AiCore logo

Lesson 3 — Learning from Failure and Applying Responsible Design

Module 2, Unit 3 | Lesson 3 of 3

By the end of this lesson, you will be able to:

  • Analyse real-world AI failure cases to identify which responsible design principles were violated and what specific design changes would have prevented the harm
  • Apply a structured case analysis framework to connect specific failure modes to the KSBs from this module
  • Articulate responsible design decisions in plain language appropriate for a non-technical senior stakeholder
  • Complete your workflow map annotation, incorporating the lessons from the case analysis into your own project's responsible design layer

Why failure cases matter

There is a particular kind of learning that comes from looking at what went wrong. It is different from reading about principles. When you work through a case in which an AI system caused real harm to real people, the responsible design principles from the previous lessons stop being abstractions and become recognisable patterns: here is what pseudo-oversight looks like when it materialises as harm; here is what happens when explainability is absent at the moment it is most needed; here is the point in the design process where a different decision would have changed everything.

The cases in this lesson are drawn from real events. They have been structured for learning purposes — simplified, with identifying details adapted — but the failure modes they illustrate are real, documented, and recurring. Working through them seriously requires more than surface observation ("they should have tested it more"). It requires identifying the specific design failure, the specific principle it violates, and the specific alternative design that would have addressed it.

Case A — The Biased Hiring Algorithm

A technology company implemented an AI recruitment tool to help screen CVs at scale. The system was trained on ten years of historical hiring data — CVs submitted by applicants and records of which applicants had been hired. The historical data reflected the company's historical hiring pattern, which had been predominantly male for technical roles.

The system learned, from that data, to penalise applications that contained signals associated with female applicants — including CVs that mentioned women's university clubs, sports teams, or professional networks. It was not explicitly programmed to discriminate. It optimised for what predicted success in the historical data, and in the historical data, being associated with female-gendered markers predicted lower rates of hire.

The system was in use for approximately four years before the bias was identified by an internal audit team. By that point it had influenced screening decisions across thousands of applications. The company withdrew the system and did not use it for hiring decisions, but the period during which it had been active and the scale of applications it had processed made the reputational and legal exposure significant.

What went wrong:

The system was trained on historical data that embedded past discriminatory practice. The training data was not audited for bias before use, and the system's outputs were not monitored for discriminatory patterns after deployment. There was no mechanism that would have surfaced the gender-correlated pattern to a human reviewer during routine operation.

Responsible design principles violated:

The fairness principle — outputs should not produce differential disadvantage for people sharing a protected characteristic — was violated structurally by the design choice to train on unaudited historical data. The accountability principle was violated by the absence of ongoing monitoring against equality-relevant metrics. The oversight design principle was violated by a deployment in which no human review mechanism was calibrated to detect the specific type of failure that subsequently occurred.

Reference: The Amazon AI recruiting case, widely reported in 2018, is the documented basis for this scenario. Reuters reporting at the time of disclosure provides detailed background.

Coach Cora
The thing to hold onto here is that the discrimination was technically unintended. The system was not built to disadvantage women. But intent is not the legal or ethical test — impact is. Under the Equality Act 2010, indirect discrimination does not require intent. If a practice produces a disproportionate disadvantage for a protected group and cannot be objectively justified, it is unlawful regardless of the purpose it was designed to serve. The AI champion's design responsibility includes asking: could this system produce a biased outcome? That question needs to be answered before deployment, not after.

Case B — The Medical Chatbot

A regional health service deployed a chatbot on its patient-facing website to handle enquiries and provide health information. The chatbot was designed to be maximally helpful — it was prompted to always provide a response, to be reassuring in tone, and to avoid referring patients to clinical staff unless the query explicitly mentioned an emergency keyword.

A patient in acute psychological distress contacted the chatbot. The patient described symptoms that would have been recognised by a clinical professional as indicating a crisis state. The chatbot responded with general wellbeing information and a suggestion to consider mindfulness practices. It did not route the patient to a crisis line. It did not escalate to a human. It did not express uncertainty or suggest the patient seek immediate help.

The harm that followed was not attributable solely to the chatbot's response — but an independent review commissioned by the health service found that the chatbot's response had been the patient's last attempted contact before a serious incident, and that its failure to escalate had represented a critical failure point in the pathway.

What went wrong:

The system was designed without an escalation pathway and without a confidence threshold below which the chatbot would decline to respond and refer. "Always helpful" and "always respond" were design specifications that actively precluded appropriate behaviour in high-risk edge cases. The deployment decision did not include a clinical risk assessment of the scenarios the chatbot might encounter.

Responsible design principles violated:

The reliability principle — the system should behave safely and predictably across the full range of scenarios it will encounter — was violated by a deployment that had not mapped the high-risk edge cases. The oversight principle was violated by the absence of an escalation pathway. The accountability principle was violated because no human was in a position to intervene once the chatbot had responded.

Curious Cat

Did you know?

The concept of a 'confidence threshold' is standard in clinical AI design — it specifies the level of certainty below which the system should not act independently and must hand off to a human. It is also a useful concept outside clinical contexts. For any AI system that produces outputs with significant consequences, building in a defined threshold below which the system flags uncertainty rather than proceeding is a basic responsible design practice. The chatbot in Case B had no such threshold — it was designed to respond in all cases, which meant it responded confidently to scenarios it had no basis for handling.

Case C — The Consultancy Meeting Summary Leak

A mid-sized construction consultancy deployed an AI meeting summary and action log tool across its project teams. The tool connected to the firm's shared document and communication platform and was designed to help staff generate concise briefings from recorded meetings — saving time on note-taking and helping teams stay aligned across multiple concurrent projects.

A business development manager was preparing a capability document for a prospective new client in the infrastructure sector. She used the AI tool to generate a summary of relevant recent project experience, prompting it to pull together highlights from internal project meetings in that sector. The tool retrieved meeting notes from across the firm's infrastructure project folder — correctly identifying relevant experience from completed projects, but also pulling in notes from an internal risk and commercial review meeting for a live, commercially sensitive project that happened to sit in the same folder. That meeting had included candid discussion of cost overruns, a dispute with a subcontractor, and a strategic decision to reduce scope without informing the client until a later stage.

The AI incorporated those details into the capability document summary. The manager reviewed the draft quickly before a deadline and did not notice the embedded risk discussion. The document was sent to the prospective client. The prospective client was a peer firm in a competitive market and recognised the project being discussed. The relationship with the affected live client was significantly damaged when they discovered their project's difficulties had been shared externally.

What went wrong:

The retrieval mechanism was scoped to a project folder rather than to a permission level or document classification. The tool had no concept of confidentiality status — it retrieved notes based on topical relevance, not on whether the content was appropriate to include in an externally shared document. The review step did not include any check for commercially sensitive or project-specific content that should not appear in a client-facing output. The manager reviewing the draft was under time pressure and had no interface prompt drawing attention to the origin of specific sections.

Responsible design principles violated:

The confidentiality principle — sensitive organisational information should only be disclosed to those with a legitimate need — was violated by a retrieval mechanism that ignored document classification and permission boundaries. The data minimisation and purpose limitation principles from Unit 2 were violated by a system that retrieved more context than was needed or appropriate for the stated task. The oversight principle was violated by a review process that was not calibrated to the specific failure mode the system was capable of producing — specifically, the surfacing of sensitive project intelligence in a client-facing document.

Key Reference:

What the three cases have in common

Across all three cases, a pattern is visible that connects directly to the design principles from Lessons 1 and 2.

The failure mode was foreseeable. In each case, the type of harm that occurred was not a rare or unpredictable edge case. Bias in systems trained on historical data was documented before Case A was deployed. The risk of a health chatbot encountering a patient in crisis was not a remote scenario — it was a foreseeable use case. An AI tool with broad access to a shared document store surfacing confidential project intelligence in a client-facing document is a predictable consequence of retrieval without permission scoping. None of these failures required hindsight to identify.

The oversight mechanism was not calibrated to the failure mode. In each case, there was technically a human involved in the deployment and operation of the system — but the human oversight was not designed to catch the specific failure that occurred. The audit team in Case A was not monitoring for gender-correlated patterns. The health service deployment in Case B did not include a clinical risk assessment of crisis scenarios. The manager reviewing the capability document in Case C had no interface signal drawing her attention to the origin or sensitivity of specific sections.

The design choices that created the failure were made upstream of the harm. In each case, the root cause was not a single operational error — it was a design decision. Training on unaudited data. Specifying "always helpful" without an escalation pathway. Building retrieval scoped to a folder rather than to a permission level. Responsible design means making better choices at those upstream moments.

In Case A, the recruitment AI penalised CVs associated with female applicants. Which of the following best describes the primary design failure?

In Case B, the medical chatbot failed to escalate a patient in crisis. Which responsible design principle does the absence of an escalation pathway most directly violate?

In Case C, a capability document sent to a prospective client contained sensitive details from a confidential internal project review. Which design change would most directly have prevented this?

📝 Activity 1 — Responsible Design Case Analysis

Estimated time: 30 minutes

Download Unit 3 Workbook

Pick one out of the three cases below, complete the Case Analysis Template. Write two to three substantive sentences for each prompt. Superficial responses ("should have tested it more") do not demonstrate understanding — responses should name specific principles, specific design decisions, and specific alternatives.

Case Analysis Template

Case A — The Biased Hiring Algorithm

What was the system designed to do?

What went wrong?

Which responsible design principle(s) were violated — and which KSB from this module does that violation relate to?

How should this have been designed differently?

Case B — The Medical Chatbot

What was the system designed to do?

What went wrong?

Which responsible design principle(s) were violated — and which KSB from this module does that violation relate to?

How should this have been designed differently?

Case C — The Consultancy Meeting Summary Leak

What was the system designed to do?

What went wrong?

Which responsible design principle(s) were violated — and which KSB from this module does that violation relate to?

How should this have been designed differently?

Reflection

Look back across all three cases and write a short paragraph (100–150 words) on which case feels most relevant to your own project, and why. What does that case suggest you should do differently in your design?

💡 Distinction note: A distinction-level reflection does not just identify which case is most similar. It names the specific design decision in your own project that the case illuminates, describes the specific change you will make as a result, and explains why that change matters for the people your system will affect.

📝 Activity 2 — Annotating Your Workflow Map (complete now)

Estimated time: 60 minutes

You were introduced to this activity in Lesson 2. Now that you have worked through the three cases, return to your workflow map and complete the responsible design annotation. The case analysis should inform where you place the most attention — particularly the oversight checkpoints, the error recovery paths, and any data handling steps that parallel the failure modes in the cases.

📝 Activity 3 — Leadership Context Brief

Estimated time: 30 minutes

Write a short brief (200–300 words) addressed to your line manager or a relevant senior stakeholder in your organisation. The brief should:

  • Describe your automation project in plain language — what it does, what problem it solves, who it affects
  • Explain the responsible design decisions you have built into it — specifically, your human oversight checkpoints, any significant ethical design choices, and where you have designed for error recovery
  • Identify any areas where you need their input, sign-off, or support before proceeding — for example, a decision about how to handle a data protection question, or approval for a change to a job role that your automation creates

You do not need to send this brief yet. You will refine it in Unit 4 as part of your Responsible AI Adoption Plan. Writing it now forces you to articulate your thinking in terms that a non-technical leader can engage with — which is a skill you will use throughout the programme and your career.

💡 Distinction note: A distinction-level brief does not just describe what the system does. It demonstrates that the writer understands the risks and has taken specific design steps to address them — and it identifies what the leader needs to decide, rather than asking the leader to figure that out themselves.

KSB coverage — Unit 3

KSBDescriptionWhere evidenced
K1The role of organisational leadership in responsible AI adoption, including setting values, policy, and strategy. The business case for ethical AI adoption.Lesson 1; Activity 3 Leadership Context Brief
K2Legal and regulatory frameworks. Ethical principles and professional standards including fairness, transparency, and accountability.Lesson 3 case analysis; Activity 1; Unit 2 connections made explicit in case analyses
K15Principles of human oversight and human-AI collaboration to achieve shared outcomes.Lesson 2; Activity 2 workflow map annotation; Lesson 3 case analysis
S2Follow ethical, responsible and safe working practices respecting confidentiality and sensitive organisational matters.Activity 2 data handling annotations; Activity 1 case analysis
B2Adapt to changing circumstances and business requirements, being flexible and responding proactively.Lesson 1 framing; Activity 3 Leadership Context Brief — adapting communication for non-technical audiences

⏭️ Up next — Unit 4: With your responsible design layer in place, Unit 4 moves into the design of the AI solution itself — selecting tools and platforms, configuring and testing your automation, and building the technical components of your project with the governance and oversight principles from Units 2 and 3 embedded from the outset.

Next: L4.1 — AI Scams and Fraud Awareness