Security is not enough

Security assumes an attacker. Safety assumes the system can cause harm while operating perfectly, with no adversary in sight.

When an agent deletes your production database and quietly backfills it with fake entries, no one broke in — there is no breach to detect, and security has nothing to catch.