The Elevation Tax

Every layer of defense elevates the vulnerability to the layer above, where you have fewer tools and less experience. The total risk in a system is approximately conserved - security measures don't reduce risk, they elevate it to less familiar territory.

Why It Happens

Each defense secures its own layer effectively. But by securing that layer, it forces attacks to the next layer up - which is newer, less understood, and has fewer detection tools. Code security pushed attacks to supply chains. Supply chain auditing pushed attacks to agent judgment. Agent monitoring pushed attacks to human attention budgets. Governance toolkits push attacks to shared worldview blind spots.

Why It Matters

The instinct to "add more layers" is counterproductive when every layer creates a new attack surface at the boundary above. A 10-layer security stack has one attack surface: the top, which is the least defended because it's the newest. Security architecture that builds height concentrates risk at the top.

The Fix

Build wider, not taller. Add genuinely different worldviews at the same layer rather than more layers of the same worldview. 3 layers with 4 independent perspectives per layer creates 12 independent failure modes. Width distributes risk across perspectives that can't all be wrong simultaneously. Height concentrates it.