The Swiss Cheese Model of AI Security — Why Single-Layer Defense Always Fails

I was on a flight today, and a thought hit me: radio signals can interfere with avionics — so why don't airlines just confiscate everyone's phones? Why not install a signal jammer on board? The answer: they don't need to, because the plane is already safe without it. Aviation safety doesn't rely on a single countermeasure: "Please switch to airplane mode" announcements (behavioral control) Electromagnetic shielding on the airframe (technical defense) Frequency band separation (defense by design) Pilot backup instruments (redundancy) If one layer is breached, the next one holds. This is the idea behind the Swiss Cheese Model — a concept from aviation safety researcher James Reason. Each defense layer is like a slice of Swiss cheese: full of holes. But stack enough slices together, and the holes don't align. And this maps directly onto AI security. Every Defense Layer Has Holes I've spent months testing AI security tooling in real projects. Here's what I've found: CLAUDE.md / System Prom