Design · Defence

Defence in depth for AI decisions

No serious security team trusts a single wall. They assume any one control will fail and layer the next behind it. Human oversight of AI deserves the same humility, because a single point of oversight is a single point of failure.

Defence in depth is an old idea from security: do not rely on one barrier, layer several, so that when one fails the next still holds. Human oversight of AI is usually built the opposite way, as a single checkpoint, one reviewer, one approval, and a single checkpoint is exactly as strong as its worst day. Borrowing defence in depth is part of what it means to treat oversight as real infrastructure rather than a gesture.

What the layers are

A real override the system honors. A named accountable human, not a queue. Honest escalation that sends the right calls to a person. An audit trail a regulator and a customer can both read. A stop that someone has tested. Each is modest alone. Together they mean that an error has to get past several independent defences, not just one tired reviewer, to reach the world.

Why layers beat a single gate

Because the failure modes are different for each. A reviewer goes numb, but the audit trail still records. The escalation misfires, but the stop still works. No single layer has to be perfect, which is fortunate, because none ever is. The strength is in the overlap, the same reason security stopped betting everything on the perimeter.