Account
Quiz
GenAI Failure Catalog
Labs

Prerequisites

This chapter serves as the foundational entry point for the GenAI Operations course. Students should have completed the course-level prerequisites: working proficiency in Python 3.11+, familiarity with HTTP APIs and JSON payloads, basic understanding of LLM provider APIs (OpenAI, Anthropic, Google), and experience operating at least one production service with structured logging. No prior chapters in this course are required. Students should have access to API keys for at least two LLM providers and a local development environment with pip and virtualenv configured.

Learning Goals

  1. Classify GenAI failures into five categories: provider, quality, cost, securi...

    • Classify GenAI failures into five categories: provider, quality, cost, security, and data failuresto establish a shared vocabulary that every engineer on your operations team can use during incident triage, postmortem analysis, and capacity planning conversations. GenAI systems fail in fundamentally different ways than traditional software because the boundary between "working" and "broken" is not binary—a model endpoint can return HTTP 200 with syntactically valid JSON while producing catastrophically wrong content. This first goal teaches you to decompose the full failure space into five orthogonal categories, each with distinct detection strategies, blast radii, and remediation playbooks. You will learn why treating all GenAI failures as generic "errors" leads to dangerously long mean-time-to-detect (MTTD) values, and how a structured taxonomy directly reduces that metric by giving on-call engineers a decision tree they can follow within the first sixty seconds of an alert firing.

    • Provider failures encompass every scenario where the upstream model API itself becomes unavailable or degrades, including full outages (HTTP 500/503), rate-limit throttling (HTTP 429), regional endpoint failures, authentication token expiration, and silent latency increases where P99 response times exceed your SLA without any error code being returned. You will learn to sub-classify provider failures into hard failures (connection refused, DNS resolution errors, TLS handshake timeouts) and soft failures (elevated latency, intermittent 429s, response truncation due to upstream token limits). The distinction matters operationally because hard failures trigger immediate failover to a secondary provider, whereas soft failures require a sliding-window analysis before you can confidently declare degradation. You will also study the practical reality that provider status pages lag behind actual incidents by ten to forty-five minutes on average, which means your internal detection must be authoritative and never depend on external status feeds as a primary signal.

    • Quality failures are the most insidious category because they produce no HTTP errors and no exceptions—the model simply returns content that is factually wrong, tonally inappropriate, structurally malformed, or semantically drifted from the expected output distribution. You will learn to further decompose quality failures into hallucination (fabricated facts or citations), regression (a model update silently degrades performance on your specific task), format violation (the model ignores your structured output schema), and coherence degradation (responses become repetitive, contradictory, or contextually irrelevant). Each sub-type requires a different detection mechanism: hallucination demands fact-verification pipelines or retrieval-augmented cross-checks, regression demands versioned evaluation benchmarks run on every model swap, format violations demand schema validation at the gateway layer, and coherence degradation demands embedding-similarity scoring against a curated reference corpus. You will study real-world incidents where teams lost weeks of productivity because they assumed quality was stable after initial deployment and had no continuous quality monitoring in place.

    • Cost, security, and data failures round out the taxonomy and are frequently under-monitored in GenAI systems. Cost failures include prompt-injection attacks that inflate token counts, runaway retry loops that multiply spend by orders of magnitude, and context-window stuffing where upstream changes to tokenization silently increase per-request cost. Security failures cover prompt injection (direct and indirect), model jailbreaking, PII leakage in completions, and training-data extraction attacks where adversarial prompts coerce the model into revealing memorized sensitive content. Data failures address embedding drift (where your vector store's similarity scores degrade as new documents shift the distribution), stale context (RAG pipelines returning outdated chunks because your indexing pipeline silently failed), and ground-truth corruption (where feedback loops cause your fine-tuning data to include model-generated errors). You will learn why these three categories are often detected last during incidents and how to instrument proactive checks that catch them before they compound into multi-category cascading failures.

    • Building the decision tree that maps observed symptoms to failure categories is the capstone exercise for this goal. You will construct a triage flowchart that starts with the raw observable (elevated error rate, increased latency, user-reported bad output, cost spike, security alert) and walks the on-call engineer through a series of discriminating questions: Is the HTTP status code non-200? Then enter the provider branch. Is the status 200 but the response fails schema validation? Then enter the quality-format branch. Is the schema valid but the content factually wrong? Then enter the quality-hallucination branch. Is the per-request token count anomalously high? Then enter the cost branch and simultaneously check the security branch for prompt injection. You will learn why this sequential-but-overlapping approach is necessary: real incidents frequently span multiple categories simultaneously (a provider latency spike triggers retries that cause cost overruns while the degraded responses contain hallucinations), and your triage process must be capable of tracking parallel investigation threads without losing context.

  2. Instrument a multi-provider LLM gateway to detect each failure category

    • Instrument a multi-provider LLM gateway to detect each failure categoryso that every API call flowing through your system is automatically evaluated against the five-category taxonomy and tagged with failure signals before responses reach downstream consumers. Modern GenAI architectures route requests through a gateway layer that handles provider selection, retry logic, and response normalization—this goal teaches you to extend that gateway into a full observability plane that emits structured telemetry for every failure mode. You will learn to instrument at three distinct layers: the network transport layer (connection errors, TLS failures, DNS resolution), the HTTP protocol layer (status codes, headers, latency measurements), and the semantic content layer (response quality scoring, schema validation, token-count analysis). The key architectural insight is that transport and protocol instrumentation can be implemented generically across all providers, but semantic instrumentation must be provider-aware because each model family has different output characteristics, tokenization schemes, and failure signatures.

    • Transport and protocol instrumentation forms the foundation layer and must capture every signal needed to detect provider failures within seconds. You will learn to implement connection-level metrics including TCP connect time, TLS handshake duration, time-to-first-byte (TTFB), and total transfer time, because these four measurements let you distinguish between DNS issues (high connect time), certificate problems (high TLS time), model inference delays (high TTFB), and response-size anomalies (high transfer time relative to TTFB). At the HTTP layer, you will instrument status code distributions using exponentially decaying histograms that surface rate changes faster than simple counters, header inspection for provider-specific signals like x-ratelimit-remaining and x-ratelimit-reset that give you advance warning of impending throttling, and response body size tracking that detects truncation (a common silent failure where the provider cuts off the response mid-token because of upstream resource pressure). You will also implement circuit breaker state tracking that records every state transition (closed → half-open → open → closed) as a structured event, because circuit breaker oscillation is itself a high-value diagnostic signal indicating an intermittent provider issue.

    • Semantic content instrumentation is where GenAI-specific monitoring diverges from traditional API observability. You will learn to implement four semantic checks that execute inline (adding less than fifty milliseconds of latency) on every response: JSON schema validation for structured outputs using pre-compiled validators that reject malformed responses before they reach business logic; token-count verification that compares actual usage reported in provider response headers against your predicted usage from prompt construction, flagging discrepancies greater than fifteen percent as potential prompt-injection indicators; response-similarity scoring that computes cosine similarity between the current response embedding and a rolling centroid of recent responses for the same prompt template, detecting drift when similarity drops below a configurable threshold; and a lightweight hallucination screen that checks whether named entities in the response exist in the provided context window, flagging fabricated references before they propagate downstream. Each of these checks emits a typed signal that feeds into the failure event model you will build in goal three, and you will learn the critical engineering tradeoff between inline checks (low latency, limited depth) and async checks (higher latency tolerance, deeper analysis) and when to use each.

    • Provider-specific adaptation is necessary because OpenAI, Anthropic, and Google surface failure signals differently and your gateway must normalize these into a unified telemetry schema. You will learn that OpenAI returns rate-limit information in response headers and uses specific error codes for content filtering versus capacity issues; Anthropic uses a different header scheme and returns overload errors with a distinct retry-after pattern; and Google's Vertex AI wraps errors in a nested JSON structure with provider-specific safety ratings that can trigger soft rejections without an error status code. Your gateway instrumentation must map each provider's idiosyncratic error taxonomy into your five-category framework so that downstream alerting rules work uniformly regardless of which provider served the request. You will also instrument provider-selection metadata—which provider was chosen, why (primary, fallback, load-balanced), and whether the selection itself was influenced by a previous failure—because this causal chain is essential for postmortem analysis when cascading failures cross provider boundaries.

    • Implementing the instrumentation without degrading gateway performance is an engineering constraint you must respect throughout this goal. You will learn to use a sidecar pattern where heavyweight analysis (embedding computation for similarity scoring, entity extraction for hallucination screening) runs asynchronously in a separate process that receives a copy of every request-response pair via an in-memory queue, while the critical path through the gateway performs only the four lightweight inline checks. The sidecar emits enriched telemetry events that join with the inline signals using a shared request ID, giving you the complete picture within seconds of the response being served without adding latency to the user-facing path. You will study the queue-depth metric of this sidecar as a meta-health signal: if the sidecar falls behind, your semantic monitoring has a blind spot, and that blind spot itself must be alerted on. This "monitor the monitor" pattern is a hallmark of production-grade observability systems and is especially critical for GenAI workloads where silent quality degradation is the highest-risk failure mode.

  3. Build typed failure event models that feed into alerting and incident managem...

    • Build typed failure event models that feed into alerting and incident managementto ensure that every failure signal your gateway produces is captured in a strongly-typed, version-controlled data structure that downstream systems—alerting engines, dashboards, incident management platforms, and postmortem databases—can consume without ambiguity. Raw metrics and logs are insufficient for GenAI failure management because the same numeric signal (e.g., elevated latency) can indicate fundamentally different root causes depending on context, and you need rich structured events that carry enough metadata for automated triage. This goal teaches you to design a failure event schema that encodes the failure category, severity, affected provider, causal signals, and remediation hints directly into the event payload, so that your alerting rules can be precise rather than noisy and your incident responders receive actionable context within the alert itself rather than having to manually correlate signals from multiple dashboards.

    • Designing the core failure event schema requires balancing expressiveness against serialization cost and downstream compatibility. You will learn to model failure events using Python dataclasses with strict type annotations that enforce the five-category taxonomy at the type level—meaning it is impossible to construct a failure event without specifying a valid category, severity, and provider. The schema includes a FailureCategory enum with values PROVIDER, QUALITY, COST, SECURITY, and DATA; a Severity enum with values CRITICAL, HIGH, MEDIUM, and LOW that maps directly to your incident management priority levels; a ProviderIdentifier that captures not just the provider name but the specific model version, endpoint region, and API key alias used; and a CausalSignals structure that holds the raw measurements (latency percentile, error code, similarity score, token count delta) that triggered the failure classification. You will study why embedding causal signals directly into the event—rather than requiring downstream consumers to look them up separately—reduces MTTD by eliminating the correlation step that typically consumes thirty to sixty percent of triage time. You will also version your schema using an explicit schema_version integer field, because your event model will evolve as you discover new failure modes, and downstream consumers need to handle schema migrations gracefully without dropping events during rollout.

    • Implementing severity classification logic that automatically assigns the correct priority to each failure event is critical for preventing alert fatigue. You will learn to build a severity classifier that considers three dimensions: blast radius (how many users or requests are affected), recoverability (whether automatic retry or failover can mitigate the failure), and business impact (whether the failure affects revenue-critical paths, compliance-sensitive operations, or internal tooling). A provider outage affecting your primary model with no healthy fallback available is CRITICAL; the same outage with automatic failover working correctly is HIGH (because you are running on backup capacity with reduced resilience); a quality regression detected on a low-traffic experimental feature is MEDIUM; and an embedding drift signal that is trending toward but has not yet crossed the alerting threshold is LOW. You will implement this classifier as a pure function that takes a failure event and a system-state snapshot (current provider health, failover status, traffic classification) and returns the severity, because making it a pure function enables deterministic testing and lets you replay historical events through updated classification logic during postmortem analysis. You will also learn to implement severity escalation rules where a sustained stream of MEDIUM events automatically escalates to HIGH after a configurable duration, because GenAI quality degradation often manifests as a slow accumulation of individually-tolerable failures that collectively indicate a systemic problem.

    • Connecting failure events to alerting and incident management closes the loop between detection and response. You will learn to implement an event router that consumes failure events from your gateway's event stream and dispatches them to three destinations: a real-time alerting engine (PagerDuty, Opsgenie, or equivalent) that receives CRITICAL and HIGH events with full context including the causal signals, suggested runbook links, and current system state; a metrics backend (Prometheus, Datadog, or equivalent) that receives all events transformed into dimensional metrics for dashboard visualization and historical trending; and an incident management system (Jira, Linear, or equivalent) that receives aggregated failure summaries for events that persist beyond the auto-resolution window. The router implements deduplication logic that groups related events within a configurable time window—for example, one hundred individual request failures during a provider outage become a single incident with a count field and a representative sample of causal signals rather than one hundred separate alerts. You will study why this deduplication must be category-aware: a simultaneous provider failure and cost spike should produce two distinct incidents even though they share a time window, because they require different responders and different remediation actions. You will also implement auto-resolution logic where the router closes an incident when the failure signal drops below the alerting threshold for a sustained period, but preserves the full event history for postmortem analysis.

    • Testing failure event models against real incident scenarios validates that your schema and routing logic perform correctly under the conditions that matter most—actual production failures. You will learn to build an incident replay harness that ingests recorded production telemetry from past incidents (or synthetic scenarios modeled on documented public incidents from OpenAI, Anthropic, and Google status pages) and replays them through your failure event pipeline at accelerated speed. The harness validates that the correct failure category is assigned, the severity matches what a human incident commander would have chosen, the deduplication groups events correctly, and the alert payload contains sufficient context for triage. You will study three canonical replay scenarios: a gradual provider latency increase that crosses the threshold after twelve minutes of slow degradation; a sudden quality regression following an unannounced model update where hallucination rates triple within seconds; and a prompt injection attack that causes a cost spike while simultaneously degrading output quality, testing your pipeline's ability to emit correlated but distinct failure events across multiple categories. This replay-based testing approach ensures your failure event models are battle-tested before they encounter their first real production incident.

  4. Measure baseline failure rates across OpenAI, Anthropic, and Google providers

    • Measure baseline failure rates across OpenAI, Anthropic, and Google providersto establish the quantitative foundation your team needs for setting alert thresholds, negotiating SLAs, planning capacity, and making data-driven provider selection decisions. Without baselines, every alert threshold is arbitrary—set too low and you drown in false positives from normal variance; set too high and you miss real degradation until users report it. This goal teaches you to design and execute a systematic measurement campaign that characterizes normal failure behavior across all three major providers, accounts for temporal patterns (time-of-day, day-of-week, holiday effects), and produces the statistical profiles your alerting system needs to distinguish signal from noise. You will learn why baseline measurement is not a one-time activity but a continuous process, because provider behavior shifts with model updates, capacity changes, and evolving usage patterns, and your baselines must adapt accordingly or become stale within weeks.

    • Designing the measurement campaign requires defining exactly what you measure, how frequently, and for how long before declaring the baseline statistically valid. You will learn to measure six core metrics per provider: availability (percentage of requests returning a non-error response), P50/P95/P99 latency, error rate by error type (rate limit, server error, timeout, content filter), token throughput (tokens per second for both prompt processing and completion generation), quality score (a composite metric from your semantic instrumentation combining schema validity, hallucination screen pass rate, and response-similarity stability), and cost efficiency (actual dollar cost per one thousand tokens compared to the provider's published pricing, accounting for retry overhead). Each metric is measured using synthetic probe requests that execute every sixty seconds against each provider, supplemented by production traffic metrics that capture the real workload distribution. You will study why synthetic probes alone are insufficient (they do not capture the failure modes triggered by complex production prompts, high-concurrency bursts, or large context windows) and why production metrics alone are insufficient (they cannot distinguish provider-side degradation from changes in your own traffic patterns), and why the combination of both is necessary for accurate baselines.

    • Accounting for temporal patterns and establishing statistical thresholds transforms raw measurements into operationally useful baselines. You will learn to decompose each metric's time series into three components: a trend component (gradual long-term shift, often correlated with provider capacity changes), a seasonal component (predictable patterns at daily and weekly cycles, such as higher latency during US business hours when provider load peaks), and a residual component (the random variation that remains after removing trend and seasonality). Your alert thresholds operate on the residual component: a latency increase that falls within the normal residual range for this time of day and day of week is not alertable, but the same absolute latency value would be alertable if it occurs during a period that is historically low-latency. You will implement this as a dynamic threshold system using exponentially weighted moving averages with separate models for each hour-of-week combination, giving you 168 distinct baseline profiles per metric per provider. You will study the cold-start problem (how to set initial thresholds before you have enough data for statistical decomposition) and learn to use conservative static thresholds during the first two weeks of measurement that gradually hand off to dynamic thresholds as your seasonal models converge.

    • Comparing providers and building a selection matrix turns your baseline data into actionable intelligence for architecture decisions. You will learn to construct a provider comparison matrix that ranks OpenAI, Anthropic, and Google across all six core metrics for each model tier (flagship, mid-tier, fast/cheap) and each usage pattern (short prompts with short completions, long context with short completions, short prompts with long completions, streaming versus non-streaming). The matrix reveals that provider performance is not uniformly ranked—one provider may have the best P50 latency but the worst P99 tail, another may have the highest availability but the most aggressive rate limiting, and a third may offer the best quality scores but at the highest cost. You will learn to weight the matrix dimensions according to your specific application requirements (a customer-facing chatbot weights latency and quality heavily while a batch processing pipeline weights cost and throughput heavily) and produce a primary/fallback provider assignment for each workload class. The matrix also identifies single points of failure: if all three providers show correlated quality degradation for a specific prompt pattern, that pattern itself is a risk factor regardless of provider choice, and you need a mitigation strategy that does not depend on provider switching.

    • Operationalizing baseline measurement as a continuous process ensures your baselines remain accurate as providers evolve. You will learn to implement a baseline refresh pipeline that runs weekly, ingesting the latest seven days of measurement data, recalculating seasonal models, detecting trend shifts, and automatically adjusting alert thresholds. The pipeline also generates a weekly provider health report that highlights statistically significant changes in any metric—for example, "Anthropic P99 latency increased 23% week-over-week during UTC 14:00-18:00, likely due to capacity changes" or "OpenAI hallucination screen fail rate decreased 8% following their model update on Tuesday." You will learn to flag baseline shifts that require human review versus those that can be auto-absorbed: a gradual five-percent latency increase over four weeks is auto-absorbed by the trend component, but a sudden step-change in error rate after a provider announces a new API version requires human review because it may indicate a breaking change in your integration. The weekly report becomes a standing agenda item in your team's operational review, ensuring that baseline drift never accumulates silently into a gap between your expectations and reality. You will also implement canary-based baseline validation where a small percentage of production traffic is always routed to each provider regardless of the current primary assignment, ensuring that your baselines for fallback providers remain fresh and accurate even when they are not carrying production load.

Key Terminology

Failure Taxonomy
A hierarchical classification system that organizes GenAI system failures into discrete categories—provider, quality, cost, security, and data—enabling teams to route incidents to the correct runbook and assign appropriate severity levels.
Provider Outage
A partial or complete loss of service from an upstream LLM provider such as OpenAI, Anthropic, or Google, detected by monitoring HTTP 5xx response codes, connection timeouts, or sudden latency spikes that exceed the provider's published SLA thresholds.
Silent Failure
A degradation in model output quality that does not trigger any HTTP error code or explicit exception, making it invisible to traditional health checks and requiring semantic-level evaluation pipelines to detect.
Quality Degradation
A measurable decline in model response accuracy, coherence, or relevance that occurs without provider notification, often caused by upstream model updates, shifted routing weights, or quota-based throttling that silently downgrades the serving model tier.
Hallucination Detection
The process of programmatically identifying outputs where the model generates factually incorrect, fabricated, or unsupported claims by cross-referencing responses against grounding documents, knowledge bases, or deterministic validation functions.
Hallucination Rate
The ratio of responses containing at least one verifiably false or unsupported claim to the total number of responses evaluated, measured over a rolling window and tracked per provider-model pair to establish baseline drift thresholds.
Cost Overrun
An unplanned escalation in LLM API spend caused by prompt bloat, retry storms, runaway batch jobs, or unexpected token-count inflation, typically detected by comparing real-time billing telemetry against per-model and per-tenant budget envelopes.
Prompt Injection
A security failure where adversarial input embedded in user-supplied text manipulates the model into ignoring system instructions, leaking internal prompts, or executing unintended actions, requiring both input sanitization and output validation to mitigate.
Indirect Prompt Injection
A variant of prompt injection where the malicious payload is not supplied directly by the user but is embedded in retrieved documents, tool outputs, or database records that the model processes as part of a retrieval-augmented generation pipeline.
Embedding Drift
A gradual shift in the vector representations produced by an embedding model—caused by provider-side model updates or retraining—that degrades retrieval accuracy in vector databases without changing any application code or data.
Token Budget Exhaustion
The condition where a request's combined input and output tokens exceed the model's context window or the application's configured maximum, resulting in truncated context, incomplete responses, or hard rejections from the API.
Retry Storm
A cascading failure pattern where multiple application instances simultaneously retry failed LLM API calls with insufficient backoff, amplifying load on an already degraded provider and accelerating both cost accumulation and rate-limit exhaustion.
Rate Limit Saturation
The state where an application's request volume reaches or exceeds the provider-imposed tokens-per-minute or requests-per-minute quota, causing HTTP 429 responses that degrade throughput and trigger fallback or queuing logic.
Semantic Regression
A backward-incompatible change in model behavior where prompts that previously produced correct, well-structured outputs begin returning degraded results after a provider-side model version update, detectable only through evaluation suites that assert on output semantics rather than format alone.
Failure Event Model
A structured, typed data object that captures the metadata of a GenAI failure—including timestamp, provider, model version, failure category, severity, raw request-response pair, and downstream impact—used as the canonical unit for alerting pipelines and post-incident analysis.
Multi-Provider Gateway
An application-layer routing component that dispatches LLM requests across multiple providers based on cost, latency, availability, and capability requirements, serving as the centralized instrumentation point for detecting and classifying all five failure categories.
Baseline Failure Rate
The statistically established normal frequency of each failure category measured over a stable observation period, used as the reference threshold against which anomaly detection algorithms trigger alerts for provider, quality, cost, security, or data failures.
Circuit Breaker
A resilience pattern applied to LLM provider calls that transitions from closed to open state after a configurable number of consecutive failures, temporarily halting requests to the degraded provider and redirecting traffic to healthy alternatives until a probe request confirms recovery.

On This Page