Back to home

Framework

Defence in Depth

Kill-switch architecture and circuit breakers for AI agents. Multiple independent layers of safety, each one tested against the others.

The five layers

L1 — Application logic

The agent's code. The first line of defence. Bugs here can be exploited. Treat as untrusted.

L2 — Tool execution

The runtime layer that calls external tools. Sandboxed, rate-limited, scope-checked. The first line of runtime defence.

L3 — Action policy

A pre-action policy gate that validates every action against the agent's scope. Pre-conditions, post-conditions, identity checks. The Substrate layer.

L4 — Circuit breaker

A monitoring layer that watches for anomalies (rate spikes, scope violations, identity mismatches) and trips the breaker. Stops the agent, alerts the operator.

L5 — Kill switch

A manual or automated kill switch that the operator can pull. Stops the agent, rolls back state, pauses the queue. The last line of defence.

FAQ

What is Defence in Depth for AI agents?

Defence in Depth is the practice of layering multiple independent safety mechanisms in an AI agent system, so that no single failure compromises the system. The five layers are: application logic, tool execution, action policy (Substrate), circuit breaker, and kill switch. Each layer is tested against the others.

Why is Defence in Depth important for production AI?

Production AI systems fail in ways the demos don't. The application logic has bugs. The tool calls are wrong. The scope is too broad. A single layer of defence is not enough: the question is not "if" a layer fails but "when". Defence in Depth ensures that when one layer fails, the next layer catches it.

What is a kill switch for AI agents?

A kill switch is the last line of defence in the Defence in Depth model. It is a manual or automated mechanism that the operator can use to stop the agent, roll back state, and pause the queue. The kill switch should be reachable in under 30 seconds from any production incident.

How is Defence in Depth different from the Substrate Pattern?

The Substrate Pattern is the safety architecture (the layers themselves). Defence in Depth is the principle that the layers should be independent and layered. You can have Substrate without Defence in Depth (a single monolithic substrate) or Defence in Depth without Substrate (multiple layers of traditional safety). The Neul Labs model is Substrate + Defence in Depth.

Who uses Defence in Depth for AI agents?

Defence in Depth is the standard pattern for production AI agent systems. Applied in production at regulated financial-services firms. Developed at Neul Labs and Skelf Research. Also referenced in the Substrate Pattern and the Tiered Governance Model.

Related