The Closure Pattern: Trust Pillars × Safety Facets, Per Item
A team is auditing their agentic system. They have a spreadsheet. The columns are the controls they have shipped: identity verification, supply chain attestation, behavioural profile, output verification, mandate validation, intent verification, bounded execution, recovery audit. The rows are trust and safety. They have given each control a score under each row.
The audit looks complete. Twenty-four cells, twenty-four scores. The team feels covered.
Six months later, an incident reveals a class of failure that none of the controls caught. A post-mortem finds that the failure was at a specific intersection: the control was strong on identity, but weak on whether identity was being verified for the right thing — a mandate-fidelity question that the spreadsheet had collapsed into “trust.”
The audit was not wrong. The audit was insufficiently structured. Trust and safety as bulk numbers hid the failure mode. The intersection that mattered was inside one of the cells, not between the cells.
This is what the Closure Pattern exists to catch.
What the Closure Pattern Is
The Closure Pattern is a discipline for assessing controls and capabilities against the full structure of trust and safety, per item. Not “trust score” and “safety score” — but a matrix where every trust pillar is checked against every safety facet, for the specific item being assessed.
The trust pillars are: Character (identity, supply chain, attestation consistency) and Competence (capability to execute).
The safety facets are: Alignment (acting for the entrusted’s purpose), Resilience (graceful recovery from internal failure), and Utility (capable engagement at consequential scale).
Per item, the matrix is six cells: Character × Alignment, Character × Resilience, Character × Utility, Competence × Alignment, Competence × Resilience, Competence × Utility.
For each cell, you ask a specific question: what evidence do I have that this item satisfies this intersection?
You do not collapse the answers. You hold the six answers separately. Where any cell is empty or weak, you have an unaddressed gap — at a specific intersection, with a specific question, that your bulk-trust-and-safety scores would have hidden.
Why the Per-Item Matrix Catches What Bulk Scores Miss
Bulk scoring assumes the components of trust are interchangeable, and the components of safety are interchangeable. They are not.
A control that produces strong identity evidence (Character) does not automatically produce strong intent-fidelity evidence (Alignment). A control that gives you strong supply-chain evidence (also Character) does not automatically give you strong recovery evidence (Resilience). The pillars and the facets are each engineered separately, against their own threat models, with their own instrumentation.
When you collapse them into “trust score: 7” and “safety score: 7,” you have hidden the intersections. The control that scored 7 on trust got there because it is strong on identity and supply chain — but it is silent on capability-to-execute (Competence). You wouldn’t know from the 7. The 7 averaged the strong cells with the absent ones.
The matrix forces you to see the absent cells. Where is your Character × Alignment evidence for this control? If the answer is “we haven’t engineered for that,” you have an honest gap. The bulk score said you didn’t.
The Closure Pattern in Practice
Concretely, here is what the Closure Pattern looks like for a single control — say, an identity verification control on agent invocation:
| Alignment | Resilience | Utility | |
|---|---|---|---|
| Character | Strong: workload identity binds to a verified entity, mandate is signed by that entity | Strong: identity fails closed, no recovery to anonymous mode | Medium: identity check has rate-limit; under sustained load, the check still runs but the failure path is verbose |
| Competence | Weak: the control verifies who the agent is, but not whether the agent can execute what the mandate asks | N/A: capability assessment is not in this control’s scope | Weak: capability-class assessment requires a different control |
Six cells. Some strong, some weak, some out of scope. The weak cells (Character × Utility, Competence × Alignment, Competence × Utility) are now visible. They tell you what the next control needs to provide.
Compare to the bulk version: “this control’s trust score is 7, safety score is 6.” The numbers don’t tell you what is missing. They tell you a vague disposition.
The Pattern Across Controls
The Closure Pattern is not just for individual controls. It is the audit shape across an entire framework’s surface.
For each control or capability or threat surface in the framework, you apply the matrix. The output is a per-item six-cell assessment. Across the framework, you have a stack of these matrices.
Now you can ask aggregate questions:
- Is there any control that produces evidence for Competence × Alignment? (Often the answer is “no” — capability-and-purpose-fidelity is one of the most-frequently-missed intersections.)
- Is there any control that produces evidence for Character × Utility? (Often weak — identity systems frequently degrade gracefully but not capably under load.)
- Where do my strongest cells cluster? (Often Character × Alignment and Character × Resilience — the conventional security investment maps cleanly there.)
- Where are my weakest cells? (Often the safety facets the conventional investment doesn’t cover — Alignment, Resilience to non-adversarial failure, Utility under load.)
The aggregate view tells you where the framework’s coverage is structurally weak. Bulk scoring cannot tell you this. It hides the structure.
Why “Closure” Is the Right Name
The pattern is called closure because it asks: for this item, is the trust × safety frame closed? That is, are all six cells either covered with evidence or explicitly out of scope?
A closed cell has evidence (or has been deliberately deferred to another item).
An open cell is a gap — an intersection the framework has not yet addressed for this item.
The audit’s job is to identify the open cells. Not to give a single number; not to give two numbers; to give a per-item matrix with explicit closure status for each cell.
A framework that ships every item with explicit closure has a different posture than a framework that ships bulk scores. The closed framework knows where its gaps are. The bulk framework knows it has a number.
What the Pattern Enables
Three engineering benefits follow from running the Closure Pattern across a framework:
1. Gap visibility. Open cells are visible. The framework’s actual coverage is the union of closed cells across all items. You can see where to invest next: the cells that are most-frequently-open across items are the ones that need a dedicated control class.
2. Defence-in-depth, structurally. When a cell is closed by multiple items independently, the framework has structural defence-in-depth at that intersection. When it is closed by only one item, that item is a single-point-of-failure for the cell. The matrix shows you which.
3. Honest progress measurement. Phase migration in the maturity model can be measured against closure: what fraction of cells are closed at this maturity phase? Not “how many controls have we shipped” — but “how many intersections have we covered with evidence.” The latter is the honest measure of coverage.
The Disposition
Audits give you the structure you ask for. Bulk scoring asks for two numbers; the audit gives you two numbers. The Closure Pattern asks for six cells per item; the audit gives you six cells per item.
The teams that ship with bulk scoring will ship audits that show coverage. They will be surprised, post-incident, by the failure at the intersection their bulk scoring hid.
The teams that ship with the Closure Pattern will ship audits that show structure — closed cells, open cells, where the gaps are, which items are doing the structural work. They will not be surprised by intersection failures, because the matrix made the intersections visible.
The Closure Pattern is not new methodology. It is the honest disaggregation of trust × safety into the six intersections that actually compose the surface. The work to ship it is small. The structural visibility it gives is large.
When in doubt about whether your framework is covering what it claims to cover, run the Closure Pattern on your top ten controls. The matrix will tell you where you stand. Most frameworks discover, the first time they do this, that several intersections they assumed were covered are not. That discovery is the value.
