Pulse

Agent governance / Jun 21, 2026 / 6 min

Amazon Warned Human-in-the-Loop Oversight Degrades Into Rubber Stamps

Amazon Security VP Eric Brandwine told The Register that repeated human approval of agent actions degrades into rubber-stamp oversight — and IBM, Google, and Microsoft are now making the same argument as enterprises race to deploy autonomous AI.

Thesis Human-in-the-loop was never governance — it was compliance theater, and Big Tech is finally admitting it before the first major agent outage lands in court.

Amazon's security chief just said the quiet part out loud: asking humans to approve agent actions at machine speed doesn't produce oversight — it produces autopilot. As enterprises deploy AI agents into production workflows, the industry's default governance model is collapsing under the weight of its own repetition.

Why this broke now: On June 20, Eric Brandwine — distinguished engineer and VP of Amazon Security — told The Register that human-in-the-loop oversight "isn't necessarily the gold standard." His reasoning wasn't philosophical. It was behavioral.

The normalization trap: Brandwine drew on a concept he's preached since a 2017 AWS re:Invent talk: normalization of deviance — the slow drift where people stop responding to alarms that never seem to matter.

  • His example: emergency-room monitors that beep constantly until nurses stop jumping — until one alarm signals a real crisis nobody hears.
  • His AI translation: "If you put a human inside of this tight loop, and ask them to make approval decisions for agentic tools repeatedly, time after time, they'll do a good job. And then they'll do an okay job. And pretty quickly they'll be doing a poor job."
  • At Amazon, he said flatly: "We're not huge fans of human-in-the-loop."

Big Tech is converging: Amazon isn't alone in walking back the HITL gospel.

  • Google Cloud COO Francis deSouza told reporters in April the industry has moved "from a human-led defense strategy, to a human-in-the-loop defense strategy, to an AI-led defense strategy that's overseen by humans" (The Register).
  • Microsoft CEO Satya Nadella argued in June for "loop learning" — turning workflows and institutional judgment into systems that improve with each use, rather than inserting a human checkpoint at every step (The Register; Redmondmag).
  • IBM executives published a June 17 essay calling the HITL reflex "liability laundering" — redirecting accountability to whoever clicked approve without giving them the transparency or authority to actually stop the system (IBM Think).

What replaces the approve button: Amazon's answer is "accountability end to end" — human identity and ownership tracked through the entire workflow, even when no one is clicking approve on each step.

  • If Brandwine's agent writes and runs a script that causes an outage, "that's still my responsibility."
  • Every agent gets its own identity. Logs show "this agent did this on behalf of Eric" — not just "Eric did this."
  • Static guardrails ban destructive actions. Dynamic, task-scoped policies narrow what each agent can do for a specific request.

The market is pricing the shift: On June 15, 1Password acquired Apono for a reported $250 million to $300 million — betting that agent governance lives in just-in-time, intent-scoped permissions, not standing credentials and approval queues (SecurityWeek). CEO David Faugno said the deal means 1Password moves from vault to access layer: "With Apono, we become the access layer."

The hard limits: Brandwine was candid that none of this is foolproof.

  • Agents exhibit "goal-seeking behavior" — laser-focused on completing a task even if the path is destructive (deleting a database to "upgrade" it).
  • Telling an agent why it lacks permission works better than a flat denial — but that's prompt engineering, not governance architecture.
  • "Humans fear consequences," Brandwine said. "Agents don't have these fears."

Why boards should care: Regulators and plaintiffs won't accept "a human reviewed it" as a defense when the reviewer was processing hundreds of low-risk approvals per hour with no reasoning trace, no override authority, and no kill switch. Frameworks from the EU AI Act to NIST's AI Risk Management Framework both demand more than presence in a workflow — they demand the capacity to interrogate and stop (AI Governance Institute).

Convina's view: Human-in-the-loop was always a procurement checkbox masquerading as a control — and Amazon's security team just admitted it fails at the exact velocity enterprises need agents to run. The replacement isn't fewer humans. It's sharper accountability: named owners, scoped permissions, auditable agent identities, and human judgment reserved for decisions where consequence still matters. The companies that get this right will treat agent governance as infrastructure — not an approval modal. The ones that don't will discover, in the first serious incident, that the human who clicked "approve" was never in the loop. They were in the liability chain.

Research Signals

https://www.theregister.com/security/2026/06/20/why-amazon-hates-human-in-the-loop-ai-governance/5258639 https://www.ibm.com/think/insights/liability-laundering-problem-human-in-the-loop-not-governance-strategy https://redmondmag.com/articles/2026/06/18/nadella-says-enterprise-ai-future-may-depend-less-on-frontier-models-than-learning-systems.aspx https://1password.com/press/2026/june/1password-acquires-apono https://www.securityweek.com/1password-acquires-apono-in-reported-250m-300m-deal/ https://aigovernance.com/playbook/human-oversight-for-high-risk-ai-decisions