BOAC and NoD are now discussing exactly how it might be done reliably, that is, to detect two failed-live AoA sensors. It's indeed fun to discuss, and thinking of how to solve problems is indeed how to get them solved.
Let me, however, tell you what the answer is. You need 7 sensors to detect reliably when two of them are failing-live. That is a hard constraint. And no avionics designer in hisher right mind would seriously try to implement the algorithm that lets you do it with 7.
This result is thirty years old. It is contained in the paper
Reaching Agreement in the Presence of Faults by my former SRI colleagues
Leslie Lamport (who is still churning out the results that make him one of the top-ten cited people in computer science), Rob Shostak (who shortly thereafter turned into a serial entrepreneur, starting with being one of the two authors of the Paradox DB SW for the PC), and Marshal Pease (who is no longer with us).
It is very well worth reading, but I am not at all sure that anyone contributing to this thread has the necessary technical background to do so.
But, please, do remember the answer. Seven.
If you want to do it in general. If you want to do it just for some cases, but not all, you stand a better chance of doing it with fewer, but first I would recommend acquiring the skills that appear to be necessary to solve problems of this nature, vis., the paper cited.
Then, of course, there are constrained means of propagating the signals to trap and avoid the so-called "Byzantine" events. To do that, you would have to be an outstanding bus designer (algorithms again). I know an outstanding bus designer who is trying.
PBL