The inference from absence problem: accountability when AI agents act on what is not there
AI agents routinely act on the absence of expected signals — a patient who did not respond, a device that went quiet, a key rotation that never arrived. These absence-inferences are among the most consequential inputs to high-stakes decisions, and they leave no positive trace in the accountability record.
AI accountability frameworks are built around positive evidence. A decision was made; it was based on these inputs; it produced this output. The audit trail traces what was there — what the agent observed, weighed, and acted on. This structure fits the most visible class of agent decisions well. It does not fit a class of decisions that is equally common and often more consequential: decisions made because something expected did not arrive.
AI agents regularly infer from silence. A care agent expects a vital-sign report every two minutes and receives none for twenty; it infers deterioration or sensor failure and escalates. A hardware agent expects attestation heartbeats from a device fleet and notices a machine has gone quiet; it infers potential compromise and quarantines the device. A security agent expects a scheduled cryptographic key rotation to complete by midnight; it receives no confirmation and triggers an alert. In each case, the agent's action is reasonable. In each case, the chain of reasoning that led to it is not what the accountability record shows.
The record shows an escalation, a quarantine, an alert. It does not show "no signal arrived when one was expected." The absence that drove the decision is invisible in the output — not because anyone chose to hide it, but because standard audit architectures are built to record what was present, not what was absent.
Why absence-inferences matter for accountability
An absence-inference contains three components that are all accountability-relevant and all at risk of being lost. First, the expectation: some prior configuration or learned behavior established that a signal should arrive. The nature of that expectation — who set it, when, under what conditions — determines whether the inference was warranted. Second, the window: absence is evaluated over time. The same missing signal means different things after five minutes, five hours, or five days. The window used to declare an expected signal absent is a parameter of the decision, and it belongs in the record. Third, the alternative hypotheses: absence is ambiguous. No vital-sign report could mean the sensor failed, the network dropped, the patient was moved, or the patient deteriorated. The agent's inference favored one hypothesis over others, and the basis for that weighting should be auditable.
None of these three components naturally surfaces in a standard action log. The log records the output: escalation triggered at 14:23. The expectation, the window, and the alternative-hypothesis weighting are pre-decision context that most logging infrastructure does not capture. A reviewer examining the audit trail after an adverse event sees what the agent did. They cannot see why the absence led to the specific inference it did, whether the inference was reasonable given the configured expectation, or whether the window was appropriate for the clinical or security context.
At the care crossing
Physical-world care is saturated with absence-inferences. A care agent monitoring an elderly person in an assisted living setting is continuously evaluating expected patterns against observed ones: expected sleep duration, expected movement, expected medication acknowledgement, expected response to a check-in prompt. When the expected pattern is not observed, the inference varies by context — routine variation, early deterioration, acute event, device failure. The agent must distinguish between these options using whatever signals it has, and it will often get the weighting wrong in ways that depend entirely on the expectation that was configured.
The accountability problem is sharp when the inference was wrong. A care agent that escalated based on an absence that turned out to be a routine sensor dropout triggered unnecessary intervention. The audit review begins: why was the escalation triggered? The log shows the time of escalation and the rule that fired. It does not show what absence triggered the rule, what the expected signal was, how long it had been absent, or whether any positive signals suggesting the person was fine were weighed against the absence. The absent record of the absent signal is where the accountability falls.
At the hardware crossing
Hardware agents managing device fleets depend on continuous attestation and heartbeat signals to maintain visibility into device integrity. When a device stops attesting, the inference is security-relevant: is this a hardware failure, a network interruption, a legitimate maintenance window, or a compromise indicator? The correct inference depends on context — device type, prior behavior, deployment environment — and the consequences of getting it wrong differ across error modes. A false-positive quarantine removes a device from service unnecessarily. A false-negative delays detection of a genuine compromise.
When a quarantine decision is later reviewed, the audit record should show: what attestation was expected, over what interval it was absent, what contextual signals were available, and what alternative hypotheses were evaluated. Most hardware agent deployments do not produce records at this level of detail. The quarantine event is logged; the absence reasoning that preceded it is not. Post-incident review of hardware agent decisions involving absence-inferences is consequently shallow — reviewers can confirm that the policy triggered, but not whether the policy was appropriate to the specific absence pattern observed.
At the post-quantum security crossing
Cryptographic operations have strong expectations about timing. Key rotation schedules, certificate renewal windows, challenge-response latencies — these are all temporal contracts whose violation is itself a security signal. An AI agent managing post-quantum key infrastructure watches for these violations and acts on them. A rotation that did not complete on schedule, a renewal confirmation that never arrived, a challenge that received no reply: each of these is an absence-inference, and each is an input to a security decision that must be accountable to auditors, regulators, and incident responders.
The inference from absence in post-quantum contexts carries additional weight because the transition to quantum-resistant algorithms introduces new expected signals — attestations in new formats, renewals using new algorithms — whose absence patterns are not yet well-understood. An agent that triggers a security response because a post-quantum attestation confirmation did not arrive on the expected schedule may be correctly identifying a migration failure, or may be responding to a timing difference between old and new algorithm formats. The accountability record for that decision must include the expectation that was violated and the basis for treating its violation as a security event.
What absence-aware accountability requires
Three changes to standard audit architecture would make absence-inferences visible and reviewable. First, expectation logging: the configuration that defines what signal an agent expects, over what interval, should be logged as a first-class audit object. It is the precondition for evaluating every absence-inference the agent makes. Second, absence events: when a configured expectation is violated and an inference is drawn, the absence event itself should be logged explicitly — "expected signal X not received in window W; inference: Y" — before the action that follows. This makes the reasoning reconstructable. Third, hypothesis logging: where an absence could support multiple inferences, the agent's basis for choosing among them should be recorded. This does not require logging every alternative possibility; it requires that the weighting used to select the inference is not lost between evaluation and action.
The inference from absence problem is not exotic. It arises in every domain where agents monitor for expected conditions — which is most of the domains where AI agents are deployed for high-stakes work. The accountability gap it creates is structural and silent: the records that exist are accurate, but they are systematically incomplete in a way that makes the most consequential parts of the reasoning unreviewable. Closing that gap requires treating the absent signal as a first-class input, not as the background against which the real decision happens.
When AI agents act on the absence of an expected signal — a missing vital-sign report, a silent device, a key rotation that never completed — the absence itself is typically not recorded as a decision input. The audit trail shows the action; the absence-inference that caused it is invisible. This is structurally distinct from the negative-space problem (agent inaction) and the silent-failure problem (agent non-reporting). It is the record of the absent signal that is missing. Absence-aware accountability requires logging the expectation, the window, and the inference — not just the action that followed.
AI问责框架建立在正面证据之上。做出了一项决策;它基于这些输入;它产生了这个输出。审计追踪追踪存在的内容——智能体观察、权衡和行动的依据。这种结构很好地适用于最可见的一类智能体决策。它不适用于一类同样普遍且通常更为重要的决策:因预期内容未到达而做出的决策。
AI智能体定期从沉默中推断。照护智能体每两分钟期望一次生命体征报告,二十分钟没有收到;它推断存在恶化或传感器故障并进行升级处理。硬件智能体期望来自设备群的证明心跳,注意到某台机器已沉默;它推断可能存在入侵并将设备隔离。安全智能体期望定时的加密密钥轮换在午夜前完成;它没有收到确认,触发了警报。在每种情况下,智能体的行动都是合理的。在每种情况下,导致行动的推理链都不是问责记录所显示的内容。
记录显示了升级、隔离、警报。它没有显示"当预期信号应该到达时,没有信号到达"。驱动决策的缺席在输出中是不可见的——不是因为任何人选择隐藏它,而是因为标准审计架构被构建为记录存在的内容,而不是缺席的内容。
为什么缺席推断对问责很重要
缺席推断包含三个对问责都相关且都有丢失风险的组成部分。首先是期望:某些先前的配置或学习行为建立了信号应该到达的预期。该期望的性质——谁设置的、何时设置的、在什么条件下设置的——决定了推断是否合理。其次是窗口:缺席是随时间评估的。同样缺失的信号在五分钟、五小时或五天后意味着不同的事情。用于宣告预期信号缺席的窗口是决策的一个参数,它属于记录。第三是替代假设:缺席是模糊的。没有生命体征报告可能意味着传感器故障、网络中断、患者被转移,或患者病情恶化。智能体的推断偏向于一种假设而非其他,这种权重的依据应该是可审计的。
这三个组成部分都不会自然地在标准行动日志中浮现。日志记录输出:在14:23触发升级。期望、窗口和替代假设权重是大多数日志基础设施不捕获的决策前背景。不良事件后审查审计追踪的审查员看到智能体做了什么,却看不到为什么缺席导致了特定推断,推断在给定配置期望的情况下是否合理,或者窗口是否适合临床或安全背景。
在照护交叉点
物理世界照护充满了缺席推断。监测辅助生活环境中老年人的照护智能体持续评估预期模式与观察到的模式:预期睡眠时长、预期活动、预期用药确认、预期对签到提示的响应。当未观察到预期模式时,推断因背景而异——日常变化、早期恶化、急性事件、设备故障。智能体必须使用它拥有的任何信号来区分这些选项,它的权重往往会出错,而出错方式完全取决于已配置的期望。
当推断错误时,问责问题就很尖锐。根据结果证明是例行传感器中断的缺席进行升级的照护智能体触发了不必要的干预。审计审查开始了:为什么触发了升级?日志显示升级时间和触发规则,却没有显示什么缺席触发了规则、预期信号是什么、它已缺席多长时间,或是否有任何表明该人状态良好的正面信号被权衡以对抗缺席。对缺席信号的缺席记录是问责失落之处。
在硬件交叉点
管理设备群的硬件智能体依赖持续的证明和心跳信号来维持设备完整性的可见性。当设备停止证明时,推断具有安全相关性:这是硬件故障、网络中断、合法的维护窗口,还是入侵指示器?正确的推断取决于背景——设备类型、先前行为、部署环境——并且出错的后果因错误模式而异。误报隔离会不必要地将设备从服务中移除,漏报则会延迟检测到真正的入侵。
当隔离决策后来被审查时,审计记录应显示:期望什么证明,它在什么间隔内缺席,有哪些背景信号可用,以及评估了哪些替代假设。大多数硬件智能体部署不会在这个细节级别上生成记录。隔离事件被记录了,但先于它的缺席推理没有被记录。因此,对涉及缺席推断的硬件智能体决策的事后审查是肤浅的——审查员可以确认策略触发了,但无法确认策略是否适合观察到的特定缺席模式。
在后量子安全交叉点
密码操作对时序有强烈的期望。密钥轮换计划、证书续期窗口、挑战-响应延迟——这些都是时间契约,其违反本身就是安全信号。管理后量子密钥基础设施的AI智能体监视这些违规并对其采取行动。未按计划完成的轮换、从未到达的续期确认、没有回复的挑战:每一个都是缺席推断,每一个都是必须对审计员、监管机构和事件响应者负责的安全决策的输入。
后量子背景下的缺席推断承载着额外的分量,因为向抗量子算法的过渡引入了新的预期信号——新格式的证明、使用新算法的续期——其缺席模式尚未被充分理解。触发安全响应是因为后量子证明确认未在预期计划内到达的智能体,可能正确识别了迁移失败,或可能正在响应旧算法和新算法格式之间的时序差异。该决策的问责记录必须包括被违反的期望以及将其违反视为安全事件的依据。
缺席感知问责需要什么
对标准审计架构的三项变更将使缺席推断可见且可审查。第一,期望记录:定义智能体期望什么信号、在什么间隔内的配置,应作为一等审计对象被记录。它是评估智能体做出的每个缺席推断的前提条件。第二,缺席事件:当配置的期望被违反并推导出推断时,缺席事件本身应该被明确记录——"在窗口W内未收到预期信号X;推断:Y"——在随后的行动之前。这使推理可重建。第三,假设记录:当缺席可以支持多种推断时,智能体在它们之间进行选择的依据应被记录。这不需要记录每个替代可能性;它需要用于选择推断的权重不在评估和行动之间丢失。
缺席推断问题并不罕见。它出现在每个智能体监视预期条件的领域——这是大多数部署AI智能体进行高风险工作的领域。它造成的问责缺口是结构性的和沉默的:存在的记录是准确的,但它们在使推理最关键部分无法审查的方式上系统性地不完整。弥合这一差距需要将缺席信号视为一等输入,而不是真正决策发生的背景。
当AI智能体基于预期信号的缺席而行动时——缺失的生命体征报告、沉默的设备、从未完成的密钥轮换——缺席本身通常不会被记录为决策输入。审计追踪显示行动;导致行动的缺席推断是不可见的。这在结构上不同于消极空间问题(智能体不作为)和沉默失败问题(智能体不报告)。缺失的是对缺席信号的记录。缺席感知问责需要记录期望、窗口和推断——而不仅仅是随后的行动。
AI問責框架建立在正面證據之上。做出了一項決策;它基於這些輸入;它產生了這個輸出。稽核追蹤追蹤存在的內容——智能體觀察、權衡和行動的依據。這種結構很好地適用於最可見的一類智能體決策。它不適用於一類同樣普遍且通常更為重要的決策:因預期內容未到達而做出的決策。
AI智能體定期從沉默中推斷。照護智能體每兩分鐘期望一次生命體徵報告,二十分鐘沒有收到;它推斷存在惡化或感測器故障並進行升級處理。硬件智能體期望來自設備群的證明心跳,注意到某台機器已沉默;它推斷可能存在入侵並將設備隔離。安全智能體期望定時的加密密鑰輪換在午夜前完成;它沒有收到確認,觸發了警報。在每種情況下,智能體的行動都是合理的。在每種情況下,導致行動的推理鏈都不是問責記錄所顯示的內容。
記錄顯示了升級、隔離、警報。它沒有顯示「當預期信號應該到達時,沒有信號到達」。驅動決策的缺席在輸出中是不可見的——不是因為任何人選擇隱藏它,而是因為標準稽核架構被構建為記錄存在的內容,而不是缺席的內容。
為什麼缺席推斷對問責很重要
缺席推斷包含三個對問責都相關且都有丟失風險的組成部分。首先是期望:某些先前的配置或學習行為建立了信號應該到達的預期。該期望的性質——誰設置的、何時設置的、在什麼條件下設置的——決定了推斷是否合理。其次是窗口:缺席是隨時間評估的。同樣缺失的信號在五分鐘、五小時或五天後意味著不同的事情。用於宣告預期信號缺席的窗口是決策的一個參數,它屬於記錄。第三是替代假設:缺席是模糊的。沒有生命體徵報告可能意味著感測器故障、網絡中斷、患者被轉移,或患者病情惡化。智能體的推斷偏向於一種假設而非其他,這種權重的依據應該是可稽核的。
這三個組成部分都不會自然地在標準行動日誌中浮現。日誌記錄輸出:在14:23觸發升級。期望、窗口和替代假設權重是大多數日誌基礎設施不捕獲的決策前背景。不良事件後審查稽核追蹤的審查員看到智能體做了什麼,卻看不到為什麼缺席導致了特定推斷,推斷在給定配置期望的情況下是否合理,或者窗口是否適合臨床或安全背景。
在照護交叉點
物理世界照護充滿了缺席推斷。監測輔助生活環境中老年人的照護智能體持續評估預期模式與觀察到的模式:預期睡眠時長、預期活動、預期用藥確認、預期對簽到提示的響應。當未觀察到預期模式時,推斷因背景而異——日常變化、早期惡化、急性事件、設備故障。智能體必須使用它擁有的任何信號來區分這些選項,它的權重往往會出錯,而出錯方式完全取決於已配置的期望。
當推斷錯誤時,問責問題就很尖銳。根據結果證明是例行感測器中斷的缺席進行升級的照護智能體觸發了不必要的干預。稽核審查開始了:為什麼觸發了升級?日誌顯示升級時間和觸發規則,卻沒有顯示什麼缺席觸發了規則、預期信號是什麼、它已缺席多長時間,或是否有任何表明該人狀態良好的正面信號被權衡以對抗缺席。對缺席信號的缺席記錄是問責失落之處。
在硬件交叉點
管理設備群的硬件智能體依賴持續的證明和心跳信號來維持設備完整性的可見性。當設備停止證明時,推斷具有安全相關性:這是硬件故障、網絡中斷、合法的維護窗口,還是入侵指示器?正確的推斷取決於背景——設備類型、先前行為、部署環境——並且出錯的後果因錯誤模式而異。誤報隔離會不必要地將設備從服務中移除,漏報則會延遲檢測到真正的入侵。
當隔離決策後來被審查時,稽核記錄應顯示:期望什麼證明,它在什麼間隔內缺席,有哪些背景信號可用,以及評估了哪些替代假設。大多數硬件智能體部署不會在這個細節級別上生成記錄。隔離事件被記錄了,但先於它的缺席推理沒有被記錄。因此,對涉及缺席推斷的硬件智能體決策的事後審查是膚淺的——審查員可以確認策略觸發了,但無法確認策略是否適合觀察到的特定缺席模式。
在後量子安全交叉點
密碼操作對時序有強烈的期望。密鑰輪換計劃、憑證續期窗口、挑戰-響應延遲——這些都是時間契約,其違反本身就是安全信號。管理後量子密鑰基礎設施的AI智能體監視這些違規並對其採取行動。未按計劃完成的輪換、從未到達的續期確認、沒有回覆的挑戰:每一個都是缺席推斷,每一個都是必須對稽核員、監管機構和事件響應者負責的安全決策的輸入。
後量子背景下的缺席推斷承載著額外的分量,因為向抗量子算法的過渡引入了新的預期信號——新格式的證明、使用新算法的續期——其缺席模式尚未被充分理解。觸發安全響應是因為後量子證明確認未在預期計劃內到達的智能體,可能正確識別了遷移失敗,或可能正在響應舊算法和新算法格式之間的時序差異。該決策的問責記錄必須包括被違反的期望以及將其違反視為安全事件的依據。
缺席感知問責需要什麼
對標準稽核架構的三項變更將使缺席推斷可見且可審查。第一,期望記錄:定義智能體期望什麼信號、在什麼間隔內的配置,應作為一等稽核對象被記錄。它是評估智能體做出的每個缺席推斷的前提條件。第二,缺席事件:當配置的期望被違反並推導出推斷時,缺席事件本身應該被明確記錄——「在窗口W內未收到預期信號X;推斷:Y」——在隨後的行動之前。這使推理可重建。第三,假設記錄:當缺席可以支持多種推斷時,智能體在它們之間進行選擇的依據應被記錄。這不需要記錄每個替代可能性;它需要用於選擇推斷的權重不在評估和行動之間丟失。
缺席推斷問題並不罕見。它出現在每個智能體監視預期條件的領域——這是大多數部署AI智能體進行高風險工作的領域。它造成的問責缺口是結構性的和沉默的:存在的記錄是準確的,但它們在使推理最關鍵部分無法審查的方式上系統性地不完整。彌合這一差距需要將缺席信號視為一等輸入,而不是真正決策發生的背景。
當AI智能體基於預期信號的缺席而行動時——缺失的生命體徵報告、沉默的設備、從未完成的密鑰輪換——缺席本身通常不會被記錄為決策輸入。稽核追蹤顯示行動;導致行動的缺席推斷是不可見的。這在結構上不同於消極空間問題(智能體不作為)和沉默失敗問題(智能體不報告)。缺失的是對缺席信號的記錄。缺席感知問責需要記錄期望、窗口和推斷——而不僅僅是隨後的行動。