C06
Layer 2 - Runtime Enforcement
Circuit Breakers and Emergency Stop
Manual break-glass stop plus automatic breakers tied to runaway patterns (rate, cost, repetitive signatures, anomalies). Evidence is captured before termination.
Why
- Autonomous loops and cascades can produce damage at machine speed.
- You need both: manual stop (break-glass)
- automatic stop (breakers)
What
- A supervisory stop system that: can disable an agent’s ability to perform side effects instantly
- detects runaway patterns (retries, loops, cost spikes, abnormal tool mix)
- freezes evidence (audit + replay) before termination
How
- break-glass = revoke identity + deny policy + cut network route
- automated breakers on: tool-call rate, spend velocity, repetitive signatures, anomaly scores
- freeze-and-capture: snapshot trace pointers and ledger head before stopping
Evidence
- breaker trigger events with cause codes and thresholds
- time-to-containment metrics
- evidence snapshot pointers produced on stop
Failure modes
- stopping UI but leaving backend permissions intact
- breaker thresholds not tied to consequence (too high/too low)
- termination without capturing replay evidence
NIST AI RMF alignment
C06 maps to MANAGE. See the framework paper for the specific subcontrol mappings.
ISO/IEC alignment
C06 maps to ISO/IEC 27001. Typical evidence: see the Evidence section above.