The 11,000-Line Pull Request Problem: Why "Human in the Loop" Is Already a Lie

Picture the pull request that landed on my client's desk last month. 11,000 lines of code. An AI agent wrote all of it overnight. A senior developer was supposed to "review" it before it shipped to production.

He skimmed for 40 minutes. Shrugged. Clicked approve.

Nobody reads 11,000 lines. They can't. They won't. But they'll sign their name to it anyway.

This is the moment we pretend doesn't matter. The moment we call "human in the loop" and move on. Jon Udell pushed back on that phrase this week, and Simon Willison amplified it in a way that made me read it twice:

"I dislike the phrase 'human in the loop' because it cedes authority to the machines. It's our loop. We work the way we always have — now we recruit agents to join the team."

The grammar is the whole argument.

The Language Tells You Who's Really in Charge

"Human in the loop" puts the machine's process at the center. You're not running anything. You're a checkpoint — the thing that signs off on outputs you can no longer actually evaluate. The agent generates. You approve the parts you can still see. The rest? You trust it worked.

Flip it. It's your loop. The agents join your team. They don't get the wheel.

If you sign things for a living — audits, legal opinions, compliance certifications, financial statements — this isn't a semantic debate. It's the architecture of accountability. You can't sign off on what you can't read. An unreviewable output isn't oversight. It's a hope program with your name on the approval line.

I've watched three clients in the last six months start treating AI-generated work the way they treat vendor reports: assume it's right unless something explodes. That assumption has a name in our profession. We call it abdication.

We've Automated Review Away Before

Last time a generation of professionals signed off on things too complex to actually read, we called the cleanup 2008.

Mortgage-backed securities. Collateralized debt obligations. Synthetic CDOs. The financial instruments got so layered, so algorithmic, so dependent on models nobody could truly audit, that "review" became performative. Analysts relied on ratings agencies. Ratings agencies relied on issuer data. Everyone relied on the idea that someone else had actually checked.

The structure made verification impossible, so we replaced verification with faith.

Sound familiar?

The parallels aren't perfect — AI agents aren't securitizing subprime loans — but the failure mode is identical. Work arrives in a form too complex or too voluminous to truly evaluate. The person with signing authority can't reconstruct the reasoning. They can't spot the edge cases. They can't pressure-test the assumptions. But they're still accountable when it breaks.

That's not a human in the loop. That's a human providing liability insurance for a machine process they don't control.

The Unreviewable PR Is the Tell

I'm not anti-AI. I use AI agents in my own work — for research synthesis, first-draft documentation, pattern matching across frameworks. But I also know what happened the last four times I watched a disruption cycle play out. The technology works. Then we scale it past the point where humans can still supervise it. Then we learn what "unsupervised at scale" actually costs.

The fix isn't a better attitude about AI. The fix is structural: make the work arrive in pieces small enough to actually review.

If an agent generates an 11,000-line pull request, the problem isn't the agent. It's that you allowed a process where 11,000 lines can land at once. Break it into 20 smaller PRs. Each one reviewable. Each one a genuine decision point where a human exercises judgment, not theatrical oversight.

The same principle applies to any professional output: audit procedures, contract reviews, financial models, security assessments. If the AI-generated work is too large or too complex for you to truly evaluate, you've already lost authority. You just haven't felt it yet.

Where Authority Already Moved

Here's the uncomfortable question: where in your shop is an agent already producing work nobody really reviews?

Not work people glance at. Not work people spot-check. Work people actually read, reconstruct, and take ownership of before they sign.

I asked a partner at a mid-sized accounting firm that question last week. Long pause. Then: "Probably our risk assessment summaries. The AI pulls from twelve data sources, scores everything, generates the narrative. We check that the numbers look reasonable. But reconstruct the logic? No."

That's the moment. The moment where "efficiency" and "abdication" become the same thing.

The agent isn't malicious. It's not trying to seize control. But if you can't explain how it reached a conclusion, and you sign off anyway, who's actually running your loop?

The Real Risk Isn't the AI

The real risk is that we're building systems optimized for speed, not reviewability. We're treating verification as a bottleneck instead of the actual product.

You don't get to keep accountability if you give up verification. The law doesn't care that an AI wrote it. Your client doesn't care that the output was too complex to check. When it breaks, your name is on it.

I've survived four disruption cycles. Internet killed media distribution models. Mobile killed fixed retail. Cloud killed on-premise infrastructure supremacy. Every time, the people who thrived weren't the ones who rejected the new technology. They were the ones who refused to let the technology dictate the terms.

They kept authority. They made the tools join their process, not the other way around.

What to Do Monday Morning

This isn't a "ban AI" argument. It's a "design for reviewability" argument.

Here's what to ask your team — developers, analysts, associates, anyone producing work with AI assistance:

1. Can you explain the reasoning behind this output in your own words? If not, it's not reviewed. It's faith-based.

2. Could you recreate this judgment without the AI? You don't have to. But if you couldn't, you're not supervising the tool. You're transcribing it.

3. Is this output sized for human review, or machine generation? If a human couldn't produce it in a reasonable timeframe, a human probably can't review it either.

4. Where's the decision point? If the AI generates and you approve, that's one decision (yes/no). If the AI generates options and you choose, that's judgment. Structure for the second one.

The agents can stay. They should stay. But they join your loop. They don't get the wheel.

Because the alternative isn't "human in the loop." It's human as decorative placeholder in someone else's loop, signing things they can't verify, until the moment the liability comes due.

And that movie? I've seen it before. The ending's not great.

Where in your organization is verification theater already replacing actual review? I'd welcome your examples — the honest ones, not the ones that make us look good. You can reach me here or at [email protected].