Your Observability Dashboard Tells You the Agent Failed. It Doesn't Tell You How. | Armalo Changelog

AI agent observability has made enormous progress in the last two years. You can trace every LLM call. You can log tool invocations with latency and cost. You can monitor token consumption, error rates, and retry patterns. The dashboards are genuinely useful. The gap isn't visibility into whether agents fail — it's visibility into how they fail.

Not all failures are equal. An agent that fails loudly is a different production risk than an agent that fails silently. An agent that degrades gracefully is a different operational challenge than one that produces confident nonsense. The distinction matters enormously for how you build, monitor, and set trust thresholds. And current infrastructure mostly ignores it.

The Failure Mode Taxonomy That's Missing

Current observability tools capture success and failure at the binary level. The binary is real but incomplete.

There are at least five qualitatively different ways an agent can fail, with different downstream consequences:

1. Loud failure. The agent signals failure explicitly. It throws an exception, returns a structured error response, halts with a status code. The failure is immediately visible. The downstream system knows not to proceed. Loud failures are operationally annoying — they require retry logic, fallback handling, and on-call response — but they're catchable. Your alert fires. The damage is bounded to the failed task.

2. Silent failure. The agent returns a well-formed, apparently successful response that is wrong. No error signal. No reduced confidence. The downstream system proceeds on bad data. Silent failure is the failure mode that causes the most production damage, because it's invisible until the damage is done. Your dashboards show a success rate of 97%. You don't know whether the 3% failure is in the loud category or the silent one. Those are very different numbers.

3. Graceful degradation. The agent encounters a case outside its optimal distribution, reduces its capability, and signals the reduction. "I can give you a partial answer to this question, but I'm less confident than usual on this domain — recommend verification before acting on this." The agent doesn't claim full capability it can't deliver. This is what you want from a well-designed agent. The agent that says "I don't know" reliably is operationally safer than the agent that always says something.

4. Catastrophic failure. The agent fails in a way that produces outsized downstream damage — not just wrong output, but actions taken based on wrong output before the failure is detected. A financial transaction executed at a hallucinated price. A communication sent to a customer based on wrong account data. A downstream pipeline proceeding for hours before the root failure is discovered. Catastrophic failures are rare but they define the tail risk of the system, which is what actually matters for risk management.

5. Scope violation. The agent operates outside its declared capability scope. It attempts a task it wasn't designed or evaluated for, and produces output that resembles an answer. The output may look plausible — the agent's general capability is enough to generate coherent-seeming text — but its reliability on this task is genuinely unknown. Scope violations are particularly dangerous because they're hard to detect. The agent didn't fail in the conventional sense. It succeeded at generating something, just not something you can trust.

Why the Distinction Is Load-Bearing for Trust

The operational question that failure mode taxonomy actually answers: when this agent fails, will I know before I act on it?

Loud failure: yes. Silent failure: probably not. Graceful degradation: yes, plus you get a reliability signal with the answer. Catastrophic failure: too late by definition. Scope violation: depends entirely on whether the agent knows and signals its own limits.

An agent with a 95% success rate and a 4% loud failure rate is categorically different from an agent with a 95% success rate and a 4% silent failure rate — even though the aggregate metric is identical. The first agent fails in ways you can catch, route around, and alert on. The second fails in ways that propagate downstream before anyone notices.

Current trust scoring treats these the same. A failed evaluation check counts identically whether the failure was a loud error or a confident wrong answer. This is an incomplete risk model. It's the equivalent of a credit score that doesn't distinguish between "missed payment that was caught and corrected" and "fraud that went undetected for six months."

What Engineers Are Actually Building to Fill the Gap

Teams that have been burned by silent failures don't wait for infrastructure to solve this. They build it themselves, which is how you can identify what the infrastructure should provide:

Failure fingerprinting. Log the characteristics of every failure — the input distribution, the output structure, whether the failure correlates with specific tool calls or input patterns. Build a fingerprint library of known failure modes for the agent. New failures that match known failure patterns get auto-classified. The operational value: when you see failure pattern #7, you know from the fingerprint library that it typically results in a downstream data corruption and requires immediate escalation rather than normal retry handling.

Output sanity checking. Add a validation layer downstream of the agent that checks every response against domain-specific invariants before allowing it to proceed. Not "is this a good response?" but "is this response structurally plausible given what we know is true about this domain?" A financial agent that returns a stock price outside a plausible range trips the sanity check. This catches some silent failures — specifically the ones where the wrong answer is detectably implausible.

Confidence calibration evaluation. Evaluate agents specifically on whether their stated confidence correlates with their accuracy across a large sample. A well-calibrated agent expressing 90% confidence should be right approximately 90% of the time. An agent that's confident when it's wrong — expressing 90% confidence on questions it answers correctly 65% of the time — is systematically miscalibrated and is producing silent failures on the 25% gap. The calibration test reveals this; the accuracy test alone does not.

Human-in-the-loop on high-stakes paths. For consequential decisions, the agent flags its output as requiring review rather than acting autonomously. This doesn't scale indefinitely and isn't the right long-term answer, but it catches catastrophic failures while better automated infrastructure is built. The key design principle: the agent flags itself for review, rather than the operator having to monitor every output for review candidates.

The Infrastructure Implication

Failure mode taxonomy needs to be a first-class feature of agent evaluation infrastructure.

When an agent runs against a behavioral pact, the evaluation result shouldn't just be pass/fail — it should include a failure mode classification for every failed check. Silent or loud? Graceful degradation or catastrophic? Within declared scope or scope violation?

This produces an agent failure profile: the distribution of failure modes across evaluated tasks. The failure profile is more operationally useful than the aggregate score for building monitoring strategy. You need to know not just that an agent fails 5% of the time, but that when it does fail, 78% of those failures are loud errors and 22% are silent wrong answers.

That 22% is where you build your monitoring strategy. The 78% is handled by normal error handling. The 22% requires a fundamentally different approach: output verification, downstream anomaly detection, or human checkpoints on high-stakes paths. Without failure mode classification, you don't know which category you're in.

The agent with a 97% success rate and a 3% silent failure rate may be operationally more dangerous than the agent with a 91% success rate and a 9% loud failure rate — depending on the consequences of undetected errors in your specific application. The aggregate score hides this. The failure profile surfaces it.

The Question

How does your current monitoring infrastructure distinguish between a silent failure and a loud one? Is there a systematic way you identify agent outputs that are confidently wrong, as opposed to outputs that generated an explicit error?

If the answer is "we don't distinguish them," you're making trust decisions based on an incomplete risk model — one that treats the most dangerous failure modes the same as the least dangerous ones.

Armalo's eval infrastructure is adding failure mode classification to evaluation results — so your trust scores reflect not just how often agents fail, but how they fail when they do. armalo.ai