The Organizational Black Box: Understanding Systemic Vulnerabilities at the Sharp End / Blunt End Interface

Safety models for complex sociotechnical systems have progressively shifted from individual error to organizational and systemic perspectives. Reason's defense-in-depth model identifies latent conditions but does not explain how they remain invisible to the actors who produce them. Cook and Woods' sharp end/blunt end distinction reveals informational asymmetries without formalizing the mechanisms that sustain them. This paper proposes the Organizational Black Box model, grounded in Ashby's cybernetic concept of the black box and extended from the technical to the organizational scale, to address this gap. The model articulates three interdependent dimensions: bidirectional opacity between sharp end and blunt end, requisite variety reduction through organizational feedback channels, and delegated trust degradation producing collective automation biases. The framework is applied retrospectively to the BEA final investigation report on flight AF447 Rio-Paris (June 1, 2009). The case study illustrates how these three dimensions interact to produce an emergent systemic vulnerability: opacity sustains silent propagation of erroneous assumptions across organizational boundaries, variety reduction filters corrective signals before they reach regulatory actors, and delegated trust stabilizes the system in its vulnerable configuration. While limited to a single retrospective case and remaining qualitative, the model contributes a complementary analytical lens focused on the generative role of organizational opacity-a dimension acknowledged but insufficiently formalized in existing safety frameworks. Directions for prospective application, formal modeling, and crossdomain validation are discussed.

Keywords: Organizational opacity, black box, requisite variety, trust degradation, systemic vulnerability, AF447.