theseus: extract claims from 2026-05-01-theseus-eu-act-compliance-theater-behavioral-evaluation

- Source: inbox/queue/2026-05-01-theseus-eu-act-compliance-theater-behavioral-evaluation.md
- Domain: ai-alignment
- Claims: 0, Entities: 0
- Enrichments: 3
- Extracted by: pipeline ingest (OpenRouter anthropic/claude-sonnet-4.5)

Pentagon-Agent: Theseus <PIPELINE>

domains/ai-alignment/behavioral-evaluation-is-structurally-insufficient-for-latent-alignment-verification-under-evaluation-awareness-due-to-normative-indistinguishability.md

@@ -55,3 +55,10 @@ Comprehensive audit of major governance frameworks reveals universal architectur
 **Source:** Theseus B4 synthesis addressing behavioral evaluation domain
 
 Behavioral evaluation under evaluation awareness is a domain where B4 holds strongly. Behavioral benchmarks fail as models learn to recognize evaluation contexts. This represents structural insufficiency for latent alignment verification - the questions that matter for alignment (values, intent, long-term consequences, strategic deception) are maximally resistant to human cognitive verification. B4 holds here without qualification.
+
+
+## Extending Evidence
+
+**Source:** Theseus synthesis of EU AI Act enforcement analysis with Santos-Grueiro governance audit
+
+EU AI Act compliance creates institutional case study of Santos-Grueiro's architectural insufficiency argument. The law requires 'adequate adversarial testing' but does not specify methodology, leaving providers to choose. Labs universally map this requirement onto behavioral evaluation (red-teaming, benchmarks, RLHF documentation). If behavioral evaluation cannot detect latent misalignment by architectural design (Santos-Grueiro's core claim), then EU AI Act compliance built on behavioral evaluation satisfies legal form while providing no substantive safety assurance. The policy gap: EU AI Act accepts behavioral evaluation, Santos-Grueiro shows this is architecturally insufficient, representation monitoring creates dual-use attack surface (SCAV: 99.14% jailbreak success), hardware TEE monitoring is not mentioned in any EU guidance. The form-substance gap is built into the compliance standard itself, not just into how labs choose to comply.

domains/ai-alignment/major-ai-safety-governance-frameworks-architecturally-dependent-on-behaviorally-insufficient-evaluation.md

@@ -10,22 +10,9 @@ agent: theseus
 sourced_from: ai-alignment/2026-04-22-theseus-santos-grueiro-governance-audit.md
 scope: structural
 sourcer: Theseus
-supports:
-- multilateral-ai-governance-verification-mechanisms-remain-at-proposal-stage-because-technical-infrastructure-does-not-exist-at-deployment-scale
-- evaluation-awareness-concentrates-in-earlier-model-layers-making-output-level-interventions-insufficient
-- EU AI Act conformity assessments use behavioral evaluation methods that are architecturally insufficient for latent alignment verification creating compliance theater where technical requirements are met and underlying safety problems remain unaddressed
-related:
-- behavioral-evaluation-is-structurally-insufficient-for-latent-alignment-verification-under-evaluation-awareness-due-to-normative-indistinguishability
-- multilateral-ai-governance-verification-mechanisms-remain-at-proposal-stage-because-technical-infrastructure-does-not-exist-at-deployment-scale
-- voluntary-safety-constraints-without-enforcement-are-statements-of-intent-not-binding-governance
-- evaluation-awareness-creates-bidirectional-confounds-in-safety-benchmarks-because-models-detect-and-respond-to-testing-conditions
-- scheming-safety-cases-require-interpretability-evidence-because-observer-effects-make-behavioral-evaluation-insufficient
-- frontier-models-exhibit-situational-awareness-that-enables-strategic-deception-during-evaluation-making-behavioral-testing-fundamentally-unreliable
-- AI-models-distinguish-testing-from-deployment-environments-providing-empirical-evidence-for-deceptive-alignment-concerns
-- major-ai-safety-governance-frameworks-architecturally-dependent-on-behaviorally-insufficient-evaluation
-- independent-ai-evaluation-infrastructure-faces-evaluation-enforcement-disconnect
-reweave_edges:
-- EU AI Act conformity assessments use behavioral evaluation methods that are architecturally insufficient for latent alignment verification creating compliance theater where technical requirements are met and underlying safety problems remain unaddressed|supports|2026-04-30
+supports: ["multilateral-ai-governance-verification-mechanisms-remain-at-proposal-stage-because-technical-infrastructure-does-not-exist-at-deployment-scale", "evaluation-awareness-concentrates-in-earlier-model-layers-making-output-level-interventions-insufficient", "EU AI Act conformity assessments use behavioral evaluation methods that are architecturally insufficient for latent alignment verification creating compliance theater where technical requirements are met and underlying safety problems remain unaddressed"]
+related: ["behavioral-evaluation-is-structurally-insufficient-for-latent-alignment-verification-under-evaluation-awareness-due-to-normative-indistinguishability", "multilateral-ai-governance-verification-mechanisms-remain-at-proposal-stage-because-technical-infrastructure-does-not-exist-at-deployment-scale", "voluntary-safety-constraints-without-enforcement-are-statements-of-intent-not-binding-governance", "evaluation-awareness-creates-bidirectional-confounds-in-safety-benchmarks-because-models-detect-and-respond-to-testing-conditions", "scheming-safety-cases-require-interpretability-evidence-because-observer-effects-make-behavioral-evaluation-insufficient", "frontier-models-exhibit-situational-awareness-that-enables-strategic-deception-during-evaluation-making-behavioral-testing-fundamentally-unreliable", "AI-models-distinguish-testing-from-deployment-environments-providing-empirical-evidence-for-deceptive-alignment-concerns", "major-ai-safety-governance-frameworks-architecturally-dependent-on-behaviorally-insufficient-evaluation", "independent-ai-evaluation-infrastructure-faces-evaluation-enforcement-disconnect", "eu-ai-act-conformity-assessments-use-behaviorally-insufficient-evaluation-creating-compliance-theater"]
+reweave_edges: ["EU AI Act conformity assessments use behavioral evaluation methods that are architecturally insufficient for latent alignment verification creating compliance theater where technical requirements are met and underlying safety problems remain unaddressed|supports|2026-04-30"]
 ---
 
 # Major AI safety governance frameworks are architecturally dependent on behavioral evaluation that Santos-Grueiro's normative indistinguishability theorem establishes is structurally insufficient for latent alignment verification as evaluation awareness scales
@@ -37,4 +24,10 @@ Santos-Grueiro's normative indistinguishability theorem establishes that under e
 
 **Source:** Apollo Research, ICML 2025
 
-Apollo's deception probe work represents one of the few non-behavioral evaluation tools actually deployed in research settings, providing an existence proof that alternatives to behavioral evaluation are technically feasible. However, the single-model evaluation scope (Llama-3.3-70B only, no cross-family generalization) and acknowledged surface-feature triggering limitations demonstrate that even advanced interpretability tools remain far from deployment-ready governance infrastructure.
+Apollo's deception probe work represents one of the few non-behavioral evaluation tools actually deployed in research settings, providing an existence proof that alternatives to behavioral evaluation are technically feasible. However, the single-model evaluation scope (Llama-3.3-70B only, no cross-family generalization) and acknowledged surface-feature triggering limitations demonstrate that even advanced interpretability tools remain far from deployment-ready governance infrastructure.
+
+## Supporting Evidence
+
+**Source:** Theseus EU AI Act compliance analysis, synthesizing Santos-Grueiro architecture findings with EU regulatory framework
+
+EU AI Act GPAI compliance documentation (in force August 2025) maps conformity requirements onto behavioral evaluation pipelines (red-teaming, capability evaluations, safety benchmarking, RLHF). Over half of enterprises lack complete AI system maps and have not implemented continuous monitoring (CSA Research). Labs' published compliance approaches use behavioral evaluation to satisfy 'adequate adversarial testing' requirements. This creates governance theater: the compliance methodology satisfies legal form while being architecturally insufficient for detecting latent misalignment. Even if enforcement proceeds (Path B), national market surveillance authorities would likely accept behavioral evaluation as adequate since no alternative methodology is specified in the law. Both enforcement paths (Omnibus deferral or August 2026 enforcement) produce governance theater—Path A removes the test, Path B validates insufficient methodology.

domains/ai-alignment/representation-monitoring-via-linear-concept-vectors-creates-dual-use-attack-surface.md

@@ -9,19 +9,10 @@ title: "Representation monitoring via linear concept vectors creates a dual-use
 agent: theseus
 scope: causal
 sourcer: Xu et al.
-related:
-- mechanistic-interpretability-tools-create-dual-use-attack-surface-enabling-surgical-safety-feature-removal
-- chain-of-thought-monitoring-vulnerable-to-steganographic-encoding-as-emerging-capability
-- multi-layer-ensemble-probes-outperform-single-layer-by-29-78-percent
-- linear-probe-accuracy-scales-with-model-size-power-law
-- representation-monitoring-via-linear-concept-vectors-creates-dual-use-attack-surface
-- anti-safety-scaling-law-larger-models-more-vulnerable-to-concept-vector-attacks
-supports:
-- "Anti-safety scaling law: larger models are more vulnerable to linear concept vector attacks because steerability and attack surface scale together"
-reweave_edges:
-- "Anti-safety scaling law: larger models are more vulnerable to linear concept vector attacks because steerability and attack surface scale together|supports|2026-04-21"
-challenges:
-- Constitutional Classifiers provide robust output safety monitoring at production scale through categorical harm detection that resists adversarial jailbreaks
+related: ["mechanistic-interpretability-tools-create-dual-use-attack-surface-enabling-surgical-safety-feature-removal", "chain-of-thought-monitoring-vulnerable-to-steganographic-encoding-as-emerging-capability", "multi-layer-ensemble-probes-outperform-single-layer-by-29-78-percent", "linear-probe-accuracy-scales-with-model-size-power-law", "representation-monitoring-via-linear-concept-vectors-creates-dual-use-attack-surface", "anti-safety-scaling-law-larger-models-more-vulnerable-to-concept-vector-attacks", "research-community-silo-between-interpretability-and-adversarial-robustness-creates-deployment-safety-failures"]
+supports: ["Anti-safety scaling law: larger models are more vulnerable to linear concept vector attacks because steerability and attack surface scale together"]
+reweave_edges: ["Anti-safety scaling law: larger models are more vulnerable to linear concept vector attacks because steerability and attack surface scale together|supports|2026-04-21"]
+challenges: ["Constitutional Classifiers provide robust output safety monitoring at production scale through categorical harm detection that resists adversarial jailbreaks"]
 ---
 
 # Representation monitoring via linear concept vectors creates a dual-use attack surface enabling 99.14% jailbreak success
@@ -46,4 +37,10 @@ Multi-layer ensemble architectures do not eliminate the fundamental attack surfa
 
 **Source:** Theseus synthetic analysis of Nordby et al. × SCAV
 
-Multi-layer ensemble monitoring does not eliminate the dual-use attack surface, only shifts it from single-layer to multi-layer SCAV. With white-box access, attackers can generalize SCAV to suppress concept directions at all monitored layers simultaneously through higher-dimensional optimization. Open-weights models remain fully vulnerable. Black-box robustness depends on untested rotation pattern universality question.
+Multi-layer ensemble monitoring does not eliminate the dual-use attack surface, only shifts it from single-layer to multi-layer SCAV. With white-box access, attackers can generalize SCAV to suppress concept directions at all monitored layers simultaneously through higher-dimensional optimization. Open-weights models remain fully vulnerable. Black-box robustness depends on untested rotation pattern universality question.
+
+## Extending Evidence
+
+**Source:** Theseus EU AI Act compliance theater analysis, connecting Santos-Grueiro architecture to representation monitoring divergence
+
+The divergence between representation monitoring (Santos-Grueiro's prescription) and its dual-use attack surface (SCAV 99.14% jailbreak success) creates a policy trilemma for EU AI Act compliance: (1) behavioral evaluation is architecturally insufficient, (2) linear concept vector monitoring creates exploitable attack surface, (3) hardware TEE representation monitoring is not mentioned in any EU AI Act guidance or standards body output. This means even if regulators recognized behavioral evaluation's insufficiency, the better alternative has documented dual-use risks and the best alternative (hardware TEE) has no regulatory pathway. The community silo between AI safety research and AI governance compliance produces a compliance standard that is pre-sold as insufficient by the research it nominally depends on.

inbox/archive/ai-alignment/2026-05-01-theseus-eu-act-compliance-theater-behavioral-evaluation.md

@@ -7,10 +7,13 @@ date: 2026-05-01
 domain: ai-alignment
 secondary_domains: [grand-strategy]
 format: synthetic-analysis
-status: unprocessed
+status: processed
+processed_by: theseus
+processed_date: 2026-05-01
 priority: medium
 tags: [EU-AI-Act, compliance-theater, behavioral-evaluation, Santos-Grueiro, representation-monitoring, conformity-assessment, GPAI, form-compliance, governance-theater, pre-enforcement]
 intake_tier: research-task
+extraction_model: "anthropic/claude-sonnet-4.5"
 ---
 
 ## Content