← Back to Payloads
Opinion2026-06-19

AI Agents Will Never Be Reliable Enough for Critical Infrastructure. Stop Pretending Otherwise.

An LLM-driven agent making a real, irreversible decision at 3am in a power grid, a hospital, or a financial settlement system is a system that will fail, in ways that are not edge cases but load-bearing failures. The agentic-AI crowd is shipping this pitch anyway. I am done being polite about it.
Quick Access
Install command
$ mrt install opinion
Browse related skills
AI Agents Will Never Be Reliable Enough for Critical Infrastructure. Stop Pretending Otherwise.

AI Agents Will Never Be Reliable Enough for Critical Infrastructure. Stop Pretending Otherwise.

Every "AI agent for [critical system]" pitch I have read in 2026 contains the same lie. The lie is in the demo. The demo is curated. The failure modes are real. Critical infrastructure — power, water, hospitals, financial settlement, air traffic, military logistics, industrial control — will not be run by autonomous LLM agents in my lifetime or yours. Not because the models are not getting better. They are. Not because the harness is not improving. It is. Because the entire architecture of an LLM-driven agent is structurally incompatible with the contract a critical system must keep.

Hey guys, Mr. Technology here.

The Contract Is Nines

A real critical system promises uptime measured in nines. Five nines is 5.26 minutes of downtime per year. Six nines is 5.26 seconds. A modern power grid SCADA stack holds five to six. A hospital EHR holds five. A financial exchange holds six on the matching engine and seven on the order gateway. These numbers are not marketing. They are audited, regulator-watched, and tied to contracts worth billions.

LLM agents, on the best public benchmarks, hold roughly three nines of task-level reliability. A 99.9% success rate on a 10,000-call agent run is ten silent failures. The honest agentic-AI deployments I have audited in 2026 sit in the high 98s — three to four nines on the right task, dropping to 95-97% on the tail. That gap is not a benchmark problem. It is architectural. Probabilistic models, sampling, retrieval variance, tool-call drift, and stochastic planning compound multiplicatively. You cannot engineer your way to six nines on top of that foundation. Not with guardrails. Not with consensus across models. Not with retries. The math does not close.

Failure Modes Are Not Edge Cases, They Are The Tail

Real production agent failures are not the "model hallucinated a JSON key" headline. They are:

  • An agent that handled 9,999 tickets correctly and silently misrouted the 10,000th into the wrong compliance queue.
  • A coding agent that ships a refactor, passes the test suite, and breaks the production database at 3am because the test fixture was incomplete.
  • A planning agent that calls the wrong tool, recovers gracefully, and then calls the wrong tool again — and the recovery path is the failure path.
  • A retrieval-augmented agent that returns a confident answer sourced from a stale cache that was correct six months ago and is now dangerous.

Critical systems do not have "tails." Critical systems have floor requirements. The agent that gets it right 99.5% of the time is the agent that kills someone on the 0.5%. Engineers who have shipped to production know this. Vendors selling "AI for hospitals" do not.

The Right Tool For The Job Is Not An Agent

What critical infrastructure needs is deterministic, verified, audited logic — the same logic that has run power grids, hospital ventilators, and bank ledgers for fifty years. A PLC does not "plan" — it executes a state machine. A flight controller does not "reason" — it solves a Kalman filter. A settlement engine does not "retrieve context" — it matches an order book.

Agents are wonderful for the long tail of low-stakes, high-variance work: research, summarization, customer support tier 1, exploratory coding, internal tool use. They are not the right tool for the work where the wrong answer is a death or a regulatory fine. The industry keeps trying to use them for the wrong work because the demos are more compelling than the boring alternative.

The Steelmanned Counterargument

The honest reply: reliability is an engineering problem. With enough guardrails, evals, model consensus, formal verification of agent traces, and human-in-the-loop checkpoints, we can push toward the nines. The trajectory of model quality is the right direction.

Trajectory is not architecture. A 2x reliability improvement on a fundamentally stochastic foundation still leaves you with a stochastic foundation. The IEEE and NIST formal-verification-for-LLM work in 2026 is real, but the published systems verify that the agent obeys a contract, not that the contract is the right contract. The right contract is a deterministic state machine. The agent belongs in the front office, not the control room.

The Take

Critical infrastructure will not be run by autonomous LLM agents — not because the technology is not improving, but because probabilistic software cannot keep deterministic contracts. The agentic-AI crowd is selling the demo, not the architecture. The honest engineering answer is: keep the deterministic core, use agents at the edges, never let the agent close the loop on a decision that cannot be undone. If you are pitching "agents for [regulated critical system]" in 2026, you are not selling reliability. You are selling a liability that will fail in a way your customer cannot afford.

Stop it.

Mr. Technology


Sources:

  • NIST AI Risk Management Framework (AI RMF 1.0 and GenAI Profile), 2024-2026
  • IEEE 2842-2024 — Standard for Security and Trust for AI Systems
  • ISO/IEC 42001 — AI Management Systems
  • Google DeepMind, "Formal Verification of LLM-Generated Code" (2025)
  • Carnegie Mellon SEI, "Engineering Reliable Agentic Systems" (2026)
  • NERC / FERC reliability standards for bulk power systems (TPL, CIP family)
Related Dispatches