AI agents are creeping into more workflows - from summarising incidents to auto-labelling data to proposing remediation steps. As their capabilities grow, security teams face a harder question: What decisions should we still make ourselves?

Most organisations default to a human-in-the-loop pattern: the system proposes, a person approves. It’s a sensible starting point - but it’s just that: a starting point. This model won’t scale unless it evolves.

Progress comes from gradually shifting control - from humans to agents - based on confidence, context, and consequences. But that shift has to happen within a structure you can reason about, audit, and defend.

The Automation Spectrum

You can think of automation trust levels in four stages:

• Fully Manual: Humans do everything. Slow and brittle; e.g., an analyst closes phishing tickets one by one

• Agent Proposes, Human Approves: Agent suggests actions; a human must approve; e.g., LLM drafts an incident summary, SOC lead reviews before sharing

• Agent Acts, Human Audits: Agent takes action automatically; humans monitor or spot-check; e.g., auto-quarantine based on threat intel, with audit logs

• Fully Autonomous with Alerts: Agent operates independently; humans are notified only on exceptions; e.g., ingesting and deploying blocklists without review

The challenge isn’t picking one stage - it’s building systems that let you move actions between stages as confidence grows.

A Hybrid Model That Adapts Over Time

Here’s one way to break things down:

• High-confidence tasks: Auto-execute; e.g., extracting structured data from known sources

• Medium-confidence: Propose for human review; e.g., knowledge graph entity merges with 0.8–0.95 confidence

• Low-confidence: Flag but take no action; e.g., conflicting attribution across threat reports

• High-risk or irreversible actions: Always require approval; e.g., deleting user accounts or erasing data archives

This structure helps you move fast where it’s safe, while keeping control where it matters. And it maps well to AI regulations that emphasise meaningful human oversight.

Even when agents act on their own, the rules they follow - and the boundaries they stay within - are defined and owned by humans.

AI Regulations: Control Without Stalling Progress

Across the EU AI Act, U.S. guidance, and internal corporate policies, a consistent principle is emerging: high-impact decisions can’t be fully delegated to machines.

But that doesn’t mean automation is off-limits. It means your systems must:

• Log how and why decisions were made

• Allow humans to intervene or override

• Make clear who is accountable (easier said than done!)

That might look like staging a decision queue for review, limiting autonomous actions to low-risk operations, or automatically escalating any action with unclear attribution.

What matters is that your automation design reflects both the letter and the intent of oversight requirements. Not because you’re looking for loopholes, but because you’re operating in good faith.

Feedback Turns Oversight Into Progress

The other half of this model is learning from outcomes. Human decisions - approve, reject, override - should be captured and fed back into the system. That enables:

• Calibrating confidence thresholds over time

• Fine-tuning models based on human judgment

• Identifying drift or breakdowns in agent behaviour

This isn’t just about getting the model to improve. It’s how you build a system that earns trust by design, not just by performance.

Automation Isn’t All or Nothing

The goal isn’t to lock every workflow into “human-in-the-loop” forever. Nor is it to hand over the keys to autonomous agents and hope for the best.

Instead, it’s about designing systems where:

• Automation is earned, not assumed

• Oversight is structured, not ad hoc

• Feedback is continuous, not optional

• Control shifts deliberately, not by default

Security teams already understand this mindset. We’re used to tuning policies, refining detections, and escalating based on context.

Now we need to apply that same thinking to how we delegate to machines.