You On AI Field Guide · Redundancy Principle The You On AI Field Guide Home
Txt Low Med High
CONCEPT

Redundancy Principle

The safety-engineering doctrine — central to Perrow's framework — that systems operating in the dangerous quadrant require diverse independent backups, and that the defense against common-mode failure is independence, not duplication.
Redundancy is the primary defense against the unanticipated failure modes that interactive complexity produces. If you cannot predict which specific failures will occur, you must build a system capable of absorbing many possible failures through backup capacity that can substitute for failed components. The critical qualifier is diverse: redundant systems that share the same vulnerability provide no real protection against that vulnerability. Two backup generators in the same basement flood together. Two AI tools trained on the same data produce correlated errors. The redundancy that matters is redundancy whose components do not share common modes — different training sets, different architectures, different vendors, different cognitive lineages.
Redundancy Principle
Redundancy Principle

In The You On AI Field Guide

Segal's decision in You On AI to maintain his engineering team at full size despite the twenty-fold productivity multiplier is, in Perrow's framework, a redundancy preservation decision. Whether Segal recognizes it or not, keeping more independent minds in the system than strict efficiency requires is the structural defense against the common-mode failures that consolidated AI-augmented generalists produce. The framing matters: he describes the choice as a human-values commitment, which it is, but it is simultaneously a safety-engineering choice whose rationale Perrow's framework makes explicit.

The AI industry's current structure violates the redundancy principle at multiple scales. A handful of frontier models trained on overlapping data sets provide the capability infrastructure for most AI applications. The redundancy between these models is cosmetic; their shared training corpus, shared architectural family (transformers), and shared fine-tuning approaches guarantee correlated failure modes. An organization that uses GPT-4 as primary and Claude as backup has not achieved diverse redundancy; it has achieved the illusion of it.

Common-Mode Failure
Common-Mode Failure

Genuine redundancy in AI systems would require architectural diversity: different model families, different training approaches, different data sources, different teams making different assumptions. The industry is moving in the opposite direction — consolidation around fewer architectures, concentration in fewer companies, standardization of approaches that share vulnerabilities. The redundancy principle predicts that the next major AI failure will propagate across systems that appear independent but share the common modes the industry has accidentally engineered.

At the organizational level, the redundancy principle argues against the efficiency arithmetic of the twenty-fold multiplier. If five people can produce the output of one hundred, the efficiency logic says fire ninety-five. The redundancy logic says keep the team size because the ninety-five represent diverse independent cognitive architectures whose perspectives provide the common-mode defense that efficiency alone would eliminate. The choice is not between waste and efficiency but between short-term productivity and long-term reliability.

Origin

Redundancy is a classical safety-engineering principle dating to early nuclear and aerospace design. Perrow's contribution was to insist on its diversity requirement — that duplicated systems sharing vulnerabilities provide cosmetic rather than real redundancy. His framework is now standard in safety analysis across industries.

Key Ideas

Diversity over duplication. Redundant systems must not share the vulnerabilities they are designed to defend against.

Normal Accidents
Normal Accidents

Independence is the defense. Common-mode failure defeats redundancy that lacks genuine independence.

Cognitive redundancy. Multiple independent minds with different training provide epistemic diversity that AI-augmented generalists cannot.

Industry concentration as vulnerability. The current AI industry's architectural homogeneity violates the diversity requirement at scale.

Cost of redundancy. Real redundancy is expensive; efficiency metrics will always argue against it; institutional discipline is required to preserve it.

Related Entries

Adjacent concepts in the You On AI Field Guide
Common-Mode Failure
Normal Accidents
The Twenty-Fold Failure Multiplier
Modularity Principle
High Reliability Organizations
Trivandrum Training

Further Reading

  1. Nancy Leveson, Engineering a Safer World (MIT Press, 2011)
  2. Charles Perrow, Normal Accidents, Chapter 4 (Basic Books, 1984)
  3. Scott Sagan, "The Problem of Redundancy Problem" (Risk Analysis, 2004)
Explore more
Browse the full You On AI Field Guide — over 8,500 entries
← Home 0%
CONCEPT Book →