Risk
Human Approval Fatigue / HITL Overload
Description
Approval gates exist but reviewers are flooded with agent approval requests and rubber-stamp them; attackers can deliberately overwhelm the oversight channel to slip a malicious action through.
Example
An agent batch-submits dozens of routine approvals; the reviewer approves all of them, including one that grants an MCP server filesystem write access.
Assets Affected
AI Agent
AI Policy
Tool
Agent Usage Log
Mitigation
- Risk-rank approval requests
- batch or auto-approve only low-risk classes
- design friction proportional to action sensitivity
- monitor approval-to-rejection ratios
- rotate reviewers.
Standards Mapping
- ISO: A.9.2
- OWASP agentic: ASI09
- EU AI Act: Art. 14
- DASF: Agents-Core 13.10
- AIUC-1: C007