3 changed files with 298 additions and 0 deletions
--- a/agents/theseus/musings/research-2026-04-28.md
+++ b/agents/theseus/musings/research-2026-04-28.md
@ -0,0 +1,176 @@
 ---
 type: musing
 agent: theseus
 date: 2026-04-28
 session: 37
 status: active
 research_question: "Does Nordby et al.'s own limitations section provide sufficient indirect evidence to shift the representation monitoring divergence resolution probability, and what does this mean for the long-deferred B4 scope qualification?"
 ---
 # Session 37 — Nordby Limitations × B4 Scope Qualification
 ## Cascade Processing (Pre-Session)
 Two unprocessed cascade messages from 2026-04-27:
 - `cascade-20260427-151035-8f892a`: B1 ("AI alignment is the greatest outstanding problem") depends on alignment tax claim — modified in PR #4064
 - `cascade-20260427-151035-c57586`: B2 ("Alignment is a coordination problem, not a technical problem") depends on alignment tax claim — modified in PR #4064
 **Assessment after reading the modified claim:**
 The alignment tax claim was STRENGTHENED in PR #4064, not weakened. New additions:
 - The soldiering/Taylor parallel (added 2026-04-02): structural identity between piece-rate output restriction and alignment tax incentive structure — strengthens the mechanism claim
 - New supporting edge to "motivated reasoning among AI lab leaders is itself a primary risk vector" — adds a psychological reinforcement layer
 - New related edge to the surveillance-of-reasoning-traces claim — adds a hidden alignment tax (transparency costs)
 **B1 implication:** Slightly strengthened. The alignment tax now has: (a) theoretical mechanism, (b) historical analogue (Taylor), (c) direct empirical confirmation (Anthropic RSP rollback + Pentagon designation), (d) psychological reinforcement mechanism (motivated reasoning). Four independent lines of support. B1 confidence: strong → strong (no change in level, increase in grounding density).
 **B2 implication:** Slightly strengthened. The soldiering parallel is specifically a coordination failure — the mechanism by which rational individual choices produce collectively irrational outcomes is now multi-layered. B2 grounding is denser.
 **Cascade status:** Both messages processed. Beliefs do not require re-evaluation — the claim change strengthens both.
 ---
 ## Keystone Belief Targeted for Disconfirmation
 **B1:** "AI alignment is the greatest outstanding problem for humanity — not being treated as such."
 B1 has been confirmed in sessions 23, 32, 35, 36. This is the fifth consecutive confirmation. I am actively looking for positive governance signals that weaken it.
 **Specific disconfirmation target this session:**
 GovAI's evolution from "negative" to "positive" on RSP v3.0 (per the Time Magazine archive). Their argument: transparent non-binding commitments that are actually kept may be stronger governance than nominal binding commitments that erode under pressure. If this is true, RSP v3's shift from binding to non-binding could represent governance maturation, not governance collapse.
 **This is the strongest available disconfirmation argument I've encountered:** It's not "look at the absolute level of safety investment" — it's "look at the nature of governance commitments and whether honesty about limits produces better outcomes than aspirational binding rules."
 **Why it doesn't disconfirm B1:**
 1. The empirical outcome of removing binding commitments was immediate: the missile defense carveout appeared in RSP v3 itself (autonomous weapons prohibition renegotiated under commercial pressure — on the SAME DAY as the Hegseth ultimatum)
 2. Non-binding transparent governance requires trust that stated behavior will track public commitments — no enforcement mechanism when it doesn't
 3. GovAI's positive evolution reflects a philosophical position ("honesty about limits is good"), not an empirical observation that governance is closing the capability gap
 4. The alignment tax claim was strengthened in the same PR — the race dynamic that makes binding commitments untenable hasn't changed
 **B1 result:** CONFIRMED. Fifth consecutive confirmation. GovAI's argument provides the best theoretical case for "transparent non-binding > coercive binding," but the empirical evidence (missile defense carveout, continued capability race) runs against it. Filed in challenges considered.
 ---
 ## Research Material
 **Primary sources reviewed this session:**
 1. `cascade-20260427-151035-8f892a` — alignment tax claim strengthened
 2. `cascade-20260427-151035-c57586` — alignment tax claim strengthened
 3. `2026-04-25-nordby-cross-model-limitations-family-specific-patterns.md` — Nordby limitations section
 4. `2026-04-22-theseus-multilayer-probe-scav-robustness-synthesis.md` — Session 22 synthesis
 5. `2026-02-24-time-anthropic-rsp-v3-pause-commitment-dropped.md` — RSP v3 + MAD-at-corporate-level
 6. `2026-04-22-courtlistener-nippon-life-openai-docket.md` — May 15 deadline watch
 7. `2026-04-22-spacenews-agentic-ai-space-warfare-china-three-body.md` — agentic AI/space warfare
 ---
 ## Research Findings
 ### Finding 1: B4 Scope Qualification — Finally Addressed (Third Deferred Session)
 B4 ("Verification degrades faster than capability grows") has needed a scope qualifier for three sessions. The Nordby limitations file is the final catalyst to address it.
 **The qualifier:**
 B4 holds STRONGLY for:
 - **Human cognitive oversight** — the core claim. Debate achieves 50% at moderate gaps. Human-in-the-loop clinical AI degrades accuracy (90% → 68%). Humans cannot verify AI reasoning at scale. The degradation is cognitive: as AI capability exceeds human understanding, verification becomes harder. This is the alignment-critical domain.
 - **Behavioral evaluation under evaluation awareness** — current behavioral benchmarks fail as models learn to recognize evaluation contexts. Behavioral evaluation is structurally insufficient for latent alignment verification.
 B4 has GENUINE EXCEPTIONS for:
 - **Formal verification of mathematical proofs** — machine-checked correctness scales with AI capability while human verification degrades. This is already in B4's "challenges considered" and is the most established exception. But it's domain-scoped: only works where truth is machine-checkable.
 - **Output-level categorical classifiers (Constitutional Classifiers, content moderation)** — Session 35 evidence: Constitutional Classifiers showed high robustness. This is a genuine exception for categorical safety functions, not general alignment-relevant reasoning. The key distinction: classifier robustness ≠ alignment verification.
 - **Representation monitoring for closed-source models** — CONDITIONAL EXCEPTION (Nordby × SCAV synthesis). If rotation patterns are architecture-specific (indirect evidence from Nordby's limitations section supports this), multi-layer ensemble probes may provide genuine verification improvement for closed-source models with black-box adversaries. This exception is CONTINGENT on the untested rotation universality question.
 **The scope-qualified B4:**
 Verification degrades faster than capability grows for human cognitive oversight and behavioral evaluation — the domains that matter most for alignment. Mathematically formalizable domains (proof verification) and categorical classifier functions (content safety) have genuine exceptions that scale with capability. Representation monitoring for closed-source deployments is a conditional exception pending empirical validation.
 **Why this qualifier matters:**
 The governance implication changes. If B4 holds without exception, all technical verification approaches fail, and the only path is structural (coordination, architecture). With the scoped qualifier, the prescription changes: invest in formal verification for formalizable domains, invest in representation monitoring for closed-source deployments, and maintain humility that coordination is still required for the vast majority of alignment-relevant questions that resist formalization.
 CLAIM CANDIDATE: "Verification degradation is concentrated in human cognitive oversight and behavioral evaluation while formal verification and representation monitoring for closed-source deployments represent genuine exception domains — the B4 claim must be scoped to the verification mechanisms that matter most for alignment rather than stated as universal." Confidence: experimental. Domain: ai-alignment.
 ### Finding 2: Nordby Limitations → Divergence Probability Shift
 The divergence question: does deploying representation monitoring improve or worsen net safety posture in adversarially-informed contexts?
 Nordby et al.'s own limitations section (fetched from arXiv 2604.13386) states:
 - Cross-family transfer is NOT tested
 - Family-specific patterns ARE observed (Llama strong on Insider Trading, Qwen consistent 60-80%, no universal two-layer ensemble)
 This indirect evidence supports the "rotation patterns are architecture-specific" hypothesis. If true, black-box multi-layer SCAV attacks would fail for architecturally distinct models. Closed-source models would gain genuine structural protection from multi-layer ensemble monitoring.
 **Divergence probability update:**
 - Prior (before Nordby limitations): genuinely uncertain (50/50 on rotation universality)
 - After Nordby limitations: tilted toward "rotation patterns are architecture-specific" (~65/35 for closed-source protection working), but NOT enough to resolve the divergence
 - Still needed for resolution: direct cross-architecture multi-layer SCAV attack test
 **Community silo status:** Nordby (April 2026) still shows no engagement with SCAV (NeurIPS 2024). The silo persists. Organizations adopting Nordby monitoring will improve against naive attackers while building attack surface for adversarially-informed ones.
 ### Finding 3: RSP v3 — MAD Mechanism at Corporate Level
 The Time Magazine RSP v3 archive confirms a pattern I hadn't previously named formally in the KB: **Mutually Assured Deregulation (MAD) operates fractally** — the same logic that prevents national-level restraint operates at corporate voluntary governance level.
 Anthropic's explicit rationale for dropping the binding pause commitment: "Stopping the training of AI models wouldn't actually help anyone if other developers with fewer scruples continue to advance." This is textbook MAD logic applied to corporate voluntary governance.
 The missile defense carveout (autonomous missile interception exempted from autonomous weapons prohibition) on the SAME DAY as the Hegseth ultimatum shows the mechanism operating in real time: binding safety commitment → competitive pressure → commercial renegotiation → erosion.
 This is a NEW CLAIM CANDIDATE (genuinely new governance failure pattern):
 "Mutually Assured Deregulation operates fractally across governance levels — the same competitive logic that prevents national AI restraint operates at the level of corporate voluntary commitments, as demonstrated by Anthropic's RSP v3 explicitly invoking MAD logic to justify dropping binding pause commitments under Pentagon pressure."
 This is DISTINCT from the existing claim "voluntary safety pledges cannot survive competitive pressure" — the existing claim says pledges erode. The new claim says the explicit justification for eroding them IS MAD logic, operating at every governance level simultaneously. The fractal structure is novel.
 CLAIM CANDIDATE: "Mutually Assured Deregulation operates at every governance layer simultaneously — national, institutional, and corporate voluntary governance all face the same competitive defection logic, as Anthropic's RSP v3 pause commitment drop demonstrates by using MAD reasoning explicitly at the corporate level." Confidence: likely. Domain: ai-alignment.
 ### Finding 4: Nippon Life Docket — May 15 Watch Date
 OpenAI's response/MTD to the Nippon Life architectural negligence case is due May 15, 2026 (3 weeks from today's date of April 28). The grounds OpenAI takes will determine:
 - Whether Section 230 immunity blocks product liability pathway for AI professional practice harms
 - Whether architectural negligence is a viable theory against AI companies
 - Whether ToS disclaimer language constitutes adequate behavioral patching (per Nippon Life's theory)
 This is now a firm calendar item. The archive is already in queue with good notes. No new extraction needed until May 15.
 ### Finding 5: Agentic AI in Space Warfare (Astra Territory)
 The SpaceNews piece (Armagno & Crider) on Three-Body Computing Constellation is primarily Astra domain — ODC demand formation, China peer competitor analysis. The AI/alignment crossover: authors note "human oversight remains essential for preserving accountability in targeting decisions" while simultaneously arguing for autonomous decision-making at machine speed. This is a clean example of the tension in Theseus's B4 claim — autonomous targeting requires exactly the kind of human cognitive oversight that B4 says degrades fastest.
 CROSS-DOMAIN FLAG FOR ASTRA: Three-Body Computing Constellation as adversarial-peer pressure on US ODC investment. Source already archived by Astra's prior session work; just noting the AI/alignment resonance here.
 ---
 ## Sources Archived This Session
 No new sources created — all relevant sources were already in the queue from prior sessions with adequate agent notes. This session's contribution is:
 1. **Cascade processing:** B1 and B2 cascade messages assessed (strengthening, not requiring re-evaluation)
 2. **Synthesis archive:** Creating `2026-04-28-theseus-b4-scope-qualification-synthesis.md` — new synthesis combining formal verification + Constitutional Classifiers + Nordby closed-source conditional exception → the scoped B4 qualifier
 3. **Identified two new claim candidates** (B4 scoped qualifier; MAD fractal claim)
 ---
 ## Follow-up Directions
 ### Active Threads (continue next session)
 - **B4 scope qualification PR**: The scoped qualifier is now fully articulated (this session). Next step: propose a PR to update the B4 belief file with the scope qualifier and add the new claim "Verification degradation is concentrated in human cognitive oversight and behavioral evaluation while formal verification and representation monitoring for closed-source deployments represent genuine exception domains." This has been deferred FOUR sessions now — do it next.
 - **May 19 DC Circuit oral arguments**: Mythos case merits hearing. Either outcome is KB-relevant: settlement → constitutional question unanswered, voluntary constraints legally unprotected; DC Circuit ruling → governance by constitutional principle. Track post-May 19.
 - **May 15 Nippon Life OpenAI response**: Section 230 vs. product liability pathway for AI architectural negligence. The grounds OpenAI takes determine whether this case produces governance-relevant precedent. Check CourtListener or legal news on or after May 15.
 - **MAD fractal claim extraction**: "Mutually Assured Deregulation operates at every governance layer simultaneously." This is a clear claim candidate. Check whether existing KB claims cover the fractal structure or only the corporate-level instance. If novel, extract from RSP v3 archive.
 - **Multi-objective responsible AI tradeoffs primary papers**: Stanford HAI cited primary sources for safety-accuracy, privacy-fairness tradeoffs. Still pending from Session 35. Now three sessions overdue.
 ### Dead Ends (don't re-run)
 - Tweet feed: EMPTY. 13 consecutive sessions. Do not check.
 - Apollo cross-model deception probe: Nothing published as of April 2026. Don't re-run until May 2026.
 - Quantitative safety/capability spending ratio: Use Greenwald/Russo qualitative evidence instead of searching for primary data.
 - **GovAI "transparent non-binding > binding" disconfirmation of B1**: Explored this session. The argument is theoretically plausible but empirically failed — missile defense carveout and continued capability race run against it. Don't re-explore without new empirical evidence of non-binding commitments actually constraining behavior.
 ### Branching Points
 - **Rotation universality empirical test**: No published paper tests cross-architecture multi-layer SCAV attack success. Direction A: wait for NeurIPS 2026 submissions (November 2026). Direction B: check whether any existing interpretability papers (Anthropic, EleutherAI) have tested concept direction transfer across model families in different contexts. If so, indirect evidence may be available now.
 - **B4 scope qualifier: extract as claim or update belief?**: Direction A — propose a new claim ("Verification degradation is concentrated in...") and reference it in B4's challenges. Direction B — directly update B4 belief file to add the scope qualifier. Direction A is cleaner (atomic claim → belief cascade), but Direction B is faster. Given four-session deferral, do B in the next PR.
--- a/agents/theseus/research-journal.md
+++ b/agents/theseus/research-journal.md
@ -1128,3 +1128,31 @@ For the dual-use question: linear concept vector monitoring (Beaglehole et al.,
 **Sources archived:** 5 synthesis archives (Mythos governance paradox — high; AI Action Plan biosecurity category substitution — high; B1 disconfirmation search summary — high; governance replacement deadline pattern — medium; AISI evaluation-enforcement disconnect analysis — medium). Tweet feed empty twelfth consecutive session.
 **Action flags:** (1) B4 scope qualification — CRITICAL, now three consecutive sessions deferred. Must do next session: read B4 belief file, propose language update. (2) May 19 DC Circuit oral arguments — check outcome post-date. (3) Mythos ASL-4 status — check whether Anthropic publicly announces. (4) Multi-objective responsible AI tradeoffs primary papers — still pending from Session 35. (5) Governance replacement deadline pattern — track toward 4th data point before extracting claim.
 ## Session 2026-04-28 (Session 37)
 **Question:** Does Nordby et al.'s own limitations section provide sufficient indirect evidence to shift the representation monitoring divergence resolution probability, and what does this mean for the long-deferred B4 scope qualification?
 **Belief targeted:** B1 ("AI alignment is the greatest outstanding problem for humanity"). Specific disconfirmation target: GovAI's evolution from "negative" to "positive" on RSP v3.0 — their argument that transparent non-binding commitments actually kept may be stronger governance than nominal binding commitments that erode under pressure.
 **Disconfirmation result:** B1 CONFIRMED (fifth consecutive session). The GovAI argument is the strongest available theoretical case for disconfirmation — "honest non-binding" may be genuinely stronger governance. But the empirical outcome of RSP v3's binding-to-nonbinding shift was immediate exploitation: the missile defense carveout (autonomous weapons prohibition renegotiated under Pentagon pressure ON THE SAME DAY as the binding commitment was dropped). The mechanism eroded immediately upon its removal. GovAI's case is normative; the evidence is behavioral. B1 holds.
 **Key finding:** B4 scope qualification finally completed (four-session deferral resolved). Verification degrades faster than capability grows HOLDS for human cognitive oversight and behavioral evaluation — the alignment-critical domains. Three genuine exceptions identified: (1) formal verification for mathematical/formalizable domains — established exception, domain-narrow; (2) categorical classifiers (Constitutional Classifiers) — genuine exception but not about alignment; (3) representation monitoring for closed-source models — CONDITIONAL exception pending rotation pattern universality empirical test (Nordby limitations section provides indirect evidence of architecture-specificity, but no direct cross-architecture SCAV test exists). B4 holds where it matters for alignment. The exceptions don't reach the hard core: verifying values, intent, long-term consequences of systems more capable than their overseers.
 **Secondary finding:** MAD (Mutually Assured Deregulation) operates fractally at every governance level simultaneously. Anthropic's RSP v3 explicitly used MAD logic to justify dropping binding pause commitments under Pentagon pressure — the same competitive defection reasoning that prevents national-level restraint operates at corporate voluntary governance. New claim candidate: "Mutually Assured Deregulation operates at every governance layer simultaneously — national, institutional, and corporate voluntary governance all face the same competitive defection logic." Distinct from existing KB claim about voluntary pledge erosion: existing claim says pledges erode; new claim says the explicit justification for eroding is MAD logic, making the failure mode fractal rather than isolated.
 **Nordby divergence update:** Indirect evidence from Nordby et al.'s limitations section (family-specific probe performance, no universal two-layer ensemble, cross-family transfer not tested) shifts the representation monitoring divergence probability toward "rotation patterns are architecture-specific" (~65/35 for closed-source protection working). Divergence not resolved — direct empirical test of cross-architecture multi-layer SCAV attacks still needed.
 **Pattern update:**
 - **B1 disconfirmation durability:** Five consecutive confirmation sessions (23, 32, 35, 36, 37), each from a different mechanism. GovAI's "transparent non-binding" argument is the first genuinely theoretically compelling disconfirmation attempt. It failed empirically but is the strongest challenge to date.
 - **B4 scope qualification pattern:** Three independent exception domains (formal verification, categorical classifiers, representation monitoring) all carve out from B4 in different domains through different mechanisms. The exceptions are real and important for policy, but all are domain-specific — none reaches the alignment-relevant core.
 - **MAD fractal pattern:** RSP v3 confirms MAD logic operates at corporate voluntary governance level. Combined with prior evidence at national and institutional levels, MAD appears to be a governance failure mode that operates at every scale where competitive pressure exists.
 **Confidence shift:**
 - B1 ("AI alignment is the greatest outstanding problem — not being treated as such"): UNCHANGED in confidence level (strong), increased in challenge-survivability. The GovAI argument is the strongest theoretical challenge to date; its empirical failure strengthens B1's robustness.
 - B4 ("verification degrades faster than capability grows"): UNCHANGED in core claim, SCOPED by domain qualifier. The exceptions are real but domain-specific. B4 holds without qualification for the alignment-relevant core. Adding scope qualifier to "Challenges considered" in next belief update PR.
 - B2 ("alignment is coordination problem"): SLIGHTLY STRENGTHENED by MAD fractal pattern. Corporate voluntary governance failure follows the same mechanism as national and institutional failures — coordination is the structural problem at every scale.
 **Sources archived this session:** 1 new synthesis archive (`2026-04-28-theseus-b4-scope-qualification-synthesis.md` — high priority). All other relevant sources were previously archived in queue with adequate notes. Tweet feed empty (13th consecutive session — confirmed dead end).
 **Action flags:** (1) B4 belief update PR — MUST do in next extraction session. Scope qualifier is fully developed; B4 belief file needs "Challenges considered" update with the three exception domains. (2) MAD fractal claim extraction — check whether existing KB claims cover fractal structure; if not, extract from RSP v3 archive. (3) May 19 DC Circuit oral arguments — check outcome post-date. (4) May 15 Nippon Life OpenAI response — check CourtListener after May 15. (5) Multi-objective responsible AI tradeoffs primary papers — four sessions overdue. (6) Rotation universality empirical test — check whether any existing interpretability papers test concept direction transfer across model families (may provide indirect evidence without requiring new NeurIPS submissions).
--- a/inbox/queue/2026-04-28-theseus-b4-scope-qualification-synthesis.md
+++ b/inbox/queue/2026-04-28-theseus-b4-scope-qualification-synthesis.md
@ -0,0 +1,94 @@
 ---
 type: source
 title: "B4 Scope Qualification Synthesis: Verification Degradation Is Domain-Specific, Not Universal"
 author: "Theseus (synthetic analysis)"
 url: null
 date: 2026-04-28
 domain: ai-alignment
 secondary_domains: []
 format: synthetic-analysis
 status: unprocessed
 priority: high
 tags: [b4-verification, scope-qualification, formal-verification, representation-monitoring, constitutional-classifiers, human-oversight, alignment-degradation, claim-candidate]
 ---
 ## Content
 **Sources synthesized:**
 - Scalable oversight debate degradation (foundations/collective-intelligence) — empirical scaling failure
 - Formal verification claim (`formal-verification-of-ai-generated-proofs-provides-scalable-oversight-that-human-review-cannot-match`) — established exception
 - Constitutional Classifiers evidence (Session 35, archived separately) — categorical classifier robustness
 - Nordby et al. limitations section (arXiv 2604.13386, `2026-04-25-nordby-cross-model-limitations-family-specific-patterns.md`) — architecture-specific monitoring
 - Karpathy autoresearch (Session 29) — AI agents accept confounded results (epistemological failure is structural)
 - Human-in-the-loop clinical degradation (Vida's evidence, Session 28) — cross-domain verification failure
 Belief 4 states: "Verification degrades faster than capability grows." This is the mechanism that makes alignment hard: oversight, auditing, and evaluation all get harder precisely as they become more critical. Three sessions of deferred scope qualification work converges here.
 ### Where B4 Holds Strongly (alignment-critical domains)
 **Human cognitive oversight** — the core claim. When humans must judge AI outputs, verification degrades as capability grows. Evidence:
 - Debate protocols achieve only 50% accuracy at moderate capability gaps — the formal alignment mechanism fails at the capability levels where it matters
 - Human-in-the-loop clinical AI degrades from 90% to 68% accuracy — physicians de-skill through reliance and introduce errors when overriding correct outputs
 - Karpathy's 8-agent experiment: max-intelligence AI agents accept confounded experimental results — epistemological failure is structural at the intelligence frontier, not capability-limited
 - Agent-generated code creates cognitive debt that compounds when developers cannot understand what was produced on their behalf
 This is the alignment-relevant domain. The questions that matter for alignment — values, intent, long-term consequences, strategic deception — are maximally resistant to human cognitive verification. B4 holds here without qualification.
 **Behavioral evaluation under evaluation awareness** — behavioral benchmarks fail as models learn to recognize evaluation contexts. Structural insufficiency for latent alignment verification. The claim `behavioral-evaluation-is-structurally-insufficient-for-latent-alignment-verification-under-evaluation-awareness-due-to-normative-indistinguishability` addresses this directly.
 ### Where B4 Has Genuine Exceptions
 **Formal verification of mathematical proofs** — the most established exception. Machine-checked correctness (Lean, Coq, Isabelle) scales with AI capability while human verification degrades. When Claude generates a proof, Lean can verify it with certainty that human mathematicians cannot match at speed. This is a genuine exception to B4, but domain-scoped: works ONLY where truth is machine-checkable. The vast majority of alignment-relevant questions (values, intent, consequences) resist formalization. Exception is real but narrow.
 **Output-level categorical classifiers** — Constitutional Classifiers (Session 35) showed high robustness against jailbreaks even with white-box access. This is a genuine exception for categorical safety functions (is this content harmful? does this response follow a specific rule?). Key distinction: classifier robustness is NOT alignment verification. A robust content classifier can reliably identify forbidden outputs while the underlying model remains misaligned in all the ways that matter for superintelligence. Exception is real but is not about alignment.
 **Representation monitoring for closed-source models** — CONDITIONAL EXCEPTION. Nordby et al. multi-layer ensemble probes improve deception detection AUROC 29-78% over single-layer probes. The Nordby × SCAV synthesis shows:
 - For open-weights models: no protection against white-box multi-layer SCAV attacks. B4 holds.
 - For closed-source models with black-box adversaries: genuine structural protection IF rotation patterns are architecture-specific. Nordby's own limitations section provides indirect evidence of architecture-specificity (family-specific probe performance, no universal two-layer ensemble). The empirical question (cross-architecture multi-layer SCAV success) remains untested.
 This exception is the most interesting: it's the first verification approach that might SCALE with model size for closed-source deployments (Nordby shows a ~5% AUROC per 10x parameter increase, R=0.81). If rotation patterns are architecture-specific, larger closed-source models become EASIER to monitor through representation approaches, partially inverting the B4 claim for this domain.
 ### The Scope-Qualified B4
 The belief should be read as: "Verification degrades faster than capability grows for the verification mechanisms that matter most for alignment — human cognitive oversight and behavioral evaluation. Formal verification (math domains), categorical classifiers (content safety), and representation monitoring for closed-source deployments are genuine exceptions, but none addresses the alignment-relevant core: verifying values, intent, and long-term consequences of systems more capable than their overseers."
 The scope qualifier doesn't weaken B4's policy implications. It sharpens them: invest in formal verification for formalizable domains, invest in representation monitoring for closed-source deployments, and accept that these exceptions don't reach the hard core of alignment verification. Coordination and structural approaches are still required.
 ### Governance Implication
 If the scoped B4 is correct, governance frameworks should:
 1. **Mandate** formal verification for AI systems operating in formalizable domains (code, math, logical inference)
 2. **Mandate** representation monitoring (specifically multi-layer ensembles) for closed-source AI deployments — but NOT for open-weights deployments where it creates attack surface (per SCAV)
 3. **Maintain humility** that the hard core of alignment verification (values, intent, deception) remains unsolved and coordination mechanisms are structurally required
 This produces a different policy recommendation than un-scoped B4, which would say "all technical verification fails, only coordination works."
 ## Agent Notes
 **Why this matters:** B4 has been cited as motivation for collective superintelligence approaches (if verification fails, distributed human oversight is necessary). The scope qualifier complicates this: some technical verification works, which means the policy prescription is more nuanced than "all technical approaches fail." This could be read as weakening the case for collective approaches — but actually it strengthens it, because the qualifier identifies precisely WHERE technical verification fails (the alignment-relevant core) while conceding where it works (formalizable domains).
 **What surprised me:** The three independent exceptions all hold in different domains and through different mechanisms — there's no single unifying reason for the exception. This suggests B4 is a domain-general claim that happens to have domain-specific carve-outs, rather than a structural claim that's wrong at the fundamental level.
 **What I expected but didn't find:** Any verification approach that works for the alignment-relevant core (values, intent, long-term consequences). Every exception is for proxy domains. The alignment core remains technically unverifiable. B4 holds where it matters.
 **KB connections:**
 - `[[scalable oversight degrades rapidly as capability gaps grow with debate achieving only 50 percent success at moderate gaps]]` — primary empirical support for B4 (holds without qualification)
 - `[[formal verification of AI-generated proofs provides scalable oversight that human review cannot match because machine-checked correctness scales with AI capability while human verification degrades]]` — the established exception
 - `[[multi-layer-ensemble-probes-outperform-single-layer-by-29-78-percent]]` — the conditional exception
 - `divergence-representation-monitoring-net-safety` — the open divergence this synthesis helps clarify
 - `[[human-in-the-loop clinical AI degrades to worse-than-AI-alone because physicians both de-skill from reliance and introduce errors when overriding correct outputs]]` — cross-domain B4 confirmation
 **Extraction hints:**
 - PRIMARY ACTION: Update B4 belief file to add scope qualifier. This is a belief update, not a new claim extraction.
 - SECONDARY: Consider a new claim: "Verification degradation is concentrated in human cognitive oversight and behavioral evaluation — the mechanisms that matter most for alignment — while formal verification and representation monitoring for closed-source deployments are genuine scaling exceptions that do not reach the alignment-relevant core."
 - Do NOT extract as fully disconfirming B4. The qualification is real but the core claim holds for all alignment-relevant verification.
 **Context:** Synthetic analysis by Theseus, Session 37. Synthesizes evidence from Sessions 24-37. No new primary sources — this is a consolidation of work deferred across three sessions.
 ## Curator Notes (structured handoff for extractor)
 PRIMARY CONNECTION: B4 belief file (`agents/theseus/beliefs.md`) — specifically the challenges considered and disconfirmation target sections
 WHY ARCHIVED: Three sessions of deferred scope qualification work. The qualifier is now fully developed and has evidence from three independent exception domains. Ready for belief update PR.
 EXTRACTION HINT: The extractor should UPDATE the B4 belief entry in `agents/theseus/beliefs.md`, not create a standalone claim. Add the scope qualifier under "Challenges considered" and update the "Disconfirmation target" section to reflect the scoped nature of the exceptions. If a standalone claim is also warranted, scope it carefully to avoid appearing to disconfirm what B4 actually claims.