Zero‑trust ensembles pitched

A growing group of engineers is arguing that one language model should not get the last word on a production request. Instead, they want systems that route prompts across multiple models and keep checking the answers before anything reaches a user. (openreview.net) The idea borrows from zero-trust security, where access is never assumed and every step is verified. The National Institute of Standards and Technology’s 2020 zero-trust architecture guide defines that approach as continuous validation rather than one-time trust. (nvlpubs.nist.gov) In artificial intelligence systems, routing means sending each prompt to the model most likely to handle it well on cost, speed, or quality. A January 26, 2026 ICLR poster paper from Google researchers said dynamic routing can keep working even when new models are added to or removed from the serving pool. (openreview.net) That matters because production artificial intelligence does not fail like ordinary software. Amazon Web Services says large language model systems need trace-based monitoring for outputs, latency, token costs, hallucination rates, fallback rates, and tool-use errors because teams otherwise lose visibility into what went wrong. (docs.aws.amazon.com) Microsoft makes a similar case in its Azure Foundry guidance. Its observability docs say teams should collect logs, traces, model outputs, and evaluation metrics, then set alerts when responses miss quality thresholds or produce harmful content. (learn.microsoft.com) The “ensemble” part means more than one model is involved in a single workflow. One model can answer, another can grade, a third can handle fallback cases, and the system can escalate hard prompts instead of forcing every request through the same model. (openreview.net) That requires a steady stream of measurements about how the system is behaving. Evidently, an open-source evaluation and monitoring tool, says its library includes 100-plus metrics and a testing interface for tracking data and artificial intelligence quality over time. (docs.evidentlyai.com) Those measurements are often drift signals, which check whether live inputs or outputs have shifted away from the data a system was built around. Evidently’s documentation lists drift detection and dataset-level checks among its core metrics, including tests for changes in means, standard deviations, and other column statistics. (docs.evidentlyai.com) Commercial observability vendors are building around the same assumption: the model call itself is not enough. Datadog says its LLM observability tools surface anomalies in duration, error rates, and evaluation results, and can trace calls to providers such as OpenAI, Anthropic, and Amazon Bedrock. (docs.datadoghq.com) The pitch behind zero-trust ensembles is straightforward: treat every prompt, model output, and tool action as something to verify, not something to trust by default. As more companies swap single-model apps for multi-model stacks, the routing layer and the monitoring layer are starting to merge. (docs.aws.amazon.com)