Upstream agent's low process sigma degrades downstream agent's effective sigma. Quality ceiling cascades through the agent chain. No individual agent is below threshold but system quality is unacceptable.
In manufacturing and quality management, "six sigma" refers to process quality with defect rate below 3.4 per million. The concept applies to agentic workflows: each agent has a "process sigma," the quality level at which it operates. A 3-sigma agent has roughly 66K defects per million. A 6-sigma agent has roughly 3.4 defects per million.
Sigma Degradation Cascade occurs when: (1) Upstream Agent A operates at 4-sigma (63 defects per million); (2) Downstream Agent B depends on Agent A's output and operates at 5-sigma (233 defects per million); (3) Agent B's effective sigma is degraded to roughly 4-sigma because a fraction of its input is corrupted by Agent A; (4) Over N steps, system sigma degrades below acceptable thresholds.
In regulated industries, cascade degradation means that a chain of agents individually meeting quality thresholds collectively produces system quality below threshold. An institution may approve deploying each agent because each meets individual SLA, without recognizing that the system SLA is violated.
A commercial bank processes commercial real estate (CRE) loan applications through a multi-step agentic workflow. Each step is intended to operate at high quality: Document-Intake Agent (4-sigma: 99.38% accurate extraction), Data-Validation Agent (5-sigma), Compliance-Screening Agent (5-sigma), Risk-Scorecard Agent (5-sigma), and Approver Agent (5-sigma).
Each agent individually operates at its stated sigma. But the system operates differently. Document-Intake produces 630 errors per million (4-sigma). Data-Validation receives 630 errors per million from upstream. Data-Validation's native error rate is 23 per million (5-sigma), but it cannot detect Intake errors; it validates against business rules. A misextracted loan amount bypasses Data-Validation. Data-Validation's effective error rate becomes 630 per million.
The corruption cascades: Compliance-Screening, Risk-Scorecard, and Approver all inherit the 630-errors-per-million upstream defect rate. System defect rate: 630 per million, roughly 3.2-sigma. Over 6 months, the bank processes 10,000 CRE loan applications. At 3.2-sigma system quality, approximately 6-7 loan applications are approved/denied incorrectly due to cascading quality degradation.
When regulators audit the workflow, they note that the portfolio defect rate is much higher than individual agent accuracy would suggest, indicating cascading failure. The bank is required to redesign the workflow to either increase Document-Intake sigma, implement human review of Intake results, or reduce dependence on perfect Intake accuracy.
| Dimension | Score | Rationale |
|---|---|---|
| D - Detectability | 3 | Cascading degradation is observable in system-level quality metrics but may not be obvious from individual agent metrics. Requires cross-agent analysis. |
| A - Autonomy Sensitivity | 3 | Affects sequential autonomous agent workflows. Parallel or independently-validated agents avoid cascade. |
| M - Multiplicative Potential | 4 | Affects every transaction processed through the cascade. Probability and severity scale with cascade length. |
| A - Attack Surface | 2 | Not directly exploitable, but adversary could deliberately introduce errors in upstream agents to trigger cascade. |
| G - Governance Gap | 4 | Institutions typically define individual agent SLAs, not system-level SLAs. Cascade risk is often unrecognized. |
| E - Enterprise Impact | 3 | Affects system quality, compliance, and customer satisfaction. Portfolio defect rates may exceed acceptable thresholds. |
| Composite DAMAGE Score | 3.7 | High. Requires dedicated mitigation controls and monitoring. |
How severity changes across the agent architecture spectrum.
| Agent Type | Impact | How This Risk Manifests |
|---|---|---|
| Digital Assistant | Low | Human reviews all outputs and catches upstream errors. No cascade. |
| Digital Apprentice | Low | Agents validate inputs before processing. Upstream errors are detected and flagged. |
| Autonomous Agent | Medium | Agents process independently; cascade risk depends on architecture. |
| Delegating Agent | Medium | Single agent invoking tools in sequence can experience cascade if tool outputs degrade with each call. |
| Agent Crew / Pipeline | Critical | Sequential pipeline architecture guarantees cascade. System sigma is constrained by weakest agent in pipeline. |
| Agent Mesh / Swarm | High | Peer-to-peer agents with interdependencies can experience cascades if agents have quality dependencies. |
| Framework | Coverage | Citation | What It Addresses | What It Misses |
|---|---|---|---|---|
| NIST AI RMF 1.0 | Partial | MEASURE 5.2, MANAGE 7.3 | System performance measurement and management. | Cascade quality degradation in sequential systems. |
| MAS AIRG | Partial | Model Risk, Process Discipline | Process and model governance. | System-level quality requirements and cascade analysis. |
| OCC / SR 11-7 | Partial | Operational Risk | Model governance and control. | Cascade risk in sequential systems. |
| ISO 42001 | Partial | Section 8.1, 8.3 | Resource and information management. | Quality cascade and system-level SLA requirements. |
Regulated institutions are required to maintain acceptable quality standards in core processes. Loan origination, claims processing, and compliance screening must meet defined quality thresholds. If the institution deploys a cascade of agents where individual quality thresholds are met but system quality is not, the institution is not meeting its regulatory obligations.
Additionally, cascade degradation creates hidden risk. The institution may believe its system is high-quality (all agents individually excellent) when system quality has degraded significantly. This is particularly dangerous in risk management: a risk scoring system with degraded sigma may systematically under-estimate or over-estimate risk.
Sigma Degradation Cascade requires architectural controls that go beyond what existing frameworks provide. Our advisory engagements are purpose-built for banks, insurers, and financial institutions subject to prudential oversight.
Schedule a Briefing