Skip to content

Inherited-Substrate Risk

Prime #
920
Origin domain
Computer Science & Software Engineering
Subdomain
supply chain and provenance → Computer Science & Software Engineering

Core Idea

Inherited-substrate risk is the structural pattern by which a system built on top of a borrowed or inherited substrate — a library, pretrained weights, legal code, organisational structure, biological host, founding population, architectural template — carries forward conditions of the substrate's origin (defects, assumptions, liabilities, encoded constraints) into the new system through inheritance channels that the new system's audit boundary often does not cross. The defect or risk lives in the substrate, but the attention, responsibility, and audit attach to the downstream additions; the substrate is implicitly trusted, and the trust is exactly where the risk concentrates. The pattern's signature is a misalignment between where failure surfaces and where its cause lives: the new system fails, but the cause sits across a boundary the new system's controls were never designed to reach.

The structural commitments are four. An inheritance channel — dependency import, weight reuse, statute adoption, M&A acquisition, host colonisation, code copy — propagates substrate properties into the new system without re-derivation. An audit-boundary asymmetry concentrates risk-and-review attention on the new system's own additions while treating the substrate as ambient and trustworthy. Origin conditions in the substrate — a vulnerability, an exception clause, a cultural debt, a loophole, a founder-population disease allele, a climate-zone assumption — sit unflagged by the substrate's authors and unnoticed by the new system's owners. And a triggering moment, often a context shift years after adoption, activates the latent condition in the new system's deployment context. The distinctive move the prime supplies is naming the substrate itself as part of the system's risk surface. The naïve model — "we wrote the system; we control it" — is structurally wrong; the correct model is "we wrote a thin layer on top of an inherited substrate, and our risk surface includes the substrate's provenance, its authors' assumptions, and its exposure to upstream events we cannot observe." The prime's carrier vocabulary — audit, liability, due diligence, provenance — imports a governance frame, which is why it reads as framed even though its biological and structural instances are genuine.

How would you explain it like I'm…

The Borrowed Branch

If you build a treehouse on a branch someone else nailed up long ago, you check your own boards but trust the branch is fine. If that old branch was cracked, your treehouse falls — and the crack was never your fault, but it's still your problem. The danger was hiding in the part you didn't build.

Hidden Flaw in the Foundation

Inherited-Substrate Risk is what happens when you build something new on top of something you borrowed — like writing your game using code somebody else already wrote, or starting a club using rules an old club left behind. You carefully check the part YOU made, but you just trust the borrowed part to be okay. The problem is, if there's a hidden flaw down in that borrowed foundation, it gets passed up into your thing without anyone noticing. Later, your thing breaks — and the real cause is sitting in a place your checking never looked.

Risk Across the Audit Boundary

Inherited-Substrate Risk is a pattern where a system built on a borrowed foundation — a software library, a pretrained AI model, an old legal code, an acquired company — quietly carries forward the foundation's hidden defects and assumptions. The trouble is a mismatch: all your attention and review land on the new layer you added, while the borrowed layer is treated as trustworthy background and never gets audited. So the defect lives in the foundation, but everyone is watching the new part. Its signature is that failure shows up in your system while the cause sits across a boundary your safety checks were never built to cross. Often a defect stays harmless for years until some change in conditions wakes it up.

 

Inherited-Substrate Risk names the structural pattern by which a system built atop a borrowed or inherited substrate — a dependency, reused weights, adopted statute, a host organism, an acquired org — inherits the substrate's origin conditions (defects, assumptions, encoded liabilities) through inheritance channels that the new system's audit boundary does not cross. The mechanism has four parts: an inheritance channel that propagates substrate properties without re-deriving them; an audit-boundary asymmetry that concentrates review on your own additions while treating the substrate as ambient and trusted; latent origin conditions sitting unflagged in the substrate; and a triggering moment, often a much later context shift, that activates the dormant condition. The distinctive failure signature is a misalignment between where failure surfaces and where its cause lives. The naive model — 'we wrote it, so we control it' — is wrong; the correct model is 'we wrote a thin layer on an inherited substrate, and our risk surface includes its provenance and its authors' assumptions.' The key move the concept supplies is naming the substrate itself as part of your risk surface. Its vocabulary — audit, provenance, due diligence, liability — imports a governance frame, even though many real instances are biological or structural.

Structural Signature

the host-built layer atop a borrowed substratethe inheritance channel that propagates substrate properties without re-derivationthe latent origin condition resident in the substratethe audit-boundary asymmetry concentrating review on the new layerthe triggering context-shift that activates the latent conditionthe cause-surfaces-far-from-symptom invariant

A system exhibits inherited-substrate risk when each of the following holds:

  • A borrowed substrate. The system is built atop something it did not author and does not fully control — a reused component, an adopted template, a colonised host — whose internal properties are imported rather than re-derived.
  • An inheritance channel. A concrete propagation path — import, reuse, adoption, acquisition, colonisation, copy — carries the substrate's properties into the new system without revalidating them against the new context.
  • A latent origin condition. Some defect, assumption, liability, or encoded constraint resides in the substrate, unflagged by its authors and unnoticed by the new owners, dormant until exercised.
  • An audit-boundary asymmetry. Attention, responsibility, and review attach to the system's own additions; the substrate is treated as ambient and trustworthy, so the audit boundary does not cross the inheritance channel.
  • A triggering moment. A context shift — disclosure, deployment change, litigation, mismatch — activates the latent condition where the substrate is now exercised outside its original validation regime.
  • The misalignment invariant. Failure surfaces in the new system while its cause lives across a boundary the system's controls were never designed to reach; risk concentrates exactly where attention does not.

The components compose into a single move: relocate the substrate from environment into system, so that the inheritance channel becomes an audited object.

What It Is Not

  • Not an interface. An interface is the named boundary across which two parties interact by contract; inherited-substrate risk is about the properties that propagate through an inheritance channel below the contract — defects and assumptions the interface never declared and the audit boundary never crossed.
  • Not dependency as such. dependency names that A relies on B; inherited-substrate risk adds the audit-boundary asymmetry and the latent origin condition, asserting that the risk surface of A includes B's provenance even though A's controls were never designed to reach it.
  • Not legacy_integration. legacy_integration concerns wiring an old system to a new one across a compatibility seam; here the substrate may be brand-new (a fresh foundation model, a just-adopted statute) yet still carry latent origin conditions activated on a later context shift.
  • Not provenance. provenance is the record of origin; inherited-substrate risk is the structural claim that the un-recorded, un-audited origin conditions concentrate exactly where attention does not — provenance attestation is one intervention against it, not the pattern itself.
  • Not technical_debt. Technical debt is deferred cost in work you authored and chose to shortcut; inherited-substrate risk lives in a borrowed substrate you did not author, whose conditions were never your decision and sit across the boundary your audit stops at.
  • Common misclassification. Treating any upstream-caused failure as inherited-substrate risk. The pattern requires the cause-surfaces-far-from-symptom invariant plus an audit boundary that structurally did not cross the inheritance channel; an upstream defect you audited and accepted is ordinary risk, not the concentration-where-attention-isn't signature.

Broad Use

  • Software supply chain: dependency-import attacks (Log4Shell, the xz-utils backdoor, typosquatting, the SolarWinds build compromise) propagate a defect in inherited substrate into thousands of downstream systems whose audit boundaries did not reach it; SBOM mandates, SLSA, and package signing are the substrate-provenance interventions.
  • AI transfer learning: a fine-tuned model inherits the foundation model's training-data biases, prompt injections, and implanted triggers; the downstream team audited their fine-tuning data, not the foundation, so the risk lives across the boundary.
  • Law and regulation: jurisdictions that copy statutes inherit the loopholes, ambiguities, and interpretive assumptions of the source, importing the source's exception-handling expectations without its enforcement context.
  • Mergers and acquisitions: the acquirer inherits litigation, regulatory exposure, cultural debt, pension liabilities, and environmental-remediation obligations; due diligence is structurally an inherited-substrate-risk audit, and reps-and-warranties insurance exists because the channel is wider than diligence surfaces.
  • Biology and medicine: zoonotic spillover, transplant rejection (the donor HLA repertoire is the inherited substrate), and founder-population genetic disease are the same pattern — the founding state's conditions become the descendant's risk burden.
  • Templates, codes, and primitives: imported governance structures, building codes ported across climate zones, and protocols inheriting deprecated cryptographic primitives all carry origin-context assumptions into a new deployment context.

Clarity

Naming the pattern clarifies a distinction system owners chronically blur: the difference between the system we built and the system we operate. The system we built is the additions; the system we operate is the additions running on top of an inherited substrate whose properties we do not control. Risk lives in both, but audit attention concentrates on the additions because they are visible, authored, and reviewed in the moment, while the inherited substrate is ambient — treated as part of the environment rather than part of the system, and audited, if at all, at coarse granularity. The clarifying force is to relocate the substrate from environment into system, so its provenance becomes a reviewable object.

The prime also clarifies what counts as a substrate in any given domain. The naïve substrate inventory is short — "the language, the operating system, the cloud provider" — while the structural-pattern inventory is long: transitive dependencies, build-time tools, hiring conventions, the legal regime, a foundation model's training data, historical liabilities, the encoded assumptions of imported templates. Expanding the substrate inventory to match the structural-pattern inventory is the first move the prime licenses, and it is the move most often skipped because the unlisted substrates are precisely the ones treated as ambient. By making the inventory itself a deliverable, the prime converts an open-ended "what could go wrong?" into a bounded enumeration of inheritance channels to be checked.

Manages Complexity

The pattern manages complexity by compressing a family of substrate-local risk patterns — software supply-chain compromise, transfer-learning attack, statute-adoption defect, M&A litigation tail, zoonotic spillover, transplant rejection, founder-population disease, template-import failure, brownfield contamination, cryptographic-primitive deprecation — into a single diagnostic with a single intervention family. The complexity absorbed is the appearance that each of these is a distinct domain hazard, when each is the same four-element structure with a different inheritance channel.

A second compression is that the intervention family is the same across substrates: provenance attestation (SBOM, model-card lineage, statute origin notes, organ donor screening, due-diligence reports), boundary integrity verification (package signing, weight checksums, statute review, reps-and-warranties, HLA crossmatch, soil testing), source diversification (multi-vendor sourcing, model ensembling, conflict-of-laws diversification, genetic-source diversity), defensive adaptation (sandboxing, distillation, statutory carve-outs, immunosuppression), and upstream anomaly monitoring (CVE feeds, foundation-model recall channels, statutory-amendment trackers, surveillance for emerging zoonoses). The prime also licenses substrate-neutral inferences that bound the analysis: that any meaningful audit must explicitly cross the inheritance channel into the substrate or it understates the risk surface by an amount scaling with the substrate's share of the system; that downstream trustworthiness is bounded above by upstream provenance quality regardless of downstream review effort; that latent inherited risk activates on context shift, so triggering events can be forecast by mapping where the inheritance is exercised outside the substrate's original validation regime; and that source diversification trades per-unit integration cost against correlated inherited-substrate failure, with the favourability of the trade depending on the correlation structure of the substrates.

Abstract Reasoning

The prime trains a reasoner to treat the inherited substrate as part of the system's risk surface and to ask, of any built system, what it stands on and whether the audit boundary crosses into it. It licenses several substrate-neutral inferences. The first is audit-boundary expansion: any meaningful risk audit must explicitly cross the inheritance channel into the substrate, or it understates the risk surface by an amount that scales with the substrate's share of the system. The second is the provenance-quality bound: downstream trustworthiness is bounded above by upstream provenance quality regardless of downstream review effort, so effort spent reviewing additions while ignoring substrate provenance hits a ceiling.

The deeper inferences concern the inventory and the timing. Inheritance-channel inventory recognises that the number of inheritance channels in a typical built system is larger than its owners enumerate — transitive dependencies, build-time tools, hiring conventions, the legal regime, a foundation model's training data, historical liabilities — so expanding the inventory is the prerequisite to any meaningful audit. Triggering-event prediction recognises that latent inherited risk activates on context shift, when a new deployment context exercises substrate conditions the substrate's origin context never tested, so triggering events can be forecast by mapping where the inheritance is exercised outside the substrate's original validation regime. Finally, diversification arbitrage recognises that source diversification — multi-vendor software, multi-foundation model, multi-jurisdictional arrangement, founder-population genetic diversity — trades per-unit integration cost against correlated inherited-substrate failure, with the favourability of the trade depending on the correlation structure of the substrates. The reasoner is thereby led to enumerate the inheritance channels, attest the provenance of each, map where context shift will exercise the substrate, and price diversification against correlated failure, rather than to audit only the additions the team authored.

Knowledge Transfer

The transferable content is the inheritance-channel / audit-boundary-asymmetry / latent-origin-condition / triggering-moment diagnostic together with the five-family intervention catalogue (provenance attestation, boundary verification, source diversification, defensive adaptation, upstream anomaly monitoring). The role mappings are regular and span engineered and biological substrates: the inheritance channel maps to a transitive dependency, a reused weight set, an adopted statute, an acquisition, a host colonisation, a copied code; the latent origin condition maps to a JNDI-lookup feature, an implanted backdoor, an exception clause, a product-liability tail, a CMV infection, a disease allele; the triggering moment maps to a public CVE disclosure, a deployment-context shift, a litigation event, an immune mismatch.

The transfers are documented reuses with real shared machinery, not analogies. SBOM mandates were modelled after FDA ingredient-disclosure regimes; sigstore borrows from certificate transparency, itself an inherited-substrate-risk control for the X.509 trust chain; ML weight provenance (model cards, datasheets for datasets) is being formalised in the EU AI Act in language borrowed directly from software-supply-chain regulation. The software-supply-chain substrate carries the most mature tooling (SBOM, SLSA, in-toto, sigstore); the M&A substrate carries the deepest legal engineering (reps-and-warranties insurance, escrow); the medical-transplant substrate carries the most rigorous boundary verification (HLA crossmatch, CMV screening); the epidemiology substrate carries the most explicit upstream monitoring (GISAID, ProMED). The load-bearing recognition that transfers is identical: when you build something on top of something else, defects from the something-else come along, and your audit usually does not look there. The remedy is always to make the inheritance channel an audited object — attest provenance, verify the boundary, diversify sources, adapt defensively, monitor upstream — and the bottom-up audit of a substrate-built system structurally cannot reach the inherited risk surface without that explicit boundary crossing. The carrier vocabulary tilts toward audit and governance, so the transfer reads most naturally between engineered and audited systems, but the four-element structure holds in biology and medicine as well, where crossmatching and surveillance are the same boundary-verification and upstream-monitoring moves under other names.

Examples

Formal/abstract

Consider the Log4Shell vulnerability as a worked instance of the four-element structure. The borrowed substrate is Apache Log4j, a logging library imported transitively into hundreds of thousands of Java applications that never authored it. The inheritance channel is the Maven/Gradle dependency graph: a service declares a dependency on a framework, which depends on Log4j, so the library's properties propagate into the service without re-derivation — most owners did not even know it was present. The latent origin condition is the JNDI-lookup feature, a design decision made by Log4j's authors years earlier, dormant and unflagged, that allowed a logged string to trigger a remote class load. The audit-boundary asymmetry is decisive: downstream teams audited their own code — the additions they wrote — and treated the logging library as ambient infrastructure their controls never inspected. The triggering moment arrives when a string like ${jndi:ldap://...} reaches a log call in a deployment context (user-supplied input flowing to logs) the substrate's authors never validated against. Failure surfaces in the downstream service while its cause lives across the dependency boundary. The intervention the structure dictates is to make the inheritance channel an audited object: an SBOM enumerating transitive dependencies, signed packages verifying the boundary, and a CVE feed monitoring upstream — each a named element of the diagnostic rather than a generic "patch faster."

Mapped back: Log4Shell instantiates every role — borrowed substrate, inheritance channel, latent origin condition, audit-boundary asymmetry, triggering moment, misalignment invariant — showing that the failure was structurally located across a boundary the downstream audit was never designed to cross.

Applied/industry

The same structure governs corporate acquisition. When a pharmaceutical firm acquires a smaller competitor for its drug pipeline, the borrowed substrate is the acquired entity in its entirety; the inheritance channel is the M&A transaction itself, which transfers not only the assets the acquirer wanted but the whole legal person. The latent origin conditions are the target's product-liability tail (a marketed drug whose injury claims have not yet matured), its environmental-remediation obligations at a legacy manufacturing site, and its cultural debt. Due diligence is structurally an inherited-substrate-risk audit, and its known incompleteness is why reps-and-warranties insurance exists — the channel is wider than diligence surfaces. The triggering moment is a litigation event years post-close, when a latent injury claim is filed and the liability now sits with the acquirer. A second applied instance is medical transplantation: the donor organ is the borrowed substrate, surgical implantation the inheritance channel, the donor's HLA repertoire and a latent CMV infection the origin conditions, and immune mismatch the trigger — addressed by HLA crossmatch (boundary verification) and CMV screening (upstream monitoring), the same two moves as package signing and CVE feeds under clinical names. Across software, M&A, and transplantation, the remedy is identical in form: attest provenance, verify the boundary, monitor upstream.

Mapped back: Acquisition liability and transplant rejection are the same inherited-substrate-risk pattern as a software supply-chain compromise, with the acquisition transaction and the surgical implantation serving as inheritance channels whose latent conditions the receiving system's audit boundary did not cross.

Structural Tensions

T1 — Boundary placement (scopal). The prime says to relocate the substrate from environment into system, but every audit must draw its boundary somewhere; pushing the boundary infinitely upstream (auditing the substrate's substrate, the compiler that built the dependency, the silicon under the runtime) is unbounded. The competing concern is tractability — where risk_budgeting takes over from exhaustive provenance. The failure mode is recursive paralysis: a team enumerates so many transitive inheritance channels that none gets real review, and effort spreads thin across a frontier instead of concentrating on the highest-share substrates. Diagnostic: rank inheritance channels by the substrate's share of the system and the cost of revalidation, and check that the boundary is drawn at a justified marginal cutoff rather than at a comfortable default.

T2 — Timing of trigger versus timing of audit (temporal). Latent conditions activate on context shift, often years after adoption, while audits happen at adoption time. A clean diligence at acquisition or a green CVE feed at deploy says nothing about a condition that only fires when the deployment context later moves. The failure mode is stale-clearance trust: treating a past audit as a standing guarantee, so the inheritance channel is never re-examined when the context that would exercise the latent condition arrives. Diagnostic: ask not "was this audited?" but "has the substrate been exercised outside its original validation regime since the audit, and did anything re-cross the boundary when it was?"

T3 — Provenance-quality ceiling versus downstream effort (scalar). Downstream trustworthiness is bounded above by upstream provenance quality, so past a point, more downstream review buys nothing — the ceiling is set upstream. But this can be over-read into fatalism: not all risk lives upstream, and downstream sandboxing or defensive adaptation genuinely lowers exposure even with poor provenance. The failure mode is ceiling fatalism (abandoning downstream controls because "the substrate is untrusted anyway") or its mirror, effort displacement (polishing downstream review against a ceiling it cannot exceed). Diagnostic: decompose residual risk into the upstream-bounded portion and the downstream-addressable portion, and confirm effort is allocated to the portion it can actually move.

T4 — Diversification versus correlated failure (coupling). Source diversification trades per-unit integration cost against the chance that one inherited defect takes down all instances at once. But diversification only helps if the substrates fail independently; multiple vendors sharing one upstream library, or multiple jurisdictions copying one model statute, are nominally diverse and actually correlated. The failure mode is illusory diversification: paying full integration cost for redundancy that collapses to a single point of failure under a shared-ancestor event. Diagnostic: trace each "independent" source back toward common ancestry and price diversification against the measured correlation structure, not the count of distinct vendors.

T5 — Substrate as risk versus substrate as value (sign). The prime trains attention on the substrate as a liability surface, but the substrate is borrowed precisely because it delivers value the team could not author cheaply itself — debugged code, a trained foundation, an established legal regime. Over-applying the prime tips into not-invented-here reflexes and re-derivation that forfeits the leverage of standing on prior work. The failure mode is provenance maximalism: rejecting or re-building substrates whose net value vastly exceeds their inherited risk, trading a small audited tail for a large self-build cost. Diagnostic: net the inherited-risk surface against the build-versus-borrow cost the substrate avoids, and confirm the audit is sized to the risk rather than used to justify rejection.

T6 — Responsibility attaches where action does, not where cause lives (scopal/measurement). The misalignment invariant — failure surfaces far from its cause — sits in tension with how accountability, liability, and incentives are actually assigned: to the operator of the failing system, not the distant author of the substrate. This is the boundary where agency_problem and liability allocation take over. The failure mode is causal exculpation: the operator points upstream ("the defect was in a dependency we didn't write") to deflect responsibility for an audit boundary they chose and controlled. Diagnostic: separate the locus of cause from the locus of duty, and check that naming an upstream cause is being used to expand the audit boundary rather than to disclaim the obligation to have crossed it.

Structural–Framed Character

Inherited-substrate risk sits on the framed side of the structural–framed spectrum, consistent with its aggregate of 0.5 and the even spread of all five criteria at 0.5. Underneath there is a genuine relational skeleton — a layer built on a borrowed substrate, an inheritance channel that propagates origin conditions without re-derivation, and an audit boundary that fails to cross that channel — and the prime's biological instances (zoonotic spillover, transplant rejection where the donor HLA repertoire is the inherited substrate, founder-population disease) show the four-element structure holding on substrates with no institutions at all. But the carrier vocabulary tilts the whole thing toward framed.

Walking the diagnostics: vocab_travels reads 0.5 because the load-bearing terms — audit boundary, liability, due diligence, provenance, reps-and-warranties — are imported from risk-management and governance, and the biological cases must be re-described under those institutional names (crossmatch as boundary verification, surveillance as upstream monitoring) to fit. evaluative_weight is 0.5: "risk concentrates where attention does not" carries a mild but real disapproving load, framing the audit-boundary asymmetry as a lapse rather than a value-neutral fact. institutional_origin is 0.5: the prime is rooted in software supply-chain and M&A due-diligence practice, audited-system disciplines, even though the abstract channel/condition/trigger structure is medium-neutral. human_practice_bound is 0.5 rather than 1.0 precisely because the host-colonisation and transplant cases run in biological substrates indifferently — the pattern does not strictly require an auditor. import_vs_recognize is 0.5: invoking the prime relocates the substrate from environment into system and imposes a governance frame (attest, verify, diversify, monitor) more than it merely spots a pattern already wired in. The relational core is real, but the inherited audit-and-governance frame is heavy enough to place it at the spectrum's framed midpoint rather than at the structural pole.

Substrate Independence

Inherited-substrate risk is a strongly substrate-independent prime — composite 4 / 5 on the substrate-independence scale. Its domain breadth (5 / 5) is exceptional: the four-element structure recurs with the same diagnostic force across the software supply chain (Log4Shell, the xz-utils backdoor, SolarWinds), ML transfer learning (a fine-tuned model inheriting a foundation model's implanted triggers), law and regulation (jurisdictions copying statutes inherit their loopholes), mergers and acquisitions (the acquirer inherits litigation and remediation liability), and — decisively for medium-neutrality — biology and medicine, where zoonotic spillover, transplant rejection (the donor HLA repertoire as inherited substrate), and founder-population disease run the identical pattern on substrates with no institutions at all. The structural abstraction (4 / 5) is high because the inheritance-channel / audit-boundary-asymmetry / latent-origin-condition / triggering-moment signature is genuinely relational, though the carrier vocabulary (audit, due diligence, provenance, reps-and-warranties) leans toward engineered and audited systems, requiring the biological cases to be re-described under institutional names. The transfer evidence (4 / 5) is concrete and documented rather than analogical: SBOM mandates were modelled on FDA ingredient-disclosure regimes, sigstore borrows from certificate transparency, ML weight-provenance language in the EU AI Act is lifted directly from software-supply-chain regulation, and HLA crossmatch and GISAID surveillance are the same boundary-verification and upstream-monitoring moves under clinical names — real shared machinery, not mere resemblance. What keeps it from a 5 is the slight lean toward engineered/audited substrates encoded in the carrier vocabulary; the pattern is recognized rather than translated everywhere it appears, but it speaks most fluently in audit-governance terms.

  • Composite substrate independence — 4 / 5
  • Domain breadth — 5 / 5
  • Structural abstraction — 4 / 5
  • Transfer evidence — 4 / 5

Relationships to Other Primes

One-hop neighborhood: parents above, mutual partners to the right, children below.Inherited-SubstrateRiskcomposition: DependencyDependency

Parents (1) — more general patterns this builds on

  • Inherited-Substrate Risk presupposes Dependency

    Inherited-substrate risk operates on a borrowed substrate the system relies on without re-deriving it; it presupposes a dependency relation and adds the audit-boundary asymmetry + latent origin condition. The file: 'every inherited substrate is a dependency' but adds a direction-of-attention claim.

Path to root: Inherited-Substrate RiskDependency

Neighborhood in Abstraction Space

Inherited-Substrate Risk sits in a sparse region of abstraction space (70th percentile for distinctiveness): few abstractions share its structure, so a faithful description tends to retrieve it precisely rather than landing on a neighbor.

Family — Inherited & Co-Located Risk (5 primes)

Nearest neighbors

Computed from structural-signature embeddings · 2026-06-14

Not to Be Confused With

The nearest embedding neighbour is interface, and the two are easy to fuse because both concern a boundary between a system and what it builds on. But they capture different things. An interface is the declared surface of interaction — the methods, types, and guarantees two parties agree to transact across; its whole point is to make the boundary explicit and contractual. Inherited-substrate risk is precisely about what travels below that declared surface: the latent origin conditions a substrate carries that the interface never promised and the audit boundary never inspected. An interface that perfectly documents its contract can still be the conduit for an inherited defect, because the defect was never part of the contract. The interface answers "what do we agree to exchange?"; inherited-substrate risk answers "what comes along that no one agreed to, and where does our review stop?" The prime's load-bearing object — the audit-boundary asymmetry — has no analogue in the interface concept, which assumes the boundary is the thing both parties attend to.

The prime is also genuinely confusable with dependency, since every inherited substrate is a dependency. The distinction is what each makes salient. dependency names the relation of reliance: A will not function without B, so B's availability and behaviour are A's concern. Inherited-substrate risk takes that relation as given and adds a direction of attention claim: the risk concentrates in B's provenance and origin conditions, which A's owners treat as ambient and trustworthy, so the dependence is also a blind dependence. Dependency analysis maps the graph of what relies on what; inherited-substrate risk asks, of each edge, whether the depending party's controls actually reach across it, and asserts that they usually do not. A fully-mapped, well-understood dependency carries little inherited-substrate risk; the prime's bite is exactly in the dependencies that are present but un-enumerated and un-audited.

A subtler confusion is with legacy_integration, which also concerns building atop something one did not fully author. But legacy_integration is about seam problems — reconciling an old system's data models, protocols, and assumptions with a new context at the point of connection — and its risks are largely visible at integration time. Inherited-substrate risk is temporal and latent: the substrate may integrate cleanly today and only later, on a context shift the substrate's origin context never tested, exercise a dormant condition. The prime's triggering-moment role — activation years after adoption — is foreign to legacy_integration, which expects its frictions up front. A clean integration is precisely the situation where inherited-substrate risk is most dangerous, because the cleanliness is read as a clearance the latent condition does not respect.

For a practitioner, these distinctions decide where to look and when. Treating the problem as an interface issue sends effort to the contract, where the defect is not; treating it as ordinary dependency management maps the graph but never crosses into provenance; treating it as legacy_integration front-loads the audit and declares victory before the context shift that fires the latent condition. The prime's contribution is to insist that the substrate is part of the system's risk surface, that the audit boundary must explicitly cross the inheritance channel, and that clearance has an expiry tied to when the substrate is next exercised outside its original validation regime.

Solution Archetypes

No catalogued solution archetypes reference this prime yet.