What is Fail-Open?
Fail-open is a security posture where if policy evaluation fails for any reason, the tool call is allowed to proceed — prioritising availability over security. Useful during development but risky in production.
WHY IT MATTERS
Fail-open is the opposite of fail-closed: when the policy system cannot make a decision, access is granted. This prioritises availability — the agent can continue operating even when the policy layer encounters problems. In development and prototyping, this is often the right trade-off.
During early development, agents are experimental. You are iterating on prompts, testing tool integrations, and exploring what MCP servers can do. Strict policy enforcement at this stage creates friction without proportional benefit — the environment is ephemeral, the data is not production, and the consequences of uncontrolled access are minimal. Fail-open lets you develop freely while still benefiting from policy logging and observation.
However, fail-open in production is a security anti-pattern. It means any failure in the policy layer — a bug, a crash, a malformed policy file — silently disables enforcement. The agent operates as if no policies exist, with full access to every tool on every server. This is why Intercept defaults to fail-closed and requires explicit opt-in for fail-open behaviour.
HOW POLICYLAYER USES THIS
Intercept supports fail-open as a configurable option at the global and server level. When enabled, policy evaluation errors result in allow decisions rather than deny. The error is still logged, and the decision log records that the allow was due to a fail-open fallback rather than a matching rule. This traceability ensures fail-open behaviour is visible in audit trails. Intercept's configuration warns when fail-open is enabled for production-flagged environments.