Just adding a ‘human in the loop’ does not necessarily reduce risks from AI projects.
That is the lesson from Starbucks Korea’s recent “Tank Day” campaign. In case you hadn’t heard, on 18th May 2026, the company promoted a large tumbler called a “tank” on the anniversary of the Gwangju Uprising, when pro-democracy protests were violently suppressed by troops, tanks and helicopters. The campaign also used a slogan that many people connected to a later police statement around the torture death of student activist Park Jong-chol. The result was immediate public anger, an apology, the campaign being pulled and the dismissal of Starbucks Korea’s chief executive.
The fact that AI was used to produce the problematic campaign is not the main lesson for marketing and development teams. Shinsegae Group, the operator of Starbucks Korea, said marketers chose the slogan after consulting an AI tool. An investigation revealed that some managers who approved the campaign had not opened the attachments showing the marketing material. In response, more than 2,000 Starbucks Korea stores are set to close early for modern Korean history and social sensitivity training.
This was not a machine acting alone. It was an AI-assisted campaign that passed through a system designed with built-in human checks.
That is why poorly implemented human-in-the-loop review can be so dangerous. It gives organisations the feeling of control without the structure needed to make control real. A person may be present in the process, but if they lack context, time, authority or clear review criteria, they become a rubber stamp.
We have seen the same pattern elsewhere. In the Netherlands, McDonald’s halted an AI-generated Christmas campaign after criticism that the work felt bland, clumsy and careless. The company described the feedback as an “important learning” moment while exploring the effective use of AI. The issue was not only production quality. It was whether anyone had asked if the work would be effective or appropriate for the audience before it went live.
For Psycle, this is where applied AI development has to move beyond prompt writing. AI product development needs governance by design. That means deciding who is responsible for AI outputs, what risks they are expected to review, when specialist judgement is needed and what evidence must be kept before launch.
ISO/IEC 42001 accreditation is useful here because it treats AI as a managed system, not a one-off tool. The standard sets requirements and guidance for organisations that develop, provide or use AI systems, helping them manage AI-related risks while supporting trust, accountability and continual improvement.
As the first UK agency to obtain ISO 42001 certification, Psycle has built these guardrails into our own processes so clients do not have to second-guess where AI is being used or how it is controlled. Our work on Google’s Secure AI Framework also reinforced the same point: as AI systems become mainstream, organisations need clear, usable ways to understand risk and build more securely.
A better human-in-the-loop model is not a final sign-off box. It is a set of practical controls: named reviewers, clear escalation routes, cultural and legal checks, documented approvals, source logs and the power to stop a launch. If the only metrics for AI projects are speed and cost, then quality and effectiveness are always going to suffer.
AI can support marketing and development teams well. It can accelerate research, improve structure and help explore options. But judgement still needs ownership. The loop only works when the human in it knows what they are looking for, has the authority to challenge it and is accountable for what happens next.
