Definition
Plain language
When a safety check times out or breaks, the system lets the action through anyway — versus fail-closed, where it blocks the action by default.
As stated in the literature
The default-allow behavior of a gated system when its check cannot complete; contrasted with fail-closed (default-deny). In guardrail denial-of-service attacks, fail-open converts a stall into a safety bypass while fail-closed converts it into a direct service denial, so neither default is safe.
Also called: fail-closed
Why it matters: It reveals a hard tradeoff: a stalled safety check either lets unsafe actions slip past or shuts down legitimate service, so neither default is automatically safe.
For example, if a content filter freezes and can't finish checking a message, a fail-open system simply lets the message through unchecked.
Heard on the show
“This is the fail-open versus fail-closed dilemma, and it's worth grounding it.”Episode 146 — How an Innocent README Can Freeze an AI Agent's Safety Check for an Hour