Why Agents Need Both Deterministic Checks and Probabilistic Confidence Thresholds

Deterministic checks catch what is provably wrong. Confidence thresholds catch what might be wrong. You need both because the failure modes they cover do not overlap.

B

Balagei G Nagarajan

4 MIN READ


Constitutional Classifiers (arXiv:2501.18837, Anthropic, Jan 2025) demonstrated that layered safety checks - combining hard rule evaluation with model-based confidence scoring - reduced policy violation rates by 90% compared to either approach alone. The reduction came from complementarity: deterministic rules caught known violation patterns with 100% recall; confidence scoring caught novel violations where no rule existed but model uncertainty was high. Neither layer alone achieved more than 45% of the combined reduction. Constitutional Classifiers cut violations 90% pairing rules and confidence; a better model still needs both. (arXiv:2501.18837)
Dual-layer verification hero
Deterministic checks evaluate output against explicit, encoded criteria with binary results.
— from “Why Agents Need Both Deterministic Checks and Probabilistic Confidence Thresholds”

Key facts.

  • Constitutional Classifiers (arXiv:2501.18837, 2025): combined deterministic plus probabilistic verification reduced violation rates by 90% vs 45% for either approach alone.
  • The complementarity is structural: deterministic checks have 100% recall for in-distribution violations but 0% for novel cases; confidence checks have broad coverage but higher false-positive rates on known cases.
  • Confidence score thresholds without deterministic rules create a tuning treadmill: adjusting thresholds to reduce false positives for one class of output increases false negatives for another, with no stable operating point.
  • The dual-layer design decouples the two optimization problems: deterministic rules are maintained by policy teams; confidence thresholds are tuned by ML engineers. Separation of concerns produces a more maintainable system.

What deterministic checks cover

Deterministic checks evaluate output against explicit, encoded criteria with binary results. They do not use model inference. Schema validation: does the output conform to the required structure? Business rule evaluation: does the output comply with encoded policies? Range checks: are numeric values within approved bounds? Reference validation: do the IDs in the output correspond to real records in the system of record?

For any violation type that can be precisely specified, deterministic checks are the right tool. They are fast, cheap, predictable, and independently auditable. A compliance team can read the rule specification and verify that it captures the intended policy. A regulator can inspect the check and confirm it implements the requirement. These properties are not available from model-based checks.

The limit of deterministic checks is the limit of what can be precisely specified. Novel input combinations, semantic errors that violate the intent of a policy without violating its letter, and failure modes that were not anticipated during rule design are invisible to deterministic checks.

What confidence thresholds cover

Confidence thresholds flag outputs where the agent's own uncertainty is high, even when no specific rule flags a problem. A well-calibrated model's confidence score is a meaningful signal: when the model is highly uncertain, the output is more likely to be wrong, novel, or in a distribution the model has not been trained to handle reliably.

The threshold is a policy decision: below what confidence level do we require human review or additional verification? Higher thresholds flag more outputs for review (higher sensitivity, lower specificity). Lower thresholds pass more outputs automatically (lower sensitivity, higher specificity). The right threshold depends on the consequence of a missed error vs the cost of an unnecessary escalation.

The limit of confidence thresholds is calibration. Models are not reliably calibrated across all task types - they can be overconfident on novel inputs precisely when uncertainty-based routing is most needed. Deterministic checks provide the backstop for cases where confidence is high but the output violates an explicit rule.

# Dual-layer verification implementation
def dual_layer_verify(output, task_spec, confidence_threshold=0.85):
 # Layer 1: deterministic rule checks
 rule_result = business_rules_engine.evaluate(output, task_spec.rules)
 if not rule_result.ok:
 return VerificationResult.fail("rule", rule_result.violations)

Layer 2: confidence threshold check

confidence = output.model_confidence if confidence < confidence_threshold: return VerificationResult.escalate( reason=f"Confidence {confidence:.2f} below threshold {confidence_threshold}", output=output )

return VerificationResult.PASS

Dual-layer verification Venn diagram

Coverage comparison

Verification approachKnown violationsNovel violationsSemantic errorsFalse positive rate
Deterministic rules only100% recall0% recall0% recallVery low
Confidence threshold onlyVariable (calibration-dependent)Good recallGood recallHigher
Dual-layer combined100% recallGood recallGood recallLow (rules filter known cases)

The Pattern Intelligence Layer specifies both layers for each pattern: the deterministic rule set relevant to the pattern's domain, and the confidence threshold appropriate to the pattern's consequence level. High-consequence patterns use tighter thresholds and more comprehensive rule sets. The dual-layer specification ships with the pattern - not as a downstream integration task.

Frequently asked questions


Share this post

Join the discussion

Have a take, a war story, or a question? Sign in with GitHub to comment and react. Comments are powered by GitHub Discussions, ad-free and yours to moderate.

Continue Reading

Find where your agent breaks, before you build it

Faultmap maps where your agent will fail from the goal and your data, then hands you the first test suite it has to pass.