OpenControls
Create free account
Back to OpenControls

The foundational essay

Governed Autonomy

Human Accountability Above the Loop in Agentic AI

36-page research paper 55 min read 91 cited sources

As AI collapses the cost of producing work toward zero, the binding constraint shifts from making an artifact to validating it, and human discernment becomes the scarce resource. This paper argues that the dominant remedy – inserting a human into the loop – fails precisely where it is needed most, because polished output disarms scrutiny, operators over-rely on plausible automation, and naive human-in-the-loop mandates produce a "liability sponge" rather than real oversight.

The author proposes governed autonomy: a risk-tiered oversight model in which low-risk reversible actions run automated with sampled review, medium-risk actions use pooled rotating approval, and high-risk or irreversible actions require a named Release Owner to sign. The model operates on two axes – one governing the action by tiering the gate and naming the owner, the other governing the data with ingress and egress checks on the right to use what goes in and the right to release what the model produces.

Create a free account to read it The full essay and PDF unlock with a free account.

Key ideas

01

The Validation Bottleneck

AI has collapsed the cost of generating work toward zero, shifting the true constraint from production to validation. Human judgment – the capacity to decide whether output is any good – is now the scarce resource, yet most organizations have not rebuilt their processes around this reality.

02

The Polish Bias

When AI produces a finished-looking artifact, people check it less. Anthropic's AI Fluency Index found users were measurably less likely to spot missing context, verify facts, or question reasoning when output looked polished. This is not a quirk of careless users but a structural feature of how attention works, and it is most dangerous in fast-moving organizations whose core advantage is producing more polished output than anyone else.

03

Human Above the Loop vs. Human In the Loop

"Human above the loop" is used in two incompatible ways: a person watching a dashboard while the machine drives, and the person who owns the outcome regardless of how much the machine did. Only the second posture delivers real accountability. The named Release Owner is not a higher rung on the autonomy ladder but an axis that runs perpendicular to it, carrying responsibility for actions she may never personally review.

04

Risk-Tiered Gate Sizing

Governed autonomy tiers oversight to impact and reversibility. Low-risk reversible actions run with automated checks and sampled human review; medium-risk actions use pooled rotating approval; high-risk or irreversible actions require a named human signature before anything ships. Tiering does not eliminate the scarcity of judgment – it routes that scarcity to where it earns its keep.

05

The Data Axis: Ingress and Egress Gates

Beyond governing actions, governed autonomy runs a gate on each end of the data pipeline. An ingress gate asks whether the organization had the right to feed the machine what it fed it; an egress gate checks whether what the model produced still lives within the rights of what went in. Data taken in under one set of terms can be emitted as something those terms forbade, and only the egress gate catches the mismatch.

06

The Ungoverned Ecosystem

A census of roughly 1,850 distinct AI tools built around a single professional platform found that about one in a hundred advertises any human checkpoint, and the categories that act directly on an account advertise none at all. The oversight layer is missing not because the rules are hard to find – the platform publishes them in machine-readable form – but because nobody looks.

Cited sources

  1. AIScrapeSafe. (2026). Usage license report for linkedin.com (License ID 01KVVFCTFGKYDQRF954BJV23YH; verdict: restricted). Open Controls / MoxyWolf.
  2. Anthropic. (2026). The AI fluency index.
  3. Authors Guild v. OpenAI Inc., No. 1:23-cv-08292 (S.D.N.Y. filed Sept. 19, 2023).
  4. Bainbridge, L. (1983). Ironies of automation. Automatica, 19(6), 775–779.
  5. Bender, E. M., & Friedman, B. (2018). Data statements for natural language processing: Toward mitigating system bias and enabling better science. Transactions of the Association for Computational Linguistics, 6, 587–604.
  6. Bowman, S. R., Hyun, J., Perez, E., Chen, E., Pettit, C., Heiner, S., Lukošiūtė, K., Askell, A., Jones, A., Chen, A., et al. (2022). Measuring progress on scalable oversight for large language models. arXiv.
  7. Brown, M. A., Gruen, A., Maldoff, G., et al. (2025). Web scraping for research: Legal, ethical, institutional, and scientific considerations. Big Data & Society, 12(4).
  8. Chan, A., Ezell, C., Kaufmann, M., Wei, K., Hammond, L., Bradley, H., Bluemke, E., Rajkumar, N., Krueger, D., Kolt, N., Heim, L., & Anderljung, M. (2024). Visibility into AI agents. In Proceedings of the 2024 ACM Conference on Fairness, Accountability, and Transparency (FAccT '24) (pp. 958–973).
  9. Chan, A., Salganik, R., Markelius, A., Pang, C., Rajkumar, N., Krasheninnikov, D., Langosco, L., He, Z., Duan, Y., Carroll, M., Lin, M., Mayhew, A., Collins, K., Molamohammadi, M., Burden, J., Zhao, W., Rismani, S., Voudouris, K., Bhatt, U., … Maharaj, T. (2023). Harms from increasingly agentic algorithmic systems. In Proceedings of the 2023 ACM Conference on Fairness, Accountability, and Transparency (FAccT '23) (pp. 651–666).
  10. Cihon, P., et al. (2025). Levels of autonomy for AI agents [Working paper]. Knight First Amendment Institute; arXiv.
  11. Cohen, J. (1960). A coefficient of agreement for nominal scales. Educational and Psychological Measurement, 20(1), 37–46.
  12. Committee of Sponsoring Organizations of the Treadway Commission (COSO). (2013). Internal control–integrated framework.
  13. Cougias, D. (2026). Beyond the prompt [Whitepaper]. MoxyWolf.
  14. Copyright Act of 1976, 17 U.S.C. § 107 (fair use).
  15. Creative Commons. (2024). About CC licenses.
  16. Crootof, R., Kaminski, M. E., & Price II, W. N. (2023). Humans in the loop. Vanderbilt Law Review, 76(2), 429–510.
  17. Cummings, M. L. (2004). Automation bias in intelligent time critical decision support systems. In AIAA 1st Intelligent Systems Technical Conference.
  18. Dakan, R., & Feller, J. (2025). AI fluency framework. Anthropic.
  19. Decan, A., Mens, T., & Constantinou, E. (2018). On the impact of security vulnerabilities in the npm package dependency network. In Proceedings of the 15th International Conference on Mining Software Repositories (MSR '18).
  20. Dekker, S. W. A., & Woods, D. D. (2002). MABA-MABA or abracadabra? Progress on human-automation co-ordination. Cognition, Technology & Work, 4(4), 240–244.
  21. Dell'Acqua, F., McFowland III, E., Mollick, E. R., Lifshitz-Assaf, H., Kellogg, K. C., Rajendran, S., Krayer, L., Candelon, F., & Lakhani, K. R. (2023). Navigating the jagged technological frontier: Field experimental evidence of the effects of AI on knowledge worker productivity and quality (Working Paper No. 24-013). Harvard Business School.
  22. Dhanorkar, S., Passi, S., & Vorvoreanu, M. (2026). Human oversight of agentic systems in practice: Examining the oversight work, challenges, and heuristics of developers using software agents. arXiv.
  23. Doelger, T. (2026, February 20). From human-in-the-loop to human-above-the-loop. Get 'er Done. (Updated 2026, June 14).
  24. Elish, M. C. (2019). Moral crumple zones: Cautionary tales in human-robot interaction. Engaging Science, Technology, and Society, 5, 40–60.
  25. European Parliament and Council of the European Union. (2016). Regulation (EU) 2016/679 (General Data Protection Regulation). Official Journal of the European Union.
  26. European Parliament and Council of the European Union. (2019). Directive (EU) 2019/790 on copyright in the Digital Single Market (text-and-data-mining exceptions, arts. 3–4). Official Journal of the European Union.
  27. European Parliament and Council of the European Union. (2024). Regulation (EU) 2024/1689 (Artificial Intelligence Act), Article 14: Human oversight. Official Journal of the European Union.
  28. Federative Republic of Brazil. (2018). Lei Geral de Proteção de Dados Pessoais (LGPD), Lei No. 13.709/2018.
  29. Gartner. (2025, June 25). Gartner predicts over 40% of agentic AI projects will be canceled by end of 2027 [Press release].
  30. Gartner. (2026, May 26). Gartner predicts 40% of enterprises will decommission or demote autonomous AI agents by 2027 over governance gaps [Press release].
  31. Gebru, T., Morgenstern, J., Vecchione, B., Vaughan, J. W., Wallach, H., Daumé III, H., & Crawford, K. (2018). Datasheets for datasets. arXiv.
  32. Getty Images (US), Inc. v. Stability AI, Inc., No. 1:23-cv-00135 (D. Del. filed Feb. 3, 2023).
  33. Gilardi, F., Alizadeh, M., & Kubli, M. (2023). ChatGPT outperforms crowd workers for text-annotation tasks. Proceedings of the National Academy of Sciences, 120(30), Article e2305016120.
  34. Google DeepMind. (2025). Frontier safety framework, version 2.0.
  35. Government of Japan. (2018). Copyright Act, Article 30-4 (Act No. 48 of 1970, as amended).
  36. Green, B. (2022). The flaws of policies requiring human oversight of government algorithms. Computer Law & Security Review, 45, 105681.
  37. Greshake, K., Abdelnabi, S., Mishra, S., Endres, C., Holz, T., & Fritz, M. (2023). Not what you've signed up for: Compromising real-world LLM-integrated applications with indirect prompt injection. In Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security (AISec '23).
  38. Grunde-McLaughlin, M., Mozannar, H., Murad, M., Chen, J., Amershi, S., & Fourney, A. (2026). Overseeing agents without constant oversight: Challenges and opportunities. arXiv.
  39. Hayes, A. F., & Krippendorff, K. (2007). Answering the call for a standard reliability measure for coding data. Communication Methods and Measures, 1(1), 77–89.
  40. hiQ Labs, Inc. v. LinkedIn Corp., 31 F.4th 1180 (9th Cir. 2022).
  41. Hsu, S., Tran, M., & Fass, A. (2024). What is in the Chrome Web Store? In Proceedings of the 19th ACM Asia Conference on Computer and Communications Security (ASIA CCS '24).
  42. Ibidunmoye, A. F., Eneano, G. A., Ikeakaonwu, O. M., Kolawole, L. O., Omigbodun, F. T., Olawale, R. A., & Chuwa, C. C. (2026). The structural tension between AI optimisation and ethical governance: Empirical evidence from organisational decision-making [Preprint]. Research Square.
  43. Infocomm Media Development Authority. (2026). Model AI governance framework for agentic AI (Version 1.5).
  44. International Organization for Standardization & International Electrotechnical Commission. (2023). ISO/IEC 42001:2023 — Information technology — Artificial intelligence — Management system.
  45. International Press Telecommunications Council. (2024). IPTC generative AI opt-out best practice recommendations.
  46. Iqbal, U., Kohno, T., & Roesner, F. (2024). LLM platform security: Applying a systematic evaluation framework to OpenAI's ChatGPT plugins. Proceedings of the AAAI/ACM Conference on AI, Ethics, and Society, 7.
  47. Joshi, S. (2025). AI governance in the era of agentic generative AI and AGI: Frameworks, risks, and policy directions. International Journal of Innovative Research in Computer Science & Technology, 13.
  48. Kaminski, M. E. (2019). The right to explanation, explained. Berkeley Technology Law Journal, 34(1), 189–218.
  49. Koster, M., Illyes, G., Zeller, H., & Sassman, L. (2022). RFC 9309: Robots exclusion protocol. Internet Engineering Task Force.
  50. Kundisch, D., Muntermann, J., Oberländer, A. M., Rau, D., Röglinger, M., Schoormann, T., & Szopinski, D. (2021). An update for taxonomy designers. Business & Information Systems Engineering.
  51. Landers, R. N., Brusso, R. C., Cavanaugh, K. J., & Collmus, A. B. (2016). A primer on theory-driven web scraping: Automatic extraction of big data from the internet for use in psychological research. Psychological Methods, 21(4), 475–492.
  52. Laux, J. (2023). Institutionalised distrust and human oversight of artificial intelligence: Towards a democratic design of AI governance under the European Union AI Act. AI & Society.
  53. Lemley, M. A., & Casey, B. (2021). Fair learning. Texas Law Review, 99(4), 743–785.
  54. Longpre, S., Mahari, R., Chen, A., et al. (2023). The data provenance initiative: A large-scale audit of dataset licensing & attribution in AI. arXiv.
  55. Longpre, S., Mahari, R., Obeng-Marnu, N., et al. (2024). Data authenticity, consent, and provenance for AI are all broken: What will it take to fix them? An MIT Exploration of Generative AI.
  56. Ma, R., Maidhof, C., Carrillo, J. C., Lindqvist, J., & Such, J. M. (2025). Privacy perceptions of custom GPTs by users and creators. In Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems.
  57. Matthias, A. (2004). The responsibility gap: Ascribing responsibility for the actions of learning automata. Ethics and Information Technology, 6(3), 175–183.
  58. McKinsey & Company. (2025, January). Superagency in the workplace: Empowering people to unlock AI's full potential at work.
  59. Meta Platforms, Inc. v. Bright Data Ltd., No. 3:23-cv-00077-EMC (N.D. Cal. Jan. 23, 2024).
  60. Mitchell, M., Ghosh, A., Luccioni, A. S., & Pistilli, G. (2025). Fully autonomous AI agents should not be developed. arXiv.
  61. Moray, N., Inagaki, T., & Itoh, M. (2000). Adaptive automation, trust, and self-confidence in fault management of time-critical tasks. Journal of Experimental Psychology: Applied, 6(1), 44–58.
  62. MoxyWolf / Open Controls. (2026). LinkedIn AI-tool catalog: skills, plugins, and commands (2,460 tools, ~1,850 distinct, 14 categories) [Dataset]. Workforce Automation, MoxyWolf LLC.
  63. National Institute of Standards and Technology. (2023, January). Artificial intelligence risk management framework (AI RMF 1.0) (NIST AI 100-1). U.S. Department of Commerce.
  64. New York Times Co. v. Microsoft Corp. & OpenAI, No. 1:23-cv-11195 (S.D.N.Y. filed Dec. 27, 2023).
  65. Nickerson, R. C., Varshney, U., & Muntermann, J. (2013). A method for taxonomy development and its application in information systems. European Journal of Information Systems, 22(3), 336–359.
  66. Novelli, C., Taddeo, M., & Floridi, L. (2024). Accountability in artificial intelligence: What it is and how it works. AI & Society, 39(4), 1871–1882.
  67. OpenAI. (2025). Preparedness framework, version 2.
  68. OWASP GenAI Security Project. (2024). OWASP top 10 for large language model applications 2025.
  69. Parasuraman, R., & Manzey, D. H. (2010). Complacency and bias in human use of automation: An attentional integration. Human Factors, 52(3), 381–410.
  70. Parasuraman, R., Sheridan, T. B., & Wickens, C. D. (2000). A model for types and levels of human interaction with automation. IEEE Transactions on Systems, Man, and Cybernetics — Part A: Systems and Humans, 30(3), 286–297.
  71. Passi, S., & Vorvoreanu, M. (2024, March). Appropriate reliance on generative AI: Research synthesis (MSR-TR-2024-7). Microsoft Research.
  72. Pushkarna, M., Zaldivar, A., & Kjartansson, O. (2022). Data cards: Purposeful and transparent dataset documentation for responsible AI. In Proceedings of the 2022 ACM Conference on Fairness, Accountability, and Transparency (FAccT '22) (pp. 1776–1826).
  73. Raisch, S., & Krakowski, S. (2021). Artificial intelligence and management: The automation-augmentation paradox. Academy of Management Review, 46(1), 192–210.
  74. Ribeiro, D., Rocha, T., Pinto, G., Cartaxo, B., Amaral, M., Davila, N., & Camargo, A. (2025). Toward effective AI governance: A review of principles. arXiv.
  75. Sag, M. (2020). Copyright law's impact on machine intelligence in the United States and the European Union. FIU Law Review, 14(2).
  76. Sag, M., Flynn, S. F., & Butler, B. (2022). Legal reform to enhance global text and data mining research. Science, 378(6623), 951–953.
  77. Salesforce. (2025). State of sales report (7th ed.).
  78. Santoni de Sio, F., & van den Hoven, J. (2018). Meaningful human control over autonomous systems: A philosophical account. Frontiers in Robotics and AI, 5, 15.
  79. Sheridan, T. B., & Verplank, W. L. (1978). Human and computer control of undersea teleoperators [Technical report]. MIT Man-Machine Systems Laboratory.
  80. Stanford Institute for Human-Centered AI. (2026). The 2026 AI index report. Stanford University.
  81. State of California. (2018). California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (2020) (Cal. Civ. Code §§ 1798.100–1798.199.100).
  82. Sterz, S., Baum, K., Biewer, S., Hermanns, H., Lauber-Rönsberg, A., Meinel, P., & Langer, M. (2024). On the quest for effectiveness in human oversight: Interdisciplinary perspectives. In Proceedings of the 2024 ACM Conference on Fairness, Accountability, and Transparency (FAccT '24).
  83. Thomson Reuters Enterprise Centre GmbH v. Ross Intelligence Inc., No. 1:20-cv-00613-SB (D. Del. Feb. 11, 2025).
  84. Tjondronegoro, D. W. (2024). Strategic AI governance: Insights from leading nations. arXiv.
  85. Treasury Board of Canada Secretariat. (2019). Directive on automated decision-making. Government of Canada.
  86. Van Buren v. United States, 593 U.S. 374 (2021).
  87. W3C Text and Data Mining Reservation Protocol Community Group. (2024). TDM Reservation Protocol (TDMRep): W3C community group final report.
  88. Wachter, S., Mittelstadt, B., & Floridi, L. (2017). Why a right to explanation of automated decision-making does not exist in the General Data Protection Regulation. International Data Privacy Law, 7(2), 76–99.
  89. Zahan, N., Zimmermann, T., Godefroid, P., Murphy, B., Maddila, C., & Williams, L. (2022). What are weak links in the npm supply chain? In Proceedings of the 44th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP '22).
  90. Zheng, L., et al. (2023). Judging LLM-as-a-judge with MT-Bench and Chatbot Arena. arXiv.
  91. Ziems, C., Held, W., Shaikh, O., Chen, J., Zhang, Z., & Yang, D. (2023). Can large language models transform computational social science? Computational Linguistics.