Frontier Founder
Create free account
Back to The Frontier Founder

Whitepaper

Governed Autonomy

Human Accountability Above the Loop in Agentic AI

Dorian J. Cougias 36-page research paper 65 min read 91 cited sources June 2026

As AI collapses the cost of producing work toward zero, the binding constraint shifts from making an artifact to validating it, and human judgment becomes the scarce resource. This paper argues that the dominant remedy – inserting a human into the loop – fails precisely where it is needed most, because polished output disarms scrutiny, operators over-rely on plausible automation, and naive human-in-the-loop mandates produce a "liability sponge" rather than real oversight.

The author proposes governed autonomy: a risk-tiered oversight model in which low-risk reversible actions run automated with sampled review, medium-risk actions use pooled rotating approval, and high-risk or irreversible actions require a named Release Owner to sign. The model governs along two axes – the action and the data – and is illustrated with a built-and-run implementation, a conformance audit across a two-dozen-plugin portfolio, and a census of roughly 1,850 distinct AI tools in an ungoverned ecosystem, where about one in a hundred advertises any human checkpoint.

Create a free account to read it The full essay and PDF unlock with a free account.

Key ideas

01

The Validation Bottleneck

AI has collapsed the cost of producing work, shifting the scarce resource from output to the judgment required to validate it. Most organizations have not rebuilt their processes around this shift, creating a widening gap between AI investment and deployment maturity.

02

The Polish Bias

When AI produces a finished-looking artifact, people check it less. Anthropic's AI Fluency Index found users were measurably less likely to spot missing context, verify facts, or question reasoning when output appeared polished – making polish itself the primary failure mode.

03

Human Above the Loop vs. Human In the Loop

"Human above the loop" is not a higher rung on the operational ladder but an accountability axis that runs perpendicular to it. The Release Owner is the single named person who owns the outcome regardless of how much of the work the machine did, including automated streams the owner never personally reviews.

04

Risk-Tiered Governance

Governed autonomy sizes the gate to impact and reversibility: low-risk actions run with automated checks and sampled review, medium-risk actions use pooled rotating approval, and high-risk or irreversible actions require a named human signature that the system will never auto-supply.

05

The Data Axis: Ingress and Egress Gates

Governing the action is not enough. An ingress gate asks whether you had the right to feed the machine the data at all, and an egress gate asks whether what the model produced still lives within the terms of what went in – catching violations that polished output would otherwise hide.

06

The Ungoverned Ecosystem

A census of roughly 1,850 distinct AI tools built around a single platform found that about one in a hundred advertises a human checkpoint. In the categories that act directly on an account – scraping and people-enrichment – the number advertising any brake is zero.

Cited sources

  1. AIScrapeSafe. (2026). Usage license report for linkedin.com (License ID 01KVVFCTFGKYDQRF954BJV23YH; verdict: restricted). Open Controls / MoxyWolf.
  2. Anthropic. (2026). The AI fluency index.
  3. Authors Guild v. OpenAI Inc., No. 1:23-cv-08292 (S.D.N.Y. filed Sept. 19, 2023).
  4. Bainbridge, L. (1983). Ironies of automation. Automatica, 19(6), 775–779.
  5. Bender, E. M., & Friedman, B. (2018). Data statements for natural language processing: Toward mitigating system bias and enabling better science. Transactions of the Association for Computational Linguistics, 6, 587–604.
  6. Bowman, S. R., Hyun, J., Perez, E., Chen, E., Pettit, C., Heiner, S., Lukošiūtė, K., Askell, A., Jones, A., Chen, A., et al. (2022). Measuring progress on scalable oversight for large language models. arXiv.
  7. Brown, M. A., Gruen, A., Maldoff, G., et al. (2025). Web scraping for research: Legal, ethical, institutional, and scientific considerations. Big Data & Society, 12(4).
  8. Chan, A., Ezell, C., Kaufmann, M., Wei, K., Hammond, L., Bradley, H., Bluemke, E., Rajkumar, N., Krueger, D., Kolt, N., Heim, L., & Anderljung, M. (2024). Visibility into AI agents. In Proceedings of the 2024 ACM Conference on Fairness, Accountability, and Transparency (FAccT '24) (pp. 958–973).
  9. Chan, A., Salganik, R., Markelius, A., Pang, C., Rajkumar, N., Krasheninnikov, D., Langosco, L., He, Z., Duan, Y., Carroll, M., Lin, M., Mayhew, A., Collins, K., Molamohammadi, M., Burden, J., Zhao, W., Rismani, S., Voudouris, K., Bhatt, U., … Maharaj, T. (2023). Harms from increasingly agentic algorithmic systems. In Proceedings of the 2023 ACM Conference on Fairness, Accountability, and Transparency (FAccT '23) (pp. 651–666).
  10. Cihon, P., et al. (2025). Levels of autonomy for AI agents [Working paper]. Knight First Amendment Institute; arXiv.
  11. Cohen, J. (1960). A coefficient of agreement for nominal scales. Educational and Psychological Measurement, 20(1), 37–46.
  12. Committee of Sponsoring Organizations of the Treadway Commission (COSO). (2013). Internal control–integrated framework.
  13. Cougias, D. (2026). Beyond the prompt [Whitepaper]. MoxyWolf.
  14. Copyright Act of 1976, 17 U.S.C. § 107 (fair use).
  15. Creative Commons. (2024). About CC licenses.
  16. Crootof, R., Kaminski, M. E., & Price II, W. N. (2023). Humans in the loop. Vanderbilt Law Review, 76(2), 429–510.
  17. Cummings, M. L. (2004). Automation bias in intelligent time critical decision support systems. In AIAA 1st Intelligent Systems Technical Conference.
  18. Dakan, R., & Feller, J. (2025). AI fluency framework. Anthropic.
  19. Decan, A., Mens, T., & Constantinou, E. (2018). On the impact of security vulnerabilities in the npm package dependency network. In Proceedings of the 15th International Conference on Mining Software Repositories (MSR '18).
  20. Dekker, S. W. A., & Woods, D. D. (2002). MABA-MABA or abracadabra? Progress on human-automation co-ordination. Cognition, Technology & Work, 4(4), 240–244.
  21. Dell'Acqua, F., McFowland III, E., Mollick, E. R., Lifshitz-Assaf, H., Kellogg, K. C., Rajendran, S., Krayer, L., Candelon, F., & Lakhani, K. R. (2023). Navigating the jagged technological frontier: Field experimental evidence of the effects of AI on knowledge worker productivity and quality (Working Paper No. 24-013). Harvard Business School.
  22. Dhanorkar, S., Passi, S., & Vorvoreanu, M. (2026). Human oversight of agentic systems in practice: Examining the oversight work, challenges, and heuristics of developers using software agents. arXiv.
  23. Doelger, T. (2026, February 20). From human-in-the-loop to human-above-the-loop. Get 'er Done. (Updated 2026, June 14).
  24. Elish, M. C. (2019). Moral crumple zones: Cautionary tales in human-robot interaction. Engaging Science, Technology, and Society, 5, 40–60.
  25. European Parliament and Council of the European Union. (2016). Regulation (EU) 2016/679 (General Data Protection Regulation). Official Journal of the European Union.
  26. European Parliament and Council of the European Union. (2019). Directive (EU) 2019/790 on copyright in the Digital Single Market (text-and-data-mining exceptions, arts. 3–4). Official Journal of the European Union.
  27. European Parliament and Council of the European Union. (2024). Regulation (EU) 2024/1689 (Artificial Intelligence Act), Article 14: Human oversight. Official Journal of the European Union.
  28. Federative Republic of Brazil. (2018). Lei Geral de Proteção de Dados Pessoais (LGPD), Lei No. 13.709/2018.
  29. Gartner. (2025, June 25). Gartner predicts over 40% of agentic AI projects will be canceled by end of 2027 [Press release].
  30. Gartner. (2026, May 26). Gartner predicts 40% of enterprises will decommission or demote autonomous AI agents by 2027 over governance gaps [Press release].
  31. Gebru, T., Morgenstern, J., Vecchione, B., Vaughan, J. W., Wallach, H., Daumé III, H., & Crawford, K. (2018). Datasheets for datasets. arXiv.
  32. Getty Images (US), Inc. v. Stability AI, Inc., No. 1:23-cv-00135 (D. Del. filed Feb. 3, 2023).
  33. Gilardi, F., Alizadeh, M., & Kubli, M. (2023). ChatGPT outperforms crowd workers for text-annotation tasks. Proceedings of the National Academy of Sciences, 120(30), Article e2305016120.
  34. Google DeepMind. (2025). Frontier safety framework, version 2.0.
  35. Government of Japan. (2018). Copyright Act, Article 30-4 (Act No. 48 of 1970, as amended).
  36. Green, B. (2022). The flaws of policies requiring human oversight of government algorithms. Computer Law & Security Review, 45, 105681.
  37. Greshake, K., Abdelnabi, S., Mishra, S., Endres, C., Holz, T., & Fritz, M. (2023). Not what you've signed up for: Compromising real-world LLM-integrated applications with indirect prompt injection. In Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security (AISec '23).
  38. Grunde-McLaughlin, M., Mozannar, H., Murad, M., Chen, J., Amershi, S., & Fourney, A. (2026). Overseeing agents without constant oversight: Challenges and opportunities. arXiv.
  39. Hayes, A. F., & Krippendorff, K. (2007). Answering the call for a standard reliability measure for coding data. Communication Methods and Measures, 1(1), 77–89.
  40. hiQ Labs, Inc. v. LinkedIn Corp., 31 F.4th 1180 (9th Cir. 2022).
  41. Hsu, S., Tran, M., & Fass, A. (2024). What is in the Chrome Web Store? In Proceedings of the 19th ACM Asia Conference on Computer and Communications Security (ASIA CCS '24).
  42. Ibidunmoye, A. F., Eneano, G. A., Ikeakaonwu, O. M., Kolawole, L. O., Omigbodun, F. T., Olawale, R. A., & Chuwa, C. C. (2026). The structural tension between AI optimisation and ethical governance: Empirical evidence from organisational decision-making [Preprint]. Research Square.
  43. Infocomm Media Development Authority. (2026). Model AI governance framework for agentic AI (Version 1.5).
  44. International Organization for Standardization & International Electrotechnical Commission. (2023). ISO/IEC 42001:2023 — Information technology — Artificial intelligence — Management system.
  45. International Press Telecommunications Council. (2024). IPTC generative AI opt-out best practice recommendations.
  46. Iqbal, U., Kohno, T., & Roesner, F. (2024). LLM platform security: Applying a systematic evaluation framework to OpenAI's ChatGPT plugins. Proceedings of the AAAI/ACM Conference on AI, Ethics, and Society, 7.
  47. Joshi, S. (2025). AI governance in the era of agentic generative AI and AGI: Frameworks, risks, and policy directions. International Journal of Innovative Research in Computer Science & Technology, 13.
  48. Kaminski, M. E. (2019). The right to explanation, explained. Berkeley Technology Law Journal, 34(1), 189–218.
  49. Koster, M., Illyes, G., Zeller, H., & Sassman, L. (2022). RFC 9309: Robots exclusion protocol. Internet Engineering Task Force.
  50. Kundisch, D., Muntermann, J., Oberländer, A. M., Rau, D., Röglinger, M., Schoormann, T., & Szopinski, D. (2021). An update for taxonomy designers. Business & Information Systems Engineering.
  51. Landers, R. N., Brusso, R. C., Cavanaugh, K. J., & Collmus, A. B. (2016). A primer on theory-driven web scraping: Automatic extraction of big data from the internet for use in psychological research. Psychological Methods, 21(4), 475–492.
  52. Laux, J. (2023). Institutionalised distrust and human oversight of artificial intelligence: Towards a democratic design of AI governance under the European Union AI Act. AI & Society.
  53. Lemley, M. A., & Casey, B. (2021). Fair learning. Texas Law Review, 99(4), 743–785.
  54. Longpre, S., Mahari, R., Chen, A., et al. (2023). The data provenance initiative: A large-scale audit of dataset licensing & attribution in AI. arXiv.
  55. Longpre, S., Mahari, R., Obeng-Marnu, N., et al. (2024). Data authenticity, consent, and provenance for AI are all broken: What will it take to fix them? An MIT Exploration of Generative AI.
  56. Ma, R., Maidhof, C., Carrillo, J. C., Lindqvist, J., & Such, J. M. (2025). Privacy perceptions of custom GPTs by users and creators. In Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems.
  57. Matthias, A. (2004). The responsibility gap: Ascribing responsibility for the actions of learning automata. Ethics and Information Technology, 6(3), 175–183.
  58. McKinsey & Company. (2025, January). Superagency in the workplace: Empowering people to unlock AI's full potential at work.
  59. Meta Platforms, Inc. v. Bright Data Ltd., No. 3:23-cv-00077-EMC (N.D. Cal. Jan. 23, 2024).
  60. Mitchell, M., Ghosh, A., Luccioni, A. S., & Pistilli, G. (2025). Fully autonomous AI agents should not be developed. arXiv.
  61. Moray, N., Inagaki, T., & Itoh, M. (2000). Adaptive automation, trust, and self-confidence in fault management of time-critical tasks. Journal of Experimental Psychology: Applied, 6(1), 44–58.
  62. MoxyWolf / Open Controls. (2026). LinkedIn AI-tool catalog: skills, plugins, and commands (2,460 tools, ~1,850 distinct, 14 categories) [Dataset]. Workforce Automation, MoxyWolf LLC.
  63. National Institute of Standards and Technology. (2023, January). Artificial intelligence risk management framework (AI RMF 1.0) (NIST AI 100-1). U.S. Department of Commerce.
  64. New York Times Co. v. Microsoft Corp. & OpenAI, No. 1:23-cv-11195 (S.D.N.Y. filed Dec. 27, 2023).
  65. Nickerson, R. C., Varshney, U., & Muntermann, J. (2013). A method for taxonomy development and its application in information systems. European Journal of Information Systems, 22(3), 336–359.
  66. Novelli, C., Taddeo, M., & Floridi, L. (2024). Accountability in artificial intelligence: What it is and how it works. AI & Society, 39(4), 1871–1882.
  67. OpenAI. (2025). Preparedness framework, version 2.
  68. OWASP GenAI Security Project. (2024). OWASP top 10 for large language model applications 2025.
  69. Parasuraman, R., & Manzey, D. H. (2010). Complacency and bias in human use of automation: An attentional integration. Human Factors, 52(3), 381–410.
  70. Parasuraman, R., Sheridan, T. B., & Wickens, C. D. (2000). A model for types and levels of human interaction with automation. IEEE Transactions on Systems, Man, and Cybernetics — Part A: Systems and Humans, 30(3), 286–297.
  71. Passi, S., & Vorvoreanu, M. (2024, March). Appropriate reliance on generative AI: Research synthesis (MSR-TR-2024-7). Microsoft Research.
  72. Pushkarna, M., Zaldivar, A., & Kjartansson, O. (2022). Data cards: Purposeful and transparent dataset documentation for responsible AI. In Proceedings of the 2022 ACM Conference on Fairness, Accountability, and Transparency (FAccT '22) (pp. 1776–1826).
  73. Raisch, S., & Krakowski, S. (2021). Artificial intelligence and management: The automation-augmentation paradox. Academy of Management Review, 46(1), 192–210.
  74. Ribeiro, D., Rocha, T., Pinto, G., Cartaxo, B., Amaral, M., Davila, N., & Camargo, A. (2025). Toward effective AI governance: A review of principles. arXiv.
  75. Sag, M. (2020). Copyright law's impact on machine intelligence in the United States and the European Union. FIU Law Review, 14(2).
  76. Sag, M., Flynn, S. F., & Butler, B. (2022). Legal reform to enhance global text and data mining research. Science, 378(6623), 951–953.
  77. Salesforce. (2025). State of sales report (7th ed.).
  78. Santoni de Sio, F., & van den Hoven, J. (2018). Meaningful human control over autonomous systems: A philosophical account. Frontiers in Robotics and AI, 5, 15.
  79. Sheridan, T. B., & Verplank, W. L. (1978). Human and computer control of undersea teleoperators [Technical report]. MIT Man-Machine Systems Laboratory.
  80. Stanford Institute for Human-Centered AI. (2026). The 2026 AI index report. Stanford University.
  81. State of California. (2018). California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (2020) (Cal. Civ. Code §§ 1798.100–1798.199.100).
  82. Sterz, S., Baum, K., Biewer, S., Hermanns, H., Lauber-Rönsberg, A., Meinel, P., & Langer, M. (2024). On the quest for effectiveness in human oversight: Interdisciplinary perspectives. In Proceedings of the 2024 ACM Conference on Fairness, Accountability, and Transparency (FAccT '24).
  83. Thomson Reuters Enterprise Centre GmbH v. Ross Intelligence Inc., No. 1:20-cv-00613-SB (D. Del. Feb. 11, 2025).
  84. Tjondronegoro, D. W. (2024). Strategic AI governance: Insights from leading nations. arXiv.
  85. Treasury Board of Canada Secretariat. (2019). Directive on automated decision-making. Government of Canada.
  86. Van Buren v. United States, 593 U.S. 374 (2021).
  87. W3C Text and Data Mining Reservation Protocol Community Group. (2024). TDM Reservation Protocol (TDMRep): W3C community group final report.
  88. Wachter, S., Mittelstadt, B., & Floridi, L. (2017). Why a right to explanation of automated decision-making does not exist in the General Data Protection Regulation. International Data Privacy Law, 7(2), 76–99.
  89. Zahan, N., Zimmermann, T., Godefroid, P., Murphy, B., Maddila, C., & Williams, L. (2022). What are weak links in the npm supply chain? In Proceedings of the 44th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP '22).
  90. Zheng, L., et al. (2023). Judging LLM-as-a-judge with MT-Bench and Chatbot Arena. arXiv.
  91. Ziems, C., Held, W., Shaikh, O., Chen, J., Zhang, Z., & Yang, D. (2023). Can large language models transform computational social science? Computational Linguistics.
Governed Autonomy: Human Accountability Above the Loop in Agentic AI — The Frontier Founder