TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
 
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
 
NEW! Try Stackie AI
Cloud Native Ecosystem Containers Databases Edge Computing Infrastructure as Code Linux Microservices Open Source Networking Storage
AI Agents vs. Agentic AI: A Kubernetes Developer’s Guide
Sep 10th 2025 7:00am, by Janakiram MSV
OpenSearch 3.2 Delivers Hybrid Search, Enhanced Observability Tools
Aug 27th 2025 4:00pm, by B. Cameron Gain
Why Federated API Management Is Essential for Hybrid Cloud
Aug 27th 2025 9:00am, by Matthias Biehl
How to Evaluate Logging Frameworks: 10 Questions
Aug 21st 2025 10:00am, by Phil Wilkins
CNCF Seeks Requirements for K8s-Portable AI/ML Workloads
Aug 18th 2025 8:00am, by Joab Jackson
How to Self-Host Your Notes With Trilium and Docker
Sep 13th 2025 7:00am, by Jack Wallen
Why Chainguard Is Doubling Down on Virtual Machines in a Container World
Sep 5th 2025 2:00pm, by Darryl K. Taft
Pods Is a Handy Linux GUI for Managing Your Podman Containers
Sep 3rd 2025 6:00am, by Jack Wallen
Containerized Apps for Your Home Network
Sep 1st 2025 7:00am, by Jack Wallen
Hardened Containers Aren't Enough: The Runtime Security Gap
Aug 27th 2025 12:00pm, by Jed Salazar
Dispelling Myths of Open Source Complexity With Apache Iceberg
Sep 11th 2025 10:00am, by Russell Spitzer
How Distributed Postgres Solves Cloud's High-Availability Problem
Sep 11th 2025 9:00am, by Meredith Shubel
​​Build a Complete Smart Home Monitoring System
Sep 3rd 2025 11:00am, by Suyash Joshi
Is Your Data Strategy Ready for the Agentic AI Era?
Aug 28th 2025 8:00am, by Heather Joslyn
Linux Foundation Opens the Door to DocumentDB
Aug 27th 2025 1:00pm, by Steven J. Vaughan-Nichols
Kubernetes at the Edge: Deploy With Confidence and Control
Aug 19th 2025 10:00am, by Vicki Walker
Scaling AI Inference at the Edge With Distributed PostgreSQL
Jul 21st 2025 9:00am, by Meredith Shubel
6 Design Principles for Edge Computing Systems
Jul 17th 2025 7:00am, by Joab Jackson
How To Build Smarter Factories With Edge Computing
Jul 8th 2025 10:00am, by Kristopher Clark
How To Use Terraform for Automation at the Edge
Jun 18th 2025 9:00am, by Manny Calero
Chef Creator Unveils AI Platform To Fix Flaws With Infrastructure Automation
Aug 27th 2025 8:00am, by Heather Joslyn
Platform Engineering Is Failing — Here's Why Infrastructure Comes First
Aug 7th 2025 10:00am, by Lukas Gentele
How To Use AI To Design Intelligent, Adaptable Infrastructure
Aug 1st 2025 10:00am, by Dharani Pothula
Software Architecture Is Finally Fixing Its Biggest Problem: Developer Experience
Jul 25th 2025 9:00am, by Avraam Tolmidis
ClickOps Is a Disgrace
Jul 10th 2025 5:05am, by Ido Neeman
How to Self-Host Your Notes With Trilium and Docker
Sep 13th 2025 7:00am, by Jack Wallen
Linux: Deploy a Honeypot to Catch Your Server's Attackers
Sep 7th 2025 7:00am, by Jack Wallen
Connect to a Local Ollama AI Instance From Within Your LAN
Sep 6th 2025 7:00am, by Jack Wallen
Pods Is a Handy Linux GUI for Managing Your Podman Containers
Sep 3rd 2025 6:00am, by Jack Wallen
Unix Co-Creator Brian Kernighan on Rust, Distros and NixOS
Aug 31st 2025 6:00am, by David Cassel
Your CI/CD Pipeline Wasn't Built for Microservices
Aug 7th 2025 7:00am, by Arjun Iyer
Introduction to Microservices
Aug 5th 2025 5:00pm, by TNS Staff
FoundationDB: A Distributed Database That Can't Be Killed
Jul 25th 2025 7:00am, by Joab Jackson
Why Scaling Makes Microservices Testing Exponentially Harder
Jul 16th 2025 11:00am, by Arjun Iyer
Why AI Features Break Microservices Testing
Jun 23rd 2025 10:00am, by Arjun Iyer
Meet the 11-Year-Old Whose Code Was Adopted by a Gaming Giant
Sep 14th 2025 6:00am, by David Cassel
OpenSSF Experts Weigh in on CISA’s SBOM Minimum Elements Update
Sep 12th 2025 9:00am, by Susan Hall
How the EU’s Cyber Act Burdens Lone Open Source Developers
Sep 11th 2025 2:00pm, by Alex Williams
The Agentic Web: How AI Agents Are Shaping the Web’s Future
Sep 11th 2025 1:00pm, by Richard MacManus
Dispelling Myths of Open Source Complexity With Apache Iceberg
Sep 11th 2025 10:00am, by Russell Spitzer
How Agentic AI Is Redefining Campus and Branch Network Needs
Aug 15th 2025 10:00am, by Lawrence Huang
Mythbusting IPv6: Why Adoption Lags and What Will Change It
Jul 29th 2025 11:00am, by Alessandro Improta and Denton Chikura
How the Free Software Foundation Battles the LLM Bots
Jul 20th 2025 6:00am, by David Cassel
Google Brings the Lustre Parallel File System to Its Cloud
Jul 11th 2025 7:00am, by Joab Jackson
Build Your Own Private Cloud at Home With Docker
Jul 4th 2025 11:00am, by Jack Wallen
VMware Cloud Foundation Is Now an AI-Native Platform
Aug 26th 2025 5:00am, by Joab Jackson
Mastering Storage for VMs: A DevOps Perspective
Aug 13th 2025 12:00pm, by Carol Platz
Battle-Tested Tips for a Better NoSQL Migration
Aug 7th 2025 9:00am, by Felipe Cardeneti Mendes
The Obscure Paradox Fueling AI and Big Data Growth
Jul 30th 2025 11:00am, by Franz Knupfer
How Software-Defined Storage Empowers Developers
Jul 25th 2025 11:05am, by Carol Platz
AI AI Engineering API Management Backend development Data Frontend Development Large Language Models Security Software Development WebAssembly
Your AI Prompts Are Programming the Future So Use Them Wisely
Sep 13th 2025 10:00am, by
Warp Code Gets Closer to an Emacs for the Modern AI Era
Sep 13th 2025 8:00am, by
The Engineer in the AI Age: The Orchestrator and Architect
Sep 12th 2025 8:00am, by
The Agentic Web: How AI Agents Are Shaping the Web’s Future
Sep 11th 2025 1:00pm, by
Vibe Coding Fails Enterprise Reality Check
Sep 10th 2025 4:00pm, by
Your AI Prompts Are Programming the Future So Use Them Wisely
Sep 13th 2025 10:00am, by
The Engineer in the AI Age: The Orchestrator and Architect
Sep 12th 2025 8:00am, by
3 Ways Security Teams Can Tame Autonomous AI Agents
Sep 11th 2025 12:00pm, by
The Future of Agentic Coding Is Multiplayer
Sep 9th 2025 11:00am, by
Vibe Coding: The Productivity Boom Hiding Massive Governance Risks
Sep 9th 2025 9:00am, by
Your APIs Are Costing More Than You Think
Sep 12th 2025 10:00am, by
When Is MCP Actually Worth It?
Sep 10th 2025 8:00am, by
Why Your Legacy APIs Are a Roadblock for AI Agents
Sep 4th 2025 11:00am, by
WunderGraph Uses AI To Challenge Apollo's GraphQL Empire
Aug 27th 2025 5:00pm, by
Why Federated API Management Is Essential for Hybrid Cloud
Aug 27th 2025 9:00am, by
How MCP Uses Streamable HTTP for Real-Time AI Tool Interaction
Aug 18th 2025 10:34am, by
A Backend for Frontend: Watt for Node.js Simplifies Operations
Aug 14th 2025 6:00am, by
Human-on-the-Loop: The New AI Control Model That Actually Works
Aug 4th 2025 8:00am, by
IT Orchestration Is the Secret Behind Smooth, Scalable IT Operations
Aug 3rd 2025 10:00am, by
Engineers Are Finally Ditching the Accessibility Checkbox
Jul 23rd 2025 9:00am, by
Agentic AI Is Key To Preventing Costly AI Hallucinations
Sep 14th 2025 9:00am, by
Dispelling Myths of Open Source Complexity With Apache Iceberg
Sep 11th 2025 10:00am, by
Five Steps to Build AI Agents that Actually Deliver Business Results
Sep 10th 2025 10:00am, by
Are Your AI Co-Pilots Trapping Data in Isolated Silos?
Sep 9th 2025 7:00am, by
Apache Kafka 4.1: The 3 Big Things Developers Need To Know
Sep 8th 2025 10:00am, by
18 Popular npm Packages Compromised in Attack
Sep 13th 2025 6:00am, by
Is GPT-5 a Coding Powerhouse or Maintainability Nightmare?
Sep 6th 2025 6:00am, by
Fresh + Vite Means 9-12x Faster Development for Deno
Sep 6th 2025 5:00am, by
New Rust-Based Tool Installs Ruby in Seconds
Sep 4th 2025 10:00am, by
How to Make OpenTelemetry Better in the Browser
Sep 3rd 2025 10:00am, by
Agentic AI Is Key To Preventing Costly AI Hallucinations
Sep 14th 2025 9:00am, by
Taming LLM Sprawl: Why Enterprises Need an AI Gateway Now
Sep 9th 2025 10:00am, by
Why Tech Professionals Must Lead the Charge on GenAI Safety
Sep 7th 2025 8:00am, by
Creating an Immutable 'Family Tree' for AI Training Data
Aug 28th 2025 12:00pm, by
Amplifying the Good and the Bad: 10 More AI Coding Lessons
Aug 25th 2025 10:00am, by
How Maintainer Burnout Is Causing a Kubernetes Security Disaster
Sep 11th 2025 3:00pm, by
How the EU’s Cyber Act Burdens Lone Open Source Developers
Sep 11th 2025 2:00pm, by
Why Tech Professionals Must Lead the Charge on GenAI Safety
Sep 7th 2025 8:00am, by
Linux: Deploy a Honeypot to Catch Your Server's Attackers
Sep 7th 2025 7:00am, by
Why Chainguard Is Doubling Down on Virtual Machines in a Container World
Sep 5th 2025 2:00pm, by
Your AI Prompts Are Programming the Future So Use Them Wisely
Sep 13th 2025 10:00am, by
Your APIs Are Costing More Than You Think
Sep 12th 2025 10:00am, by
Stop Building Super Agents; Build Effective AI Teams Instead
Sep 11th 2025 8:00am, by
Vibe Coding Fails Enterprise Reality Check
Sep 10th 2025 4:00pm, by
Five Steps to Build AI Agents that Actually Deliver Business Results
Sep 10th 2025 10:00am, by
Flutter 3.5 Offers New Developer Experience Features
Aug 30th 2025 6:00am, by
What Debugging JavaScript on WebAssembly Looks Like
Aug 20th 2025 3:00pm, by
Wassette: Microsoft’s Rust-Powered Bridge Between Wasm and MCP
Aug 8th 2025 3:00pm, by
Endor: Fire up a Dev Environment in Seconds With WebAssembly
Aug 5th 2025 2:00pm, by
WebAssembly, ‘Hyper VMs’ and Hypervisors: Fast Speeds, Intense Isolation
Jul 1st 2025 9:00am, by
AI Operations CI/CD Cloud Services DevOps Kubernetes Observability Operations Platform Engineering
Stop Building Super Agents; Build Effective AI Teams Instead
Sep 11th 2025 8:00am, by Anita Beveridge-Raffo
When Is MCP Actually Worth It?
Sep 10th 2025 8:00am, by Bill Doerrfeld
Clockwork's FleetIQ Aims To Fix AI's Costly Network Bottleneck
Sep 10th 2025 3:00am, by Frederic Lardinois
Taming LLM Sprawl: Why Enterprises Need an AI Gateway Now
Sep 9th 2025 10:00am, by Matthias Biehl
Why AI Alone Fails at Large-Scale Code Modernization
Aug 30th 2025 9:00am, by Olga Kundzich
OpenSSF Experts Weigh in on CISA’s SBOM Minimum Elements Update
Sep 12th 2025 9:00am, by Susan Hall
The Engineer in the AI Age: The Orchestrator and Architect
Sep 12th 2025 8:00am, by Joseph Morais
Should Your Team Be Vibe Coding?
Sep 5th 2025 10:00am, by Matt Moore
Beyond CI/CD: Why Your Infrastructure Is Your New Bottleneck
Sep 4th 2025 1:00pm, by Arjun Iyer
​​Build a Complete Smart Home Monitoring System
Sep 3rd 2025 11:00am, by Suyash Joshi
How Distributed Postgres Solves Cloud's High-Availability Problem
Sep 11th 2025 9:00am, by Meredith Shubel
How To Build a FinOps Strategy That Works
Sep 8th 2025 9:00am, by Vicki Walker
VCF 9 Gets MCP Support, GPU Optimization at No Extra Cost
Aug 26th 2025 6:00am, by B. Cameron Gain
Cloud Washing in the Age of AI: When ‘Sovereign’ Isn’t
Aug 1st 2025 6:00am, by Julian Hennig
Google Brings the Lustre Parallel File System to Its Cloud
Jul 11th 2025 7:00am, by Joab Jackson
JFrog Upgrades AI Tooling, Governance To Speed up Software Delivery
Sep 9th 2025 3:00pm, by Chris J. Preimesberger
How To Enable Platform Engineering That Developers Love
Sep 3rd 2025 8:00am, by Jessica Brunner
AI Combined With Agile Lets Developers Focus on Craft
Sep 2nd 2025 7:00am, by Loraine Lawson
How Webflow Got 89% of Its Engineers To Use AI Daily
Aug 29th 2025 6:19am, by Richard MacManus
Harness AI Tackles Software Development's Real Bottleneck
Aug 26th 2025 7:00am, by Darryl K. Taft
18 Popular npm Packages Compromised in Attack
Sep 13th 2025 6:00am, by Loraine Lawson
How Maintainer Burnout Is Causing a Kubernetes Security Disaster
Sep 11th 2025 3:00pm, by Steven J. Vaughan-Nichols
Kubernetes Primer: Dynamic Resource Allocation (DRA) for GPU Workloads
Sep 5th 2025 7:00am, by Janakiram MSV
KubriX Thinks You’ll Soon Regret Building Your Own IDP
Sep 4th 2025 7:00am, by Meredith Shubel
VMware Cloud Foundation Is Now an AI-Native Platform
Aug 26th 2025 5:00am, by Joab Jackson
Understanding Log Events: Why Context Is Key
Sep 11th 2025 11:00am, by Phil Wilkins
Observability’s Overlooked Fourth Pillar: Key for Agentic AI
Sep 4th 2025 8:00am, by Amnon Heiman
How to Make OpenTelemetry Better in the Browser
Sep 3rd 2025 10:00am, by Hazel Weakly
Going for Silver: Making the Most of Tiered Observability
Aug 28th 2025 10:00am, by Franz Knupfer
Why OpenTelemetry Is So Clunky for the Frontend
Aug 27th 2025 7:00am, by Hazel Weakly
Research: eBPF Not Always a 'Silver Bullet' for Network Apps
Sep 12th 2025 9:30am, by Joab Jackson
Understanding Log Events: Why Context Is Key
Sep 11th 2025 11:00am, by Phil Wilkins
Dispelling Myths of Open Source Complexity With Apache Iceberg
Sep 11th 2025 10:00am, by Russell Spitzer
How Distributed Postgres Solves Cloud's High-Availability Problem
Sep 11th 2025 9:00am, by Meredith Shubel
The Future of Agentic Coding Is Multiplayer
Sep 9th 2025 11:00am, by Ankit Jain
KubriX Thinks You’ll Soon Regret Building Your Own IDP
Sep 4th 2025 7:00am, by Meredith Shubel
How To Enable Platform Engineering That Developers Love
Sep 3rd 2025 8:00am, by Jessica Brunner
AI-First Platform Engineering: 3 Signals From PlatformCon
Aug 25th 2025 11:00am, by Sylvain Kalache
Kubernetes Isn't Enough for a Production-Ready Platform
Aug 20th 2025 12:00pm, by Jennifer Riggins
AI Agents Transform Platform Engineering at Microsoft
Aug 13th 2025 4:00pm, by Darryl K. Taft
C++ Developer tools Go Java JavaScript Programming Languages Python Rust TypeScript
The 'Obfuscated C Code Contest' Confronts the Age of AI
Aug 17th 2025 6:00am, by David Cassel
How AI Can Help You Learn the Art of Programming
Jun 20th 2025 9:00am, by Jack Wallen
How to Build Multistep Forms in React
May 22nd 2025 12:00pm, by Vinod Pal
EngFlow Makes C++ Builds 21x Faster and Software a Lot Safer
Apr 3rd 2025 3:00pm, by Darryl K. Taft
Memory-Safe C: TrapC's Pitch to the C ISO Working Group
Mar 12th 2025 7:00am, by David Cassel
Warp Code Gets Closer to an Emacs for the Modern AI Era
Sep 13th 2025 8:00am, by David Eastman
How To Work With Local AI in the Zed IDE
Sep 10th 2025 9:00am, by Jack Wallen
JFrog Upgrades AI Tooling, Governance To Speed up Software Delivery
Sep 9th 2025 3:00pm, by Chris J. Preimesberger
Is GPT-5 a Coding Powerhouse or Maintainability Nightmare?
Sep 6th 2025 6:00am, by Richard MacManus
Why Your Legacy APIs Are a Roadblock for AI Agents
Sep 4th 2025 11:00am, by Saqib Jan
How To Run Kubernetes Commands in Go: Steps and Best Practices 
Jun 27th 2025 8:00am, by Sunny Yadav
Prepare Your Mac for Go Development
Apr 12th 2025 7:00am, by Damon M. Garn
Pagoda: A Web Development Starter Kit for Go Programmers
Mar 19th 2025 6:10am, by Loraine Lawson
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
Go Power: Microsoft's Bold Bet on Faster TypeScript Tools
Mar 12th 2025 1:00pm, by Darryl K. Taft and Loraine Lawson
Vibe Coding Fails Enterprise Reality Check
Sep 10th 2025 4:00pm, by Darryl K. Taft
New Tool Ends Java Configuration Nightmare in K8s
Aug 21st 2025 3:00pm, by Darryl K. Taft
Code Anywhere: Turn Your Android Tablet Into a Dev Machine
Jul 23rd 2025 10:30am, by Jack Wallen
Using Java for Developing Agentic AI Apps
Jul 1st 2025 8:00am, by Daniel Oh
Inside Java's Language Renaissance
Jun 26th 2025 10:00am, by Chad Arimura
Fresh + Vite Means 9-12x Faster Development for Deno
Sep 6th 2025 5:00am, by Loraine Lawson
How to Make OpenTelemetry Better in the Browser
Sep 3rd 2025 10:00am, by Hazel Weakly
How To Build an App With Enhance, a Backend-First Framework
Aug 30th 2025 7:00am, by Jessica Wachtel
Latest React Native Version Ships With Android 16 Support
Aug 23rd 2025 5:00am, by Loraine Lawson
What Debugging JavaScript on WebAssembly Looks Like
Aug 20th 2025 3:00pm, by B. Cameron Gain
Why Your Rust Adoption Will Probably Fail (And How To Beat the Odds)
Sep 6th 2025 10:00am, by Darryl K. Taft
Microsoft's Rust Bet: From Blue Screens to Safer Code
Sep 4th 2025 4:00pm, by Darryl K. Taft
New Rust-Based Tool Installs Ruby in Seconds
Sep 4th 2025 10:00am, by Loraine Lawson
XSLT Debate Leads to Bigger Questions of Web Governance
Sep 1st 2025 8:00am, by Mary Branscombe
Outdated Python Versions Cost Companies Millions
Aug 23rd 2025 9:00am, by Darryl K. Taft
How To Work With Local AI in the Zed IDE
Sep 10th 2025 9:00am, by Jack Wallen
Vibe Coding Python: Testing Copilot vs. CodeGPT vs. Tabnine
Sep 2nd 2025 11:00am, by Jessica Wachtel
Guido van Rossum Revisits Python's Life in a New Documentary
Aug 28th 2025 10:30am, by David Cassel
Outdated Python Versions Cost Companies Millions
Aug 23rd 2025 9:00am, by Darryl K. Taft
Why Combine Python and Excel?
Aug 22nd 2025 11:00am, by Jessica Wachtel
Why Your Rust Adoption Will Probably Fail (And How To Beat the Odds)
Sep 6th 2025 10:00am, by Darryl K. Taft
Microsoft's Rust Bet: From Blue Screens to Safer Code
Sep 4th 2025 4:00pm, by Darryl K. Taft
New Rust-Based Tool Installs Ruby in Seconds
Sep 4th 2025 10:00am, by Loraine Lawson
Rust: Python's New Performance Engine
Aug 19th 2025 12:00pm, by Darryl K. Taft
Wassette: Microsoft’s Rust-Powered Bridge Between Wasm and MCP
Aug 8th 2025 3:00pm, by Darryl K. Taft
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
Go Power: Microsoft's Bold Bet on Faster TypeScript Tools
Mar 12th 2025 1:00pm, by Darryl K. Taft and Loraine Lawson
Oracle Won’t Release ‘JavaScript’ Without a Fight
Jan 11th 2025 5:00am, by Loraine Lawson
The Year in JavaScript: Top JS News Stories of 2024
Dec 27th 2024 6:30am, by Loraine Lawson
How OOP Developers Can Get To Know TypeScript Through Deno
Oct 19th 2024 8:00am, by David Eastman
AI Agents / Backend development / Software Development

Human-on-the-Loop: The New AI Control Model That Actually Works

Human-on-the-Loop (HOTL) replaces micromanagement with structured AI autonomy. Learn how to scale AI agents safely with governance frameworks.
Aug 4th, 2025 8:00am by
Featued image for: Human-on-the-Loop: The New AI Control Model That Actually Works
Photo by Dawit on Unsplash.

Your AI agents are growing up. It’s time your control model did, too.

Over the past two years, much of the AI conversation has focused on risk, and rightly so — jailbreaks, data leakage, and unintended actions. I’ve been the captain of Team Caution since the original publication of the OWASP Top 10 for LLMs, dating back to mid-2023.

The question is no longer “is AI risky?” but “how do we scale AI safely?”

AI agents have matured, and the use cases are broadening. AI reasoning is improving fast. They’re writing code, triaging alerts, resolving tickets, drafting reports — and they’re doing it in production, not just in labs. The pressing question now isn’t whether these agents are dangerous.

The pressing question is whether you’ve built the right control model to let them operate safely and productively.

It’s time to move from Human-in-the-Loop (HITL) to Human-on-the-Loop (HOTL).

The Evolution From Prompt Engineering to AI Agent Supervision

We’ve moved past the copy-paste era of AI. Today, the agents are driving.

Let’s look at the evolution of AI actions over the past couple of years. We started with ChatGPT. It could generate ideas, draft emails, or write code snippets. But the human drove the entire automation loop. You copied, pasted, ran the code, and handled execution. The AI was reactive. You were in charge because you were doing all the work.

Then came tools like Cursor. Cursor gave the AI more power within coding workflows.  It could read and write files, execute commands, and modify your codebase directly. However, in typical usage, it often paused, looking to the human developer for guidance or permission before taking most actions. Even if the human interaction were as simple as repeatedly pressing the Tab key, the human was still fully engaged from minute to minute. This was Human-in-the-Loop in practice: The AI works, but the human drives.

Now we’re seeing a different pattern emerge, especially in tools like Claude Code, which have leaned into operational modes that allow for more autonomy.

You can still run Claude Code conservatively, but many developers are now allowing it to run more autonomously. Instead of checking in constantly, it presents a plan, gets approval once, and then executes across multiple steps — writing, testing, debugging, and iterating. These unsupervised workflow steps, which used to be seconds between human approval checks, can now often range into the 10s of minutes, or more.

You’re still involved. You’re monitoring. But you’re not micromanaging.

That’s Human-on-the-Loop — and it’s quickly becoming the only viable path to scale.

And it’s not just a software story. In the defense world, the same debate is playing out, with military leaders weighing whether autonomous drones should be allowed to take lethal action without a human in the loop. That’s not sci-fi. It’s systems architecture at a national scale.

SIDEBAR: Autonomy in the Air

The HITL vs. HOTL debate isn’t just a software issue — it’s playing out right now inside the world’s leading defense programs.

Multiple governments are exploring fully autonomous fighter jets, capable of identifying threats and executing lethal force without real-time human input.

In parallel, there’s heavy investment in “loyal wingman” systems — semi-autonomous drones that fly alongside human pilots, executing delegated tasks while keeping a human firmly on the loop.

It’s a hotly contested design choice. Full autonomy promises speed and reach. But HOTL designs offer better accountability, coordination, and human judgment.

For now, the loyal wingman model has the edge. It captures many of the benefits of autonomy — without severing the link to human decision-making.

This isn’t a philosophical footnote. It’s a practical design decision that determines how — and whether — autonomy works in your system.

Building Secure Autonomy: HOTL Implementation Framework

HOTL isn’t just about developer workflows. It’s about scaling autonomy anywhere machines are acting on our behalf.

The most mature examples today are in software development — but the same pattern is showing up across domains:

  • Productivity agents managing calendars, documents, and outreach.
  • Customer support bots resolving issues and routing tickets.
  • Autonomous systems in logistics, finance, and infrastructure.

And beyond the enterprise, the implications are even more significant. The question of when a machine should act independently vs. when it should defer to a human isn’t just about code. It’s about policy, safety, and ethics.

What Secure Autonomy Actually Looks Like

Human-on-the-Loop doesn’t mean removing safeguards. It means building systems that don’t depend on constant interruption to stay safe.

If you want your agents to act productively and responsibly without burning out their human handlers, you need:

  • Least-Privilege Tooling
    • Don’t give your agent blanket permissions. Limit what it can access and what tools it can use. Smaller trust surface = smaller risk.
  • Runtime Observability
    • Track what your agent is doing in real-time. This includes commands, file edits, tool use, and external calls. Not just logs — telemetry.
  • Triggerable Interventions
    • Design for escalation. Agents should pause, notify, or route to a human when they hit unexpected conditions or high-risk actions.
  • Verification Pipelines
    • Outputs from agents — especially those that affect systems or users — should pass through validation pipelines, just like human code in CI/CD.
  • Postmortem-Ready Logging
    • When things go wrong, you should be able to see what happened and why. Traceability isn’t optional — it’s foundational.

Cross-Functional Governance for AI Agent Control Systems

If you’re leading an AI transformation effort — as a Chief AI Officer, product exec, or functional leader — this shift affects you directly.

You can’t rely on your engineering team alone to set the boundaries for agent behavior. This is a cross-functional governance issue.

  • Legal and compliance need to weigh in on acceptable autonomy.
  • Product and UX teams need to define where the handoff happens between agent and user.
  • Security needs to be designed for runtime monitoring and containment.
  • Without cross-functional governance, AI agents become productivity mirages — or worse, security liabilities.

The move to HOTL changes your operating model. Ignoring it doesn’t delay the change — it just ensures your organization won’t be ready when it arrives.

You Can’t Sit This One Out

The most effective agents today are the ones that operate under structured autonomy. Not clamped down. Not free-for-all. Just fast, capable, and supervised.

That’s Human-on-the-Loop.

It’s not a compromise. It’s a blueprint.

If you still require human approval at every step, you’re bottling yourself up. If you’re handing full control to the model without oversight, you’re taking a risk.

But if you structure your agents with guardrails, observability, and well-designed autonomy boundaries, you unlock the real value of agentic AI — at scale.

So stop waiting for permission.

Redesign your systems. Define your boundaries. And put the human on the loop instead of micromanaging.

TRENDING STORIES
Group Created with Sketch.
Steve Wilson is a pioneer in generative AI and cybersecurity, driving advancements in AI-powered cyber defense and securing AI systems. As the Chief AI and Product Officer at Exabeam, the leader in AI-driven security operations, Steve spearheaded the launch of...
Read more from Steve Wilson
SHARE THIS STORY
TRENDING STORIES
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.