For years, the standard answer to AI risk was simple: put a human in the loop.
An automated system makes a recommendation. A person reviews it. The person approves or rejects it before anything happens. That was the gold standard. In practice, it was how you kept AI from doing something stupid or dangerous.
Amazon’s top security engineer says that model is broken—not because AI is too smart, but because humans are too human.
“Humans are not terribly consistent,” Eric Brandwine, distinguished engineer and VP at Amazon Security, told The Register. “Human-in-the-loop isn’t necessarily the gold standard.”
It is an uncomfortable argument from a company that sells a lot of AI services. Still, Brandwine has been thinking about this for nearly a decade, and the rest of Big Tech appears to be arriving at the same conclusion.
The Normalization of Deviance 🚨
Brandwine’s reasoning draws on a concept he first presented at AWS re:Invent in 2017: normalization of deviance. It is a gradual process. People in an organization take shortcuts or stop following procedures. Nothing catastrophic happens right away. Over time, the deviant behavior becomes the new normal. Then one day, something breaks.
He illustrates the point with emergency rooms:
“You’ve got all these machines, and they’re all beeping. Your first day on the job, you jump every single time one of the alarms beeps—but the patient is fine. It’s a spurious alarm. You go back to your station, you sit down, and over time, after enough of these false alarms, enough of these repeated beeps with no actual consequence, your discipline slips, and you stop responding. And eventually some tragic outcome occurs.”
This is not theory. In fact, it is a documented phenomenon among healthcare workers, firefighters, and even Army pilots.
“Literally, someone’s life is on the line, and people still struggle to maintain discipline,” Brandwine said. “That’s the human condition.”
Now apply that same pattern to AI.
The AI Version of the Same Problem 🤖
A human reviewer sits at the end of an AI pipeline, approving or rejecting agentic actions. At first, they are careful. They catch mistakes. They think about each decision. Then the volume increases. Most of the actions are fine. The false alarms pile up. Performance slips.
“If you put a human inside of this tight loop, and ask them to make approval decisions for agentic tools repeatedly, time after time, they’ll do a good job,” Brandwine said. “And then they’ll do an okay job. And pretty quickly they’ll be doing a poor job.”
Humans are not built for that kind of repetitive vigilance. We get bored. We get tired. We start rubber-stamping. And unlike the emergency room, where the stakes are clear and immediate, AI oversight is abstract. Consequences often arrive later. The feedback loop also runs longer. As a result, people have an even harder time staying disciplined.
The Technical Fix for Goal-Seeking 🧯
Brandwine also described what he calls “goal-seeking behavior” —where an agent asked to upgrade a database becomes fixated on a single destructive path, like deleting the database and recreating it. This is not prompt injection. There is no malicious input. The agent simply gets stuck on the wrong action.
The fix, Brandwine explained, is not simply applying static permission blocks. Instead, injecting contextual reasoning directly into the system prompts produced dramatically better results. Explaining to the agent why a particular action would cause a production outage—rather than just telling it “you can’t do that”—redirected the agent toward safer alternatives.
That kind of contextual reasoning goes a step beyond traditional access controls. It teaches the AI to understand consequences, not just follow rules.
Amazon’s Alternative: Accountability End to End 🧾
If human-in-the-loop is not the answer, what is? Amazon’s alternative is what Brandwine calls “accountability end to end.”
The idea is simple: human identity and ownership follow the entire workflow, even when no human is present at each step.
“If my agent writes a script that they then run, and it causes an outage,” Brandwine explained, “that’s still my responsibility.”
Every agent at Amazon has an independent identity assigned to it. Activity logs show “this agent did this on behalf of Eric,” not “Eric did this.” The distinction is designed to make people think carefully about how they deploy AI, not to make them afraid of using it.
The model includes layered automated guardrails, tightly scoped agent permissions, and complete audit trails instead of a person stationed at the end of a conveyor belt.
The Commercial Incentive 💼
Here is the part Amazon does not emphasize in the press.
Amazon has a clear commercial interest in dismantling the human checkpoint model. Overcoming the slow, manual human roadblock clears the path for corporate clients to deploy and scale thousands of autonomous AWS Bedrock agentic pipelines.
If every agent action requires a human review, the economics of AI automation break down. The whole point of AI agents is to move at machine speed. Put a human in the loop, and machine speed drops back to human speed.
That does not make Brandwine’s argument wrong. The normalization of deviance is real. Even so, it is worth noting that Amazon’s position aligns neatly with its business model.
The Industry Is Moving in the Same Direction 🔁
Amazon is not alone in rethinking this. Google Cloud COO Francis deSouza said in April that the industry has moved “from a human-led defense strategy, to a human-in-the-loop defense strategy, to an AI-led defense strategy that’s overseen by humans.”
Google’s model is now an agentic fleet handling routine cybersecurity work at machine speed, while humans provide oversight rather than approving every action.
Microsoft CEO Satya Nadella argued for “loop learning”—turning workflows and accumulated judgment into AI systems that improve with each use, rather than inserting a human checkpoint at every step.
IBM published a separate call for human accountability at all stages of AI development, not humans in the loop, warning that the latter amounts to “liability laundering.” Four of the largest tech companies on the planet reaching the same position in the same month is not a coincidence.
My Take 🧠
Thirty years of engineering network systems teaches you that humans are exceptionally bad at acting like automated components. When you ask a human brain to perform repetitive, high-stakes monitoring inside a tight loop, you build a system around a human failure point.
The normalization of deviance is real. Researchers have documented it. It applies to AI oversight just as much as it applies to emergency rooms and aircraft maintenance.
Amazon’s argument is not that humans are useless. It is that humans are not built for repetitive, high-stakes vigilance in a tight loop. That is not a criticism. It is just a fact about how our brains work.
The question is whether “accountability end to end” is actually better, or whether it is just a convenient narrative for a company that wants to sell more AI agents. Amazon has a clear incentive to argue that human-in-the-loop is not the gold standard. That does not make the argument wrong. It just means you should pay attention to who is making it.
Either way, the industry is shifting. The era of “just put a human in the loop” as the answer to every AI risk question is ending. So we are going to have to figure out what comes next—not because AI is ready to run without us, but because we are not ready to watch it that closely.
Quick Summary ✅
- The Problem: Amazon’s Eric Brandwine argues that “human-in-the-loop” AI oversight fails because humans are inconsistent, get bored, and suffer from “normalization of deviance”—the gradual erosion of vigilance over time.
- The Fix: Amazon proposes “accountability end to end”—cryptographic agent identities, dynamic permissions, and complete audit trails—rather than a human reviewer approving every action.
- The Technical Layer: Contextual reasoning injected into system prompts (explaining why an action causes an outage) produces better results than static permission blocks.
- The Commercial Reality: Amazon has a clear business incentive to remove human checkpoints, clearing the path for AWS Bedrock customers to deploy thousands of autonomous agents at scale.
- The Industry Shift: Google, Microsoft, and IBM are all moving in similar directions, suggesting the era of human-in-the-loop as the default answer to AI risk is ending.
Related Stories 🔗
- When Technology Meets the Food Chain
- Apple’s Design Team Lost Its Way. Now Its New CEO Has to Fix It.
Upcoming Community Events 📅
- June 17 – July 31, 2026: Together We Thrive community art exhibition on view at the Berea Arts Council gallery.
- June 19–28, 2026: Macbeth final weekend performances at The Spotlight Playhouse.
- July 10–12, 2026: The Berea Craft Festival at Indian Fort Theater.
This article originally appeared on BereaOnline.com — your home for Madison County news, community events, and local updates.
About the Author ✍️
Dr. Chad Hembree serves as the Executive Director of Spotlight Acting School, The Spotlight Playhouse, and Spotlight Performing Arts. His professional history includes 30 years as a certified network engineer and former technology executive, alongside extensive media experience hosting the nationally syndicated radio program Tech Talk. Having operated BereaOnline.com since 1995, his technology journalism focuses on translating complex digital advancements, cloud infrastructures, and emerging tech trends into clear, practical insights for everyday families and local businesses.
Sources 📌
- The Register Cybersecurity & AI Governance Dispatches (June 2026)
- The Next Web Technology Infrastructure Logs (June 2026)
- Google Cloud Executive Operations & Architectural Framework Briefings (April 2026)
- AWS Security re:Invent Historical Technical Keynotes (December 2017)
