Fault Tree Analysis Automation: Where LLMs Actually Help (and Where They Don't)

A controlled study evaluates LLM-assisted FTA against expert-only FTA on 12 safety-critical systems. LLMs significantly accelerate initial tree construction and improve completeness for well-documented system classes, but produce overconfident assessments for novel failure modes.

LLM-Assisted FTA: Evidence from a Controlled Study

The hypothesis: LLMs trained on safety literature should be able to assist with fault tree analysis, reducing expert time while improving completeness. The reality is more nuanced.

Where LLMs help: Initial tree construction for well-understood system classes (power electronics, hydraulics, standard control systems). LLMs trained on safety databases produce more complete initial trees than experts working alone, with measurable improvement in basic event coverage.

Where LLMs hurt: Novel failure modes, system-specific context dependencies, and common cause failure identification. LLMs produce confident-sounding analysis for scenarios where the training data is sparse or inapplicable. This is the dangerous failure mode.

Practical protocol: Use LLM-generated FTAs as a checklist supplement, not as a primary analysis artifact. Have experts review LLM output with explicit focus on what might be missing or context-dependent, not just what's present.

The SOTIF parallel: The same limitation applies to any LLM-assisted safety analysis — the system cannot reliably identify its own knowledge boundaries. Human oversight isn't optional.