The Next Catastrophe
The Next Catastrophe: Reducing Our Vulnerabilities to Natural, Industrial, and Terrorist Disasters (Princeton, 2007) extended Perrow's framework beyond the reactor and the refinery to the electrical grid, the chemical plant network, the financial system, and the urban concentration that had made modern civilization exquisitely vulnerable to cascading failure. The book's central argument was structural: procedural safety interventions degrade under pressure and therefore cannot be the primary line of defense. What can defend a system is architecture — modularity that contains failures by design, decentralization that prevents single points of catastrophic dependency, and distribution that denies any individual failure the capacity to propagate system-wide.
In the AI Story
The Next Catastrophe marked Perrow's sharpest turn toward prescriptive work. Normal Accidents had been diagnostic; The Next Catastrophe proposed remedies. The remedies were not procedural: not better training, not tighter regulations, not more sophisticated management. The remedies were architectural: make systems smaller, more modular, less concentrated, less dependent on a few critical nodes whose failure would cascade everywhere at once.
The book anticipated the 2008 financial crisis with remarkable precision. Perrow identified the concentration of financial activity in a small number of institutions, the tight coupling of derivative instruments, and the interactive complexity of the regulatory environment as a classic normal accident architecture. The crisis a year later vindicated the analysis at catastrophic cost.
For AI safety, the book's prescriptions apply directly. The current AI infrastructure concentrates enormous capability in a handful of companies running a small number of frontier models through tightly coupled deployment pipelines. The modularity and decentralization Perrow advocated are structurally absent from the AI industry's current configuration. The LessWrong community's 2025 analysis of AI systems through Perrow's framework proposed Just-In-Time Assembly — temporary assembly of AI capabilities for specific tasks, disassembly afterward — as a direct application of Perrow's later prescriptions.
The competitive dynamics of the AI industry push systematically against the architectural changes Perrow's framework recommends. Modularity is slower than integration. Decentralization is less efficient than concentration. Just-in-time assembly requires overhead that monolithic systems avoid. The market rewards the architectural choices that maximize normal accident probability, and the governance structures required to override market incentives have not been built.
Origin
Published in 2007, fifteen years before ChatGPT and three years before the financial crisis that vindicated its analysis, the book represents Perrow's mature prescriptive voice — less famous than Normal Accidents but arguably more useful for organizations trying to make conscious architectural choices.
Key Ideas
Structural over procedural. Architectural changes — modularity, decentralization — outperform procedural fixes like better training or tighter management.
Concentration as vulnerability. The concentration of critical infrastructure in few hands creates systemic risk that no operator competence can offset.
Cascading failure. Tightly coupled critical infrastructure transmits localized failures into system-wide catastrophe at speeds exceeding human response.
Financial anticipation. Published before the 2008 crisis, the book's financial analysis proved diagnostically accurate.
Just-in-time assembly. Later AI safety researchers extracted this principle as a prescription for temporary, modular AI capability deployment.
Appears in the Orange Pill Cycle
Further reading
- Charles Perrow, The Next Catastrophe (Princeton University Press, 2007)
- LessWrong AI safety community, analyses of Perrow applied to AI systems (2025)
- Charles Perrow, "Disasters Ever More?" (The Montréal Review, 2011)