Skip to main content
FAILURE MODES

AI execution failure modes.

The patterns that appear when autonomous AI systems act without verifiable authority, audit coverage, or fail-closed defaults. Each failure mode has a recognizable signal — and a corresponding control.

Unbounded execution authority

The AI system can invoke actions — filesystem writes, API calls, external side effects — without any mechanism to verify that execution was authorized by a human or a policy. There is no record of what authority was delegated or when.

Detection signal: No permit issuance, no approval binding, no execution manifest.

Missing or incomplete audit chain

Individual events are logged, but the audit record cannot be used to reconstruct who authorized what, with what parameters, against which policy version. Attribution is partial or absent.

Detection signal: Logs exist; lineage does not. Cannot answer "who approved this execution?"

Fail-open defaults

When control dependencies become unavailable — policy engine down, control plane unreachable — the system defaults to allowing execution to continue rather than halting.

Detection signal: No explicit fail-closed configuration. Availability is treated as higher priority than control.

Prompt injection propagation

Adversarial input embedded in model context causes the AI system to request or execute unauthorized actions. The execution layer has no mechanism to detect that parameters diverged from what was approved.

Detection signal: Execution manifests are not hash-bound to approval decisions.

Scope creep through multi-step decomposition

Individual steps appear within policy, but their composition across multiple calls accumulates to exceed what a human would have authorized as a single action. The system has no stateful tracking of decomposition.

Detection signal: Per-step evaluation only. No cross-step authorization accounting.

No revocation path

Once an action is authorized, there is no mechanism to cancel in-flight execution if the circumstances change. Permits do not expire. Grants cannot be revoked without downtime.

Detection signal: Reusable grants with no TTL and no revocation registry.

Evaluate your exposure.

The AI Execution Boundary Assessment maps your current deployment posture against these failure modes.

Start assessment