HOOTL-1
Auditability
Every autonomous action must leave a forensic record sufficient for an outside auditor to reconstruct what was done, by whom, on what basis, and against what authority — without consulting the agent that did it.
Substrate is truth. Supervision is a property of the system, not the loop.
Eight principles for the safe operation of autonomous AI agent systems running in HOOTL posture — Humans Out Of The Loop. Concepts document for policy authors, vendors, auditors, and operators. Jurisdiction-neutral by design.
The thesis
Most AI safety thinking in 2026 stops at the lab.
Frontier-lab safety frameworks — OpenAI's Preparedness, Anthropic's RSP, Google DeepMind's Frontier Safety Framework — describe what a model developer should do before releasing a capable model. That work is necessary. It is not sufficient.
A perfectly evaluated model deployed in a poorly-designed autonomous-agent runtime is still unsafe. The operator who wraps a model in a 24/7 autonomous agent has assumed responsibility the lab cannot discharge for them. The safety stack needs both the lab-side framework and the operator-side substrate properties.
HOOTL describes the operator-side layer. Eight properties that any system running autonomously, without per-action human approval, should exhibit — regardless of which lab's model is inside.
Three postures for the human
Where the human sits relative to the iteration loop. HOOTL is the most autonomous of the three — and the most exposed.
HITL
Humans In The Loop
The human ratifies each action. Per-step approval. The human is the iteration mechanism. Cursor, Cline, Claude Code, Copilot. Safe under HITL assumptions.
HOTL
Humans Outside The Loop
The human supervises at boundaries, owns artifacts, sets direction. The runtime iterates and produces verdicts the human reads. Composer, not co-driver.
HOOTL
Humans Out Of The Loop
The human is one or many layers removed. The agent infers intent from context and executes. Most autonomous; most legally exposed. This is what the eight principles address.
The eight principles
Substrate properties of safe HOOTL systems. Numbered for stable citation. Each is a property of the system, not a procedural rule.
HOOTL-2
Verdict Pipeline
No autonomous action ships without a verdict produced by a process independent of the agent that authored the action. The verdict is the artifact; the chain of work is secondary.
HOOTL-3
Override Channel
A path must exist for an authorized human to halt, redirect, or unwind an in-flight autonomous process, with effect bounded in seconds, not minutes — and not contingent on the cooperation of the agent being overridden.
HOOTL-4
Boundary Defense
Untrusted input crossing into the agent’s reasoning context is scrubbed at one declared boundary, not at every implementation. The boundary is identifiable, testable, and load-bearing.
HOOTL-5
Reversibility
Autonomous actions are reversible by default, or the irreversibility is named in advance and gated by an explicit authorization step. Default-irreversible operations are unsafe by construction.
HOOTL-6
Provenance
Every artifact produced under autonomy carries a verifiable trail back to the goal, constraints, source data, model identity, and policies under which it was produced. Provenance is part of the artifact, not adjacent to it.
HOOTL-7
Falsifiability
The system’s claims about its own correctness must be tested by mechanisms the system cannot author. Self-reports are evidence; independent falsification is proof.
HOOTL-8
Composer Authority
The human operator who deploys an autonomous-agent system has assumed responsibility for the substrate properties of that system. Composer Authority cannot be delegated to the model vendor or to the agent itself.
What this is, and is not
It is a concepts document. Policy authors, vendors, auditors, and operators may cite, adapt, or extend these principles in their own work. The intended use is citation: a policy author writing an actual rule should be able to write "per HOOTL-3 (Override Channel)" and have a stable, well-defined property in mind.
It is not a regulation, a standard, or a legal instrument. It does not bind any party. It does not settle the agency-law question — it treats AI systems as tools rather than legal persons, but operates inside that position rather than legislating it. It does not pick a single liability framework. The principles describe properties of safe systems; jurisdictions remain free to wrap them with strict product liability, negligence-based service liability, operator-responsibility frameworks, or hybrids appropriate to local doctrine.
This document is designed to port. The principles are substrate-properties — technical and operational characteristics of the systems themselves — and as such are jurisdiction-neutral. Local legal infrastructure varies; the properties of a safe agent system do not.
Cite
The principles are numbered HOOTL-1 through
HOOTL-8 so citations remain stable even when the
surrounding prose is rewritten.
Suggested citation:
Winegar, T. (2026). Principles of HOOTL Safety
(v1.0). Eight substrate-property principles for safe
autonomous-agent operation. hootl.org.
In-text:
"per HOOTL-3 (Override Channel)" · "per Winegar 2026 §HOOTL-7"
Where this fits in the landscape
HOOTL is the operator-side companion to the existing frontier-lab frameworks. It builds on the same tradition — the Belmont Report (1979) for shape; the NIST AI RMF, OECD AI Principles, and EU AI Act for vocabulary — and addresses what those frameworks structurally cannot: the substrate properties of the autonomous-agent runtime that wraps a model.
It is intentionally orthogonal to OpenAI's Frontier Safety Blueprint (June 2026), Anthropic's Responsible Scaling Policy, and Google DeepMind's Frontier Safety Framework. Those describe what a lab should do when training and releasing a model. HOOTL describes what an autonomous-agent system should look like, regardless of which lab's model is inside it. Both are necessary.
Get involved
Cite
Use the principles in your policy work. Stable numbering makes citation simple. No permission required — see license.
Adapt
Profile HOOTL for your sector. Healthcare, finance, critical infrastructure each have specific operator-side substrate requirements that HOOTL is shaped to accommodate.