Secure AI Atlas SECURITY & GOVERNANCE
EN / ES

Control

Human Approval for High-Impact Actions

Human approval prevents sensitive AI-assisted actions from moving directly from model output to execution.

agents oversight operations

What it constrains

Human Approval for High-Impact Actions separates recommendation from execution. It keeps model output from becoming operational change without an accountable person reviewing intent, context, and consequence.

Implementation

  • Define which actions require approval: access changes, financial transactions, code deployment, customer communications, legal or HR decisions, and regulated process steps.
  • Present the human reviewer with the proposed action, source context, confidence limits, tool call, and expected impact.
  • Record approval, rejection, modification, timestamp, and reviewer identity.
  • Build timeout and escalation paths for unattended requests.
  • Preserve the ability to cancel or roll back the action where possible.

Owner

The action owner owns the approval threshold. Security should verify that the approval event is enforced technically and produces evidence.

Evidence

  • Approval policy by action class.
  • Logs linking model output, tool call, reviewer, decision, and outcome.
  • Samples from rejected or modified actions.
  • Periodic review of approval thresholds and bypasses.

Common errors

  • Asking for approval after execution.
  • Showing the reviewer only the final output and not the source context.
  • Allowing approval bypass through alternate tools.
  • Treating all approvals as equal when impact levels differ.
  • Excessive Agency
  • Insecure Tool Invocation
  • Prompt Injection