R-OR-05 Operational Resilience DAMAGE 3.5 / High

API Dependency Failure and Silent Degradation

When an external API degrades subtly, the agent continues operating on degraded inputs. Circuit breakers trip on errors, not on semantic degradation.

The Risk

Autonomous agents depend on external APIs (data APIs, inference APIs, workflow APIs, etc.) to accomplish their tasks. Standard resilience controls include circuit breakers, which monitor API error rates and trip (stop forwarding requests) when errors exceed a threshold. A circuit breaker assumes that API failures are detectable: the API returns a 500 error, a timeout, or an explicit error message.

But many API failures are silent. An API returns a 200 OK status code with outdated cached data, not triggering a circuit breaker. An API returns partial data without signaling that some records were lost. An API's data model changes (fields are renamed, units are different) but the API version does not change. A data provider API returns data from yesterday instead of today, but does not signal staleness. An agent consuming this degraded API continues to operate, unaware that the data is stale, partial, or in a changed format. The agent constructs a decision based on the degraded data and produces output that appears plausible but is wrong.

How It Materializes

A capital markets firm deploys an agent to monitor equities portfolios and alert traders to market-moving events. The agent consumes data from a market data API (provided by a third-party data vendor) and from internal portfolio systems. The agent is authorized to send alerts to traders when certain thresholds are met (e.g., "equity price moved more than 10% in one day").

On a Monday morning, the market data vendor experiences a partial outage. Their primary database is offline, but they have a backup cache that is updated intraday but not in real-time. The API continues to respond with 200 OK, returning data from the cache. The cache reflects market data from 4 PM Friday, not Monday morning.

The agent retrieves market prices from the degraded API. It sees that Tech Company A has a price of $100 (Friday close). It compares this to the previous Monday price stored in the agent's memory: $90. The agent calculates an 11% price change, exceeds the 10% threshold, and sends an alert to the desk: "Tech Company A equity price moved 11%. Check news for market-moving developments." The traders check Bloomberg and see that Tech Company A is trading at $95 this morning. They recognize that the agent's alert is based on outdated data. But if a trader had relied on the agent's alert without checking the live price, they might have made a decision based on a false signal. Under SEC Regulation SCI, the firm is liable for inadequate surveillance if an automated system produces incorrect output that leads to market violations.

DAMAGE Score Breakdown

Dimension Score Rationale
D - Detectability 5 Silent degradation is specifically designed to be undetectable through standard error-code monitoring. Detection requires data validation, semantic checks, or fallback APIs, which are not standard.
A - Autonomy Sensitivity 4 The risk manifests in both autonomous and human-supervised agents, but autonomous agents that do not escalate to humans are more likely to propagate degraded data.
M - Multiplicative Potential 4 Degraded data from one API can propagate through multiple decision chains. An agent consuming degraded data can feed that data to downstream systems, multiplying the error.
A - Attack Surface 4 Any agent dependent on external APIs is exposed. Most modern agents have multiple API dependencies.
G - Governance Gap 5 Standard circuit breaker and timeout controls are insufficient for silent degradation. Most agent governance frameworks do not mandate semantic data validation or multi-source verification.
E - Enterprise Impact 4 A single agent producing incorrect output based on degraded data can cause market impacts, compliance violations, or customer harm.
Composite DAMAGE Score 3.5 High. Requires dedicated controls and monitoring. Should not be accepted without mitigations.

Agent Impact Profile

How severity changes across the agent architecture spectrum.

Agent Type Impact How This Risk Manifests
Digital Assistant Medium Human review may catch obviously incorrect output, but subtle degradation may slip through.
Digital Apprentice Medium Limited scope reduces the impact of individual errors.
Autonomous Agent High Autonomous agents propagate degraded data without human review.
Delegating Agent High Multiple API dependencies increase the probability of hitting a degraded API.
Agent Crew / Pipeline Critical Degraded data from one agent can be propagated by the next agent in the sequence, multiplying the error.
Agent Mesh / Swarm Critical Peer-to-peer sharing of data can spread degradation across the mesh.

Regulatory Framework Mapping

Framework Coverage Citation What It Addresses What It Misses
SEC Regulation SCI Relevant Systems, Compliance, Integrity System resilience; failure notification; surveillance. Silent API degradation and agent data validation.
MAS TRM Guidelines Partial Data Integrity and Process Completeness Data validation; process completeness checks. API degradation detection and agent-centric data validation.
FFIEC Business Continuity Partial Data Integrity and Accuracy Data accuracy; controls. API degradation distinct from system failure.
NIST CSF 2.0 Partial Protect Function Data protection; access controls. API data integrity and agent data validation.
ISO 42001 Minimal Section 8.4 Input data validation. API degradation and silent data changes.
OWASP LLM Top 10 Minimal A10: Model/Data Poisoning Data integrity for model training. Agent consumption of degraded API data.

Why This Matters in Regulated Industries

In regulated industries, the accuracy of agent outputs is often a compliance requirement. Trading surveillance systems must be accurate. Credit decision systems must be accurate. Claims processing systems must be accurate. When an agent consumes degraded data and produces inaccurate output, the agent's user (trader, loan officer, claims processor) may rely on that output to make decisions that affect customers or markets.

The regulatory response focuses on governance: "Did the institution validate the quality of data sources? Did it implement fallback mechanisms if a primary data source degraded? Did it monitor agent output for anomalies that might indicate degraded input data?" If the answer is no, regulators cite inadequate system governance and risk controls.

The challenge in a regulated context is that the institution may not own the external API. The data vendor is responsible for data quality. But the institution is responsible for the consequences of degraded data. The institution's only defense is to implement its own data validation controls and fallback mechanisms.

Controls & Mitigations

Design-Time Controls

  • For any external API dependency, implement a data validation schema specifying expected data types, ranges, freshness windows, and completeness checks. Before an agent consumes API data, validate against the schema. Reject failing data and escalate.
  • Implement multi-source data validation: if an agent depends on a critical data point, require it to be sourced from at least two independent APIs. If the sources disagree, escalate to human review.
  • Document the expected freshness and staleness thresholds for every API dependency. Configure the agent to reject stale data by default.

Runtime Controls

  • Deploy a data freshness monitor at the API boundary. When an agent requests data, check the timestamp. If the data is older than the acceptable staleness threshold, reject the response and query an alternative source or escalate.
  • Implement a shadow API monitoring system. For critical data dependencies, maintain a second API client that queries the same data sources independently and compares results. Significant deviations trigger an alert.
  • Monitor agent output for semantic anomalies. If an agent produces an alert or decision that contradicts recent historical patterns, flag the output for human review before it is acted upon.

Detection & Response

  • Implement a data quality dashboard that tracks the percentage of agent API calls that encounter stale, partial, or out-of-range data. Escalate if the percentage exceeds a threshold (e.g., more than 5% in an hour).
  • Maintain a log of all API degradation incidents. When an agent has consumed data from a degraded API, flag all decisions made by that agent within the degradation window for human review.
  • Establish a post-incident review process: whenever an agent produces incorrect output, assess whether the root cause was degraded input data and implement additional validation controls.

Related Risks

R-OR-04 Operational Resilience
Resource Exhaustion and Runaway Loops

An agent consuming degraded data (e.g., a "retry" API) may enter a retry loop.
R-OR-06 Operational Resilience
Cascading Infrastructure Failure

Degraded data from one API can propagate to dependent systems, creating cascades.
R-MP-01 Model & Pipeline
Model Drift Propagation

Degraded API data can mask or accelerate model drift.

Address This Risk in Your Institution

API Dependency Failure and Silent Degradation requires architectural controls that go beyond what existing frameworks provide. Our advisory engagements are purpose-built for banks, insurers, and financial institutions subject to prudential oversight.

Schedule a Briefing
Agentic AI Risk & Controls Workshop Our Methodology Regulatory Landscape