Implementing 'Human In The Loop' in Critical Automations

Audience	Availability
Organization and Pipe Administrators	All Plans (Requires Automation/AI functionality)

What this article addresses

Definition and implementation of the Human In The Loop (HITL) principle.
Mandatory security checklist for high-risk scenarios (health, safety, and sensitive data).
Best practices for Activity History logging of decisions and notifying users affected by AI automations.

Before you start

You need Administrator permission in the Pipe or Organization to create or edit Automations and AI Agents.
Basic knowledge of creating AI Agents and Automations.

1. Fundamental Principle: "Human In The Loop" (HITL)

The Human In The Loop (HITL) principle establishes that automated systems or Artificial Intelligence (AI) should not operate without a human review point for decisions that could have significant consequences.

⚠️ Critical Security Warning

This system must not be the sole point of decision in scenarios that could result in physical or psychological harm. A human review loop must always exist for critical decisions.

📝 Mandatory Checklist for High-Risk Scenarios

Before activating any AI component or Automation in scenarios involving:

Health and Well-being (e.g., symptom screening, treatment suggestion).
Physical Security (e.g., access control, alarms).
Location and Sensitive Geographical Data.
Finance and Payments (e.g., loan approval, transfers).

...you MUST ensure the following points in your process:

Check	Security Action
1. Human Validation	A phase or task is added to the Pipe, requiring a human to review and confirm the AI's output (e.g., a Manager must approve the suggestion).
2. Traceability	The Pipe records what was automated, who was notified, and when the action occurred; confirm this information in the Card's Activity History.
3. Logical Consistency	Consistency Validators are configured to cross-check the AI's output with data from other sources outside of Pipefy (e.g., checking the bank balance in an external financial system before processing a payment).
4. Reversibility (Rollback)	There must be a clear and easy path to undo the automated decision or correct the data.

2. Configuring Human Validation for Critical Actions

To mitigate the risk of errors (or "hallucinations") in automated systems, use Automation Actions to create a mandatory stop point.

Action: Human Approval for Payments and Financial Instructions

Protecting against Social Engineering and Hallucinations in Financial Chatbots:

Our AI systems do not create or change payment methods. However, AI may generate instructions for a payment. To protect your organization, a human must always approve these instructions.

Create a Status Field: Create a Select or Radio field on the Card, named Approval Status, with the options: Awaiting Human Review, Approved, Rejected.
Create the Automation:

WHEN: A relevant input field is filled by the AI Agent.
THEN:

Action 1: Assign members (the Finance team) to the Card.
Action 2: Send a task (Title: "Review and Approve AI-Generated Payment Instruction") to the assignees.
Action 3: Set the Approval Status field as Awaiting Human Review.

Final Approval: Configure a second Automation that only proceeds with the Action (e.g., move the Card to the Effective Payment phase) IF the Approval Status field is Approved.

Caption: Use automations to create a human approval step with the Send a task action.

✅ Logical Consistency Validation (Fact-Checking)

Whenever AI generates data based on open inputs (free text), configure an Additional Fact-Checking step using other Card fields or external integrations.

Example: If an AI Agent summarizes a contract, the Automation must move the Card to a review phase where a human compares the AI's summary with the validity date and financial value extracted directly from the Card's structured fields or reliable external sources.

3. Activity History and User Notifications

Transparency is crucial. Users affected by automated decisions must be clearly and immediately informed about the AI's actions.

1. Configuring Decision Logs and Traceability

You must ensure that automated decisions are permanently logged.

Card Traceability: Pipefy automatically logs modifications in the Card's Activity History, including when a field is filled by an Automation or AI Agent.

Actions: For critical decisions, reinforce to Pipefy users in your company how to check if a critical field was filled by AI.

Caption: Review the Card's Activities area to verify exactly which fields were changed by the Automation or AI Agent.

Caption: Pay attention to the Star Icons on a field to know which fields were generated by the Automation or AI Agent.

2. Notifying Users about AI-Generated Content

Use notification actions as mechanisms to inform the user when a decision or content results from an AI automation.

Notification Action	Where to use
Send a task	High Criticality. Ensures the affected user needs to interact and review the AI's decision (e.g., "Confirm the contract suggestion").
Send an email template	Medium Criticality. Useful for communicating that AI processed a request (e.g., "Your form has been pre-analyzed by the AI. A human agent will contact you soon").
Assign members	Ensures a human, responsible for that decision, is notified and can act, serving as a primary check.

4. Troubleshooting

Symptom	Common Cause	Recommended Fix/Rollback
AI made a critical decision (e.g., changed approval status) without human review.	The Human In The Loop was not configured correctly, or the Automation condition was too broad.	Rollback: Manually move the Card to the Human Review phase and edit the Automation to include the Send a Task action.
The AI's suggestion is logically inconsistent with other Card data.	The AI Agent is "hallucinating" (inventing data) or the AI Instruction is not specific enough.	Refine the AI Instruction (Prompt) to be more restrictive. Add a Validator (e.g., "The suggestion must be between X and Y values").
User does not know the decision was made by AI.	The notification mechanism is passive (only logging in Activity History) and not active (email/task).	Replace the passive Agent action with an active action like Send a task or Send an email template with the tag [AI Generated] in the title.