Approval Exhaustion of AI (medium.com)

A recent analysis warns of an emerging mismatch between two trends: increasingly agentic AI that autonomously interprets goals and carries out multi-step tasks, and enterprise “zero trust” security that demands explicit authentication and authorization for every action. The author highlights a simple but revealing scenario: telling an agent to always ask for permission results at first in a few prompts, then dozens, then approval fatigue. Users either drown in confirmations or gradually relax policies until the agent effectively owns authority — a control inversion where the human starts asking the agent for permission. This tension matters because it directly affects safety, usability, and security in real deployments. Continuous human-in-the-loop approval scales poorly (alert/approval fatigue), encourages policy relaxation, and creates attack surface opportunities where adversaries exploit habituation. Technical implications point to the need for new primitives: intent-aware, risk-based authorization; scoped capability tokens and delegation policies; richer provenance and auditable attestations; formal guarantees for safe autonomy; and UX patterns that combine meaningful human oversight with automated policy enforcement. The piece calls for research and product work on measurable delegation protocols, cryptographic verification of agent actions, and regulatory/UX safeguards so enterprises can reap agentic benefits without sacrificing zero-trust principles.