Comment by rsync

I agree with this.

However, an even more fundamental philosophy behind any work that we do is "defense in depth" which means that even after building the fault-tolerant, anti-fragile system, we also spend time and resources qualifying the inputs ...

... and then spend time and resources monitoring the outputs (error rates, failures, correlation, etc.).

Any one of those pieces is, theoretically, sufficient. Layering the pieces in a defense in depth strategy is what gives us the highly confident posture we enjoy.