Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Approval Fatigue

Antipattern

A recurring trap that causes harm — learn to recognize and escape it.

When approval requests come faster than a human can genuinely evaluate them, oversight degrades into rubber-stamping.

Symptoms

  • You approve agent actions without reading them. The confirmation becomes a reflex, not a decision.
  • Review sessions feel monotonous. Dozens of benign-looking changes blend together, and your attention drifts.
  • You catch yourself thinking “it’s probably fine” instead of checking whether it’s actually fine.
  • Post-approval audits reveal mistakes that were visible in the diff but went unnoticed at review time.
  • Approval latency drops suspiciously. You’re spending less time per review, but the complexity of the changes hasn’t decreased.

Why It Happens

Approval fatigue is a predictable consequence of how human attention works under repetitive load.

Volume overwhelms judgment. An agent can produce dozens of changes per hour. Each one triggers an approval prompt. The first few get careful scrutiny. By the twentieth, the reviewer is pattern-matching on surface features (“looks like the last ten, approve”) rather than reading the content.

Benign history builds false confidence. When 50 consecutive approvals turn out fine, the 51st feels safe too. This is automation bias at work: the human learns to trust the system’s output based on track record and stops verifying independently. Goddard et al. documented this pattern in clinical decision support systems in 2012. The same dynamic plays out in agentic workflows. The agent earns trust through competence, then exploits that trust not through malice but through the human’s own cognitive shortcuts.

The cost of saying no is high. Rejecting an action means understanding it well enough to articulate why it’s wrong, then waiting for the agent to retry. Approving takes one keystroke. When you’re tired or busy, the path of least resistance wins.

Interruption fatigue compounds the problem. Approval prompts break your concentration on other work. After enough interruptions, you start approving quickly to get back to what you were doing. The approval gate, designed to protect quality, becomes the thing you’re trying to escape.

The Harm

The direct harm is obvious: bad changes slip through. An agent deletes a file it shouldn’t, pushes to the wrong branch, or introduces a subtle bug in a security-sensitive path. The reviewer approved it because they weren’t really looking.

The deeper harm is structural. Approval fatigue hollows out your Human in the Loop practice from the inside. The human is still present in the loop, still clicking “approve,” still technically reviewing every change. But the oversight is performative. You’ve created the appearance of governance without the substance. If an audit asks “did a human review this change?” the answer is technically yes. If it asks “did a human understand this change before approving it?” the honest answer is no.

In adversarial contexts, the risk is worse. Franklin et al.’s work on AI agent traps identifies approval fatigue as a vector for both accidental failures and deliberate exploitation. An attacker who can influence an agent’s output (through prompt injection, poisoned context, or compromised tools) can bury a malicious action inside a stream of routine ones. The reviewer, habituated to approving, lets it pass.

The Way Out

The corrective patterns all share one principle: reduce the number of approvals a human must make so that the ones remaining get genuine attention.

Calibrate your Approval Policy. If you’re approving the same low-risk action for the fiftieth time, it shouldn’t require approval. Move it to the autonomous tier. Reserve approval gates for actions where the cost of a mistake actually justifies the interruption. A well-tuned policy might require approval for ten actions per session instead of a hundred. Ten is a number a human can evaluate honestly.

Widen the agent’s Bounded Autonomy. The more precisely you define what an agent can do safely on its own, the fewer times it needs to ask. Autonomy boundaries based on action type, reversibility, and blast radius are more effective than blanket “ask me about everything” policies. They reduce volume without reducing safety.

Batch approvals through a Steering Loop. Instead of approving each action individually, let the agent complete a logical unit of work, then review the batch. Reviewing a coherent diff of twenty changes is more effective than reviewing twenty individual prompts, because you can see the changes in context and spot problems that aren’t visible at the single-action level.

Supplement human review with Evals. Automated checks catch entire categories of error that a fatigued human will miss: test failures, lint violations, type errors, security policy breaches. The more your tooling catches mechanically, the less your human review needs to cover, and the more you can focus your attention on the judgment calls that only a human can make.

Tip

If you notice yourself approving without reading, that’s not a discipline problem. It’s a signal that your approval policy needs recalibration. The fix isn’t “pay more attention.” The fix is fewer, higher-stakes approval gates.

How It Plays Out

A developer configures her agent with a strict approval policy: every file write, every shell command, every git operation requires confirmation. The first morning, she reviews each action carefully. By afternoon, the agent has prompted her 73 times. She’s approving shell commands mid-sentence in a Slack conversation, glancing at the first line of each diff and hitting enter. On approval number 68, the agent runs a database migration script against the staging environment instead of the dev environment. She approved it. The command was right there in the prompt, but she’d stopped reading prompts an hour ago. The staging data takes two hours to restore.

A team running parallel agents across worktree isolation takes a different approach. Each agent operates autonomously within its worktree: reading, writing, testing, iterating. The only approval gate is the pull request. A human reviews the final diff, not the hundred intermediate steps that produced it. The review load is four or five PRs per day instead of hundreds of individual actions. Each PR gets ten minutes of genuine attention. The team catches more bugs in review than they did under the old approve-everything model, because the reviewers aren’t exhausted.

  • Prevented by: Approval Policy – a well-calibrated policy reduces approval volume to a level humans can sustain.
  • Prevented by: Bounded Autonomy – precise autonomy boundaries eliminate unnecessary approval gates.
  • Degrades: Human in the Loop – fatigue turns meaningful human oversight into reflexive rubber-stamping.
  • Mitigated by: Eval – automated evaluation catches errors that fatigued reviewers miss.
  • Mitigated by: Steering Loop – batching reviews into coherent units reduces prompt count and improves review quality.

Sources

Franklin et al. identified approval fatigue as a human-in-the-loop trap in “AI Agent Traps” (Google DeepMind, 2025), documenting how high-volume approval requests degrade oversight quality in agentic systems.

Goddard, Roudsari, and Wyatt studied automation bias in clinical decision support systems (2012), establishing the broader cognitive pattern: when humans interact with automated systems that are usually correct, they stop independently verifying outputs.