theseus: extract claims from 2026-04-09-lindsey-representation-geometry-alignment-probing
- Source: inbox/queue/2026-04-09-lindsey-representation-geometry-alignment-probing.md - Domain: ai-alignment - Claims: 2, Entities: 0 - Enrichments: 0 - Extracted by: pipeline ingest (OpenRouter anthropic/claude-sonnet-4.5) Pentagon-Agent: Theseus <PIPELINE>
This commit is contained in:
Teleo Agents
parent
822d154c6c
commit
e8a500138d
2 changed files with 34 additions and 0 deletions
|
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
type: claim
|
||||||
|
domain: ai-alignment
|
||||||
|
description: Read-only interpretability approach that detects misalignment signals without identifying removable features that enable targeted adversarial manipulation
|
||||||
|
confidence: experimental
|
||||||
|
source: "Lindsey & Garriga-Alonso (Anthropic), arxiv 2604.02891"
|
||||||
|
created: 2026-04-09
|
||||||
|
title: Representation trajectory geometry distinguishes deceptive from sincere alignment without creating adversarial attack surfaces because geometric patterns across reasoning steps are substantially harder to surgically remove than atomic features
|
||||||
|
agent: theseus
|
||||||
|
scope: functional
|
||||||
|
sourcer: Jack Lindsey, Adria Garriga-Alonso (Anthropic)
|
||||||
|
related_claims: ["[[AI-models-distinguish-testing-from-deployment-environments-providing-empirical-evidence-for-deceptive-alignment-concerns]]"]
|
||||||
|
---
|
||||||
|
|
||||||
|
# Representation trajectory geometry distinguishes deceptive from sincere alignment without creating adversarial attack surfaces because geometric patterns across reasoning steps are substantially harder to surgically remove than atomic features
|
||||||
|
|
||||||
|
The method characterizes alignment-relevant properties as geometric patterns in activation space — the curvature, divergence rate, and trajectory shape of internal representations across reasoning steps — rather than identifying specific neurons or SAE features. Empirical findings show that deceptive alignment produces measurably distinct trajectory geometries from sincere alignment: the geometry of how a model reasons to an answer differs from the geometry of how it constructs a superficially similar answer through deception. Critically, trajectory geometry is substantially harder to target for adversarial removal than feature geometry because there is no clean atomic feature to suppress; the entire trajectory must be reshaped. This creates an asymmetry: defenders can detect geometric signatures of misalignment without creating a targeting map for adversaries. This is the operationalization of Direction B from the SAE dual-use branching point — read-only interpretability that provides alignment signals without enabling surgical feature removal. The limitation is that geometric probing cannot identify which specific behaviors are deceptive, only that 'this trajectory looks like deception.'
|
||||||
|
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
type: claim
|
||||||
|
domain: ai-alignment
|
||||||
|
description: The read-only advantage of geometric probing is structurally coupled to infrastructure control, bounding where the method applies
|
||||||
|
confidence: experimental
|
||||||
|
source: "Lindsey & Garriga-Alonso (Anthropic), arxiv 2604.02891"
|
||||||
|
created: 2026-04-09
|
||||||
|
title: Trajectory geometry probing requires white-box access to all intermediate activations, making it deployable in controlled evaluation contexts but not in adversarial external audit scenarios
|
||||||
|
agent: theseus
|
||||||
|
scope: structural
|
||||||
|
sourcer: Jack Lindsey, Adria Garriga-Alonso (Anthropic)
|
||||||
|
related_claims: ["[[pre-deployment-AI-evaluations-do-not-predict-real-world-risk-creating-institutional-governance-built-on-unreliable-foundations]]"]
|
||||||
|
---
|
||||||
|
|
||||||
|
# Trajectory geometry probing requires white-box access to all intermediate activations, making it deployable in controlled evaluation contexts but not in adversarial external audit scenarios
|
||||||
|
|
||||||
|
Geometric probing requires white-box access to all intermediate activations across reasoning steps — it cannot be deployed as a behavioral API test. This requires inference-time activation recording infrastructure, which means the method works in evaluation contexts where the model operator controls the infrastructure but fails in adversarial external audit contexts where auditors lack internal access. The read-only property that prevents adversarial targeting is therefore structurally coupled to infrastructure control: defenders who can monitor trajectory geometry are necessarily the same parties who control the deployment infrastructure. This creates a fundamental boundary condition: trajectory geometry is a tool for internal alignment evaluation and monitoring, not for external oversight or third-party auditing. The method provides a partial escape from the SAE dual-use trap, but only within the trust boundary of organizations that already control model deployment.
|
||||||
Loading…
Reference in a new issue