A fraud pattern that depends on a person to confirm, repeat, or approve a request at the wrong moment. AI makes these attacks more effective because it can create convincing prompts, voices, and documents that exploit human judgment rather than bypassing it outright.
Expanded Definition
Human-In-The-Loop Fraud is a deception pattern where an attacker cannot complete the fraud path without a person actively confirming, relaying, or approving a malicious request. In NHI and agentic AI environments, the human becomes the control point that is manipulated, rather than the target being only a password, token, or system boundary. The tactic often uses urgency, authority, familiarity, or routine workflow pressure to make the human act as the final authentication step.
Definitions vary across vendors and incident reports, because the phrase is used both for classic social engineering and for AI-assisted impersonation attacks. In NHI security, the term is most useful when it describes a workflow that would otherwise be blocked by technical controls but succeeds because a person is induced to override them. That makes it distinct from ordinary phishing, since the fraud objective depends on the person carrying the action across the finish line. Standards such as NIST SP 800-53 Rev 5 Security and Privacy Controls treat human approval as a control surface that still requires policy, logging, and verification. The most common misapplication is assuming any request with a human approval step is safe, which occurs when approval workflows are treated as a substitute for identity verification and transaction validation.
Examples and Use Cases
Implementing fraud controls rigorously often introduces friction in approval workflows, requiring organisations to weigh speed and convenience against stronger verification and escalation checks.
- A finance team receives a voice call that sounds like a known executive asking for an urgent wire transfer, and a staff member approves it after the attacker uses AI-generated speech to mimic style and tone.
- A help desk agent is prompted to reset access for a “locked-out engineer” after the attacker supplies convincing context, exploiting the expectation that fast service is good service.
- An automation owner approves a change request after reviewing an AI-written ticket thread that mirrors internal terminology, even though the underlying request routes an NHI credential to a new destination.
- A security reviewer confirms a vendor onboarding step because the document package looks legitimate, when the real goal is to obtain approval for a malicious integration path.
- In environments described in the Ultimate Guide to NHIs, these scenarios matter because attackers often target the human gate around service account access, secret use, or delegated tooling rather than the system itself.
In practice, this pattern often overlaps with identity assurance failures described by NIST SP 800-53 Rev 5 Security and Privacy Controls, especially where approvals are not tied to strong confirmation of request origin and context.
Why It Matters in NHI Security
Human-In-The-Loop Fraud is especially dangerous in NHI security because many high-impact actions require a person somewhere in the chain, even when the actual asset at risk is an API key, token, certificate, or privileged workflow. NHI Mgmt Group research shows that 79% of organisations have experienced secrets leaks, with 77% of those incidents resulting in tangible damage, which helps explain why fraud that reaches a single human approval can quickly turn into credential exposure or unauthorised automation. The risk becomes more severe when the human is approving an action for an NHI they do not fully understand, or when AI-generated context makes the request appear operationally routine. This is where governance, verification, and workflow separation matter as much as detection.
Attackers also exploit the gap between human intuition and machine enforcement. If an approval process is the only barrier, then a convincing message, call, or document can collapse that barrier without ever breaking a cryptographic control. The Ultimate Guide to NHIs highlights how broad NHI exposure and weak secret handling amplify downstream impact when a person is manipulated into approving the wrong action. Organisational response should therefore include step-up verification, immutable logging, and limits on what any single human can authorize. Organisations typically encounter the consequences only after an approval has triggered secret exposure, unauthorized access, or fraudulent payment, at which point Human-In-The-Loop Fraud becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-63 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A-03 | Covers prompt and workflow manipulation that coerces humans into approving malicious agent actions. |
| OWASP Non-Human Identity Top 10 | NHI-06 | Human-mediated fraud often ends in improper access to NHI credentials or privileged workflows. |
| NIST CSF 2.0 | PR.AA | Identity proofing and authentication controls are needed when humans validate sensitive requests. |
| NIST SP 800-63 | IAL2 | Fraud succeeds when identity assurance for request origin is too weak for the transaction risk. |
| NIST Zero Trust (SP 800-207) | SP-7 | Zero trust limits reliance on a single human approval as the trust anchor for access decisions. |
Tie approvals to least-privilege checks, dual control, and auditability before any NHI change is executed.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 11, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org