# The Diagonal Law

> Source: <https://www.voodootikigod.com/amm-3-diagonal-law>
> Published: 2026-07-08 21:24:08+00:00

Your AI program has two numbers, and you are probably tracking one of them.

The first number is **capability**: what you have deployed. The natural progression is prompts, then skills, then agents, then orchestrated fleets of agents. This number has a budget line, a vendor ecosystem, a slide in the board deck, and a conference circuit devoted entirely to increasing it. Everyone tracks this number. It's the one your dashboard is green about.

The second number is **verification**: what mechanism establishes that the work your AI produces is actually correct, and whether that mechanism scales. This number has no vendor category, rarely has a named owner, and almost never appears in the board deck. Most organizations could not tell you what theirs is if you asked in the meeting.

The Diagonal Law says the relationship between these two numbers is the whole agentic maturity game:

Capability above verification is risk; verification above capability is waste.

The law names resting states, not moves. Safe progress is diagonal, and the safe way to walk a diagonal is a staircase: build the verification step, then climb the capability step onto it. Time spent on one step above the diagonal is sequencing. Residence above it is waste. Time below it, in any amount, is risk.

I built this grid the same way I built the [ADLC's flaw inventory](/adlc-1-models-arent-human): name the failure mode precisely enough and it stops being a vibe and starts being a checklist. For the ADLC, I named eight ways model-based builders fail that human developers don't. This one names seven ways enterprises misalign capability and verification, and, not by coincidence, the fix for the worst one turns out to be the same move both times: fresh contexts chartered to refute the work, not assess it.

Nearly every enterprise AI failure that makes the news, and, if you run agents under mandatory human review, at least one that is quietly developing inside your own organization right now, is an off-diagonal state on this grid. The exceptions are failures of raw model capability: a hallucinated fact inside a process that was correctly designed and verified belongs to a different axis entirely. Everything else lands here, and every off-diagonal state has a name.

## The two ladders[#](#the-two-ladders)

The [previous article](/amm-2-five-levels) in this series defined maturity by where trust lives, named the trust location. This grid gives that definition coordinates.

The **capability ladder** is the visible one, the one every vendor sells as the whole story:

**C0 - None.** No sanctioned AI capability. Whether any*unsanctioned*capability exists is a different question, and we'll get to it.**C1 - Prompt.** Personal, ephemeral, unversioned. Value dies with the author.**C2 - Skill.** The first*organizational*unit of AI capability: a versioned, shared, reviewable artifact bundling procedure, context, and constraints. The prompt is to the skill what the shell one-liner is to the committed script.**C3 - Agent.** Autonomy at task scale. An agent owns a ticket, not a keystroke.**C4 - Orchestration.** Multiple agents under deterministic control flow, fan-out, verification panels, pipelines, maturing into a lifecycle that improves itself.

The **verification ladder** is the load-bearing one, the one nobody sells:

**V0 - Prevention.** Policy as the only control. Nothing is verified because, officially, nothing exists.**V1 - Individual judgment.** Whoever ran the prompt decides if the output is good. Trust is a private matter.**V2 - Human review.** A person reads everything AI produces before it counts. The pre-AI trust mechanism, unchanged.**V3 - Rails and adversarial review.** Executable tests frozen before implementation, contracts the builder cannot argue with, fresh contexts chartered to*refute*the work rather than assess it.**V4 - Calibrated prosecution.** Planted defects measure what the gates actually catch. Review stops being a ritual and becomes an instrument with a known error rate.

Put capability on the horizontal axis and verification on the vertical, and every organization occupies a cell of a five-by-five grid. Realistically a *region*: large enterprises sit in different cells per team, and the outliers matter, because incidents start with your outlier teams, not your organization-wide average. The diagonal cells, where the ladders align, are the five maturity levels from the last post. Everything else is a trap.

Scope: the grid maps work whose acceptance criteria can be made executable. Where regulation or irreducible judgment mandates a human decision, the diagonal tops out at a mandated lane, V2 plus rails, human judgment as the final gate, treated as aligned, not as M2.

### The only safe path

Each level boundary has one keystone unlock. Capability rungs can be bought; trust relocation cannot, which is exactly why leapfrogging manufactures M2 and M3.

### The misalignment inventory

Locate your organization in under a minute. Four of these failure modes live on the grid; three live on the knowledge and observability tracks that run beneath it.

#### Shadow Fleet

Capability C1–2 · Verification V0

Policy says no; egress logs say yes. Usage exists, it is just invisible. Risk without governance, and no telemetry to even measure it.

#### The Review Bottleneck

Capability C3 · Verification V2

Agents produce task-scale output; humans still read every diff, or pretend to. The defining pathology of the era, and where most successful AI programs are parked.

#### Cowboy Autonomy

Capability C3–4 · Verification V1

Agents merging with neither human nor machine gates. Fast until it isn't.

#### Compliance Freeze

Capability C1 · Verification V3–4

Gates so heavy nothing ships. Trust infrastructure with nothing to trust, the above-diagonal failure: waste as a residence, not a staircase step.

#### The RAG Plateau

Knowledge track stuck at L2

“We implemented RAG” presented as an AI strategy. Runtime retrieval hoarding, with no compilation of stable knowledge into skills.

#### Dashboard Theater

Observability track stuck at L2

Seats, tokens, and acceptance rates reported as outcomes. No defect-escape or gate-calibration data exists. Acceptance rate is a sentiment metric in a lab coat.

#### Skill Rot

Knowledge L3 without observability L4

A skill library authored once in a burst of enthusiasm, never mined, never versioned, quietly decaying into misinformation.

## View the grid as text

| State | Capability | Verification | Reading |
|---|---|---|---|
| L0 Prohibition | C0 None | V0 Prevention | Aligned but blind; shadow usage exists anyway |
| L1 Experimentation | C1 Prompt | V1 Individual judgment | Aligned; nothing compounds |
| L2 Assistance | C2 Skill | V2 Human review | Aligned; feels mature, doesn't scale |
| L3 Delegation | C3 Agent | V3 Rails + adversarial review | Aligned; trust has moved to machine gates |
| L4 Operationalization | C4 Orchestration | V4 Calibrated prosecution | Aligned; the compounding system |
| M1 Shadow Fleet | C1–2 | V0 | Risk; usage without visibility |
| M2 Review Bottleneck | C3 | V2 | Risk; agents outrun human review |
| M3 Cowboy Autonomy | C3–4 | V1 | Risk; autonomy without gates |
| M6 Compliance Freeze | C1 | V3–4 | Waste; gates with nothing to trust |

Two measures govern how bad an off-diagonal cell is. The distance from the diagonal measures the size of the trust gap. The volume of work flowing through the capability measures your exposure to it. The same shallow gap is a smaller problem under a trickle of shadow prompts than under an agent fleet's full output, which is why the mildest trap and the defining one sit at the same distance from the diagonal, and volume, not geometry, separates them.

## The Diagonal Law's jurisdiction[#](#the-diagonal-laws-jurisdiction)

Before walking the grid, let's discuss an honest boundary: the verification ladder ranks trust mechanisms *for work whose acceptance criteria can be made executable*, code, configuration, structured analysis, anything a frozen test or contract can adjudicate. That covers a far larger share of enterprise AI work than most leaders assume, and the whole ADLC argument is that teams under-invest in making criteria executable in the first place. But it doesn't cover everything.

Where correctness is irreducibly a judgment call, novel architecture, strategy, ethics, taste, expert human review is not a rung to transcend. It's the ceiling, and machine gates serve as filters that concentrate the human's attention, not replacements for it. The same is true where regulation makes a human decision-maker a legal floor: in medical devices, aviation software, credit decisions, and their neighbors, "no human reads the output" is a compliance violation, not Level 3. For that work, the diagonal tops out at a **mandated lane**, V2 - Human Review plus rails: human judgment as the final gate, machine verification underneath it, which the model treats as aligned, not immature. The lane is deliberately not a numbered level. It fails Level 3's audit check by design. (If your work lives in the mandated lane, read its C3 - Agent/V2 - Human Review cell as this carve-out, not as M2.)

One warning before reaching for this exemption: it has to be earned, not claimed. The boundary test is whether you can name the specific acceptance criterion that resists any executable expression. "We haven't written the tests yet" is not judgment work. It's M2 (defined below, The Review Bottleneck) with a vocabulary. The Diagonal Law governs everything on the other side of that boundary, which is where most enterprise AI output already lives.

## The risk triangle: capability outruns verification[#](#the-risk-triangle-capability-outruns-verification)

Below and to the right of the diagonal, output is produced faster than anything establishes it's correct. Three named states live here. You'll meet M4, M5, and M7 in later articles in this series; the inventory is numbered across the whole model, and those three live on tracks this post sets aside.

### M1 - Shadow Fleet (C1-2, V0)[#](#m1---shadow-fleet-c1-2-v0)

Policy says no. The egress logs say yes. Engineers are pasting code into personal accounts, running local agents, expensing tools under ambiguous line items, and because the official posture is prohibition, none of it is visible, none of it is governed, and none of it can even be measured. The Shadow Fleet is usually the mildest off-diagonal state, the volume flowing through it is a trickle, and the most common first trap: risk is small per incident, but the organization has forfeited the telemetry it would need to know that.

### M2 - The Review Bottleneck (C3, V2)[#](#m2---the-review-bottleneck-c3-v2)

This is the defining trap of the era, so it earns the longest look.

An organization reaches M2 by doing everything right according to the adoption playbook. Licenses procured. Policy written. Copilots deployed, then agents. Usage climbs, the dashboard glows, the transformation program declares victory. And the trust mechanism throughout is the same one the organization used before AI existed: a human reads everything.

Here is the arithmetic that playbook never runs. Agents multiplied the volume of reviewable output; human review capacity did not multiply. Whatever the exact ratio in your shop, the direction isn't in doubt: production scaled and verification didn't. So the gap has to go somewhere, and there are only a few places it can go. You can hire reviewers, but you're hiring linearly against a capability that scales with compute. You can throttle the agents to review capacity, which quietly caps the ROI the program was sold on, and the throttle never survives the next quarter's targets. You can triage, routing only "high-risk" output to full review, which is real progress *if* the triage criteria are themselves verified, and a silent hole if they aren't. Every one of these postpones the wall. None dissolves it. And when the postponements run out, the remaining pressure lands in the one place that absorbs it invisibly: reviewers quietly stop reading.

Rubber-stamping is not a moral failure of your reviewers. It's the rational response to an impossible workload, and it arrives silently. The approval still happens. The checkbox still gets checked. The audit trail still shows a named human on every change. What disappeared is the thing the checkbox was supposed to certify, and no dashboard notices, because the dashboard measures approvals, not attention.

Worse: the standard adoption metrics *improve* as review integrity collapses. Acceptance rate climbs. Cycle time drops. Throughput per engineer soars. Every number your program reports gets better as the actual safety mechanism quietly dies. Acceptance rate is a sentiment metric in a lab coat.

If you want to know whether this has already started, don't ask your reviewers. Measure. Take last quarter's AI-assisted changes and plot review duration against diff size. The cluster to fear is large diffs with tiny review times, substantial changes approved in under a minute. Nearly every organization that runs agents under mandatory full review develops this cluster; its size is your distance from the trust mechanism you think you have. A sub-minute approval is a screening signal, not a conviction, some of those are pre-reviewed designs or mechanical refactors. The *trend* is the tell.

M2 is where most "successful" enterprise AI programs are parked, and it's the reason this maturity model exists. The organizations in it feel mature. Their metrics say they're mature. They are one escaped defect away from a very different board conversation.

### M3 - Cowboy Autonomy (C3-4, V1)[#](#m3---cowboy-autonomy-c3-4-v1)

Agents merging with neither human nor machine gates. Sometimes this is a startup that never built gates. More often, inside an enterprise, it's what M2 decays into: a team drowning in review debt that starts auto-approving "low-risk" categories without first building the rails that would make that safe. M3 is fast, and every week it survives gets cited as evidence it's fine. It is not fine. It's unpriced risk accumulating off the books, discovered by the incident rather than the dashboard.

## The waste triangle: verification outruns capability[#](#the-waste-triangle-verification-outruns-capability)

Above and to the left of the diagonal sits the failure mode nobody writes post-mortems about, because its cost is invisible: opportunity.

The staircase distinction matters here. Verification running one step ahead of capability isn't waste. It's exactly the sequencing this model prescribes. Building the rails before deploying the agents is how you climb. The waste triangle names something else: verification as a *residence*. Infrastructure built, gates staffed, frameworks ratified, and a standing refusal to climb the capability step they were built for. The test that separates the two states is a single question: which capability step is this verification being built for, and when does it ship? Sequencing has an answer, a named step and a date. Residence has a standing committee.

### M6 - Compliance Freeze (C1, V3-4)[#](#m6---compliance-freeze-c1-v3-4)

An AI governance council. A model risk framework adapted from banking regulation. A seventeen-step approval process for any AI-touched change. And underneath all of it: a handful of engineers using prompts, because nothing more capable can survive the gauntlet. Trust infrastructure with nothing to trust.

The frozen state isn't safe. It's slow-motion loss. The organization pays for governance designed for a capability level it refuses to reach, while its competitors climb the diagonal and its own engineers drift quietly into the Shadow Fleet, which means the *actual* risk posture of a Compliance Freeze organization is often M1 wearing M6's badge. Prohibition-grade oversight of the sanctioned tools, zero oversight of the real ones.

## The truce[#](#the-truce)

Here's the political reading of the grid, because inside an enterprise the Diagonal Law isn't just an engineering claim. It's a negotiation.

Every vendor, and every enthusiast on your staff, pushes your organization **rightward**: more capability, now. Every CISO, auditor, and risk officer pushes **upward**: more control, first. Left to fight, these forces produce lurching, a sprint rightward into M2, an incident, a panicked slam upward into M6, a productivity revolt, another sprint rightward.

The diagonal is the truce. It gives the CTO and the CISO a shared map on which both of their instincts are correct, *in alternation*. The engineering side is right that the next capability rung must be climbed. The risk side is right that it must not be climbed before the verification rung below it exists. The Diagonal Law converts an ideological argument, move fast versus be safe, into a sequencing agreement: nobody argues about *whether*, only about *what must be true first*. In practice this is the model's highest-leverage use, not scoring maturity, but ending the meeting where the two halves of the company talk past each other.

## Why you cannot leapfrog[#](#why-you-cannot-leapfrog)

The seduction of the capability ladder is that every rung is for sale. A procurement order can put your organization at C4 by Friday: orchestration platforms, agent fleets, the works. The verification ladder's *tooling* is increasingly for sale too, eval platforms, guardrail products, red-team services. What isn't for sale is the thing the tooling instruments: the relocation of trust.

Trust relocations are organizational change. Rails have to be authored by people who learn to write executable specifications. Adversarial review, what the ADLC calls [prosecution](/adlc-4-prosecution-not-code-review), has to be chartered, and then *believed*, which means calibrated, because no engineering leader will actually stop requiring human review until someone can show, with planted defects, what the machine gates catch. Observability has to exist before any of it, because you cannot calibrate what you don't record. You can buy every one of those capabilities at a vendor booth. You cannot buy your organization's willingness to route trust through them.

This asymmetry, capability is purchasable, trust relocation is not, is the entire explanation for the shape of the industry right now. It's why the risk triangle is crowded and the diagonal is not. Buying C3 while standing at V2 does not make you a Level 3 organization. It makes you M2 with better tooling.

## Locate yourself in under a minute[#](#locate-yourself-in-under-a-minute)

Three questions. Run them per workstream, not per company; a large organization lands in different cells for different teams, and the outliers are the point. Each answer is audit-checkable, which is also the point: a maturity model whose levels can be reached by enthusiasm will be gamed by its own audience.

**1. Can AI-produced work reach production without a human reading it in full?**

First, check whether agents actually flow through the gates that would make this true: rails with nothing riding on them is not Level 3, it's the staircase step just before it (C2 over V3), and the only question is when you climb.

**Yes, with calibration data:** planted-defect catch rates, a log of gate findings converted into permanent controls. Level 4.**Yes, gates exist but nobody has measured them:** Level 3.**Yes, but there's no gate, just precedent and luck:** M3.**No, verification is V2 or below:** continue, and ask question two of every workstream that still routes through a human.

**2. Do you run agents, AI owning whole tasks rather than keystrokes?**

**No:** capability sits at C2 or below. Continue to question three.**Yes, outside the mandated lane:** agents under mandatory full human review is C3 over V2, which is M2*by construction*.**Yes, inside the mandated lane:** the same kind of measurement matters here too, but the target is rails*under*the human gate, never the removal of it.

For the outside-the-mandated-lane case, how far it's progressed is answered by the same measurement from the M2 section above: reviewers genuinely still reading everything means early M2, you're paying the full queue cost and the wall is ahead of you rather than behind you. A growing large-diff, tiny-duration cluster means the trust mechanism you're counting on has already partially dissolved. Either way the fix is the same, and it's not more reviewers.

**3. Does your governance match your actual usage, not your sanctioned usage?**

**Answering requires discovering what your actual usage is:** you have M1 somewhere in the building.**Governance is built for capabilities you prohibit:** you're paying M6 prices for M1 risk.**Verification is built out to V3-4 while capability idles at C1**, gates with no dated plan to put anything through them: that's M6 itself.** Policy, telemetry, and practice genuinely agree**(including the rare organization whose egress controls make prohibition real): you're wherever questions one and two put you, and you have the receipts to prove it.

Most readers will land in M2, and most of the rest in M1 or M6. That's not an indictment. It's a map reference. The traps aren't failures of intelligence or diligence. They're the natural resting states of the two forces described above, which is exactly why escaping them requires a law and not just good intentions.

## The move is toward the diagonal[#](#the-move-is-toward-the-diagonal)

One more thing the grid makes obvious that prose never did: when you find yourself off-diagonal, the corrective move is toward the diagonal, and which direction that is depends on which side you're on.

In the risk triangle, the move is **vertical**. Organizations here instinctively consider retreat: pull back the agents, move left. This feels responsible and accomplishes nothing, because the economic pressure that pushed you rightward hasn't gone anywhere. You'll be back in the same cell within two quarters, plus a demoralized engineering organization. The durable move is upward: keep the capability, build the verification underneath it. Freeze rails. Charter adversarial review. Instrument outcomes. In M3 the first vertical step is an emergency step, taken today: reinstate a gate, yes, a human one, yes, that lands you in M2, because rails take months to build and your exposure is daily. Then keep climbing.

In the waste triangle, the move is **horizontal**: keep the gates, they're genuinely valuable, and they were the hard half to build, and point them at real capability at last. An M6 organization is closer to Level 3 than it believes. It built the staircase's tall side first. What it never did was step onto it.

## The law, restated[#](#the-law-restated)

The grid has two axes, but the model underneath it has more tracks, knowledge and observability among them, with their own traps (the RAG Plateau, Dashboard Theater, Skill Rot) that later articles in this series take up. The Diagonal Law is the load-bearing case because capability and verification are the pair that produces incidents when misaligned in one direction and bleeds opportunity when misaligned in the other.

So: two numbers. The one you track, and the one that decides whether the first one is an asset or a liability.

Capability above verification is risk. Verification above capability is waste. Maturity is the discipline of climbing both ladders in step.
