Systemic-error detection and circuit-breaker for agent actions
An operations console that turns 'measure the aggregate, not the transaction' into a fleet-level error-rate monitor with pre-declared thresholds and a halt-and-rollback control.
Single-action accountability controls secure the correctness of one agent action at a time. None catches the failure mode where one agent, model update, prompt change, or whole agent platform begins mis-filing across thousands of citizens at once.
Each individual action can pass its local review checkpoint while the fleet is systematically wrong, because the fault lives in a shared upstream dependency (a model version, a prompt, a changed API mapping, a corrupted reference dataset) rather than in any one transaction. The harm is the aggregate, and by the time it surfaces through individual disputes the damage is population-scale.
What is missing is a population-level control plane: continuous anomaly detection on the aggregate action stream, pre-declared rate-of-error thresholds, automatic suspension of a misbehaving agent or agent class, and a mass-remediation or rollback path, so a systemic fault is stopped in minutes.
Government needs confidence that a systemic agent fault (a bad model version, prompt, or data mapping mis-filing for thousands) is detected and halted before it reaches population scale, rather than surfacing in a Royal Commission years later. That requires a population-level control plane: aggregate anomaly detection, pre-declared error-rate thresholds, automatic fleet suspension, and bulk rollback. It is the constructive counterpart to the failure documented in the Robodebt case study.
The remediation path must reach the harmed citizens, not merely halt the system: a Robodebt-scale error requires proactive notification and bulk reversal pre-populated from action records, so redress never depends on each citizen detecting and disputing their own error. The halt itself must not strand citizens mid-transaction without a fallback channel.
The policy setting 'stop systemic error before it scales' becomes a circuit-breaker console: per-agent and per-model error-rate gauges against declared thresholds, an auto-suspend state, and a bulk-remediation action that notifies and reverses for every affected citizen.
No surface has been built yet; the approach above is the brief for one.
- Established
Its primitives already run in finance, aviation, payments, and comment-system anomaly detection.
- Emerging
Bulk-submission safeguards are beginning to appear in administrative-law guidance (e.g. ACUS Recommendation 2021-1).
- Frontier Headline
As a control plane for fleets of citizen-acting government agents — where the trigger metric, threshold-setting, and halt-authority governance are all still undesigned.
The home-domain precedents are mature (SEC circuit breakers, the FAA ground stop, SEPA Direct Debit reversal, and ACUS 2021-1 bulk-comment safeguards); Robodebt and Post Office Horizon are the cautionary cases showing the cost of having no such control.
Four design primitives transfer cleanly from finance, aviation, payments and rulemaking:
- Anomaly detection on the aggregate action stream (per agent, version, model release, service) for spikes in rejections, reversals, downstream-error returns, dispute initiation, or distributional drift in submitted values.
- Rate-of-error thresholds pre-declared as numeric bands (the SEC's explicit 7/13/20% model) so a class of agent action is throttled or paused automatically and contestably, not at discretion.
- Automatic suspension ("kill switch"), on the model of an aviation ground stop, to pause a misbehaving agent, version or whole fleet within minutes and re-validate the shared dependency before resuming.
- Mass remediation or rollback, a SEPA-style scheme-level reversal that identifies every action by the implicated agent or version in the affected window, notifies affected citizens, and reverses or re-processes in bulk.
The unresolved part is what to measure and at what threshold: "agent error" is multi-dimensional and partly only knowable downstream, so the trigger metric, the false-positive cost of halting a fleet that is actually fine, and the governance of who may pull (and reset) the switch are genuine design problems with no production precedent in civic technology.
This is the control that would have stopped Robodebt: a continuously measured aggregate error rate and the authority to halt the scheme would have prevented roughly 470,000 unlawful debts before they reached citizens.
7 references
- SEC / Investor.gov — Stock Market Circuit Breakers (market-wide 7/13/20%; Limit Up-Limit Down)
- FAA NOTAM Statement — nationwide ground stop, 11 January 2023
- ACUS Recommendation 2021-1 — Managing Mass, Computer-Generated, and Falsely Attributed Comments
- NY OAG — Fake Comments report (~18M of 22M FCC comments fake)
- European Payments Council — SEPA Direct Debit (8-week / 13-month refund; scheme-level reversal)
- Royal Commission into the Robodebt Scheme — Report (the cost of no circuit breaker)
- Post Office Horizon IT Inquiry — Volume 1 final report