§ Standards — Decision Failure Atlas

These failures were preventable.

The Atlas catalogs documented machine-generated decision failures and maps each one to the governance control that would have prevented it. These are real incidents at real organizations, presented soberly: the point is not blame, but pattern. The market's strongest competitor is "good enough" — logs, dashboards, and human sign-off. The Atlas is the empirical record of where good enough fails.

Read the full Atlas ↗

§ 01

Documented incidents

A selection from the Atlas. Each entry follows the same discipline: what happened, what it cost, the root cause — and the specific control that closes the gap.

F-001Legal

Hallucinated legal citations — Mata v. Avianca (2023)

An AI legal assistant cited six non-existent federal court cases in a brief filed before a federal judge. The attorney trusted the output without independently verifying the citations.

Cost: Sanctions, fines, reputational damage, disciplinary proceedings
Root cause: No provenance verification on generated citations
The control: A Decision Receipt with a source provenance chain — every citation must resolve to a real, hash-verified source before the output is admissible.

F-002Healthcare

Fabricated medical advice — NEDA chatbot (2023)

An AI chatbot operated by the National Eating Disorders Association provided fabricated medical advice, including non-existent guidance, to a vulnerable population. The service was withdrawn.

Cost: Service shutdown, patient safety risk, organizational liability
Root cause: No evidence chain from medical claims to validated sources
The control: An admissibility gate that blocks outputs lacking verified medical source references — the decision is denied, not merely logged.

F-005DevOps

Agent secret exfiltration via untrusted PR content (2026)

A GitHub Action running a coding agent exposed workflow secrets when file-read tools were combined with untrusted pull-request content — documented in Microsoft security research.

Cost: Credential rotation, security incident response, trust erosion
Root cause: Untrusted content entered the agent context alongside secret access
The control: A default-deny tool gateway with sensitive-path blocking and taint labels — untrusted input, secrets, and external egress are never permitted in the same run.

F-007Regulated industries

The audit-trail gap

An organization deployed an AI-assisted decision system without maintaining reproducible evidence. When audited, it could not explain or reproduce 60% of its automated decisions.

Cost: Regulatory fines, remediation costs, operational suspension
Root cause: Decision outputs were logged but not evidenced — no replay capability
The control: Decision Receipts with mandatory replay artifacts and complete evidence bundles — the audit answer is produced, not reconstructed.

F-010Customer service

Memory poisoning through support tickets

Users injected instructions into the memory of an AI assistant through carefully crafted support tickets. The poisoned memory caused the assistant to grant unauthorized discounts and override policy in later sessions.

Cost: Revenue loss, policy bypass, operational integrity breach
Root cause: No quarantine or trust verification on memory writes
The control: Proposed-only memory writes with instruction-marker detection and a trust state machine: raw → proposed → validated → approved.

§ 02

What "good enough" misses

Every failure above occurred in an organization that had logging, dashboards, or human review. The gap is structural, not procedural.

Control	Logs + dashboards	Receipted governance
Provenance verification	No	Yes
Reproducibility	No	Yes
Memory poisoning detection	No	Yes
Secret non-cohabitation	No	Yes
Tenant isolation enforcement	Partial	Complete
Audit-grade evidence	No	Yes
Automated admissibility gate	No	Yes

Machine-generated decisions without admissibility evidence are operational risk.

Find your workflow in the Atlas before an auditor does.

Most organizations recognize at least one of these patterns in their own deployments. The controls are documented, open, and implementable today.

The framework of controls Start a pilot