BMAD-METHOD/research/deep-research-early-failure-detection-claude.md

Deep Research: Early Failure Detection in AI Agent Workflows

Research compiled December 2025

---

Executive Summary

This document synthesizes research from academic papers, industry frameworks, and adjacent fields to address early failure detection in multi-step LLM workflows. Key findings suggest that early detection is both feasible and economically justified, but requires a layered approach combining self-verification, external validators, formal methods, and strategic human escalation.

The most promising approaches include:

• Reflexion-style self-reflection with explicit memory of past failures
• Chain-of-Verification (CoVe) for fact-checking intermediate outputs
• Conformal prediction for uncertainty-aware decision-making
• Runtime monitors that observe state transitions against formal specifications
• Strategic human escalation based on confidence thresholds rather than hard failures

---

1. Early Failure Detection in Autonomous Systems

How Autonomous Systems Detect Mid-Execution Failures

Sensor Fault Detection Autonomous robots are equipped with sensors to sense the surrounding environment. The sensor readings are interpreted into beliefs upon which the robot decides how to act. Unfortunately, sensors are susceptible to faults that might lead to task failure. Detecting these faults and diagnosing their origin is critical and must be performed quickly online.

Source: Sensor fault detection and diagnosis for autonomous systems

The Autonomy Challenge The FDD (Fault Detection and Diagnosis) mechanism cannot rely on concurrent external observation of a human operator—it must rely on the robot's own sensory data to detect faults. These sensors carry uncertainty and might even be faulty themselves.

Source: Fault detection in autonomous robots

Sanity Check Patterns

Gradual Degradation Detection Many failures arise from gradual wear and tear with continued operation, which may be more challenging to detect than sudden step changes in performance. Systems must monitor for both sudden failures and gradual drift.

Source: Detecting and diagnosing faults in autonomous robot swarms

Self-Diagnosis Systems When robots work autonomously, self-diagnosis is required for reliable task execution. By dividing faulty conditions into multiple levels, behavior that copes with each level can be set to continue task execution. This tiered approach allows for graceful degradation.

Source: A system for self-diagnosis of an autonomous mobile robot

Bayesian Self-Verification Bayesian learning frameworks for runtime self-verification allow robots to autonomously evaluate and reconfigure themselves after both regular and singular events, using only imprecise and partial prior knowledge.

Source: Bayesian learning for the robust verification of autonomous robots

Trade-offs: Check Overhead vs. Failure Cost

Optimal Quality Level As prevention costs increase (signifying more testing), failure costs decrease. But beyond a point, the cost of prevention exceeds the cost of failure. This equilibrium point—where the cost of quality is minimum—is the optimal software quality level.

Source: What is the cost of software quality?

Evidence Strength: Moderate to Strong. Well-established in traditional software and robotics, but limited empirical data for LLM-specific workflows.

Application to LLM Workflows

Robotics Pattern	LLM Workflow Analog
Sensor redundancy	Multiple verification approaches (self-check + external judge)
Gradual drift detection	Confidence degradation tracking across steps
Multi-level fault classification	Severity tiers: recoverable, needs-help, fatal
Self-diagnosis + adaptive behavior	Reflexion-style retry with updated strategy

---

2. Self-Verification in AI/LLM Systems

Can LLMs Reliably Verify Their Own Work?

The Answer: Partially, with caveats

Research shows that self-verification improves performance but has fundamental limitations. The approach works better for:

• Factual verification (checkable facts)
• Reasoning verification (logical steps)
• Format/structure verification (objective criteria)

It works poorly for:

• Subjective quality assessment
• Novel or creative outputs
• Cases where the model "doesn't know what it doesn't know"

Key Frameworks

Reflexion (NeurIPS 2023)

Core Insight: Self-reflection is a vital aspect that allows autonomous agents to improve iteratively by refining past action decisions and correcting previous mistakes.

How it works:

1. Actor generates text/actions based on state
2. Evaluator scores the trajectory
3. Self-Reflection model generates verbal reinforcement cues
4. Memory stores reflections for future trials
5. Next trajectory incorporates lessons learned

Results: 97% success on AlfWorld tasks, 88% pass@1 on HumanEval (vs 67% for GPT-4 alone)

Source: Reflexion: Language Agents with Verbal Reinforcement Learning | GitHub

Evidence Strength: Strong. Published at NeurIPS 2023, reproducible results.

Chain-of-Verification (CoVe)

Core Insight: LLMs can deliberate on and self-verify their output to reduce hallucinations.

How it works:

1. Draft initial response
2. Plan verification questions to fact-check the draft
3. Answer questions independently (not biased by original response)
4. Generate final verified response

Key Finding: Open verification questions outperform yes/no questions. The model tends to agree with facts in yes/no format whether they are right or wrong.

Results: F1 score improvement of 23% (0.39 → 0.48) on list-based tasks.

Source: Chain-of-Verification Reduces Hallucination in Large Language Models

Evidence Strength: Strong. Published at ACL 2024, multiple task types.

Step-Level Self-Critique (SLSC-MCTS)

Core Insight: Self-critique at each step of a decision tree significantly improves agent performance and can generate training data for self-improvement.

Source: Empowering LLM Agent through Step-Level Self-Critique

Evidence Strength: Moderate. Recent (SIGIR 2025), promising but less replicated.

The "Grading Your Own Homework" Problem

Self-Enhancement Bias is Real Research found that GPT-4 favored itself with a 10% higher win rate while Claude-v1 favored itself with a 25% higher win rate when acting as evaluators.

Source: LLM Evaluators Recognize and Favor Their Own Generations

Verbosity Bias Both Claude-v1 and GPT-3.5 preferred the longer response more than 90% of the time, even when the longer version added no new information.

Source: Evaluating the Effectiveness of LLM-Evaluators

Separate Verifier Models

LLM-as-a-Judge Pattern Using a separate, typically stronger model to evaluate outputs. State-of-the-art LLMs can align with human judgment up to 85%—higher than human-to-human agreement (81%).

Why it works: "Evaluating an answer is often easier than generating one."

Best Practices:

• Randomize position of model outputs (reduces position bias)
• Provide few-shot examples to calibrate scoring
• Use multiple different models as judges
• Multiple-Evidence Calibration: generate rationale before scoring

Source: LLM-as-a-Judge: What It Is and How to Use It

Evidence Strength: Strong. Widely adopted in industry, extensive benchmarking.

Multi-Agent Debate

Core Finding: Multiple LLM instances proposing and debating responses over multiple rounds significantly enhances mathematical/strategic reasoning and reduces hallucinations.

Key Insight: Moderate, not maximal, disagreement achieves best performance by correcting but not polarizing agent stances. Extended debate depth does not always improve outcomes—additional rounds can entrench errors.

Heterogeneous agents work better: Deploying agents based on different foundation models yields substantially higher accuracy (91% vs 82% on GSM-8K with homogeneous agents).

Source: Improving Factuality and Reasoning through Multiagent Debate

Evidence Strength: Moderate. Promising but sensitive to hyperparameters, not consistently better than simpler approaches like self-consistency.

---

3. Feedback Loops and Error Propagation

How Errors Compound Downstream

The Propagation Problem "Small errors in early stages—such as misinterpreting context or selecting the wrong subgoal—can propagate through the pipeline and lead to final task failure."

Systemic Nature: All models exhibit remarkably similar patterns of error propagation across pipelines, suggesting that bottlenecks are systemic challenges inherent to the task itself rather than model-specific.

Source: Detecting Pipeline Failures through Fine-Grained Analysis of Web Agents

Silent Propagation Without validation within pipelines, erroneous data can silently propagate, causing model drift and unreliable analytics. Bad data may be found long after it's added, leading to low-quality datasets that feed models.

Source: Data Pipeline Architecture For AI

Optimal Placement of Quality Gates

Shift-Left Economics The cost of solving bugs in the testing stage is almost 7x cheaper compared to the production stage. Earlier detection translates to faster development cycles.

Source: Shift Left Testing Guide

Real-Time Validation Modern quality gate solutions prevent issues upstream by running checks in real time as data flows through pipelines, preventing invalid records before they contaminate downstream systems.

Source: Introducing Data Quality Gates

Multi-Stage Validation Pattern:

• At collection time: reject or flag malformed data immediately
• During pipeline processing: implement checks at transformation stages
• Bronze → Silver → Gold layers: check column-level values as records move through

Source: How to integrate data quality checks within data pipelines

Does "Shift-Left" Apply to AI Workflows?

Yes, with adaptations:

• Predictive analytics can examine past bug reports and code modifications to anticipate problems
• GenAI can generate comprehensive test cases by analyzing requirements and user stories early
• Historical data allows prediction of where defects are likely to occur

"Shift Everywhere" Evolution IBM notes an evolution beyond shift-left: incorporating security, monitoring, and testing into every phase—coding, building, deployment, and runtime.

Source: Beyond Shift Left: How "Shifting Everywhere" Can Improve DevOps

Evidence Strength: Strong for general principle. Empirical data specifically for LLM pipelines is emerging but limited.

Application to LLM Workflows

Recommended Gate Placement:

1. Input validation - Before step 1: Are inputs well-formed and sufficient?
2. Early sanity checks - After steps 1-2: Is the agent on the right track?
3. Mid-pipeline verification - After major transformations: Do outputs match expectations?
4. Pre-output validation - Before final delivery: Does it meet acceptance criteria?

Cost Model Insight: The optimal number of gates depends on:

• Cost of a check (latency, tokens, potential false positives)
• Cost of late failure (rework, user impact, downstream corruption)
• Probability of failure at each stage

---

4. Design by Contract for AI Agents

Has Anyone Applied This to LLM Workflows?

Yes: Agent Contracts Framework

Relari's Agent Contracts is a structured framework for defining, verifying, and certifying AI systems. It defines:

• Preconditions: Conditions that must be met before the agent is executed
• Pathconditions: Conditions on the process the agent must follow
• Postconditions: Conditions that must hold after execution

Source: Agent Contracts: A Better Way to Evaluate AI Agent Performance

Two Levels of Contracts:

1. Module-Level: Expected input-output relationships, preconditions, postconditions of individual agent actions
2. Trace-Level: Expected sequence of actions—mapping the agent's complete journey from start to finish

Objective Criteria for Subjective Outputs

Challenge: Many AI outputs are subjective. How do you define "good enough"?

Approaches:

1. Factual correctness - Verifiable claims match ground truth
2. Structural compliance - Output follows required format/schema
3. Consistency checks - No internal contradictions
4. Boundary conditions - Output within acceptable ranges
5. Process compliance - Agent followed required steps (pathconditions)

Handling "I'm Not Sure If This Succeeded"

Formal Verification + Runtime Monitoring (VeriGuard)

A dual-stage architecture:

1. Offline stage: Clarify user intent → synthesize behavioral policy → formal verification
2. Online stage: Runtime monitor validates each proposed action against pre-verified policy

Source: VeriGuard: Enhancing LLM Agent Safety

AgentGuard: Probabilistic Assurance

Instead of binary pass/fail, AgentGuard provides Dynamic Probabilistic Assurance—continuous, quantitative confidence in agent behavior.

Source: AgentGuard: Runtime Verification of AI Agents

Formal-LLM: Grammar-Constrained Planning

Specify planning constraints as a Context-Free Grammar (CFG), translated into a Pushdown Automaton (PDA). The agent is supervised by this PDA during plan generation, verifying structural validity of output.

Source: AgentGuard paper, referencing Formal-LLM framework

Evidence Strength

Approach	Evidence Level	Practical Maturity
Agent Contracts	Moderate	Production-ready framework
VeriGuard	Weak-Moderate	Research prototype (Oct 2025)
AgentGuard	Weak-Moderate	Research prototype (Sep 2025)
Formal-LLM	Moderate	Research with implementations

---

5. Human-AI Collaboration Patterns

When Should an Agent Escalate to Human Oversight?

Taxonomy of Escalation Triggers:

1. Confidence-based: When prediction confidence falls below threshold
2. Ambiguity-detected: When input or situation is ambiguous
3. High-stakes decision: When consequences of error are severe
4. Policy violation risk: When proposed action may violate constraints
5. Novel situation: When outside training distribution

Source: Classifying human-AI agent interaction

The KnowNo Framework (Princeton/Google DeepMind) Uses conformal prediction to help robots recognize when they're uncertain. The system can decide when it is safe to act independently and when to involve humans.

Source: CAMEL: Human-in-the-Loop AI Integration

What Triggers Should Cause an Agent to Stop and Ask?

Recommended Trigger Framework:

Trigger Type	Example	Action
Low confidence	Uncertainty > threshold	Ask for clarification
Conflicting signals	Multiple interpretations possible	Present options
Irreversible action	Delete, deploy, publish	Require confirmation
Resource concern	About to exceed budget/time	Warn and await approval
Error detected	Self-verification failed	Report and await guidance
Deadlock	Multiple attempts failed	Escalate

Minimizing Human Interruption While Maintaining Quality

From Hard Escalation to Soft Consultation

Traditional model: Escalate to humans whenever AI fails Better model: AI consults humans and continues working on its own

"The AI agent must be capable of working independently to resolve issues, and it has to be able to ask a human coworker for the help it needs."

Source: Is the human in the loop a value driver?

Three-Dimensional Boundaries Framework:

1. Operational: What actions can the agent take autonomously?
2. Ethical: What considerations must inform decisions?
3. Decisional: What decisions require human approval?

Source: Pattern Library of Agent Workflows

Evidence Strength: Moderate. Framework-level guidance is well-established; empirical optimization of thresholds is domain-specific.

---

6. Approximating Intuition

Can "Gut Feel" Be Approximated?

Uncertainty Quantification (UQ) for LLMs

UQ enhances reliability by estimating confidence in outputs, enabling risk mitigation and selective prediction. However, confidence scores provided by LLMs are generally miscalibrated.

Source: A Survey on Uncertainty Quantification of LLMs

Why Traditional Methods Struggle:

• LLMs introduce unique uncertainty sources: input ambiguity, reasoning path divergence, decoding stochasticity
• Computational constraints prevent ensemble methods
• Decoding inconsistencies across runs

Approaches to Confidence Estimation

1. Logit-Based Methods Evaluate sentence-level uncertainty using token-level probabilities or entropy.

2. Self-Verbalized Uncertainty Harness LLMs' reasoning capabilities to express confidence through natural language.

3. Black-Box Methods Compute similarity matrix of sampled responses and derive confidence estimates via graph analysis.

4. Supervised Approaches Train on labeled datasets to estimate uncertainty. Hidden neurons of LLMs may contain uncertainty information that can be extracted.

Source: Uncertainty Estimation for LLMs: A Simple Supervised Approach

Conformal Prediction: Formal Guarantees

Core Insight: Conformal prediction provides rigorous, model-agnostic uncertainty sets with formal coverage guarantees—the true value will fall within the set with controlled probability.

Key Applications:

• Selective prediction: Flag low-confidence outputs for human review
• SafePath: Filters out high-risk trajectories while guaranteeing at least one safe option with user-defined probability
• LLM-as-a-Judge: Output prediction intervals instead of point estimates

Results: SafePath reduces planning uncertainty by 77% and collision rates by up to 70%.

Source: Conformal Prediction for NLP: A Survey

Open Research Questions

Mechanistic Interpretability Connection Certain neural activation patterns might be associated with uncertainty. Identifying specific intermediate activations relevant for uncertainty quantification remains an open challenge.

Source: ACM Computing Surveys on UQ

Evidence Strength: Moderate to Strong for conformal prediction (formal guarantees). Weak to Moderate for interpretability-based approaches (active research area).

---

Cross-Cutting Themes

Pattern: Layered Verification

The most robust approaches combine multiple verification layers:

┌─────────────────────────────────────────────────────┐
│ Layer 4: Human Oversight                            │
│   Triggered by: confidence thresholds, novel cases  │
├─────────────────────────────────────────────────────┤
│ Layer 3: External Validator                         │
│   Separate judge model, formal verification         │
├─────────────────────────────────────────────────────┤
│ Layer 2: Structured Self-Verification               │
│   CoVe, Reflexion, multi-agent debate               │
├─────────────────────────────────────────────────────┤
│ Layer 1: Basic Assertions                           │
│   Schema validation, format checks, invariants      │
└─────────────────────────────────────────────────────┘

Pattern: Progressive Trust

1. New workflows: High human oversight, many checkpoints
2. Proven workflows: Reduce checkpoints, spot-check
3. Mature workflows: Statistical sampling, anomaly detection

Anti-Pattern: All-or-Nothing Verification

Avoid binary thinking ("verified" vs "unverified"). Instead, track confidence as a continuous signal that degrades over steps.

---

Practical Implementation Recommendations

Minimum Viable Verification (Start Here)

1. Input validation: Ensure required context is present
2. Output schema validation: Structured output matches expected format
3. Self-critique prompt: "Before proceeding, identify potential issues with this output"
4. Confidence elicitation: "Rate your confidence 1-10 and explain"
5. Human checkpoint: At least one point where human reviews before commitment

Intermediate Verification

Add:

• CoVe-style fact-checking for factual claims
• LLM-as-a-judge for subjective quality
• Reflexion-style memory across workflow runs
• Conformal prediction for uncertainty bounds

Advanced Verification

Add:

• Formal specifications with runtime monitors (AgentGuard, VeriGuard)
• Multi-agent debate for critical decisions
• Automated escalation based on calibrated thresholds
• Process mining to detect drift from expected patterns

---

Gaps and Limitations

What We Don't Know

1. Optimal gate placement: No empirical formula for LLM workflows specifically
2. Calibration across domains: Confidence estimates don't transfer well
3. Cost of verification: Limited data on token/latency overhead vs. benefit
4. Compound verification: How multiple checks interact (additive? diminishing returns?)
5. Subjective quality: No reliable automated assessment for creative/novel outputs

Methodological Caveats

• Most research is on single-step tasks; multi-step workflow research is nascent
• Lab benchmarks may not reflect production complexity
• Fast-moving field—2024-2025 papers may be superseded quickly
• Many frameworks are research prototypes, not production-hardened

---

Key Resources

Academic Papers

• Reflexion (NeurIPS 2023) - Self-reflection with memory
• Chain-of-Verification (ACL 2024) - Structured fact-checking
• Survey on LLM Autonomous Agents - Comprehensive overview
• Conformal Prediction for NLP - Uncertainty bounds

Frameworks & Tools

• Agent Contracts - Design by contract for AI
• LM-Polygraph - UQ benchmarking
• Awesome-LLM-Uncertainty - Curated paper list

Industry Guides

• LLM-as-a-Judge Guide - Practical implementation
• ICLR 2024 Workshop on LLM Agents - Latest research
• KDD 2025 Tutorial on UQ - Uncertainty quantification

---

Verification Checklist

• All 6 research questions addressed
• Each finding includes source/citation
• Evidence strength assessed
• Gaps and limitations explicitly flagged
• Output is valid Markdown, ready to save as .md file

---

Research compiled from web search of academic papers, industry blogs, and framework documentation. December 2025.