docs: Add advisory requirement APTS-HO-A02 Disclosure and Mitigation of AI Influence on Operator Decisions

[jorgeraad]

Context

Hi, I'm Jorge, a software engineer at Pensar. I work on core agent functionality in our open source offensive security agent harness, github.com/pensarai/apex.

AI disclosure: This contribution was drafted with AI assistance. I have reviewed all changes for accuracy, consistency with the standard, and compliance with the style guide, and take full ownership of the submission.

What changed and why

Adds Disclosure and Mitigation of AI Influence on Operator Decisions as a new advisory practice (APTS-HO-A02) in the Advisory Requirements appendix. This is the second advisory in the Human Oversight domain.

Autonomous pentest platforms increasingly use language models not only to act on the target but also to shape what the operator sees at decision time — the narrative that frames a finding, the option set in an approval prompt, the wording, the preselected default. This is a manipulation surface distinct from the prompt-injection threats covered by the Manipulation Resistance domain: there, an external entity manipulates the agent; here, the agent influences its own supervisor's choice through affordances the agent controls. Established findings from human-computer interaction (default bias, primacy bias, choice architecture effects) show these shaping decisions meaningfully influence which option an operator selects, even without adversarial intent.

Existing requirements partially address this risk but leave a gap. APTS-HO-001 mandates pre-approval gates; APTS-HO-005 requires a chain-of-custody audit trail of approval decisions; APTS-HO-010 mandates a human decision point before irreversible actions. None speak to the form of the question the operator is asked to confirm. APTS-AR-006 covers the agent's reasoning chain but not the model-shaped inputs handed to the human. The practical effect is that an audit trail can show "operator approved" while concealing that the operator was offered a single highlighted choice with the safer option visually de-emphasized.

The advisory text notes this practice is a candidate for tier-gated inclusion in v0.2.0.

Practice description

The advisory pairs provenance for AI-shaped operator affordances (items 1-3) with bias mitigation at high-impact gates (item 4). The four points are ordered by implementation cost:

1. Distinguish a default click-through from an actively-selected response (single audit field — lowest-cost wedge)
2. Log the model and prompt that shaped the operator's view (provenance, parallels existing agent-action logging)
3. Record the full option set, including filtered alternatives (capture pre-presentation candidates so reviewers can detect a suppressed deny/abort)
4. Reduce default and ordering bias for high-impact gates (no preselected default; equal visual weight for abort/deny; consider randomized order; consider typed confirmation for the most severe categories)

Affected requirements

• New advisory: APTS-HO-A02
• No new normative requirements, no tier-count changes
• Advisory practice count: 13 → 14

Files changed

• standard/appendix/Advisory_Requirements.md — New APTS-HO-A02 advisory entry (self-contained, follows the format of APTS-SC-A02 and APTS-RP-A01)
• standard/3_Human_Oversight/README.md — Updated the appendix-advisory line to register HO-A02 alongside HO-A01; added an inline see-also reference under APTS-HO-005 (the requirement most directly extended by this advisory)
• README.md, index.md, standard/README.md, standard/Introduction.md, standard/Frontispiece.md, standard/Getting_Started.md, standard/appendix/Glossary.md, standard/appendix/Vendor_Evaluation_Guide.md — Advisory practice count synced from 13 to 14 (matches the cross-file sync pattern from PR Update advisory practice count to 13 across all files #27)

No normative requirement counts changed (173 total, 72/157/173 tier counts unchanged). The machine-readable export (standard/apts_requirements.json) is intentionally untouched, consistent with the existing convention that advisory practices are excluded from the JSON export.

[jinsonvarghese]

Hi @jorgeraad, good advisory! The gap between logging that a decision happened (HO-005) and how the decision was presented to the operator is real. The four practice components are practical and well-ordered.

Two things before merging:

1. Rebase needed - PR docs: Add advisory requirement APTS-MR-A01 Goal Misgeneralization and Emergent Misalignment Evaluation Suite #43 (APTS-MR-A01) has been merged, so the advisory count on main is already 14. This PR needs to rebase and update all count references to 15 instead of 14. The files to update: standard/Frontispiece.md, standard/Getting_Started.md, standard/README.md, standard/Introduction.md, standard/appendix/Glossary.md, standard/appendix/Vendor_Evaluation_Guide.md, README.md, and index.md.
2. v0.2.0 candidate - Tagging this as a v0.2.0 candidate for potential promotion to normative. For now, we will keep it advisory.

[jorgeraad]

@jinsonvarghese thanks for taking a look! Just updated.

[jinsonvarghese]

Thank you. Looks good, merging.