O'Reilly的快报:快速路径与慢速路径
Source: Stack Overflow Blog
编辑注:我们在博客上开设了周五专栏,以定期提供来自开发者社区内部或外部的声音的见解。这是首篇专栏,重新发布了 O’Reilly Media 博客 Radar 上的一篇文章。我们将每月转载他们的内容。
本文最初发表于 O’Reilly Radar 并经作者许可在此重新发布。
快速路径与慢速路径
自主 AI 系统迫使架构师面对一个越来越难以回避的问题:每一个决策是否都必须同步治理才能安全?
乍一看,答案似乎很明显。如果 AI 系统能够自行推理、检索信息并执行动作,那么每一步都应该经过控制平面,以确保正确性、合规性和安全性。任何少于此的做法都显得不负责任。但这种直觉直接导致了在自身重量下崩溃的架构。
随着 AI 系统从孤立的试点扩展到持续运行的多代理环境,普遍调解不仅成本高昂,而且 在结构上与自主性本身不兼容。挑战不在于在控制与自由之间做选择,而在于学会有选择地施加控制,而不破坏使自主系统有价值的特性。
本文探讨了生产系统中如何实现这种平衡——不是对每一步进行治理,而是区分 快速路径 与 慢速路径,并将治理视为 反馈问题 而非审批工作流。
从咨询到代理
第一代企业 AI 系统主要是咨询型的。模型生成建议、摘要或分类,由人类在执行前进行审查。在这种情境下,治理可以保持缓慢、手动和零星的方式。
这种假设已不再成立。现代代理系统会分解任务、调用工具、检索数据并持续协调行动。决策不再是离散事件,而是持续执行循环的一部分。当治理被框定为必须批准每一步时,架构很快会漂移到脆弱的设计——理论上拥有自主性,实际却被限制。
关键错误在于把治理当作 同步闸门 而不是 调节机制。一旦每个推理步骤都必须获得批准,系统要么变得不可用地慢,要么团队悄悄绕过控制以保持运行。两种结果都无法实现安全。
真正的问题不是 是否 需要治理,而是 哪些决策实际上需要同步控制——哪些不需要。
普遍调解的代价
将每个决策都路由到控制平面看似更安全,直到工程师尝试构建它时,成本立刻显现:
- 延迟 在多步推理循环中累积
- 控制系统 成为单点故障
- 误报 阻断良性行为
- 协调开销 随规模呈超线性增长
这并不是新教训。早期的分布式事务系统尝试对每个操作进行全局协调,结果在真实负载下失败。早期网络将策略直接嵌入数据包处理,因复杂性而崩溃,随后才出现控制平面与数据平面的分离。
当治理直接嵌入执行路径时,自主 AI 系统会重演同样的模式。每一次检索、推理或工具调用都可能成为瓶颈。更糟的是,故障会向外传播:控制变慢导致执行排队;执行停滞使下游系统行为异常。普遍调解 不会 带来安全,只会产生脆弱性。
快速路径:常态情况
生产系统通过允许大多数执行在没有同步治理的情况下进行而得以生存。这些执行流——快速路径——在预先授权的行为范围内运行。它们 不是 无治理的,而是 受约束 的。
快速路径可能包括:
- 从已批准的数据域例行检索
- 使用已获任务批准的模型进行推理
- 在受限权限范围内调用工具
- 保持可逆性的迭代推理步骤
快速路径假设并非所有决策风险相同。它们依赖于事先授权、上下文约束以及持续观察,而不是每一步都进行同步审批。
an per‑step approval. Crucially, fast paths are revocable. The authority that enables them is not permanent; it is conditional and can be tightened, redirected, or withdrawn based on observed behavior. This is how autonomy survives at scale—not by escaping governance but by operating within dynamically enforced bounds.
Slow Paths: The Exception
Not all decisions belong on fast paths. Certain moments require synchronous mediation because their consequences are irreversible or cross trust boundaries. These are slow paths.
Examples include:
- Actions that affect external systems or users
- Retrieval from sensitive or regulated data domains
- Escalation from advisory to acting authority
- Novel tool use outside established behavior patterns
Slow paths are not common. They are intentionally rare. Their purpose is not to supervise routine behavior but to intervene when the stakes change. Designing slow paths well requires restraint. When everything becomes a slow path, systems stall. When slow paths are absent, systems drift. The balance lies in identifying decision points where delay is acceptable because the cost of error exceeds the cost of waiting.
Observation vs. Intervention
A common misconception is that selective control implies limited visibility. In practice, the opposite is true. Control planes observe continuously. They collect behavioral telemetry, track decision sequences, and evaluate outcomes over time. What they do not do is intervene synchronously unless thresholds are crossed.
This separation—continuous observation, selective intervention—allows systems to learn from patterns rather than react to individual steps. Drift is detected not because a single action violated a rule, but because the aggregate behavior deviates from expected norms.
By embracing fast‑path execution with conditional, revocable authority and reserving slow‑path mediation for truly high‑risk decisions, architects can build autonomous AI systems that are both scalable and safe.
Trajectories begin to diverge from expected behavior. Intervention becomes informed rather than reflexive.
Figure 1. Fast paths and slow paths in an agentic execution loop
AI‑native cloud architecture introduces new execution layers for context, orchestration, and agents, alongside a control plane that governs cost, security, and behavior without embedding policy directly into application logic. Figure 1 illustrates that most agent execution proceeds along fast paths operating within pre‑authorized envelopes and continuous observation. Only specific boundary crossings route through a slow‑path control plane for synchronous mediation; after mediation, execution resumes—preserving autonomy while enforcing authority.
When intervention is required, effective systems favor feedback over interruption. Rather than halting execution outright, control planes adjust conditions by:
- Tightening confidence thresholds
- Reducing available tools
- Narrowing retrieval scope
- Redirecting execution toward human review
These interventions are proportional and often reversible. They shape future behavior without invalidating past work. The system continues operating, but within a narrower envelope. This mirrors mature control systems in other domains: stability is achieved not through constant blocking but through measured correction. Direct interruption remains necessary only in rare cases where consequences are immediate or irreversible, and it operates as an explicit override rather than the default mode of control.
Governance Cost Curve
Governance has a cost curve, and it matters. Synchronous control scales poorly—each additional governed step adds latency, coordination overhead, and operati
Source:
选择性控制平坦化曲线。通过让快速路径占主导并为高影响决策保留慢速路径,系统既保持响应性又保持权威。治理成本随自治程度的增长呈亚线性增长,使规模化成为可行而非脆弱。这就是看起来不错的控制与在生产环境中存活的控制之间的区别。
面向自治系统的架构转变
设计自治系统的架构师必须重新思考若干假设:
- 控制平面调节行为,而不是批准操作。
- 可观测性必须捕获决策上下文,而不仅仅是事件。
- 权威成为运行时状态,而不是静态配置。
- 安全性来源于反馈回路,而不是检查点。
这些转变是架构层面的,而非过程层面的;仅靠政策无法事后补装。
图 2. 控制作为反馈,而非批准
AI 代理在共享的 上下文结构 上运行,该结构管理短期记忆、长期嵌入和事件历史。将状态集中化能够实现推理连续性、可审计性以及治理,而无需在各个代理内部嵌入记忆逻辑。图 2 展示了控制如何作为反馈系统运作:持续的观察推动约束更新,从而塑造未来的执行。直接中断仍然存在,但仅作为最后手段——保留给不可逆的危害,而非日常治理。
想要治理每一次决策的冲动是可以理解的;这会让人觉得更安全。规模化的安全并非来自于看到一切,而是来自于在关键时刻能够介入。
自治 AI 系统只有在治理从逐步批准转向面向结果的监管时才仍具可行性。
- 快速路径 保持自治。
- 慢速路径 保持信任。
- 反馈 保持稳定。
AI 治理的未来不是更多的闸门,而是 更好的控制——而正确的控制 并不会 阻止系统行动。它确保系统即使在自治程度提升的情况下,也能安全地持续运行。
© 2026 O’Reilly Media, Inc. and/or Its Licensors