Fail-Open vs Fail-Closed

Definition

Fail-open and fail-closed describe what a governance system does when its policy check is unavailable: fail-open lets actions proceed without a decision, while fail-closed blocks actions until policy can be evaluated.

The core trade-off

When the policy decision point times out or is unreachable, the system must choose a default. Fail-open prioritizes availability — agents keep working even if they cannot be checked — but it means risky actions can slip through ungoverned during the outage. Fail-closed prioritizes safety — no action proceeds without a decision — at the cost of availability during the same outage. There is no universally correct answer; the right default depends on the blast radius of the actions being governed.

Choosing per risk tier

Mature deployments do not pick one mode globally. They fail-closed on high-risk actions — deletions, payments, production changes — so a policy outage can never permit an irreversible operation ungoverned, while allowing lower-risk actions to fail-open to preserve throughput. Cordum supports this by treating the Safety Kernel as a hot-path dependency with explicit timeouts and a circuit breaker, and by alerting on the rate of fail-open events so an outage that quietly widens the ungoverned window is caught early.

Frequently asked questions

Related reading

• Fail-Open vs Fail-Closed for AI Agents
• Alerting on Fail-Open Burn Rate
• Safety Kernel
• Deterministic AI Control