Context Gap (Security)
Agents faithfully follow explicit security rules but miss the broader implications — they log access correctly without flagging the unusual pattern a human expert would catch immediately.
Problem
Rule-following without implication-understanding misses the security signals that the rules were designed to surface. The agent logs the file access; it doesn't flag that the access happened at 3am from a new IP. The agent verifies permissions; it doesn't notice that the same user requested unusually many sensitive files this week. Rule-following without context is compliance-theater, not security.
Solution
Acknowledge the gap. Pair with: policy-as-code-gate (deterministic rule enforcement), policy-gated-agent-action (audit-trail tagging), human-in-the-loop (review for novel patterns), eval-harness (anomaly-detection metrics independent of rule compliance). Cite Paredes et al. 2021 (arXiv 2108.02006).
When to use
- Never as a stand-alone state. Cite when reviewing 'AI-powered security' deployments.
- Surface in security threat models that include agents.
- Use as the rationale for separate anomaly-detection independent of agent compliance.
Open the full interactive page →
Diagram, neighbourhood map, code examples, related patterns and full provenance.