Most organisations have a quiet assumption built into their AI deployment: somewhere in the chain, a person is watching. Before anything consequential happens, a trained employee will review the output, catch the error, make the call. It’s called the human-in-the-loop model, and it’s been the default position for managing AI risk ever since AI started taking real actions in the world.
Anna Collard, SVP of content strategy and CISO advisor for KnowBe4 Africa, puts it plainly: “Asking an employee to monitor a high-speed AI agent and react immediately when a transgression occurs is pretty much impossible. In the HITL model, you’re asking the human to be the pilot of a jet that moves at Mach 10. They literally can’t move the stick fast enough to avoid a mountain.”
The research backs this up and has for a long time. Psychologists have been studying what they call the vigilance decrement since World War II, when they noticed radar operators losing concentration on sustained monitoring tasks. The same pattern turned up in nuclear plant control rooms. It’s turning up now in AI oversight settings. A 2025 review in Cognitive Science called vigilance decrement “one of the most robust findings in attention research” and confirmed that performance drops reliably after around 30 minutes on a monitoring task. There’s a second effect layered on top of it: the more reliably an automated system performs, the more thoroughly the person watching it switches off. You’re not just fighting fatigue. You’re fighting the fact that a reliable system trains the human watching it to stop paying attention.
And this can’t be fixed by training people better or giving them clearer checklists. Automation bias and vigilance decrement show up in experts and novices both, because the problem isn’t knowledge — it’s attention. You can know exactly what you’re looking for and still miss it, because monitoring conditions actively suppress the kind of alertness that catching something actually requires.
Enterprise AI isn’t offering suggestions anymore. It sends emails, books travel, modifies infrastructure, routes financial transactions. The distinction between a chatbot giving a wrong answer and an agent taking a wrong action is the difference between an embarrassing output and an irreversible one.
The HITL model was designed for a world where AI handled the routine stuff and humans stayed in authority over the exceptions. But as agent deployment scales, so does the number of checkpoints that need a human sign-off. Each of those approvals is supposed to involve genuine engagement — not someone half-watching a screen. Genuine engagement, sustained across dozens of approvals in a day, is precisely what the attention literature says people can’t do.
“Having to do many approvals or reviews can lead to what psychologists call vigilance decrement,” Collard says, “where our attention moves from being heavily taxed to eventually just shutting down.” At that point the human-in-the-loop isn’t protecting the organisation. They’re providing the appearance of protection. That might be worse than nothing.
In South Africa specifically, this problem lands in an environment that was already struggling. KnowBe4’s Africa Human Risk Management Report 2025, which pulled responses from 124 senior cybersecurity decision-makers across 30 African countries, found that more than 56% of Southern African organisations had no AI policies at all governing how staff use AI tools. The region trains more frequently than anywhere else on the continent, and yet the governance layer underneath that training barely exists. Training without structure is just information with nowhere to go.
Sit that next to what Cisco found in South Africa the same year: only 5% of local organisations had reached a mature level of preparedness against current cyber threats. Seventy-eight percent didn’t have enough skilled cybersecurity staff to manage AI-native defence. In that environment, human-in-the-loop oversight doesn’t become inefficient. It becomes a liability with a safety label on it.
What Collard argues for instead is called Human-on-the-Loop, or HOTL — and the shift is more substantive than it sounds. In the HITL model, the human is at the centre of each transaction. In the HOTL model, they step back from the transaction layer entirely and work at the governance layer instead. They don’t check every output. They build the constraints that define what the agent can and can’t do, and they step in only when automated monitoring flags something has gone wrong.
“The human’s role then isn’t to check every output, but to build the guardrails that define an agent’s jurisdiction,” Collard explains. “We move from being administrators to sense-makers. In the pilot analogy, the human moves to the Control Tower. They aren’t holding the controls for every take-off and landing, but they set the flight paths, define the safety parameters, and intervene only when the radar shows a systemic conflict.”
This isn’t just a cleaner metaphor. It describes a real change in the kind of cognitive work being asked of people. Monitoring in real time is something humans do badly. Pattern recognition and strategic intervention are things humans do well. A controller looking for systemic problems across a system is doing different work entirely from someone trying to catch a high-speed agent mid-error. The point of the HOTL model is to put humans where their judgment is actually useful, and get them out of the loop that’s operating at machine speed.
When an organisation deploys an AI agent to manage logistics, the human architect’s job is to make sure the system constraints prevent that agent from touching financial systems. The agent works inside its jurisdiction. The human defines and maintains that jurisdiction — they don’t supervise every move inside it. KnowBe4’s own CTO frames it like this: if your agent is meant to make ice cream, the system must make sure it can’t build a bomb.
Moving governance up a level doesn’t make the tactical problem disappear, though. Agentic AI isn’t just creating new oversight headaches internally. It’s arming attackers. Phishing emails that used to require a person to write them can now be generated at scale, personalised, and stripped of the grammar errors that made them identifiable. AI-powered social engineering runs faster than any human review cycle. If you’re defending against machine-speed attacks with human-speed responses, you’ve already lost the initiative.
AIDA, KnowBe4’s suite of AI Defence Agents, is built on the logic that the defence has to operate at the same speed as the threat. Rather than delivering security awareness training as an annual event — or even a quarterly one — AIDA works as a continuous coaching layer, giving individual users real-time nudges at the moment of risk. The Ebbinghaus forgetting curve is the theoretical anchor here: people forget roughly 50% of new information within an hour, and up to 80% within a month. If training arrives on a fixed schedule that has nothing to do with when the threat turns up, the knowledge has mostly decayed before it matters.
The nudge approach works by interrupting what psychologists call System One thinking — the automatic, low-effort mode people default to when they’re not concentrating — and triggering the slower, more deliberate System Two. Not to make every employee a security expert. Just to get them to pause at the moment they’re about to click something they shouldn’t.
“AIDA bridges the gap between knowing and doing by providing continuously optimised, individualised security training, including a real-time nudge at the exact moment of risk,” Collard says. “Nudges act as Spaced Practice, reinforcing knowledge exactly when it’s needed, which prevents the cognitive decay that leads to mistakes.”
The practical effect is that security stops being a centralised function that a small team tries to enforce from the top down. The guidance goes directly to whoever needs it, when they need it. You’re no longer relying on either an impossibly large security team or an unrealistically alert end user.
South African organisations are making these decisions in an environment that isn’t waiting for them to catch up. Cybercrime in Africa was up 17% in 2025. South Africa ranked in the top three most targeted countries on the continent. The local cybersecurity services market is heading toward R16.5 billion by 2029, but the skills shortage won’t sort itself out before then. The organisations that come through this period in reasonable shape will be the ones that stopped asking people to do what people genuinely can’t do, and built systems designed around that reality.
The human-in-the-loop model wasn’t a bad idea. It came from a sensible place: keep humans involved in decisions that matter. The problem is that agentic AI now operates at a speed that makes that model structurally unworkable. Oversight that depends on sustained human attention across machine-speed transactions isn’t oversight. It’s ceremony.
The response isn’t to train people harder and hope the biology catches up. It’s to redesign governance around what humans are actually capable of, and let everything else run at machine speed with machine-level guardrails.