Fail-Safe Defaults
When policy evaluation is uncertain or the enforcement system encounters an error, the default is to block or escalate — never to silently allow.
What it means
Fail-safe defaults is a security design principle stating that the default behavior in the absence of an explicit permission decision should be to restrict, not to permit. Applied to AI policy enforcement, it means that if the enforcement system encounters an error, network timeout, or ambiguous policy state, the response must be to block or escalate the action — never to proceed silently.
This principle is the opposite of a common failure mode: "fail open." A fail-open system allows actions to proceed if the enforcement check cannot be completed. This is catastrophically wrong for enterprise policy enforcement, where an AI agent operating without enforcement is precisely the risk the system was designed to prevent.
Fail-safe defaults also apply to policy interpretation: when a context payload is incomplete or a rule cannot be evaluated due to missing fields, the correct response is ESCALATE (not ALLOW). Missing required fields always result in escalation, not silent approval.
Why enterprise executives need to understand this
For CISOs and compliance teams, fail-safe defaults are a fundamental requirement. In regulated environments, a silently-allowed action that violates policy is not a minor incident — it is a control failure that must be disclosed and reported. Systems that fail open create audit findings that are difficult to remediate because the scope of violation may be unknown. Fail-safe defaults ensure that any enforcement failure is surfaced immediately, not silently absorbed.
How Corules implements this
Corules is designed with fail-safe defaults throughout. Context payloads with missing required fields return ESCALATE, not ALLOW. Enforcement errors return ESCALATE. The system never defaults to ALLOW when in doubt. This behavior is documented and testable — clients can verify fail-safe behavior as part of integration testing.
Frequently Asked Questions
What if the enforcement system is down?
Corules targets 99.9% availability with SLA guarantees. In the event of unavailability, calling systems should treat the response as ESCALATE by default — never proceed with an action if enforcement cannot be confirmed. This is the correct fail-safe behavior for any policy-critical integration.
See Fail-Safe Defaults in production
Corules implements every concept in this glossary. Join enterprise teams enforcing policy at runtime — no credit card required.
Request access