MICKAI
Article · 12 June 2026

A Human in the Loop You Cannot Prove Is Just a Machine With an Alibi

Every vendor swears a person reviewed the decision. Almost none of them can show you when, who, or what that person actually saw. Until the loop is recorded, the human is a rumour.

A Human in the Loop You Cannot Prove Is Just a Machine With an Alibi
Author
Micky Irons
Published
12 June 2026
Follow Micky Irons
LinkedInX
human in the loopAI governanceauditpost-quantumEU AI Act

The phrase that lets everyone off the hook

Ask any vendor selling an artificial intelligence (AI) system into a hospital, a bank, or a court, and within about ninety seconds you will hear the magic words. There is a human in the loop. It is meant to settle the room. A person is watching, a person decides, the machine only suggests. Everyone nods. The meeting moves on.

I have sat in those rooms. I build this technology for a living. And I have come to believe that, as it is currently used, human in the loop is one of the most dishonest phrases in the industry. Not because the idea is wrong. Human oversight is a genuinely good principle. It is dishonest because in almost every system I have inspected, there is no evidence the human was ever in the loop at all. There is a claim. There is a checkbox in a slide deck. There is a job title on an organisation chart. What there is not, with grim regularity, is a record.

A control you cannot prove happened is not a control. It is a hope. And hope is not a governance strategy. The whole value of oversight lives in being able to reconstruct, after the fact, exactly what a person did and when. Take that away and you are left with a comforting noise that costs nothing to make and proves nothing when it matters.

What the loop is supposed to mean, and what it usually is

When people say human in the loop, they are asserting four things at once. That a specific person was responsible. That this person actually saw the relevant information before the action took effect. That they had a real opportunity to intervene. And that they made a decision rather than rubber-stamping a default. Strip those four claims out and oversight collapses into theatre.

Now go and look at how most deployments implement it. The model produces an output. A queue appears on someone's screen. The person is measured on throughput, so they clear dozens of items an hour. The interface pre-selects approve. Nothing about who looked, when they looked, what version of the model produced the output, or what the person could even see at that moment is captured anywhere durable. The loop, in practice, is a person clicking through faster than they can think, and a system that keeps no honest memory of it.

This is not a hypothetical failure mode. It is the default. Automation bias, the tendency of people to defer to a machine that is usually right, is well documented across decades of human factors research. People defer especially when they are busy and the cost of disagreeing is friction. The presence of a human does not fix that. The presence of a human who knows their actual decision is being recorded, attributable, and reviewable changes behaviour completely. The difference between those two worlds is a timestamp.

Why this is about to stop being a philosophical point

For years you could wave the phrase around and nobody pushed back. That window is closing. From August 2026 the European Union (EU) AI Act brings its high-risk obligations into force, and human oversight is not a vibe under that regime. It is a requirement that has to be designed in and, crucially, demonstrated. Regulators do not accept good intentions. They ask for evidence. Liability law is moving the same direction. When an automated decision harms someone, the question in front of a court will not be did you have a policy. It will be show me what the human saw and when they approved it.

A classical marble hand caught at the moment of pressing a seal, lit by a single line of gold light against void black, symbolising a decision committed before it can be acted on.
The signature comes first. The action is gated on it. An oversight record written before the act is evidence. One written after is a confession composed by the suspect.

Here is the uncomfortable part for most of the market. If your oversight record is a row in an ordinary database, your own administrator can edit it. If your log is written after the action, it proves nothing about the moment of decision. If the record lives only on your servers and the only party vouching for it is you, then in any serious dispute it is worth roughly nothing, because the party with the most to lose controls the evidence. A security realist assumes the log will be challenged, tampered with, or quietly backdated, because sometimes it is. You design for the adversary, not for the demo. The cryptography of records meant to outlive the decade is also shifting under everyone's feet, with post-quantum migration now a stated priority for serious institutions, and a log signed with breakable mathematics is a liability waiting for its date.

The record has to come before the act, not after it

This is the hinge of the whole argument, so I want to be precise. Most logging happens after the fact. The system does the thing, then writes a line saying it did the thing. That ordering is fatal for oversight, because an after-the-fact log can always be written to flatter the writer. It is a confession composed by the suspect, with all the credibility that implies.

Real oversight inverts the order. The decision, who is accountable for it, what they were shown, and the exact moment, all have to be committed before the action is permitted to execute. The signature comes first. The action is gated on it. If the record was not written, the thing does not happen. That single design choice converts human in the loop from a marketing claim into a load-bearing fact, because now the loop physically cannot be skipped without leaving a hole that anyone can see.

And the record cannot be something only the vendor can read or only the vendor will vouch for. Trust in the party being audited is the original sin of audit. The whole point of a record is that a third party, a regulator, a litigant, an internal investigator, can verify it without asking me to confirm it is genuine. That means cryptographic signatures, an append-only chain where altering one entry breaks every entry after it, and verification that works in an ordinary browser with no dependence on the company that produced it. If you need my server online and my goodwill to check the log, it is not a record. It is a permission slip I can revoke.

Building for the timestamp

This is precisely the discipline we built into Mickai, our Sovereign Intelligence Operating System (SIOS). It is built and in production, not a slideware promise. At its core is the Open Audit Record (OAR). Every action taken by the system is signed before it executes, not narrated afterwards. Each entry is hash-chained to the last, so the sequence is append-only and tamper-evident by construction. The signatures are post-quantum, using the United States National Institute of Standards and Technology (NIST) standard FIPS 204 (ML-DSA-65), because a record meant to hold up for years has to survive the cryptography of years, not just today. And the entire chain is verifiable offline, in a normal browser, with zero trust placed in us as the vendor.

A marble chain of identical interlocking links carved from one block, gold-lit against void black, symbolising an append-only hash-chained record where altering one entry breaks the whole sequence.
Append-only and hash-chained: alter one entry and every entry after it breaks. The record is verifiable offline in an ordinary browser, with no trust placed in the vendor.

When the loop includes a person, that fact is part of the signed record. Who. When. What they were shown. Whether they approved or intervened. It is not a claim on a slide. It is a cryptographic object that an adversary cannot quietly rewrite and that anyone with standing can check for themselves. The system runs fifty specialised brains, twenty-five domain and twenty-five operational, on our Poseidon silicon substrate, and we are actively training our own models now, fine-tuning and specialising open foundations while we build toward fully native weights. Every one of those brains writes to the same record under the same rule. For the highest-assurance work, that audit root is anchored externally through Pantheon, our sovereign Layer 1, which settles the audit root to Bitcoin so the evidence does not rest solely inside our own walls. The principle is simple and it is the opposite of how the industry currently behaves. The party being held to account should not be the sole custodian of the proof.

Stop saying it unless you can show it

I am not asking anyone to abandon human oversight. I am asking the industry to stop pretending it exists when there is no evidence behind it. The next time someone tells you their system has a human in the loop, do not nod. Ask one question. Show me the signed record of the last decision that human made. Show me who they were, when they approved it, what they were looking at, and prove to me that the entry was written before the action happened and has not been touched since.

If they can produce that in front of you, in a plain browser, without phoning home, you have real oversight. If they cannot, then the human in the loop is a character in a story, not a fact in a system. A loop you cannot prove ran is indistinguishable from a loop that never ran at all. Oversight without a timestamp is just a machine with an alibi, and the alibi was written by the machine. We built Mickai because we got tired of taking that alibi on faith, and we think regulators, courts, and customers are about to stop taking it too.

ShareLinkedInXHacker NewsRedditMastodonBlueskyEmail
Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/human-in-the-loop-needs-a-timestamp. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
14 Jun 2026
The PDF Did Not Stop the Breach
Model cards and audit binders are theatre when nobody can prove what a system did at the moment it mattered. I argue that a record signed before each action, hash-chained and verifiable offline, beats any document that merely describes intent. This is the thesis behind Mickai's Open Audit Record.
14 Jun 2026
Air-Gapped Is Not the Same as Accountable
Isolating a model from the network is a containment control, not an accountability control. Air-gapping limits blast radius but proves nothing about what the model decided or why. Real containment needs a signed, hash-chained, offline-verifiable record, not just a moat.
14 Jun 2026
The Training Data Is a Liability You Cannot See
Most artificial intelligence systems carry a hidden liability: nobody can prove what data trained them. I argue that data provenance and poisoning are the real exposure, that you cannot defend outputs you cannot trace to inputs, and that the only honest answer is a signed, hash-chained record you can verify offline without trusting the vendor.
14 Jun 2026
Your Vendor SOC 2 Says Nothing About the Model
Procurement still treats a SOC 2 report as proof that an artificial intelligence vendor is safe. It is not. SOC 2 attests to infrastructure controls, not model behaviour, and the two have almost nothing to do with each other. Here is what your contracts should actually demand instead.
See all articles →