic spectrum, ordered from most human effort to least, and then a fifth that sits on a different axis entirely.
The five levels, defined
1. AI-in-the-loop — the human runs it; the AI assists
The person does the work and makes the call. The AI sits inside the process as an assistant: it drafts, retrieves, suggests, summarizes, and flags. Nothing happens that the human didn’t do. This is the inverse of the others — here the AI is in your loop, not the other way around. A rep writes a reply and the model offers a draft; the rep edits and sends. Highest human effort, lowest AI autonomy, lowest risk.
2. Human-in-the-loop — the AI proposes; a human approves every action
The AI runs the process, but a person must approve each consequential step before it happens. The AI drafts the invoice and queues it; a human clicks approve before it sends. The human is a mandatory gate inside the loop, in real time. This is the right posture when an action is high-consequence and must be right, and the volume is low enough that per-item approval is realistic.
3. Human-on-the-loop — the AI acts; a human supervises
The AI runs and acts on its own. A person supervises, can intervene, and can override — but is not required at every step. Exceptions and anomalies escalate; the routine flows through. The AI auto-categorizes transactions and posts them; a human watches a monitor and pulls back the outliers. This is supervisory control. It only works with genuine monitoring, clear escalation, and a real halt button — not a dashboard nobody opens.
4. Human-out-of-the-loop — the AI operates alone
No human in the operational loop. People set the policy and review after the fact, if at all. Fraud blocks firing in milliseconds; algorithmic bids. Use it only when speed or scale make human intervention impossible, the rules are well understood and largely deterministic, and the blast radius of a wrong action is bounded and reversible. Humans are out of the runtime here — never out of accountability.
5. Human-in-the-lead — the level the industry forgets
The first four describe how often a person touches the loop. Human-in-the-lead describes something else: who is leading. A named human sets the intent, holds revocable authority over the AI, owns the outcome, and can always stop it — no matter where they sit in the operational loop.
This is the part people miss. You can be on the loop, or even out of it, and still be firmly in the lead, if a person directs the system, owns its results, and holds a working kill switch. And you can be in the loop and not in the lead — clicking “approve” on outputs you don’t understand is human-in-the-loop theater. It looks like control and provides none.
The real question isn’t where the human sits in the loop. It’s whether a human is in the lead.
The five at a glance
| Level | Who acts | Who approves | Accountable | Use when | Fails when |
|---|---|---|---|---|---|
| AI-in-the-loop | Human | Human (it’s their work) | Human, fully | Judgment-heavy, lower volume, human-paced | You need scale the human can’t provide |
| Human-in-the-loop | AI proposes | Human, every action | The approver | High consequence, must be right, volume allows per-item approval | Approvals become rubber stamps |
| Human-on-the-loop | AI | Exceptions only | The supervisor + the design | High volume, mostly routine, good monitoring + halt | No one is actually watching |
| Human-out-of-the-loop | AI | No one, at runtime | The org that deployed it | Millisecond scale, bounded & reversible blast radius, deterministic rules | Consequences are large or irreversible |
| Human-in-the-lead | Either | By design | A named human, always | Always — it’s the constraint, not a level | No named owner; no working stop |
How to choose the level
Don’t start from the technology. Start from the decision, and ask three questions:
- Consequence: if this acts wrongly, how bad is it — a typo, or a wire transfer?
- Reversibility: can you undo it cleanly, or has the email already left the building?
- Volume: is per-item human approval realistic, or are there ten thousand of these an hour?
From there the level mostly chooses itself. Irreversible and high-consequence → human-in-the-loop, gate every action. High-volume, routine, reversible → human-on-the-loop with real monitoring and a halt control. Massive scale with a bounded, reversible blast radius and well-understood rules → you can go human-out-of-the-loop, with post-hoc audit. And in every one of these, a named human stays in the lead. If no person can stop it and owns the outcome, you haven’t shipped an autonomous system — you’ve shipped an orphan.
The autonomy level is a governance decision, not a technology choice. Set it by consequence and reversibility, encode it where the work actually happens, and keep a named human in the lead at every level.
Where this connects to the rest of the method
Two of these questions are decided elsewhere and meet here. Which mechanism should do the work — a rule, a calculator, or a model — is the cost ladder. What you can trust about a given output is the provenance labels. The autonomy level is the third decision: how much the system is allowed to do on its own. The cheapest, most deterministic mechanism plus the tightest defensible autonomy is almost always the right answer — which is also why most “agentic” ambitions should start at human-in-the-loop and earn their way up.
And it’s why I build these as miniapps rather than loose agents. The miniapp is where the chosen autonomy level gets encoded for each decision — this action needs an approval gate, that one runs on its own, this one escalates on anomaly. The agent is the engine; the miniapp is the machine that keeps a human in the lead.
The honest caveat
No level is “safe” on its own. In-the-loop fails when approvals become reflexive. On-the-loop fails when the monitor is a screen nobody watches. Out-of-the-loop fails the moment the blast radius turns out to be larger than you thought. The label is a promise about how the system behaves; honesty means the behavior matches the label. A “human-in-the-loop” system where the human can’t actually understand what they’re approving is lying about its own safety — and in a regulated industry, the auditor will find it.
So name the level out loud. Build it so the behavior matches the name. And keep a person in the lead who can prove, at any moment, that they could stop it.
Want to place your own decision?
I built a free tool that walks one of your decisions down the cost ladder and tells you what governance it needs — deterministically, in your browser, nothing sent anywhere. If you want the same thing done on your real system, that’s a deep dive.
Try the free tool Ask for a deep dive
JP Galido Business AI Architect. I build AI that’s economical, precise, and policy-safe — as miniapps, not loose agents. More at jpgalido.com · LinkedIn