Agents make mistakes. They hallucinate facts, misinterpret ambiguous instructions, and take actions their users never intended. This is not a flaw that better models will eliminate, it is an inherent property of systems that operate on probabilistic reasoning rather than deterministic logic. The question is not whether your agent will make a mistake, but what happens when it does. For low-stakes actions (summarizing an article, suggesting a playlist, drafting a brainstorm list) mistakes are cheap. The user reads the output, shrugs, and tries again. But for high-stakes actions (sending money, deleting production data, emailing thousands of customers, executing a database migration) a single mistake can cause irreversible damage. The cost asymmetry between these two categories is enormous, and it is the reason human-in-the-loop (HITL) design exists.

Trust must be built incrementally

Consider how you onboard a new employee. On day one, you do not hand them the root password to production and say "deploy whatever you think is right." You start with small tasks, review their work, give feedback, and gradually expand their responsibilities as they demonstrate competence. Agent systems work the same way. Users will not trust a new agent with full autonomy immediately, and they should not. Trust is earned through repeated demonstrations of correct behavior in progressively more complex situations. An agent that starts by handling simple, reversible tasks, and proves it can do them well, earns the credibility to handle harder tasks later. Skipping this progression is how you get the horror stories: an agent that auto-replies to a VIP customer with hallucinated pricing, or a coding agent that runs rm -rf / because it misunderstood the cleanup instructions.

Legal and compliance requirements

In regulated industries (finance, healthcare, legal) human approval is not optional. Regulatory frameworks mandate that certain decisions (loan approvals, medical diagnoses, legal filings) involve a qualified human reviewer. Even in unregulated domains, audit trails showing that a human approved a consequential action provide legal protection and accountability. An agent that autonomously transfers funds without human authorization creates liability. An agent that proposes the transfer and waits for approval creates a defensible process.

The cost equation

Every approval gate adds latency and interrupts human workflow. A customer support agent that escalates every single response to a human manager is not an agent, it is a drafting tool. The design challenge is finding the right threshold: which actions justify the cost of human oversight, and which do not? This is not a binary choice but a spectrum, and the threshold should shift over time as the agent proves itself. Real systems demonstrate this balance daily. Coding agents like Claude Code ask for approval before running potentially destructive shell commands but execute safe read operations autonomously. Customer support agents handle routine "where is my order" queries on their own but escalate refund requests above a certain dollar amount. Email agents draft responses for review but send routine acknowledgments automatically. The pattern is the same: classify actions by risk, and match oversight to risk level.

Why this matters for system design

HITL is not just a UX concern. It shapes your entire architecture. You need message queues to hold pending actions while waiting for approval. You need state machines to track whether an action is proposed, approved, rejected, or expired. You need notification systems to alert the right human at the right time. You need timeout logic to handle cases where no human responds. These are distributed systems problems, and they affect latency, reliability, and scalability in ways that pure autonomous agents do not face.