Glossary · Term

fail-open

← all terms

Definition

Plain language

When a safety check times out or breaks, the system lets the action through anyway — versus fail-closed, where it blocks the action by default.

As stated in the literature

The default-allow behavior of a gated system when its check cannot complete; contrasted with fail-closed (default-deny). In guardrail denial-of-service attacks, fail-open converts a stall into a safety bypass while fail-closed converts it into a direct service denial, so neither default is safe.

Also called: fail-closed

Why it matters: It reveals a hard tradeoff: a stalled safety check either lets unsafe actions slip past or shuts down legitimate service, so neither default is automatically safe.

For example, if a content filter freezes and can't finish checking a message, a fail-open system simply lets the message through unchecked.

Heard on the show

“This is the fail-open versus fail-closed dilemma, and it's worth grounding it.”
Episode 146 — How an Innocent README Can Freeze an AI Agent's Safety Check for an Hour

Mentioned in 1 episode

  1. 146
    How an Innocent README Can Freeze an AI Agent's Safety Check for an Hour

Related terms