AI execution failure modes.
The patterns that appear when autonomous AI systems act without verifiable authority, audit coverage, or fail-closed defaults. Each failure mode has a recognizable signal — and a corresponding control.
Unbounded execution authority
The AI system can invoke actions — filesystem writes, API calls, external side effects — without any mechanism to verify that execution was authorized by a human or a policy. There is no record of what authority was delegated or when.
Missing or incomplete audit chain
Individual events are logged, but the audit record cannot be used to reconstruct who authorized what, with what parameters, against which policy version. Attribution is partial or absent.
Fail-open defaults
When control dependencies become unavailable — policy engine down, control plane unreachable — the system defaults to allowing execution to continue rather than halting.
Prompt injection propagation
Adversarial input embedded in model context causes the AI system to request or execute unauthorized actions. The execution layer has no mechanism to detect that parameters diverged from what was approved.
Scope creep through multi-step decomposition
Individual steps appear within policy, but their composition across multiple calls accumulates to exceed what a human would have authorized as a single action. The system has no stateful tracking of decomposition.
No revocation path
Once an action is authorized, there is no mechanism to cancel in-flight execution if the circumstances change. Permits do not expire. Grants cannot be revoked without downtime.
Evaluate your exposure.
The AI Execution Boundary Assessment maps your current deployment posture against these failure modes.
Start assessment