The first question I ask on every project is the same: "What's the worst realistic outcome if this system gets it wrong?"
Not the catastrophic, movie-plot scenario. The realistic one. The one that could actually happen to a real person on a Tuesday afternoon.
For VZYN Labs — a marketing automation platform — the worst realistic outcome was wasted time. A bad email campaign. A report with wrong numbers that gets caught in review. Embarrassing, maybe expensive, but nobody gets hurt. That's Tier 2.
For Edifica — a building management system that handles governance for Colombian residential properties — the worst realistic outcome was a legal violation. A missed quorum notification for a property owners' assembly. A financial report that doesn't comply with Ley 675. The administrator gets sued. The building faces regulatory action. That's Tier 3, pushing into Tier 4.
For the Ecomm Knowledge Operating System — a call center tool that handles prescription medication referrals — the worst realistic outcome was a wrong answer about drug interactions. A customer service representative, guided by the AI, gives incorrect advice about combining medications. Someone gets hurt. That's Tier 4. Unambiguously.
And then there was Regasificadora del Pacífico. A $42 million LNG regasification operation on Colombia's Pacific coast. International tankers bringing liquefied natural gas into Buenaventura Bay. Cryogenic containers on barges. A pipeline feeding gas to thermal plants across southwestern Colombia. A five-year contract with Ecopetrol.
I didn't need to finish the question. I realized the answer before I asked it. This is Tier 4. Everything about this project — the scale, the materials, the regulatory environment, the physical infrastructure — carries the risk of irreversible harm. Every AI system touching this operation would need the highest level of specification, the most rigorous testing, and mandatory human oversight at every decision point.
The trust tier is set once, at intake, and it governs everything downstream. It's the single most important classification in the entire methodology.
I'll admit the distinction feels obvious in retrospect. But I've watched it get missed — repeatedly, consequentially — by teams who are genuinely thoughtful about what they're shipping.
A company builds an HR chatbot. It answers questions about benefits, time off, performance review schedules. Tier 1 or Tier 2, they figure — it's just answering FAQ questions. Then the chatbot starts answering questions about termination procedures. About what happens to benefits during a layoff. About whether someone's performance rating can be appealed. Each of those answers carries legal implications. The chatbot is now affecting employment decisions. The worst realistic outcome is no longer "wasted time" — it's a wrongful termination lawsuit where the company's own AI gave contradictory guidance to the employee.
Nobody classified it as Tier 3. Nobody asked the tier question. And the system's tier wasn't set by what the team intended. It was set by what the users actually asked.
Why Tiers Exist
The instinct in software development is to treat every project the same way. Same process, same tools, same rigor. Agile doesn't distinguish between a todo app and a medical device. Scrum doesn't care if your sprint is building a marketing dashboard or a flight control system.
That was fine when the bottleneck was implementation itself. A human team naturally calibrates its effort to the stakes — a senior developer reviewing a healthcare feature applies more scrutiny than the same developer reviewing a CSS change. The calibration happens implicitly, through professional judgment and organizational culture.
AI agents don't have professional judgment. They don't know that a wrong medication referral is worse than a wrong email subject line. They apply the same diligence to everything — which means they apply insufficient diligence to high-stakes tasks and excessive diligence to low-stakes ones. The calibration that humans do naturally must be made explicit for agents.
Trust tiers are that calibration.
Tiers don't describe the system's capability. They describe the system's consequences. A Tier 4 system isn't more complex than a Tier 1 system (though it often is). It's more dangerous when wrong. And that danger determines how much specification, testing, oversight, and evaluation the system requires — not just at deployment, but for its entire lifecycle.
The Four Tiers
Tier 1 — Deterministic
Worst outcome: Annoyance. A retry. A minor inconvenience.
Examples: Internal dev tools, content drafting assistants, personal productivity scripts, data formatting utilities.
What this means in practice: Minimum spec depth (the eight sections at basic coverage). Seven behavioral scenarios with no stress variations. Progressive autonomy at full auto — the system runs without human oversight. No continuous evaluation flywheel needed.
Tier 1 is where you experiment. It's where you learn the methodology on a stack that can't hurt anyone. If the agent makes a wrong assumption about how to format a CSV, you fix it and move on.
Tier 2 — Constrained
Worst outcome: Wasted time, wasted resources, wasted money.
Examples: Marketing automation, data processing pipelines, internal reporting tools, CRM workflows.
What this means in practice: Standard spec depth. Seven scenarios with two stress variations each. Intent contracts recommended but not required. The system runs with logging — full auto, but every action is recorded for review. Ten percent sampling in the continuous evaluation flywheel.
VZYN Labs is Tier 2. If the marketing agent generates a bad blog post, a human catches it in review. If the analytics agent misreads a campaign metric, the quarterly report is wrong — but it's wrong in a way that costs money, not lives. The stakes are real but recoverable.
Tier 3 — Open
Worst outcome: Financial or reputational damage. Legal exposure.
Examples: Customer-facing agents, financial tools, hiring systems, compliance platforms, governance software.
What this means in practice: Full spec depth. Seven scenarios with three variations each. Intent contracts required. The system runs under human oversight — a person reviews decisions before they're executed. Twenty-five percent sampling in the flywheel. Factorial stress testing before every deployment and quarterly thereafter.
Edifica lives at the boundary of Tier 3 and Tier 4. Building management under Colombian law involves governance decisions — assembly convocations, quorum calculations, financial transparency reports — where errors have legal consequences. The system doesn't handle money directly (it's a repository, not an accounting system), which keeps it from being purely Tier 4. But the governance obligations push it higher than a standard business tool.
This is a common pattern: most interesting systems sit between tiers. When in doubt, tier up. Building Tier 3 rigor for a system that turns out to need Tier 2 wastes some effort. Building Tier 2 rigor for a system that needed Tier 3 creates legal exposure. The cost of over-classifying is time. The cost of under-classifying is consequences.
Tier 4 — High-Stakes
Worst outcome: Legal, safety, or irreversible harm. Someone gets hurt. Someone dies. A regulation is violated in a way that can't be undone.
Examples: Healthcare triage, safety-critical operations, compliance for regulated industries, financial trading, pharmaceutical systems.
What this means in practice: Maximum spec depth. Seven scenarios with five or more stress variations each. Intent contracts required with domain expert review. The system runs under mandatory human oversight — a human approves every consequential action. One hundred percent coverage in the continuous evaluation flywheel. Factorial stress testing before every deployment and on every change. Domain expert sign-off at spec, intent, test, and deployment gates.
Tier 4 means human review is mandatory. Forever. Not until the system "proves itself." Not until the model improves. Forever. This is not a limitation — it's the design. Some decisions are too consequential to delegate fully, no matter how good the technology gets.
The Ecomm Knowledge Operating System is Tier 4 because one wrong answer about a prescription medication referral could harm a patient. The Regasificadora project is Tier 4 because LNG operations carry physical safety risks at every stage — from tanker to pipeline. In both cases, the AI assists human decision-making. It does not replace it.
The Tier Nobody Wants to Build
Nobody wants to ship a Tier 4 system. When I explain the requirements — mandatory human oversight at every consequential decision, full-coverage evaluation, domain expert sign-off at spec, intent, test, and deployment gates — I watch the same expression cross people's faces. It looks like the expression someone makes when a renovation project turns out to cost three times the budget.
This is understandable. Tier 4 is slow. It's expensive. It means accepting that the AI will never work independently on the things that matter most. Every executive wants the fully autonomous system — the one that makes the hard decisions so humans don't have to. Tier 4 systems don't do that.
Here's what Tier 4 systems actually do: they work. Reliably. In niches where unreliable is unacceptable.
The Ecomm Knowledge Operating System will never return a medication guidance answer without routing through a human pharmacist review pathway. That's not a limitation of the technology. That's the design. The pharmacist isn't there because the AI can't find the right answer most of the time. The pharmacist is there because "most of the time" is not an acceptable standard when a patient's health is at stake. The AI makes the pharmacist more efficient — surfacing the right SOP, flagging edge cases, presenting the clinical context — but the pharmacist makes the decision.
For Regasificadora, the same principle holds at a different scale. The AI assists operational planning, manual research, and cross-referencing. Every recommendation that touches physical safety procedures — pressure tolerances, cryogenic handling protocols, emergency shutoff sequences — is reviewed by a qualified engineer before it influences any action. The AI compresses weeks of research into hours. The engineer validates before anything moves.
Tier 4 doesn't diminish the AI's value. It positions it correctly. Retrieval, synthesis, presentation — those are AI roles. Judgment, accountability, the irreversible decision — those are human roles. The architecture makes that split explicit, which is why it works.
Stuart Russell calls this the correct design: an uncertain agent, deferring to human judgment at consequential moments, is fundamentally safer than a confident agent that happens to be right 99% of the time. For a system that processes a million interactions, 1% wrong is ten thousand wrong answers. If wrong means a patient received incorrect medication guidance, ten thousand is not acceptable. The Tier 4 constraint isn't a concession to the technology's limitations. It's the honest engineering response to the math.
Why Models Hallucinate (And What Tiers Do About It)
The H-Neuron research stopped me cold.
Researchers discovered that less than 0.1% of neurons inside large language models are associated with hallucinations — "H-Neurons," causally linked to one specific behavior: over-compliance.1 The model wants to be helpful. It would rather fabricate a plausible answer than say "I don't know." This isn't a bug in the training — it's a layer of the training. Models are rewarded for being helpful. Saying "I don't know" is unhelpful. So they learn to avoid it.
This matters for trust tiers because over-compliance scales with stakes. A Tier 1 content drafting tool that fabricates a metaphor is being creative. A Tier 4 medical triage agent that fabricates a drug interaction is being dangerous. The behavior is the same — the model generating plausible content instead of admitting uncertainty — but the consequences are wildly different.
Trust tiers address this by scaling the verification architecture:
- Tier 1: Let it hallucinate. A human will catch it, or it doesn't matter.
- Tier 2: Log everything. Sample 10% for quality. Catch systematic drift before it compounds.
- Tier 3: Verify all outputs against deterministic rules. A human reviews before consequential actions execute.
- Tier 4: Verify everything. Human reviews everything. Domain expert reviews high-impact decisions. The system is never autonomous — it's always advisory.
Consider what this looks like in practice. A call center agent asks the knowledge base: "Can a customer take ibuprofen with their prescribed warfarin?" The answer is nuanced — warfarin is a blood thinner, ibuprofen increases bleeding risk, the interaction is clinically significant and depends on the patient's INR levels and other medications. A system without Tier 4 safeguards produces a plausible answer: something about checking with a healthcare provider, something about bleeding risk. It sounds responsible. It may be directionally correct. But it isn't verified, it isn't traceable to a source, and it could be confidently wrong in a way that harms someone.
The H-Neuron research tells us why this happens: the model doesn't experience the stakes. It doesn't know that this answer, unlike an answer about a refund policy, could affect whether a patient bleeds. The model produces a plausible, helpful response in both cases. For the refund policy question, that's fine. For the drug interaction, it isn't.
This is the exact case we designed around for the Ecomm KOS. The call center representative, reading a confident AI response about a drug interaction, might not know to doubt it. The human oversight at Tier 4 isn't there to check whether the AI can answer the question. It's there to ensure the answer carries accountability — that a qualified person has verified it before it guides action.
The philosopher Luciano Floridi calls this the "veridicality thesis"2 — information must be true to count as information. If a model generates something false but plausible, it hasn't produced information. It's produced noise that looks like signal. Trust tiers are the architecture that determines how much verification you need to distinguish signal from noise.
The Classification Conversation
I've run the tier classification conversation on over a dozen projects, and it's always the same pattern.
The question is: "What's the worst realistic outcome if this system gets it wrong?"
The first answer is almost always optimistic. Not dishonest — the person genuinely believes it. "We're just automating a process that's already manual, so if the AI gets it wrong, a human is already in the loop to catch it." That sounds like Tier 1. But then I ask the follow-up question: "Is the human actually reviewing every output, or are they trusting the AI to have done it right?"
The silence that follows is diagnostic. If the human is always reviewing, the system's tier is determined by what happens when the human makes a mistake in review — which is usually Tier 2. If the human is reviewing sometimes, or reviewing summaries rather than underlying outputs, or only reviewing when something looks suspicious — the system is operating without the human oversight that was assumed. The tier is set by the actual oversight, not the intended oversight.
This distinction matters because the tier classification isn't just an engineering decision — it's a risk acknowledgment. When you classify a system at Tier 4, you're saying: "The worst realistic outcome here is serious enough that we will invest in full coverage evaluation, mandatory human oversight at every consequential decision, and domain expert sign-off before every deployment." That investment is significant. Most teams resist it. But that resistance should prompt a different question: if you're not willing to invest in Tier 4 rigor, are you willing to operate a Tier 4 system?
The answer to that question is always the same: the tier classification doesn't change the system's risk. It changes whether the organization is positioned to manage that risk. Running a Tier 4 system at Tier 2 rigor doesn't make the system Tier 2. It makes the organization exposed.
Uncertainty as a Feature
Stuart Russell, the AI researcher who literally wrote the textbook on artificial intelligence,3 makes an argument that changed how I think about trust design: an uncertain agent is a safer agent.
Most AI systems are designed to be confident. They produce answers, not probabilities. They make decisions, not suggestions. Russell argues this is backwards. A machine that is certain about human preferences will optimize aggressively for what it believes those preferences are — even when it's wrong. A machine that is uncertain about human preferences will defer, ask questions, accept correction, and — critically — accept being shut down.
Russell calls this the King Midas problem. Midas asked for everything he touched to turn to gold. He got exactly what he asked for. And it destroyed him — because what he asked for wasn't what he actually wanted. AI systems that optimize exactly what you specify, rather than what you mean, are King Midas machines. They succeed at the wrong thing.
In Dark Factory, this principle becomes progressive autonomy — the idea that a system's independence scales inversely with its stakes. Tier 1 systems run at full autonomy because the consequences of wrong assumptions are trivial. Tier 4 systems run at minimal autonomy — every consequential decision is reviewed by a human — because the consequences of wrong assumptions are irreversible.
This isn't cautious design. It's the engineering expression of a mathematical insight: uncertainty is a safety mechanism. When you force a system to be uncertain — to defer to human judgment at high-stakes moments — you make it fundamentally safer than a confident system that happens to be right most of the time.
"Most of the time" is not good enough when someone's health, safety, or legal standing is at stake.
The Scaling Table
Trust tiers scale everything in the pipeline. Here's what changes at each level:
| Element | Tier 1 | Tier 2 | Tier 3 | Tier 4 |
|---|---|---|---|---|
| Behavioral scenarios | 7 minimum | 7 + 2 variations | 7 + 3 variations | 7 + 5 variations |
| Intent contract | Optional | Recommended | Required | Required + domain expert |
| Stress testing | None | Structural edges | Social + framing + structural | All categories + reasoning alignment |
| Validation | Optional | Key outputs | All outputs | All outputs + dual-check |
| Progressive autonomy | Full auto | Auto + logging | Human oversight | Human mandatory |
| Continuous evaluation | Not needed | 10% sampling | 25% sampling | Full coverage + audit |
| Human sign-off | Deploy only | Spec + deploy | Spec + intent + test + deploy | Spec + intent + test + domain expert + deploy |
Read the table left to right and you see the cost of rigor increasing. Read it top to bottom and you see every dimension of the pipeline being governed by the same classification. That's the point — the tier is set once, and it cascades.
A common mistake is to classify the system instead of the consequence. Teams think: "Our chatbot is simple, so it's Tier 1." But if that chatbot faces customers and gives wrong information about refund policies, the consequence is reputational damage and potential legal exposure. That's Tier 3, regardless of how simple the chatbot's architecture is.
The tier isn't about what the system is. It's about what happens when it's wrong.
Four Projects, Four Tiers
I didn't choose the trust tier model because it's theoretically elegant. I chose it because I needed it — four concurrent projects, each refusing to be managed with the same rigor.
VZYN Labs (Tier 2) — Marketing automation for agencies. If the agent generates a bad social media post, someone reviews it, fixes it, and publishes the corrected version. The worst realistic outcome is a wasted hour and some embarrassment. I ship fast here. I experiment. I let the agent take risks.
Edifica (Tier 3-4) — Building management under Ley 675. If the system miscalculates a quorum or sends a convocatoria notice with the wrong deadline, the property owners' assembly is legally invalid. I spec every governance workflow in detail. I require intent contracts that define what happens when resident privacy conflicts with administrative transparency (transparency wins — the law says so). A human reviews every governance action before it executes.
Ecomm KOS (Tier 4) — Call center knowledge base for prescription medication. If a customer service representative follows the AI's guidance and gives wrong information about a drug interaction, a patient could be harmed. I chose a structured database approach (Postgres + pgvector) over a RAG system specifically because the domain requires precision, not creativity. Every answer is traceable to a source SOP. Human review is mandatory on every medical-adjacent response. This system will never be fully autonomous.
Regasificadora (Tier 4) — LNG infrastructure. I don't need to explain why AI systems advising on cryogenic gas transport, pipeline operations, and Ecopetrol compliance are Tier 4. The conversation about the trust tier took less than five minutes. The rest of our time went into what that tier classification means for every downstream decision — specification depth, testing rigor, deployment gates, audit requirements.
The trust tier didn't slow these projects down. It focused them. When you know the tier, you know how much spec to write, how many scenarios to test, how much human oversight to build in, and when to deploy. You stop asking "is this good enough?" and start asking "does this meet the tier requirements?" The answer is verifiable, not subjective.
Getting the Tier Wrong
The most common classification mistake is what I call the capability fallacy: classifying by what the system can do rather than what happens when it does it wrong.
Teams look at a system and say "this is just a chatbot — it's simple technology, Tier 1." They're not wrong about the technology. They're wrong about the tier. The tier belongs to the consequence, not the complexity.
A simple rule-based chatbot handling insurance claims is not Tier 1. A sophisticated multi-agent system drafting marketing emails is not Tier 4. The architectural complexity is irrelevant. What determines the tier is the realistic harm when the output is wrong.
I've watched this mistake play out — expensively. A legal tech team built a contract review tool — fast, accurate, strong demos. They classified it Tier 2: "it's just a review tool, humans still make the final call." Then a lawyer used the tool's analysis without reading the underlying contract. The tool missed a material change to indemnity terms in an acquisition agreement. The client closed the deal. The liability was significant.
The correct question was always the tier question: "What's the worst realistic outcome if this system gets it wrong?" For a contract review tool, the worst realistic outcome is material financial liability from missed terms. That's Tier 3, minimum. Tier 3 requires human review before consequential action — which in this case would have meant a lawyer reading the contract, not trusting the summary. The tier doesn't imply distrust of the AI. It implies that a qualified person carries accountability for the output, which changes how carefully they engage with it.
There's a heuristic I use when a team is uncertain about classification: if you'd hesitate to tell a customer "our AI made this decision," the system is probably classified too low.
A wrong email subject line? Nobody hesitates. A wrong drug interaction? That's Tier 4. A wrong interpretation of contract indemnity terms? Tier 3. The hesitation test forces you to confront the consequence, which is what the tier question is actually asking.
One more pattern to watch: teams that tier up during incidents and forget to tier back down. A company classifies a system at Tier 2, deploys it, gets a serious incident, adds Tier 3-level oversight as an emergency response — and then, six months later, removes the oversight because "things have been running smoothly." The system was Tier 3 the whole time. The incident confirmed it. The tier classification wasn't wrong initially; it was underweight. Smooth operation after adding oversight isn't evidence that oversight isn't needed. It's evidence that the oversight is working.
Tier Drift
The nastiest classification problem isn't the initial one — it's what happens six months later.
Systems accumulate scope. An HR chatbot that answers FAQ questions gets a feature request: can it look up an employee's remaining PTO balance? That's still low-stakes — Tier 1 or 2. Then it gets another: can it walk employees through the performance improvement plan process? Now it's explaining a process with legal implications. Tier 3. Then: can it help managers document performance conversations? Now it's generating content that could appear in an employment dispute. Tier 3 minimum, possibly Tier 4.
None of these requests was dramatic. Each one was incremental. Each one was a reasonable extension of what the system already did. But at some point between "answering FAQ questions" and "generating documentation for performance conversations," the tier changed. The oversight requirements changed. The specification depth required changed. The evaluation coverage required changed.
And almost nobody noticed, because the tier was set once at intake and never reviewed.
This is Tier Drift — the gradual accumulation of scope that moves a system into a higher tier without triggering a re-classification. It's particularly dangerous because the system's technical architecture doesn't change. The chatbot looks the same. The interface is the same. Only the consequences of a wrong answer changed.
Preventing Tier Drift requires treating tier classification as a living assessment, not a one-time gate. Every major feature addition should include a tier check: given this new capability, what's the worst realistic outcome if this system gets it wrong? If the answer has changed, the tier has changed — and the downstream requirements change with it.
The practical checklist is short:
- Does the new feature allow the system to influence decisions that affect someone's livelihood, health, legal status, or finances?
- Does the new feature generate content that could be relied on without verification by a non-expert?
- Does the new feature access or display data that, if wrong, could cause someone to make a materially bad decision?
If any of these are yes, the tier review is mandatory. Not optional. Not "we'll check it out." Mandatory. Because the cost of finding the tier problem in production — in the form of a support escalation, a legal claim, or a regulatory inquiry — is orders of magnitude higher than the cost of a tier review before the feature ships.
Teams that build Tier 2 systems successfully often fall into a specific trap: they're confident in their architecture, their evaluation, their deployment practices — all calibrated for Tier 2. When the system drifts to Tier 3, the architecture that worked fine at Tier 2 is now insufficient. The 10% sampling that caught Tier 2 problems misses 90% of the Tier 3 failures. The auto-logging that replaced human oversight at Tier 2 can't substitute for it at Tier 3. The system is running on infrastructure designed for lower stakes than it's now operating at.
The principle is simple: tier up incrementally, never tier down. A system that has operated at Tier 3 rigor for six months has a track record at that tier. Removing the Tier 3 infrastructure because "things have been running smoothly" confuses the effect for the cause.
The Design Decision
Every team shipping AI agents faces a choice they rarely make consciously: how much to trust the machine.
Most teams make this choice implicitly — they deploy, watch for complaints, and adjust. This works until it doesn't. The complaint that reveals a Tier 4 failure isn't a support ticket. It's a lawsuit. A regulatory investigation. A news article. A patient.
Trust tiers make the choice explicit. They force you to ask the hard question at the beginning — when it costs nothing to answer — instead of discovering the answer in production, when it costs everything.
Not all systems carry equal risk. A chatbot and a medical triage agent cannot be shipped with the same rigor. The tier is the architecture. Everything else follows.
In the next chapter, we begin the pipeline itself — starting with the intake question that determines the tier and governs everything downstream.
Footnotes
-
Research on hallucination-associated neurons in large language models. The "H-Neurons" finding — that fewer than 0.1% of neurons are causally linked to hallucination behavior, specifically through an over-compliance mechanism — was identified in mechanistic interpretability research (2023–2024). [SOURCE — confirm specific paper; search "hallucination neurons LLM" or "H-neurons language models" for primary publication] ↩
-
Luciano Floridi, The Logic of Information: A Theory of Philosophy as Conceptual Design (Oxford University Press, 2019). The veridicality thesis — that information must be true to count as information, and that false but plausible content is noise rather than signal — is developed in Chapter 2. See also Floridi, The Ethics of Artificial Intelligence (MIT Press, 2023). ↩
-
Stuart Russell and Peter Norvig, Artificial Intelligence: A Modern Approach, 4th ed. (Pearson, 2020). For the specific argument about uncertain agents being safer than confident ones, see Stuart Russell, Human Compatible: Artificial Intelligence and the Problem of Control (Viking, 2019), particularly chapters 5–6 on the "standard model" and why value uncertainty is a safety mechanism. ↩