Mitigation

AML.M0029Human In-the-Loop for AI Agent Actions

What it is

Systems should require the user or another human stakeholder to approve AI agent actions before the agent takes them. The human approver may be technical staff or business unit SMEs depending on the use case. Separate tools, such as dedicated audit agents, may assist human approval, but final adjudication should be conducted by a human decision-maker. The security benefits from Human In-the-Loop policies may be at odds with operational overhead costs of additional approvals. To ease this, Human In-the-Loop policies should follow the degree of consequence of the task at hand. Minor, repetitive tasks performed by agents accessing basic tools may only require minimal human oversight, while agents employed in systems with significant consequences may necessitate approval from multiple stakeholders diversified across multiple organizations.

References

  1. https://atlas.mitre.org/mitigations/AML.M0029

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

ATLAS mitigation
Single-User AI Agent Permissions Configuration
ATLAS mitigation
Restrict AI Agent Tool Invocation on Untrusted Data
ATLAS mitigation
AI Telemetry Logging
ATLAS mitigation
Input and Output Validation for AI Agent Components
ATLAS mitigation
Privileged AI Agent Permissions Configuration
ATLAS mitigation
Memory Hardening
Sourced from MITRE ATLAS — Adversarial Threat Landscape for AI Systems. Curated by Adam Lundqvist, SQUR.