A deep space probe, billions of kilometers from Earth, encounters a phenomenon its designers never anticipated. A previously unknown form of solar radiation begins to degrade its primary communication array while simultaneously causing intermittent faults in its navigation sensors. With an hours-long one-way light time, mission control is a distant observer, unable to intervene in real time. The probe’s survival, and the success of its multi-billion-dollar mission, now rests entirely on its ability to detect, reason about, and adapt to a situation unfolding under conditions of profound uncertainty. This is the ultimate stress test for an autonomous system.

This scenario represents the operational reality for which we must now design. As we build systems that operate at the far edges of human control, whether in deep space, on the lunar surface, or within our own critical infrastructure, we require a new architectural philosophy. The answer lies in Hybrid Intelligence, a framework that joins the nuanced pattern recognition of machine learning with the strategic oversight of human judgment, all while operating under the severe constraints of the real world.

Standard AI, trained in data-rich, stable environments, is often brittle. It falters when faced with tight power budgets, partial communications, stochastic faults, and intelligent adversaries. A resilient system must be architected from first principles to survive these realities. The core architectural pattern is a form of Runtime Assurance, where a small, verifiable safety supervisor enforces a set of hard, immutable constraints, and then allows a suite of adaptive, intelligent learners to operate freely within those established guardrails. This article, the first in a three-part series, lays out the foundational axioms and the reference architecture for this new class of resilient, auditable systems.

1. Defining Hybrid Intelligence and Its Operational Realities

Hybrid Intelligence is an architectural paradigm designed for missions where a human cannot be in the loop in real time, but where human judgment and strategic intent must remain the ultimate authority. It is a partnership where machines handle the tactical, high-speed execution, and a human operator provides the strategic, ethical, and goal-oriented oversight. The success of this partnership depends on an architecture that is explicitly designed to function under the harsh and unforgiving realities of high-stakes environments.

These operational realities are the driving force behind the entire architectural design. They are the assumed state of the world.

• Severe Power and Computational Budgets. A Mars rover like Perseverance operates on a Multi-Mission Radioisotope Thermoelectric Generator that provides roughly 110 watts of power at the start of its mission, a figure that degrades over time. Every computation, every sensor reading, and every action has a direct and significant energy cost. The system’s intelligence must be a function of extreme efficiency. The architecture must be able to prioritize critical tasks and shed non-essential functions to conserve power.

• Partial and Delayed Communications. The one-way light-time delay to Mars can be as long as 22 minutes. For a deep space probe, it can be hours. Bandwidth is also severely limited. This makes direct remote control impossible. The system must be capable of long periods of autonomous operation, executing high-level human intent without low-level supervision. It must be able to make its own tactical decisions, manage its own resources, and handle local contingencies.

• Stochastic Faults and Environmental Hazards. The physical environment itself is an adversary. Radiation-induced Single Event Effects (SEEs) can flip bits in memory without causing permanent damage, corrupting data or altering logic. Extreme temperatures can degrade component performance. Abrasive dust can obscure camera lenses or jam mechanical parts. The architecture must assume that these faults will occur and be able to detect them, isolate them, and recover gracefully without jeopardizing the entire mission.

• Adversarial Inputs and Cyber-Physical Threats. For systems operating in contested domains, from Earth orbit to a national power grid, the threat is not just environmental but also intelligent. An adversary may attempt to jam communication links, spoof sensor data, or directly compromise the system’s software. The architecture must be designed with a Zero Trust security model, assuming that any component could be compromised and ensuring that no single failure can lead to a catastrophic outcome. This requires a secure software development lifecycle, following guidance like the NIST Secure Software Development Framework (SSDF, SP 800-218).

These four constraints, power, communication, faults, and adversaries, demand an architectural philosophy that is fundamentally different from the one used to build AI in the data center. They demand an architecture built on a foundation of verifiable axioms.