What is approval-first AI?

Approval-first AI is a design pattern for business automation. Every AI write action is proposed by the assistant, surfaced as an approval, and executed only after a human (or a configured policy) says yes.

It is the opposite of autonomous AI — the design pattern where the assistant acts first and informs you later.

The two patterns

Autonomous. Give the assistant tools and let it act. The user prompts the AI. The AI calls a tool. The tool mutates state. The work gets done — sometimes correctly. The pitch is autonomy and speed. The reality is that, eventually, the AI sends the wrong email, books the wrong meeting, updates the wrong record, or — worst case — leaks data.

Approval-first. Every write action is proposed, not executed. The AI proposes the email to send, the meeting to book, the record to update. A human (or a policy) approves. Then the action happens.

Why we chose approval-first

The autonomy demo works because the demo is a controlled environment. The AI is operating against a clean dataset, a single user, a single context. In production, you have hundreds of users, thousands of records, hundreds of edge cases the model was never trained on, and a near-certainty that within a month it will misinterpret one of them.

When that happens, two things are true. First, your customers see the result before you do. Second, you have no record of what the AI did, no way to undo it, and no defensible answer for the post-incident review.

Approval-first inserts a human (or a policy) in the loop on every write action. The cost is one approval click. The benefit is the entire risk class of AI write incidents being mitigated by design.

Three properties of a working approval-first system

1. Read actions flow freely. The AI must be able to search, retrieve, summarize, and analyze without friction. If approval is required on reads, the assistant becomes useless. Atlas does not gate reads.

2. Write actions surface clearly. The proposal must include the exact payload, the target record, and the source reasoning. "Update the deal" is not enough. "Update Acme Corp's Q3 opportunity to 'Closed Won' with amount $42,500, based on the email from John Doe on June 5" is enough.

3. Approvals are policy-driven. Approval policies should be configurable at the org, team, tool, and value-threshold level. Manual approval is the fallback, not the default for every write.

How Atlas implements approval-first

In Atlas, every MCP tool has an actionMode of read or write. Read actions flow freely. Write actions go through MCP Boss — the governance layer — where approval policies are evaluated. If a policy requires human approval, the action queues in the user's approval queue. If a policy allows auto-approval (e.g., low-risk enrichment), the action executes immediately. Either way, the action is logged in Atlas Audit.

What approval-first enables

The most important thing approval-first enables is adoption. Every leadership team has an AI policy that says "no production AI without governance." Approval-first is what makes that policy survivable in practice. Compliance signs off. Legal signs off. The CFO signs off. The team gets to actually use the AI.

Related articles

• Configuring approval policies →
• Why the audit log is the headline feature →
• What is MCP? →