内容来源：https://blog.n8n.io/human-in-the-loop-vs-human-on-the-loop/

内容总结：

AI系统质量控制三大模式：人机协同的“把关”与“监工”

在人工智能系统的质量控制中，当前主要有三种主流模式：人在回路中（HITL）、人在回路上（HOTL）以及两者的混合系统。这些框架决定了系统如何做出决策以及人类在何时介入。

核心区别：同步控制 vs 异步监控

人在回路中（HITL） 是一种同步控制模式。AI执行任务，但人类掌握最终决策权，系统未经批准不得执行某些操作。工作流会在“决策门禁”处暂停，等待人类给出信号。例如，AI处理贷款申请后判定有效，但仍需提交人工终审。该模式适用于高风险操作（如确认客户邮件、金融交易）、AI置信度不足的场景、需要多人签批的合规流程，以及医疗、金融、法律等受监管行业。

人在回路上（HOTL） 则是一种异步监控模式。系统由AI全权控制，人类负责监督或审查结果，仅在出现异常时干预。例如，AI自主处理客户订单，同时记录异常日志供人类事后查阅，不中断工作流程。该模式主要应用于执行后质量抽检、异常行为标记（如欺诈、网络攻击）、设置系统护栏（调整AI权限而非停止流水线），以及通过置信度阈值控制执行节奏。

适用场景：风险与效率的权衡

两者各有所长，选择本质上是一种架构权衡，影响AI工作流的性能、风险和问责。新部署的系统通常先从严格的HITL控制起步，随着AI可靠性得到验证和团队信任度提升，逐步转向HOTL监控。

典型应用案例：

• HITL适用场景：高风险内容审核（AI无法准确识别人类情感和语义）、自动驾驶汽车（实时人工干预确保合规安全）、法律合同审批（专家最终确认）。
• HOTL适用场景：物流库存管理（AI自动下单补货，人类监控仪表盘处理供应链短缺等边缘情况）、低风险内容审核（大模型自动发布合规内容，标记违规内容供人工复核）、金融交易监控（AI标记可疑交易，人类审查决定是否冻结账户）。

关键挑战：

实施这些模式面临五大挑战：队列饱和与延迟（HITL中人工审查可能成为瓶颈）、自动化自满（HOTL中审核员可能过度信任AI输出而错过干预）、审计追溯缺口、审核员决策不一致，以及审核人员缺乏完整上下文信息。

实践建议：

在实际生产中，两种模式可以共存。例如，AI生成1000条产品描述（HOTL监控），但仅需人工批准前50条发布至首页（HITL门禁）。这种混合方式能将人类注意力集中在最关键环节。一个成熟的工作流自动化平台（如n8n）应同时支持审批门禁、多通道审核、角色权限控制、审计日志和超时设置等功能，在风险管控、运营效率与合规要求之间取得平衡。

中文翻译：

人们主要通过三种方式控制AI系统质量：人在环中（HITL）、人在环上（HOTL）以及两者结合的混合系统。这些框架决定了系统如何做出决策、人类在何处介入。

每种方式都会影响可扩展性、风险承受能力和运营成本。这一监管谱系提供了广泛的工作流可能性，具体取决于任务需求——无论你的团队需要紧密的人工控制，还是偶尔的检查环节。

本指南将带你了解人在环中与人在环上的区别，以及何时采用每种方式、如何在工作中落地实施。

什么是人在环中（HITL）？
HITL是一种AI执行任务、但由人类控制最终决策的流程，防止系统未经批准就执行某些操作。这是一种同步控制模式。工作流会在决策节点暂停，直到人类给出所需指令。例如：AI处理贷款申请，判定其有效后，再交由人类进行最终审批。

在HITL流水线中，人类为本已自动化的流程提供了人工干预环节。例如：

• 高风险操作：人类批准关键操作（如确认客户邮件、社交帖子或金融交易），之后AI才发送。
• 置信度不确定：AI通过置信度评分衡量不确定性。若置信度低于阈值，则召唤人类介入。
• 分层控制：某些请求出于安全考虑需要多人签字，AI会暂停进度，直到所有相关方批准。
• 合规监管：医疗、金融、法律等受监管行业，无论AI置信度如何，都要求人类批准特定决策。

什么是人在环上（HOTL）？
HOTL是由AI控制、但人类进行监督或审查结果的流程。这是一种异步控制模式——完全自主运行，人类仅处理异常情况并调整参数。例如：AI自主处理客户订单，记录异常情况，供人类事后审查，而不中断工作流。

该流程基本无需人工干预，人类仅在工作流末尾或出现问题时介入。以下是几个HOTL工作流的例子：

• 执行后审查：员工对随机抽取的已完成自主操作进行人工质检。
• 异常检测：AI标记异常行为（通常用于发现欺诈或网络攻击），但标记后流程继续运行。人类可方便地及时审查这些标记的执行情况。
• 设置护栏：人类在治理层面更改系统控制，调整AI权限，而非停止整个流水线。
• 降速与限制流程：员工设置置信度阈值；当不确定性升高到一定程度时，AI不执行操作，而是标记并等待审查。

人在环中与人在环上：关键区别
这两种流程都很有用——选择本质上是一种架构权衡，会影响AI代理工作流中的性能、风险和问责性。以下是主要区别：

AI系统通常沿着这条谱系演进：新部署从严格的HITL控制开始，随着AI证明其可靠性、团队对自动化决策建立信心，逐步转向HOTL监控。

何时使用HITL vs. HOTL？
在原生工作流平台中选择HITL或HOTL，取决于系统在真实条件下的表现。以下是一些考量因素：

在生产环境中，这两种方法可以共存。单个工作流有时同时包含两者：AI生成1000条产品描述（HOTL监控），但发布前50条到首页需要人工批准（HITL关卡）。这种方式将人力注意力集中在最重要之处。你选择的平台必须支持这种混合设置。

HITL与HOTL用例
企业会根据风险、规模和人类判断能增加最大价值的领域，在不同工作流中使用这些架构。以下是几个HITL和HOTL代理应用场景。

HITL用例
先来看HITL的常见用法：

• 高风险内容审核：AI系统无法始终识别人类细微差别和情感。没有人工审核，程序可能屏蔽有价值内容、允许有害言论，引发客户不满并增加法律风险。
• 自动驾驶：虽然AI传感器在驾驶方面越来越出色，但人类仍需提供实时干预以确保合规与安全。
• 法律合同审批：AI可以起草法律文件，但发送给客户或签署前仍需专家批准最终版本，以确保法律和伦理合规。

HOTL用例
以下是HOTL的常见应用：

• 物流与库存：AI管理库存并自动发出补货订单。人类监控仪表盘，仅在边缘情况（如供应链短缺或供应商罢工）下介入。
• 低风险内容审核：大语言模型监控低风险内容（如评论和社交媒体帖子），发布合格内容并标记违规内容。员工审查被标记的内容，确认其是否确实违反规则。
• 金融交易：AI系统监控交易并标记可疑项目。人类审查这些警报，决定是否暂停账户或进一步调查，从而捕捉欺诈并避免误报。

人工监管模型面临的挑战
实施这些架构会带来运营和治理方面的挑战。以下是需要克服的几个障碍：

• 队列饱和与延迟：在HITL系统中，人工审查可能成为瓶颈，需要精心配置置信度阈值以避免过多人工输入。
• 自动化自满：由于AI日益可靠，人工审查者可能未经仔细检查就信任输出，在HOTL流程中错过必要的干预。
• 审计线索缺失：HITL和HOTL系统都需要强大的日志记录和可追溯性——缺失会造成监管风险，并导致无法诊断故障。
• 审查员决策不一致：没有明确指南，不同人类对类似案例会做出不同判断。这会产生不可预测的结果，削弱对监管流程的信任。
• 审查员获取信息不足：人类需要全面了解AI的推理过程、输入数据和置信度评分才能做出明智决策——缺少这些，审批将变得低效。

应对这些挑战需要支持审批工作流、执行可见性和审计日志的基础设施——这些功能已内置于专为生产级AI系统设计的工作流自动化平台中。

在n8n中实施人工监管：HITL与HOTL工作流
AI通常需要人类把关才能成功执行——正因如此，n8n的工作流允许人类在不同阶段介入。你可以在AI代理执行特定工具之前或AI输出之后设置HITL审批关卡，并在工作流运行后实施HOTL监控。

对于HOTL工作流，n8n的系统可轻松独立运行，将每次执行记录在工作流历史中，并通过错误工作流或通知发送警报，在需要审查时通知员工采取行动。这意味着你的团队能保持知情，而不成为瓶颈。

对于HITL工作流，n8n支持三种核心模式：

• 内联聊天审批：使用聊天节点的“发送并等待响应”操作，直接在聊天界面展示AI输出。审查者可以批准、拒绝或修改输出，然后工作流继续执行。
• 工具调用审批关卡：在AI代理工具上添加审批关卡，使特定工具调用在执行前需要人工确认。这非常适用于高风险的数据库写入或发送外部通信等操作。
• 多渠道审查工作流：通过Slack、Gmail、n8n聊天或团队已有的其他渠道路由审批请求。结合IF节点，仅将低置信度的输出路由给审批。

除了这些模式，n8n还提供多项支持人工监管的功能：

• 基于角色的访问控制：在商业版及以上计划中，仅授权用户可修改工作流和做出决策。
• 审计日志：追踪每一步的决策，满足合规和问责要求。
• “发送并等待响应”操作（含超时）：为审批步骤设置时间限制，防止工作流无限期停滞（文档）。
• 错误工作流：在出现故障或需要关注时自动通知团队。

使用n8n优化AI工作流
HITL和HOTL系统构成了互补的监管谱系，各有其用武之地。HITL提供控制权，让团队承担责任，并在关键决策中嵌入人类判断；而HOTL则通过高吞吐量任务配合执行后审查，让我们工作得更快。

在现实场景中，在同一工作流中混合使用HITL和HOTL，能在管理风险、效率和合规之间找到恰当平衡。

英文来源：

There are three main ways people control the quality of AI systems: human-in-the-loop (HITL), human-on-the-loop (HOTL), and hybrid systems using both. These frameworks determine how systems make decisions and where humans intervene.
Each approach affects scalability, risk tolerance, and operational expenses. This oversight spectrum gives you a wide range of potential workflows depending on the task, whether your team needs tight human-driven control or occasional check-ins.
In this guide, learn the difference between human-in-the-loop versus human-on-the-loop. Plus, discover when to use each approach and how to implement it in your work.
What’s human-in-the-Loop (HITL)?
HITL is a process where AI performs tasks but humans control final decisions, preventing the system from executing certain actions without approval. This is a synchronous control pattern. The workflow stops at a decision gate until a human provides a required signal. For example, AI processes a loan application, deems it valid, then sends it to a human for final approval.
In an HITL pipeline, humans provide a manual touch in an otherwise automated workflow. For example:

• High-stakes actions: Humans approve critical actions, like confiming customers emails, social posts, or financial transactions, before AI sends them.
• Confidence uncertainty: The AI system measures uncertainty through confidence ratings. If confidence falls below a threshold, it calls in a human.
• Layered control: Some requests may need sign-offs by more than one person for security, so the AI halts progress until every stakeholder approves.
• Compliance oversight: Regulated industries like healthcare, finance and legal require human approval for certain decisions, regardless of AI confidence.
  What’s human-on-the-loop (HOTL)?
  HOTL is a process controlled by AI, but humans supervise or review the results. This loop is an asynchronous control pattern — fully autonomous and humans only handle exceptions and adjust parameters. For instance, AI processes customer orders autonomously, logging anomalies which humans review without interrupting the workflow.
  This process is primarily hands-off, and humans only intervene at the end of the workflow or if something goes wrong. Here are a few examples of HOTL workflows:
• Reviewing post-execution: Staff conduct a manual review of a random set of completed autonomous actions for quality control.
• Spotting anomalies: AI flags behavior that is out of the ordinary, usually to spot fraud or cyberattacks, but continues processes after flagging. Humans can conveniently review these flagged executions in time.
• Setting guardrails: Humans make changes to system controls at the level of governance, adjusting AI permissions rather than stopping the pipeline itself.
• Slowing and limiting processes: Staff set a confidence threshold, and when the uncertainty level rises high enough, the AI doesn’t execute and flags for review.
  Human in-the-loop vs. human on-the-loop: Key differences
  Both of these processes are useful — the choice is ultimately an architectural tradeoff that affects performance, risk, and accountability in AI agentic workflows. Here are the main differences:
  AI systems typically evolve along this spectrum: New deployments start with tight HITL controls, then gradually shift toward HOTL monitoring as the AI proves reliable and teams gain confidence in automated decisions
  When to use HITL vs. HOTL?
  Choosing between HITL and HOTL in workflow-native platforms depends on how your system behaves under real-world conditions. Here are a few considerations:
  In production, these approaches can coexist. A single workflow sometimes contains both: AI generates 1,000 product descriptions (HOTL monitoring), but requires human approval before publishing the top 50 to the homepage (HITL gate). This approach scales human attention to where it matters most. The platform you choose must support this hybrid setup.
  HITL and HOTL use cases
  Businesses use these structures in different workflows depending on risk, scale, and the areas where human judgment adds the most value. Here are a few HITL and HOTL agent applications.
  HITL use cases
  Let’s start with some common ways to use HITL:
• High-risk content moderation: AI systems can’t always detect human nuance and sentiment. Without human review, the program may block valuable content and permit harmful language, upsetting customers and adding legal risks.
• Autonomous vehicles: While AI sensors are getting better at operating vehicles, humans need to provide real-time intervention for compliance and safety.
• Legal contracts approval: Although AI can draft legal documents, experts still need to approve final versions before sending to clients or signing to ensure legal and ethical compliance.
  HOTL use cases
  Here are a few common applications for HOTL:
• Logistics and inventory: AI manages inventory and automatically issues supply orders. Humans monitor dashboards and only intervene in edge cases, like supply chain shortages or vendor strikes.
• Low-risk content moderation: LLMs monitor low-risk content, like comments and social media posts, posting acceptable cases and flagging anything that violates policies. Staff review flagged content to ensure it actually goes against rules.
• Financial transactions: AI systems monitor transactions and mark anything that seems suspicious. Humans review these alerts to decide whether to suspend accounts or investigate further, catching fraud and avoiding false positives.
  Challenges in human oversight models
  Implementing these architectures introduces operational and governance challenges. Here are a few obstacles to overcome:
• Queue saturation and latency: In HITL systems, manual reviews may become bottlenecks, requiring carefully configured confidence thresholds to avoid excessive human input.
• Automation complacency: Because AI is becoming increasingly reliable, human reviewers may trust outputs without scrutiny and miss necessary interventions in HOTL processes.
• Audit trail gaps: Both HITL and HOTL systems require strong logging and traceability — gaps create regulatory risk and make it impossible to diagnose failures.
• Inconsistent reviewer decisions: Without clear guidelines, different humans make different calls on similar cases. This produces unpredictable outcomes and undermines trust in the oversight process.
• Insufficient context for reviewers: Humans need full visibility into AI reasoning, input data, and confidence scores to make informed decisions — without it, approval becomes inefficient.
  Addressing these challenges requires infrastructure that supports approval workflows, execution visibility, and audit logging — capabilities built into workflow automation platforms designed for production AI systems.
  Implementing human oversight in n8n: HITL and HOTL workflows
  AI often needs a human eye to perform successfully — that’s why n8n’s workflows allow humans to enter the picture at different stages. You can use HITL approval gates before an AI agent executes a specific tool or after AI-output and implement HOTL monitoring after the workflow runs.
  For HOTL workflows, n8n’s systems can easily operate independently, logging every execution in workflow history and sending alerts via error workflows or notifications, notifying staff to take action when review is needed. This means your team stays informed without being a bottleneck.
  For HITL workflows, n8n supports three core patterns:
• Inline chat approval: Use the Chat node's "Send and Wait for Response" operation to present AI outputs directly in a chat interface. Reviewers can approve, reject, or modify outputs before the workflow continues.
• Tool call approval gates: Add approval gates on AI Agent tools so that specific tool calls require human confirmation before they execute. This is ideal for high-risk actions like database writes or sending external communications.
• Multi-channel review workflows: Route approvals through Slack, Gmail, n8n Chat, or other channels your team already uses. Combine these with IF nodes to route only low-confidence outputs for approval.
  Beyond these patterns, n8n offers several features that support human oversight:
• Role-based access control: On Business+ plans, only authorized users can modify workflows and make decisions.
• Audit logs: Track decisions made at each step for compliance and accountability
• "Send and Wait for Response" operation with timeouts. Set time limits on approval steps to prevent workflows from stalling indefinitely (docs)
• Error workflows: Automatically alert your team when something fails or needs attention
  Optimize AI workflows with n8n
  The HITL and HOTL systems create a complementary oversight spectrum, and they both have their uses. HITL gives control, holds your team accountable, and embeds human judgment in key decisions, while HOTL lets us work faster through high-volume tasks with post-execution review.
  In real world situations, using a mix of HITL and HOTL in the same workflow provides the right balance between managing risk, efficiency, and compliance.