LEN-0220 - Isolation Boundary Lens

Primary Pattern Matches

• PAT-0140 - Boundary Leakage

  A structural condition where effects, permissions, state, data, or authority cross a declared boundary without an authorized exception.

• PAT-0260 - Cross-Layer Escalation

  A structural condition where escalation originating in one layer propagates into another authority, boundary, or control layer without explicit authorization.

• PAT-0400 - Unbounded Scope

  A structural condition where an operation, authority, rule, or expansion has no declared upper bound, boundary, or termination condition.

Secondary Pattern Matches

• PAT-0420 - Undeclared Side Effect

  A structural condition where an operation modifies regions outside its declared target scope without a declared propagation or side-effect rule.

Related Issues

• Action Changed Something Else Too

  An AI or agent action makes the requested change but also changes another object, field, file, state, rule, or workflow element that was not supposed to change.

• Agent Modified Unrelated State

  An agent changes state outside the requested task, target, file, record, workflow, or authorized scope.

• AI Adds Work Not Requested

  The AI adds tasks, steps, analysis, checks, changes, or follow-up work that the user did not ask for.

• AI Memory Has No Governance

  Saved or persistent AI memory affects output without clear rules for ownership, scope, review, update, expiry, or removal.

• AI Memory Updated Without Asking

  AI memory, saved context, preference, or durable state is updated without the user clearly asking for or approving that update.

• AI Touches Unrelated Scope

  The AI affects, edits, analyzes, changes, or reasons over material outside the scope of the requested task.

• AI Uses External Information When Forbidden

  The AI uses outside knowledge, sources, tools, memory, or assumptions after the task forbids external information or limits the allowed source set.

• Answer Has Too Many Paths

  The answer presents too many possible paths, interpretations, options, or next steps without enough structure to choose among them.

• Automation Skips Required Approval

  An automated AI or workflow step proceeds past an approval gate that should have been required before action.

• Context Leaks Between Tasks

  Context, assumptions, constraints, examples, files, or decisions from one task affect another task where they should not apply.

• File-Bounded Task Uses Outside Content

  The AI is asked to work only from a specific file or document but uses content, assumptions, or sources outside that file.

• Hallucinated Fields

  The AI adds fields, keys, attributes, columns, or structured elements that were not declared, requested, or allowed by the expected schema.

• Hidden Rule Overrides Visible Instruction

  A hidden, upstream, system, policy, tool, or product rule changes or overrides the visible instruction the user expects the AI to follow.

• Local Exception Grows Into Policy

  A local exception, special case, or one-off allowance begins to function like a general policy.

• Local Rule Spreads to Broader Cases

  A rule intended for one local case, file, context, user, workflow, or exception begins affecting broader cases.

• Model Output Triggers Unapproved Action

  AI output causes, recommends, or triggers an action that has not passed the required approval, permission, or authority check.

• No Owner for Agent Action

  An agent action can affect the system without a declared responsible owner, authority, or accountable decision path.

• Policy Exception Spreads Too Far

  A narrow policy exception, allowance, or special case spreads beyond its intended scope and begins governing broader cases.

• Prompt Does Not Say What to Exclude

  The prompt declares what to include but does not declare what should be excluded, allowing unwanted scope, sources, content, or actions into the result.

• Repair Step Created New Breakage

  A repair, correction, retry, or fix step addresses one problem but introduces a new failure elsewhere.

• Retrieval Exceeds Evidence Limit

  The AI retrieves, uses, cites, or considers more evidence than the task permits or more than the review surface can support.

• Review Outcome Changes Unrelated Environment

  A review result, approval, rejection, or classification changes state outside the environment, case, file, or workflow it was meant to govern.

• Routing Overrides Task Intent

  Routing, mode selection, agent behavior, or workflow classification sends the task down a path that overrides what the user was trying to accomplish.

• Single Step Carries Too Many Decisions

  One prompt, workflow step, review stage, or agent action carries too many decisions for the system or user to evaluate cleanly.

• Small Error Spreads Into Large Failure

  A small AI, output, routing, or workflow error propagates through later steps until it becomes a larger failure.

• Task Has No Clear Limit

  The task does not declare where the AI should stop, what is out of scope, or what counts as enough work.

• Too Many Tool Calls

  The AI or agent makes more tool calls, searches, retrievals, API calls, or integration actions than the task requires or permits.

• Tool Can Act Without Responsible Authority

  A tool, connector, function, or integration can perform an action without a declared responsible authority for that action.

Ontology Metadata

Code

LEN-0220

Version

LEN-0220@0.1.0

Ontology release

0.1.0

Updated

2026-05-10T00:00:00Z

History

• 0.1.0 — 2026-05-10T00:00:00Z — Created

  Promoted reviewed Lens ontology entry: Isolation Boundary Lens.

  Receipt impact: None

View full ontology changelog