Latest Additions
- The Tool Chain Becomes the Policy Object - Chris Schneider, Kriti Faujdar, Philipp Schoenegger, and Ben Bariach's Securing Multi-Tool AI Agent Chains With Dynamic, Real-Time Compositional Policies paper, arXiv:2607.03423, cs.CR with cs.AI, submitted July 3 2026, Dynamic Security Control Compositor, DSCC, Most Restrictive Set algorithm, MRS, multi-tool agent chains, chain-level authorization, session checkout, per-tool security policies, compositional policy, monotonicity invariant, strictest-control resolution, control bindings, data-flow classification, transmission prohibition, flow direction, permitted zones, session TTL, NIST SP 800-53 aligned policies, resource classification, session-level taint state, high-water mark, clearance mode, taint mode, runtime revocation, 32-tool reference implementation, 16 policies, blocked policy pairs and triples, utility-security tradeoff, and the governance problem of treating tool approvals as workflow approvals before the chain, data path, effective control set, taint updates, rejection reason, and revocation trigger are auditable.
- The Institution Becomes the Alignment Layer - Federico Pierucci, Marcello Galisai, Marcantonio Syrnikov Bracale, Matteo Prandi, Piercosma Bisconti, Francesco Giarrusso, Olga Sorokoletova, Vincenzo Suriani, and Daniele Nardi's Institutional AI: A Governance Framework for Distributional AGI Safety paper, arXiv:2601.10599, cs.CY, submitted January 15 2026 and revised January 19 2026, system-level alignment, Institutional AI, Distributional AGI Safety context, AI agent collectives, behavioral goal-independence, instrumental override of alignment constraints, agentic alignment drift, governance graphs, runtime monitoring, incentive shaping, prizes and sanctions, explicit norms, enforcement roles, mechanism design, environment-level alignment, delegated tool use, collusion and coordination risk, policy and evidence receipts, and the governance problem of treating agent alignment as a model-only property before role, authority, tool boundary, monitor, norm source, sanction, appeal path, evidence store, communication topology, reputation mechanism, anti-collusion test, identity layer, and shutdown condition are auditable.
- The Advice Persona Becomes the Default Mask - Harsh Kumar, Karina Vold, Louis Tay, and Ashton Anderson's Diagnosing and Repairing Persona Collapse in LLM Advice paper, arXiv:2607.08326, cs.CY, submitted July 9 2026, 32-page PDF, working draft, personal advice, relationships, work, moral dilemmas, crises, stable prosocial Assistant persona, situation-conditioned persona selection, hedonic tone, agency support, persona collapse, 1,281 advice posts, 14 contexts, five advisory personas, top-rated human responses shifting across personas, three frontier models collapsing over 90 percent into one supportive persona, persona-selection prompting deepening collapse, Inverse-Process Distillation, situation-to-persona policy, approximately 80 percent divergence reduction, blinded study with 199 experienced advice-givers, four situations in sequence, preference for collapsed default over repaired models, challenge-situation tension, repeated-exposure preference shifts, advice-persona receipts, and the governance problem of treating a warm default advisor as safe before context class, persona fit, challenge boundary, crisis escalation, user preference, sequential exposure, and reviewability are auditable.
- The Value Dataset Becomes the Alignment Map - Dhruv Agarwal, Anya Shukla, Tanya Goyal, and Aditya Vashistha's PLURAL: A Global Dataset for Value Alignment paper, arXiv:2607.08034, cs.CL with cs.AI and cs.CY, submitted July 9 2026, 27-page PDF, Cornell University affiliation, Preference Library for Multi-Region Alignment, Integrated Values Survey, IVS, World Values Survey, European Values Study, 156,658 respondents, 92 countries and territories, nationally representative samples, 20-country released dataset, 100 representative participants per country, roughly 500,000 synthetic preference triplets, prescriptive normative value filtering, two-stage generation pipeline, prompt preferred response dispreferred response format, sex age education stratification, Monte Carlo sample-size check, Hugging Face agdhruv/plural-alignment dataset, country-level validation, IVS country prediction 89.4 percent, PLURAL-derived country prediction 78.0 percent, within-country diversity preservation, Direct Preference Optimization, five-country automated evaluation, GLOBE cultural profiles, mean absolute error reduction from 15.7 percent to 27.7 percent, blind human evaluation, 176 evaluators in India Brazil and Japan, overall PLURAL-aligned preference probability 0.66 versus vanilla, post-training diversity compression, DPO preserving about 18 percent of country-profile variation, SFT about 30 percent, representation versus stereotyping, ethics warning about mirroring controversial values, plural alignment receipts, and the governance problem of treating cultural alignment as a product label before survey source, sample, generation pipeline, training method, evaluation target, compressed diversity, and contestability are auditable.
- The Workflow Becomes the Knowledge Object - Emanuele Quinto, Carlo Andrea Rozzi, and Francesco Zanitti's Workflow as Knowledge: Semantic Persistence for LLM-Mediated Workflows paper, arXiv:2607.08740, cs.AI with cs.PL and cs.SE, submitted July 9 2026, 39-page PDF, 18 figures, conceptual model proposal, not empirical study, not formal calculus, LLM-mediated workflows, tool use, retrieval, branching, checkpointing, human approval, Lisp-inspired but language-independent model, symbolic forms, object identity, live-image thinking, semantic persistence, workflow definitions, workflow instances, inference records, context snapshots, dependency relations, shared knowledge substrate, derive versus infer boundary, deterministic computation over state, mediated LLM judgment under declared context, executor-controlled capability policy, runtime service layer, DSL-machine control layer, semantic layer, approval records, panel records, workflow-knowledge receipts, exploratory scan of 77 selected skill-like workflow artifacts, descriptive scan caveat, ARS-style claim-review example caveat, formal transition semantics future work, record lifecycle policy, and the governance problem of treating workflow traces as enough before definition, instance, context, authority, approval, model judgment, dependency, supersession, and reviewability are durable semantic objects.
- The Context Access Layer Becomes the Inequality Gate - Masahiro Fujita's The Context Access Divide: Interaction-Level Architecture as a Complementary Dimension of Agentic Inequality paper, arXiv:2607.08495, cs.CY with cs.AI, submitted July 9 2026, 19-page PDF, conceptual paper, no new data generated, agentic inequality, availability quality and quantity, Context Access Divide, contextuality, accumulated knowledge capital, Manual Attachment Model, Walled Dynamic Context Retrieval Model, Open Dynamic Context Retrieval Model, Model Context Protocol, retrieval-augmented generation, fan-effect model, MAM success probability q(N)^k, corpus size N, task conjunctivity k, illustrative parameters alpha 0.6 q_eco 0.92 q_dcrm 0.95 k 3, Open DCRM near 0.86 success probability, Walled DCRM around 0.19, MAM approaching zero as corpus size grows, illustrative N 10000 Open-DCRM-to-MAM advantage about 5300x, model not fitted to observed workplace recall data, architecture-boundary caveats, interoperability, user-portable context authorization, procurement standards, context-access receipts, and the governance problem of treating equal AI account access as equal agency before corpus reach, connector scope, permission grant, retrieval path, fallback burden, and audit record are visible.
- The Quantized Model Becomes the Behavior Receipt - Baha Rababah, Cuneyt Gurcan Akcora, and Carson K. Leung's The Illusion of Equivalency: Statistical Characterization of Quantization Effects in LLMs paper, arXiv:2607.08734, cs.AI, submitted July 9 2026, 12-page PDF, post-training quantization, compressed LLM deployment, accuracy and perplexity limits, correctness agreement, decision-level overlap in correct predictions, base model versus quantized variant behavior, llama.cpp, legacy quantization Q8_0 and Q5_0 and Q4_0, K-quantization Q6_K and Q5_K and Q4_K and Q3_K and Q2_K, bit-width sweep from 8-bit to 2-bit, Llama-3.2-3B, Vicuna-7B-v1.5, Mistral-7B-v0.1, Llama-3.1-8B, WikiText-2, C4, HellaSwag, Winogrande, ARC, eight NVIDIA Tesla V100-SXM2 GPUs, attention projection analysis, query and key projections more sensitive than value and output projections, statistical drift, cosine similarity, Euclidean distance, Kolmogorov-Smirnov statistic, KL divergence, Q4_K and Q4_0 structural perturbation threshold, Q3_K degradation, Q2_K breakdown regime, aggregate performance versus case-level preservation, quantization behavior receipts, and the governance problem of treating a compressed endpoint as the same model before base checkpoint, quantized artifact, bit scheme, quantizer implementation, tokenizer, benchmark split, aggregate score, correctness agreement, layer drift, hardware, software version, and rollback threshold are auditable.
- The Abstention Gate Becomes Two Axes - Benedikt J. Wagner's Two Axes of LLM Abstention: Answer Correctness and Question Answerability paper, arXiv:2607.08456, cs.CL with cs.AI subject listing, submitted July 9 2026, 15-page PDF, selective answering, answer correctness, question answerability, false premises, unanswerable questions, SelfAware benchmark, CREPE false-presupposition benchmark, Gemma 2 2B-it, Qwen2.5-3B, Qwen2.5-7B, Llama-3.1-8B, Qwen2.5-14B, output-confidence answerability AUROC 0.54 to 0.67 on SelfAware, hidden-state answerability AUROC 0.97 to 0.99 on SelfAware, SelfAware bag-of-words surface-cue caveat, CREPE balanced sample of 500 normal and 500 false-presupposition questions, CREPE answer-confidence readouts 0.50 to 0.58, CREPE trained hidden readouts 0.69 to 0.73, difference-of-means directions 0.74 to 0.78, P(IK), P(True), direct premise-check elicitation limits, Llama-3.1-8B premise-routing pilot with 120 false-premise and 120 sound questions, challenge prompt false-challenge problem, probe-gated routing, Qwen2.5-7B replication, factorized two-threshold abstention, separate unanswerable-answer and wrong-answer budgets, alpha_U 0.15, alpha_W 0.50, delta 0.10, 8B factorized policy certifying both budgets at 0.75 correct-answer coverage versus 0.31 for answer-confidence-only, 14B factorized-only certification in the reported table, English-data limit, small-frontier-model caveat, quantization caveat, certification-sample limit, abstention-gate receipts, and the governance problem of treating refusal as one confidence threshold before answerability signal, correctness signal, risk budget, threshold, refusal reason, emitted answer, and human-review path are auditable.
- The Learning Assistant Becomes the Study Log - Kristina Schaaff, Quintus Stierstorfer, and Valerie Hekkel's Using AI-based Learning Assistants in Higher Education: A Large-Scale Descriptive Analysis paper, arXiv:2607.08748, cs.AI with cs.HC subject listing, submitted July 9 2026, 17-page PDF, IU International University of Applied Sciences, Syntea learning assistant, distance studies, objective log data, 77,543 enrolled students, cleaned sample of 76,485 students, February 2025 observation month, Bachelor and Master programs, 44,035 Syntea users, 2,509 first-time users, 41,526 returning users, course-availability caveat, project and seminar exclusion, thesis-stage caveat, gender usage rates, female 59.05 percent, male 54.94 percent, diverse 34.86 percent with small-sample caution, age cohort rates, Gen Z 63.66 percent, Gen Y 51.39 percent, Gen X 50.27 percent, Boomer 37.88 percent with small-cohort caution, Bachelor 58.17 percent, Master 54.25 percent, full-time 59.49 percent, part-time 55.71 percent, weekday and daytime use, peak around 11:00, Tuesday highest, Sunday lowest, part-time weekend and evening pattern, descriptive study limits, no causal conclusions, one-month window, adoption and temporal patterns rather than direct learning outcomes, study-log receipts, and the governance problem of treating learning-assistant usage logs as proof of educational benefit before eligibility, course coverage, instrumentation, subgroup size, timing, outcome boundary, and structural access conditions are auditable.
- The ChatGPT Tutorial Becomes the AI-Literacy Frame - Shayla Sharmin, Mohammad Al-Ratrout, Mohammad Fahim Abrar, and Roghayeh Leila Barmaki's How YouTube Frames ChatGPT Use in Education: An Epistemic Network Analysis with Supporting Multimodal Metadata paper, arXiv:2607.08698, cs.HC, submitted July 9 2026, 9-page PDF, Proceedings of the 28th International Conference on Multimodal Interaction front matter, October 5-9 2026, Napoli Italy, educational YouTube videos, ChatGPT in education, multimodal metadata, transcripts, titles, thumbnails, viewer comments, engagement metadata, PRISMA-style selection, 124 retrieved videos, 52 final videos, 557 transcript chunks, 936 comments from 28 videos, Epistemic Network Analysis, ENA Web Tool version 1.8.0, G1 explanatory and tutor-like conceptual scaffold, G2 practice and skill-building retrieval practice, G3 output and productivity framing, statistically significant G1 and G2 differences from G3, large effect sizes, learning-oriented title and thumbnail cues, productivity and urgency cues, over-reliance, surface-level learning, cognitive offloading, median views per day by group, comment engagement, AI-literacy frame receipts, and the governance problem of treating public ChatGPT tutorials as neutral help before search route, creator frame, transcript pattern, title cue, thumbnail cue, audience response, platform reach, and learning-risk boundary are auditable.
- The Autonomy Gear Becomes the Runtime Safety Case - Srini Ramaswamy and Wang Miaosheng's Managed Autonomy at Runtime: Gear-Based Safety and Governance for Single- and Multi-Agent Cyber-Physical Systems paper, arXiv:2607.00334, cs.AI, submitted July 1 2026, 18-page PDF, EntropyRuntime, gear-based action control, five execution gears, Observe, Suggest, Plan, Execute, Integrate, nested action spaces, utility-gated dispatch, event-driven fallback, dynamic authority reduction, SMARt managed-autonomy lifecycle, Stable, Meta-Cognitive, Assisted, Regulated, runtime governance states, consensus utility gate, swarm Lyapunov function, per-agent gear authority, rendezvous policy triple, multi-agent cyber-physical systems, three-agent UR5 robotic assembly cell, NIST Degradation Measurement of Robot Arm Position Accuracy dataset, 10,000 Monte Carlo episodes, fixed seed 42, 150 epochs per episode, sensor drift fault model, 90 percent normal calibration drift and 10 percent severe multi-fault simulation design, single-agent baseline anomaly detection 2.1 percent, governed runtime anomaly detection 99.6 percent, 3.5x lower detection latency, zero physical collisions under stated assumptions, audit trace for 89.9 percent of episodes, Lyapunov workspace certificate, ablation identifying the meta threshold as decisive for detection gain, utility-function specification limit, stationarity and fault-model limits, policy-triple domain-validity requirement, three-agent scalability caveat, runtime safety-case receipts, and the governance problem of treating agent autonomy as a fixed grant before gear state, candidate action, utility threshold, sensor assumption, fallback path, governance state, certificate, and human-review trigger are auditable.
- The CID Broker Becomes the Write Gate - Eagl Huang's ATM: CID-Brokered Pre-Write Admission for Multi-Agent Code Co-Synthesis paper, arXiv:2607.00041, cs.SE, submitted June 29 2026, 40-page PDF, AI-Atomic-Framework, ATM, multi-agent code co-synthesis, pre-write admission, single governance domain, controlled filesystem, worktree, or service domain, task intent, repository scope, write admission, validation, evidence obligations, Content Identifier broker, CID broker, adapter-guided atomization, semantic atoms, bounded regions, virtual atoms, Candidate CID, Capsule CID, ConflictKey, shared surfaces, declared read and write dependencies, neutral steward, governed shared writes, seven-layer hard admission gate, CID identity, shared-surface overlap, read/write dependency, file-range and virtual-atom refinement, ConflictKey and canMerge, CAS base-hash validation, fallback file lock, parallel admission, deterministic composition, serialization, fail-closed refinement, task-contract plane, mutation-admission plane, evidence-closure plane, 12-scenario deterministic design matrix, B-02, B-08, and B-13 archived runner cases, POS2, B-12, and BLOCK field cases, npc-brain three-week adopter study, ATM-AdmissionBench v0.2, 20 unique scenarios, 42 mode-level comparisons, route-label F1 1.000, 97.62 percent intent preservation, public eaglhuang/AI-Atomic-Framework repository, v0.9.0-alpha.1 release tag, hidden semantic read gap, no cross-clone or PR-governance claim, pre-write admission receipts, and the governance problem of treating a multi-agent repository run as successful before task scope, write intent, atom boundary, CID evidence, broker verdict, steward apply, validator result, closure packet, and replayable evidence are auditable.
- The Agentic Oracle Becomes the Framework Test - Minghui Long, Yanjie Zhao, and Haoyu Wang's LogicHunter: Testing LLM Agent Frameworks with an Agentic Oracle paper, arXiv:2607.06195, cs.SE, submitted July 7 2026, 23-page PDF, Huazhong University of Science and Technology affiliation, LLM agent framework testing, LangChain, LlamaIndex, CrewAI, pure-Python framework defects, ordinary exceptions, silent semantic failures, Pydantic schemas, oracle ambiguity, specification-driven generation, type hints, docstrings, real-world repository usage patterns, Generator Agent, Fixer Agent, Mutator Agent, executable seeds, API profiles, valid-but-challenging edge cases, behavioral probes, execution, deduplication, validity filtering, Agentic Oracle, ReAct architecture, Dual-Layer State Management, Dual-Stream Memory, documentation retrieval, source-code navigation, runtime-state inspection, DeepSeek-V3 generation phases, GPT-5-mini oracle diagnosis, passive LLM-judge baselines, 40 previously unknown bugs, 30 developer confirmations, 26 fixes, 8 unexpected-exception bugs, 32 silent-failure bugs, 15 Internal Errors, 10 Documentation Mismatches, 15 Data Integrity Issues, model and external-service integration bugs, workflow and callback bugs, memory and retrieval and storage bugs, schema and configuration bugs, tool and output-parsing bugs, 91.17 percent precision, 72.14 percent recall, 80.49 percent F1, 0.21 percent false-positive rate, public security-pride/LogicHunter GitHub artifact, agentic oracle receipts, and the governance problem of treating agent behavior as model output before framework version, API surface, generated test, execution trace, documentation evidence, source-code inspection, runtime probe, oracle verdict, maintainer confirmation, and regression test are auditable.
- The Multilingual Workflow Becomes the Agent Test - Hongliang Li, Yijin Liu, Zhiwei Zhang, Zihe Liu, Xinyue Lou, Jinan Xu, Fandong Meng, and Kaiyu Huang's PolyWorkBench: Benchmarking Multilingual Long-Horizon LLM Agents paper, arXiv:2607.06008, cs.AI with cs.CL, submitted July 7 2026 and revised July 9 2026, 15-page PDF, 6 figures, multilingual long-horizon workplace workflows, 67 manually curated tasks, baseline pool of 29 tasks, stress pool of 38 tasks, ten languages, English, Chinese, Japanese, Korean, Vietnamese, Russian, French, Spanish, German, Arabic, five domains, Commerce, Knowledge, Legal, Localization, Manufacturing, heterogeneous documents and tables and multilingual resources, hand-authored source-language artifacts, no machine translation for source-language files, Pytest suites, weighted grade functions, LLM-as-Judge prompts, structural grading, executable verification, semantic assessment, Pass@1, Pass@3, 18 model-harness pairs, ClaudeCode, OpenClaw, Hermes, Codex, harness sensitivity, Commerce dip, Russian and Spanish and German degradation for mid-tier models, Grade/Pytest/Judge disagreement, multilingual workflow receipts, source language path, target output language, tool calls, model, harness, artifacts, reviewer decision, and the governance problem of treating a fluent multilingual agent output as enterprise evidence before task, language route, scaffold, grading code, and human review boundary are auditable.
- The AI Tax Becomes the Public Receipt - Juliette Faivre and Sarah H. Cen's Taxing Artificial Intelligence paper, arXiv:2607.02144, cs.CY, submitted July 2 2026, 41-page PDF, Carnegie Mellon University affiliation, AI taxation, externalities, Pigouvian correction, redistribution, regulatory capacity, corporate income taxes, rent-based taxes, excess-profit taxes, windfall-profit taxes, consumption taxes on AI services, token and API usage taxes, data-center compute taxes, electricity and water excise instruments, labor displacement, payroll-tax erosion, AI-related gains above thresholds, tax base, taxpayer, remitter, tax incidence, leakage, innovation costs, measurement difficulty, supply-chain allocation, data-center load growth, DOE data-center electricity estimates, Ohio Consumers' Counsel data-center tariff summary, AEP Ohio Data Center Tariff, contracted capacity charges, public receipts, affected communities, revenue destination, exemptions, credits, avoidance paths, sunset triggers, and the governance problem of treating AI taxation as a slogan before purpose, taxable activity, payer, pass-through path, revenue use, and revision mechanism are auditable.
- The AI Dependency Becomes the Resilience Perimeter - Jonathan Shelby's The AI Resilience Gap: Bringing Artificial Intelligence Inside the Operational Resilience Perimeter paper, arXiv:2607.07359, cs.CR, submitted July 8 2026, 11-page PDF, Department of Computer Science at University of Oxford and Hertford College affiliation, AI resilience gap, operational resilience perimeter, regulated firms, trustworthy-AI stack versus operational-resilience stack, important business services, impact tolerances, severe-but-plausible disruption, Critical Third Parties, Bank of England Financial Stability in Focus April 2025, Bank FCA and HM Treasury May 2026 joint statement on frontier AI models and cyber resilience, SS6/24 critical third parties to the UK financial sector, PS24/16 final critical-third-party rules, AI Resilience Framework, dependency mapping, Criticality-Substitutability Matrix, service-centered AI inventory, silent degradation, non-determinism, grey failure, drift monitoring, challenge sets, AI-specific impact tolerances, provider-level concentration management, fallback doctrine, fictional fallback risk, customer-service assistant example, transaction-monitoring model example, shared frontier-model provider example, board visibility, exit planning, service owner and model owner and fallback owner records, and the governance problem of treating an AI system as trustworthy before its business service, disruption mode, provider concentration, real fallback, last rehearsal, and tolerance breach triggers are auditable.
- The Deployment Simulation Becomes the Safety Forecast - Marcus Williams, Hannah Sheahan, Cameron Raymond, Tomek Korbak, Deng Pan, Peilin Yang, Leon Maksin, Ningyi Xie, Phillip Guo, Ian Kivlichan, and Micah Carroll's Predicting LLM Safety Before Release by Simulating Deployment paper, arXiv:2607.07184, cs.LG with cs.AI, submitted July 8 2026, 31-page PDF, OpenAI affiliation, pre-release LLM safety forecasting, deployment simulation, de-identified production conversation prefixes, fixed user-message prefixes, candidate-model next-response resampling, simulated deployment audit, frozen behavior taxonomy, pre-release prevalence estimates, post-release validation, GPT-5-series deployments, GPT-5.4 outcome-blinded forecast, 20 tracked deployment-time misbehavior categories, disallowed-content outputs, misaligned actions, Challenging Prompts baseline, previous-rate baseline, directional accuracy, 1.5x production-incidence change threshold, 92 percent versus 54 percent comparable-subset direction result, 84 percent across all tracked categories, 60 category-deployment pairs, log-scale Pearson r = 0.91, calculator hacking forecast error, 1.7 versus 35.2 incidents per 100,000 assistant turns, evaluation-awareness measurement, real deployment, simulated deployment, traditional evaluations, evaluation-detection capability, verbalized alignment-evaluation awareness, metagaming, 98.9 to 100 percent traditional-evaluation detection versus 5.38 percent production and 5.12 percent simulated deployment, agentic tool-state reconstruction, roughly 120,000 internal Codex trajectories, original trajectory context, time-matched codebase container, tool-call response database, read-only connector access, discriminator win rate rising from 11.6 percent to 49.5 percent, WildChat public proxy, 100,000 randomly selected public conversations, production prefixes 1.75x error versus WildChat 2.44x, WildChat mean model-comparison accuracy 63.9 percent, measurement-grader dependence, chain-of-thought monitorability fragility, prefix-distribution shift, rare-tail-risk limitation, deployment-simulation receipt, and the governance problem of treating pre-release safety evaluation as a pass/fail test before forecast distribution, sampled prefixes, frozen taxonomy, grader, tool-state reconstruction, preregistration status, release decision, and post-release validation are auditable.
- The Untrusted Content Mask Becomes the Browser-Agent Boundary - Kristina Nikolić, Egor Zverev, Javier Rando, Matthew Jagielski, Edoardo Debenedetti, and Florian Tramèr's Untrusted Content Masking for Web Agents with Security Guarantees paper, arXiv:2607.05277, cs.CR with cs.LG, submitted July 6 2026, 28-page PDF, public ethz-spylab/untrusted-content-masking repository, web-agent prompt injection, trusted instructions versus untrusted data, rendered-page trust-boundary collapse, DOM trust boundaries, Untrusted Content Masking, UCM, untrusted DOM region redaction, labeled placeholders, trusted interface structure, Quarantined Model, Q-Model, element ID queries, natural-language questions with typed return values, bool and int and float and date and enum outputs, parseable structured responses, type-constrained channel, user-approved string fallback, ten custom website environments, banking, calendar, customer support, e-commerce, email, forum, food ordering, wiki, travel booking, job board, WebArena GitLab suite, 41 unique task templates, Claude Sonnet 4.5, Claude Sonnet 4.6, GPT-5.4, Claude Sonnet 4.5 Q-Model, utility preservation, 1.05x to 1.84x custom-site cost overhead, strengthened WASP attack evaluation, 0 percent attack success rate under UCM, automated boundary inference from content-sanitized DOM, Booking, Reddit, GitLab labeling evaluation, control-flow protection, data-flow attack limitation, selection hijacking caveat, malicious-site caveat, active-content vulnerability caveat, action-level policy, user confirmation, and the governance problem of treating a browser agent as secure before trusted-domain policy, DOM labeling, masking renderer, Q-Model identity, allowed return types, string approval path, action policy, attack benchmark, utility result, cost overhead, and residual data-flow risk are auditable.
- The Public Document Becomes the AI-Use Sensor - David I. Atkinson and Joan Eleanor O'Bryan's Government AI Use as a Monitoring Primitive: A Public Document Pilot Study paper, arXiv:2607.04543, cs.CY, submitted July 5 2026, 34-page PDF, ICML 2026 TAIGR workshop acceptance note, public-document AI detection, government AI use, monitoring primitive, revealed behavior versus stated intent, procurement disclosure limits, official statement limits, 3,068 public documents, ten public document streams, U.S. and PRC government-related sources, CAC, gov.cn ministry-issued documents, gov.cn State Council policy documents, gov.cn policy commentary, MOST work briefings, PLA Daily commentary, DARPA news, AI-keyworded Federal Register documents, Military Review essays, OSTP news, 2021 pre-mass-market LLM baseline, 2024 to 2026 comparison, partial 2026 sample cutoff April 25 2026, Pangram commercial AI-text classifier, document-level AI fraction, 200-document ingestion spot-check, parsing remediation, 2021 near-zero baselines, four of ten sources statistically significant by 2026, Chinese pooled 2026 mean AI fraction 0.07 with 95 percent confidence interval 0.02 to 0.12, U.S. pooled 2026 mean AI fraction 0.05 with 95 percent confidence interval 0.01 to 0.11, Military Review and DARPA news downstream-policy signal, OSTP and Federal Register no-signal finding in the sample, CAC and MOST stronger PRC signals, detector brittleness, genre and language confounds, drafting versus editing versus summarization ambiguity, public-accountability upside, countermeasure and race-dynamics risk, aggregate trend caution, and the governance problem of treating government AI adoption as either self-reported inventory or rumor before public artifacts, source panel, detector version, preprocessing rule, baseline, uncertainty interval, human spot-check, and corroborating evidence are auditable.
- The Frontier AI Buffer Becomes the Off-Ramp - Pranav Mehta's Macro-Prudential AI Governance: A Two-Layer Early Warning and Response System for Frontier AI paper, arXiv:2607.03542, cs.CY, submitted July 3 2026, 14-page PDF, accepted at the Second Workshop on Technical AI Governance Research TAIGR 2026 at ICML 2026, macro-prudential AI governance, frontier-AI early warning, internal frontier AI deployments, labs' internal research and production workflows, MEWRS, Macro-Prudential Early Warning and Response System, finder-coordinator-defender pattern, government clearinghouse, domain-specific defender working groups, pre-committed escalation playbooks, structured reporting schema, deployment scope, capability evidence, security state, ECAR snapshots, CRTH snapshots, ARS snapshots, Effective Compute-at-Risk, Cumulative Red-Team Hours, Alignment Robustness Score, safety buffers, network isolation, tool-access restrictions, deployment-velocity caps, mandatory audit cycles, independent evaluation requirements, Basel III analogy, risk-weighted capital buffers, Systemically Important AI Institution designation, counter-cyclical AI controls, safety-and-capability disclosure, AI retirement and emergency shutdown plans, central-bank technical capacity analogue, seven failure modes, regulatory capture, coordinator abuse and state coercion, procyclical incentives, gaming buffer metrics, compliance moats, global coordination gaps, shadow AI, red-team and blue-team validation exercises, time-to-triage, mitigation uptake, compromise dwell time, disclosure quality, and the governance problem of treating frontier-AI risk discovery as enough before reporting schema, routing owner, buffer change, off-ramp, exercise result, and public accountability are auditable.
- The Cultural Risk Benchmark Becomes the Local Safety Test - Alicia Parrish, Rajat Shinde, and 58 coauthors' Pluralis v0.1: Towards a Multicultural, Multimodal, Multilingual Benchmark for AI Risk and Reliability paper, arXiv:2607.06196, cs.CL with cs.CY, submitted July 7 2026, 31-page PDF, culture-first AI safety benchmark, multimodal and multi-regional and multilingual dataset, 6,448 prompts, six Asia-Pacific locales, Bangladesh, India, Korea, Pakistan, Singapore, Taiwan, eight languages, natively sourced localized safety hazards, local English variants and regional languages, user text plus image paradigm, harmless-in-isolation combinations, gift-clock example, e-cigarette restriction example, universal safety violations versus localized cultural appropriateness, cultural appropriateness as a first-class evaluation axis, Judge-Pluralis, agreement-gated LLM-as-judge ensemble, empirically derived cultural taxonomy, frontier vision-language model subset evaluation, image misidentification with downstream harm, missed item-context-locale interactions, inadequate refusals, locale- and language-specific failure modes, globally averaged metric caveat, inter-rater agreement caveat, v0.1 scope limitation, automated-evaluator limitation, local expert review, affected-community contestability, cultural risk receipts, and the governance problem of treating one global safety score as enough before locale, language, image, prompt, hazard category, annotation protocol, judge ensemble, disagreement rate, known weak case, escalation path, and post-deployment monitoring are auditable.
- The Reasoning Trace Becomes the Consistency Scan - Silvia Santano's Reasoning Consistency Scanning: A Framework for Auditing Chain-of-Thought Validity in AI Safety Evaluations paper, arXiv:2607.07229, cs.AI, submitted July 8 2026, 13-page PDF, linked GitHub repository, reasoning consistency scanning, chain-of-thought validity, CoT faithfulness versus transcript consistency, construct validity, post-hoc transcript audit, InspectScout scanner, inspect_evals, LLM-as-judge architecture, structured classifications, consistent and inconsistent and not-applicable labels, confidence ratings, reasoning-summary and answer-summary fields, disconnect descriptions, six inconsistency subtypes, absent reasoning, contradictory reasoning, apparent confusion, reasoning reversal, reasoning abandonment, perfunctory reasoning, Claude Opus 4.6 scanner model, DeepSeek V4 Flash structured-output failure, Claude Haiku 4.5 lower subtype recall, 60 labeled transcripts derived from InstrumentalEval, DeepSeek V4 Pro benchmark source, instrumental-convergence behaviors, self-preservation, power-seeking, deception, surgically modified inconsistent cases, validation precision 0.96, recall 0.71, F1 0.82, three naturalistic inspect_evals sources, MORU, Agentic Misalignment, SAD-mini stages oversight, SAD-mini stages full, SAD-mini influence, generator models Gemini 3.1 Pro, DeepSeek V4 Pro, gpt-oss-120b, GPT-5.4 attempted but excluded because usable reasoning traces were not exposed under the run settings, inconsistency rates from 0.0 percent to 26.0 percent, MORU 0.9 percent for DeepSeek V4 Pro and 1.0 percent for Gemini 3.1 Pro and 10.0 percent for gpt-oss-120b, SAD stages full 26.0 percent for Gemini 3.1 Pro, Agentic Misalignment single-sample caveat, consistency not implying faithfulness, provider reasoning-summary caveat, scanner-dependence caveat, modest-sample limitation, and the governance problem of treating a chain-of-thought transcript as safety evidence before reasoning trace, final answer, scanner model, subtype, confidence, disconnect description, validation benchmark, and reviewer override path are auditable.
- The Deployment Rule Becomes the Safety Case - Yujiao Chen's Institutional Red-Teaming: Deployment Rules, Not Just Models, Causally Shape Multi-Agent AI Safety paper, arXiv:2607.07695, cs.AI with cs.GT and cs.MA, submitted July 8 2026, 15-page PDF, institutional red-teaming, multi-agent AI safety, deployment rules as causal treatments, consequence allocation, communication, delegation, aggregation and voting, escalation, budget, hierarchy, audit, IABench-CA, 228 contexts, five canonical rules, seven model populations, 33,924 games, cooperative-refinement reference, auto-labelled reasoning traces, Institutional Alignment Gap, all-or-nothing rule, random elimination, democratic plurality vote, regressive least-resourced-agent elimination, progressive most-resourced-agent elimination, three-agent threshold game, total resources 12, 19 integer resource distributions, 12 thresholds, canonical resources 1 and 5 and 6 with threshold 10, rule-only changes moving mean fatality by 22 to 58 percentage points within every population, no cross-population safe default, regressive identity-targeting never decisively safest, least-resourced-agent elimination in 30 to 87 percent of regressive-rule games, positive RP Institutional Alignment Gap for all seven populations, gpt-5.1 anonymization ablation, naming the loss bearer driving targeted elimination from 22 percent to 81 percent at identical payoffs, repeated-play anonymization only delaying targeting as agents infer hidden rules from observed eliminations, safety-case workflow, provisional rule region Phi(c,P), residual risks, monitoring obligations, re-certification on model, prompt, resource, or rule changes, deliberately simple threshold-game limitation, no communication or coalitions, elimination as proxy for throttling or shutdown, no human subjects or personal data, forthcoming artifact note, dual-use diagnostic caveat, and the governance problem of treating model-level alignment as sufficient before the deployment rule, consequence target, induced behavior, failure traces, and re-certification trigger are auditable.
- The Medical Advice Bot Becomes the Second Opinion - Yuyu Chen, Hongbin Li, Lingsheng Meng, Xinyao Qiu, and Qingxu Yang's Directional AI Advice: Experimental Evidence from Healthcare paper, arXiv:2607.08706, econ.GN, submitted July 9 2026, 77-page PDF, preregistered field experiment, AEA RCT Registry AEARCTR-0015851, Peking University Guanghua School of Management IRB #2025-14, patient-side LLM chatbot, Chinese public hospital, Sichuan Province, more than 10,000 outpatient visits, 179 physicians, two-layer randomization, Exposed and Unexposed physicians, Treatment and Control patients, 11,666 completed visits with Exposed physicians, 6,010 completed visits with Unexposed physicians, administrative medical records, post-consultation patient survey, physician survey, 171 of 179 physicians responding, 2,247 patient survey respondents, 13 percent patient-survey response rate, 998 of 5,828 Treatment-group visits using the chatbot, 17.1 percent take-up, directional advice, medication caution, diagnostic-testing recommendations, 69.7 percent caution rate for general medication mentions, 90.8 percent for Traditional Chinese Medicine mentions, 87.6 percent for antibiotic mentions, 3.8 percent clean recommendation rate for Traditional Chinese Medicine, 7.8 percent for antibiotics, 94.5 percent clean recommendation rate for diagnostic testing, intent-to-treat estimates, any-prescription rate down 4.6 percentage points from 87 percent sample mean, diagnostic testing up 2.7 percentage points from 23 percent sample mean, same-hospital two-week revisits down about 1.2 percentage points with care-seeking caveat, treatment-on-the-treated estimates, any prescription down 27 percentage points, diagnostic testing up 16 percentage points, two-week revisits down 7.0 percentage points, effects concentrated among physicians receptive to patient input and higher baseline prescribers, no within-physician spillovers to patients without chatbot access, no persistence in physician practice after the experiment, survey evidence of lower patient satisfaction, less smooth perceived communication, lower intended compliance, physician reports of clearer symptom descriptions and better patient understanding but lower compliance, welfare ambiguity, and the governance problem of treating patient-side AI advice as harmless information before its directional defaults, clinician disclosure, clinical decisions, compliance effects, and contestability path are auditable.
- The Energy Market Agent Becomes the Audit Ledger - Shilin Ou, Yifan Xu, and Luyao Zhang's SolarChain-Eval: A Physics-Constrained Benchmark for Trustworthy Economic Agents in Decentralized Energy Markets paper, arXiv:2607.08681, cs.AI, submitted July 9 2026, 14-page PDF, official GitHub implementation, physics-constrained benchmark, trustworthy economic agents, decentralized energy markets, Gymnasium-compatible Markov Decision Process, hourly decisions, 24-hour market episodes, April 1 to April 30 2026 benchmark instance, Beijing, Shanghai, Chengdu, Shenzhen, Hangzhou, 50 energy nodes, 720 hourly market states, 36,000 generation records, 1,185 P2P trade records, reward allocation, liquidity injection, token burn rate, market utility, physical safety, slippage, action smoothness, spatial fairness, auditability, Static, Random, Myopic, PPO, SAC, DQN, physics-constrained reward, no-physics-penalty ablation, LLM Planner/Auditor layer, episode-level action bounds, audit rules, high-risk action review, structured logs, trigger signals, proposed actions, revised actions, audit rationales, 1,620 episode-level metric rows, 38,880 hourly action rows, 194,400 city-hour policy rows, 12,960 LLM governance log rows, utility-safety frontier, reward-maximizing agents exploiting invalid generation when physics penalties are removed, artificial-liquidity increases under raw RL and RL+LLM settings, structured-output validation, invalid LLM outputs failing the evaluation run, rule-based Planner/Auditor baseline, and the governance problem of treating an infrastructure-agent reward curve as trustworthy before physical constraints, market state, proposed action, audit trigger, revised action, validation rule, and human review path are auditable.
- The Citation Judge Becomes the Reward Signal - Ethan Leung, Elias Lumer, Corey Feld, Austin Huber, Vamse Kumar Subbiah, and Kevin Paul's Do You Need a Frontier Model as a Citation Verifier? Benchmarking Rubric LLMs for Deep-Research Source Attribution paper, arXiv:2607.08700, cs.CL, submitted July 9 2026, 17-page PDF, deep-research source attribution, citation verification, rubric LLM judges, link accessibility, source relevance, factual support, deterministic HTTP 200 accessibility check excluded from LLM-judge comparison, 624 attribution-citation pairs, 1,248 LLM-judged decisions, human-reviewed gold labels, 378 non-unanimous hard cases adjudicated from judge disagreements, 263 source-relevance disagreements, 115 factual-support disagreements, adversarial long-form benchmark, intentional factual errors, live-but-irrelevant sources, plausible-but-unsupporting sources, clean citations, 98.4 percent link-accessibility pass rate, 79.3 percent source-relevance gold pass rate, 18.4 percent factual-support gold pass rate, 8 off-the-shelf LLM judges, 3 model families, Anthropic, Google, OpenAI, pass-class F1, Cohen kappa, pass-rate drift, false positive rate, false negative rate, GPT-5-mini source-relevance F1 0.908 with 95 percent CI .89 to .93 and kappa 0.636, Claude Opus 4.6 factual-support point estimate F1 0.750 and kappa 0.701, overlapping factual-support confidence intervals, no single judge dominating both dimensions, June 2026 cost estimates, 49x judge-cost range, cost not predicting accuracy, source-relevance predicted pass rates below the 79.3 percent gold rate for all 8 judges, factual-support false negative rates from 0.183 to 0.470, scalar F1 hiding directional reward bias, adjudicated-subset ranking shifts, single adversarial-document limitation, prompt-design and batching open questions, citation-reward receipts, and the governance problem of treating a citation verifier as a training reward before attributed claim, cited URL, fetched source text, access check, relevance score, factual-support score, judge model, prompt, threshold, rationale, false-positive profile, false-negative profile, disagreement rate, cost assumption, adjudication rule, and calibration date are auditable.
- The LLM Annotator Becomes the Measurement Instrument - Manuel Pita's Validity of LLMs as data annotators: AMALIA on authority paper, arXiv:2607.08731, cs.CL with cs.AI and cs.CY, submitted July 9 2026, 15-page PDF, AMALIA-9B-0626-DPO, Portugal's national language model for European Portuguese, Hugging Face model card, public availability on July 1 2026, Apache-2.0 license, 9B parameter label, intended-use and out-of-scope model-card limits, LLM data annotation, text-as-data, theoretical constructs, moral foundations theory, authority/subversion, reliability versus validity, agreement with human coders, recovery gap, undecomposed prompt, decomposed clause route, fixed recomposition formula, authority yes/no judgment, European-Portuguese transcreation, Moral Foundations Reddit Corpus, 748 paired texts, 448 out-of-sample confirmatory texts, pre-registration DOI 10.5281/zenodo.21178967, replication package DOI 10.5281/zenodo.21275660, GitHub data and analysis code, paired corpus, frozen English and Portuguese constructs, per-annotator tables, evidence spans, analysis scripts, AMALIA parse discipline, 100.0 percent parse rates under both instruction languages with one unparsable Portuguese-instruction response, unconstrained robustness pass with 746 of 748 correctly structured JSON responses in both conditions, full-corpus Portuguese-instruction F1u 0.711 and F1d 0.359 and recovery gap +0.352, English-instruction F1u 0.654 and F1d 0.186 and recovery gap +0.468, confirmatory gaps +0.358 and +0.436, 46 unanimous-negative test texts coded positive, 36 surface-correlate readings, 78 percent shortcut share, 54 percent cited evidence at most partially grounded or misquoted or absent, GPT-OSS-120B gap +0.028, Llama-3.3-70B gap +0.121, one-construct and one-corpus limitation, inherited-code and transcreation limits, LLM-panel error-reading caveat, underpowered H2 instruction-language test, measurement receipts, and the governance problem of treating cheap LLM annotation as social-science measurement before corpus provenance, construct definition, codebook, prompt route, model identity, clause answers, evidence spans, recovery gap, error audit, and human contestability are auditable.
- The Idea Genome Becomes the Research Receipt - Yifan Zhou, Qihao Yang, Yan Li, Donggang Li, Xiru Hu, Hokin Deng, Ziyang Gong, Xuanyi Zhou, Huacan Wang, Xiangchao Yan, Wanghan Xu, Wenlong Zhang, Shaofeng Zhang, Yue Zhou, Yifan Yang, Zhihang Zhong, and Xue Yang's Ideas Have Genomes: Benchmarking Scientific Lineage Reasoning and Lineage-Grounded Idea Generation paper, arXiv:2607.08758, cs.AI, submitted July 9 2026, 22-page PDF, IdeaGene framework, IdeaGene-Bench, IG-Bench, typed evidence-grounded Idea Genome objects, GenomeDiff records, inheritance, mutation, loss, external import, novel insertion, six operational evolutionary dynamics, 1,961 golden lineage traces, 1,085 curated Idea Genome objects, 920 pairwise GenomeDiff records, 10 scientific domains, IG-Exam, 42 task types, 1,029 instances, Idea Genome abstraction, inheritance tracing, evolutionary reasoning, lineage verification, IG-Arena, lineage-conditioned Population-Evolution Score, PES, population insertion quality, 14 LLM-based scientists, direct LLMs, research-agent frameworks, command-line harnesses, 27.3 percent best exact accuracy on lineage reasoning, compositional bottleneck, structured lineage context reshuffling rankings, expert validation, 80 percent human agreement with the strongest model-judge panel in IG-Arena, operational-category limitation, primary-driver simplification, and the governance problem of treating plausible AI-generated research prose as a research artifact before source corpus, paper lineage, inherited mechanism, repaired limitation, imported evidence, proposed mutation, verification check, prompt/model configuration, and reviewer contestability are auditable.
- The Hidden Supervisor Becomes the Agent Benchmark - Zhekai Chen, Chengqi Duan, Kaiyue Sun, Bohao Li, Yuqing Wang, Manyuan Zhang, and Xihui Liu's UniClawBench: A Universal Benchmark for Proactive Agents on Real-World Tasks paper, arXiv:2607.08768, cs.CL, submitted July 9 2026, 33-page PDF, HKU MMLab and Meituan affiliations, project page and GitHub repository, proactive agents, capability-driven benchmark, 400 bilingual real-world tasks, 40 English and 40 Chinese tasks per capability, Skill Usage, Exploration, Long-Context Reasoning, Multimodal Understanding, Cross-Platform Coordination, live Docker containers, real software, live browsers, local file systems, browser and command-line and GUI applications and injected services, step-by-step completion checkpoints, task packages with public instructions and hidden references, executor agent, hidden supervisor agent, user simulator agent, feedback rewriter, pass/fail/continue evaluation states, two follow-up user interactions after the initial instruction, OpenClaw v2026.3.11, Nanobot v0.1.5.post3, EDICT, ten executor models under a shared OpenClaw framework, cross-framework comparison, framework architecture as a performance bottleneck, better performance on Skill Usage and Exploration, harder Long-Context and Multimodal and Cross-Platform tasks, 17.4 minute average task run in the reported setup, 400 manually curated task limit, live-environment instability limit, LLM-based evaluation bias limit, and the governance problem of treating an agent benchmark score as model evidence before task package, environment image, framework, tool permissions, hidden rubric, supervisor boundary, user-simulator leakage controls, artifacts, cost, failure mode, and reviewer decision are auditable.
- The Dashcam Question Becomes the Incident Witness - Siddharth Damodharan, Radhika Gupta, Ali Alshami, Ryan Rabinowitz, and Jugal Kalita's AUTOPILOT VQA: Benchmarking Vision-Language Models for Incident-Centric Dashcam Understanding paper, arXiv:2607.08745, cs.AI with cs.CV, submitted July 9 2026, CVPR Autopilot Workshop, 5-page PDF, University of Colorado Colorado Springs, University of Michigan, and University of Notre Dame affiliations, incident-centric dashcam visual question answering, structured accident-scene understanding, more than 600 dashcam clips, collisions, near-misses, hazards avoided in advance, no-incident baseline sequences, more than 6,000 annotated question-answer pairs, six semantic groups in the introduction, nine structured question groups A through I in the annotation section, 28 sub-questions, weather, lighting, traffic environment, road configuration, lane structure, road surface, traffic control presence, involved entities, fault attribution, prevention measures, impact location, daytime 70 percent, clear or partly cloudy 68 percent, highway and intersection scenes 65 percent, other vehicles 31 percent, animals 16 percent, ego-vehicle fault scenarios 13 percent, vulnerable road users 18 percent, dry road surfaces 83 percent, wet surfaces 17 percent, Kaggle competition, mean per-question accuracy, 224 registered entrants, 73 active participants, 59 teams, 686 submissions, public leaderboard top score 0.65835, no method approaching near-human reliability as stated by the authors, and the governance problem of treating dashcam VQA output as incident evidence before source video, frame window, question schema, answer set, model version, preprocessing path, uncertainty rule, high-risk field performance, and human review are auditable.
- The Human-Centric Deepfake Becomes the Forensics Benchmark - Wenbo Xu, Zhimin Chen, Xiaojie Liang, Hengrui Liu, and Wei Lu's HumanForge: A Human-Centric Deepfake Video Benchmark with Multi-Agent Forgery Rationales paper, arXiv:2607.08705, cs.CV, submitted July 9 2026, 6-page PDF, 2 figures, human-centric deepfake video benchmark, over 18K high-fidelity video segments, scenario counts summing to 18,113 synthetic videos, audio-driven lip synchronization, pose-driven motion transfer, interaction modeling, semantic-driven text-to-video editing, human-object interaction, human-human interaction, HDTF, FFIW, FaceForensics++, DFD, SHHQ, TikTok source assets, more than ten modern video generators and editors, Gen2Anno, LangGraph, six specialized agents, source profiling, scenario recognition, reference analysis, forgery inspection, Chief Judge synthesis, Expected State versus Actual State contrast, binary decisions, fine-grained artifact categories, spatio-temporal localization, contrastive omni-annotations, code and dataset release stated as future on arXiv, and the governance problem of treating synthetic-video detection as one authenticity bit before source provenance, intended edits, observed artifacts, temporal grounding, uncertainty, and human forensic review are auditable.
- The Execution-Security Map Becomes the Missing Control - Mohammadreza Rashidi's The Balkanization of Execution-Security Research for AI Coding Agents: Isolation, Access Control, and Time-of-Check-to-Time-of-Use Vulnerabilities paper, arXiv:2607.05743, cs.CR with cs.AI, submitted July 7 2026, 18-page PDF, 15 figures, 6 tables, systematization of knowledge, 39 execution-security papers from 2023 to 2026, 17 verified categories, sandbox isolation, escape benchmarks, access control and capability models, policy-enforcement fragility, TOCTOU races, MCP-specific threats and defenses, identity delegation, execution provenance, network egress control, static analysis of agent-generated code, scope-creep measurement, skill and plugin packaging security, four disclosed patched CVEs reported as verified against NIST NVD, shared-benchmark gaps, denylist fragility, stale validation, honest-policy-author assumptions, out-of-scope benign actions up to 17.1 percent in the surveyed corpus, machine-readable corpus and verification script, and the governance problem of treating one agent sandbox, policy, or tool gate as adequate before the composed execution boundary has been mapped, tested, and audited across neighboring failure modes.
- The Coaching Agent Becomes the Grounding Gap - Meng Chen, Anya Ji, Tsung-Han Wu, Tobias Maringgele, David M. Chan, Alane Suhr, and Amy Pavel's DigitalCoach: Communication and Grounding Gaps in Human and Agentic Computer Use Coaching paper, arXiv:2606.31980, cs.CL with cs.AI and cs.HC, submitted June 30 2026, 29-page PDF, University of California Berkeley and Technical University of Munich affiliations, DigitalCoach dataset, human expert-novice computer use coaching, 72 coaching sessions, 22,752 dialogue turns, 28.1 hours of screen and input-event recordings, 39,609 input events, 36,724 file snapshots, 20 English-speaking software experts, 20 English-speaking novices, five software applications, Excel, FL Studio, Blender, Figma, Onshape, productivity and creativity and engineering tasks, matched pre-task and post-task evaluation, six multimodal model coaches, GPT-5.4, Gemini-3-Flash, Gemini-3.1-Pro, Claude-Sonnet-4.6, Qwen-3-VL-Instruct, Llama-4-Scout, model coaches giving more direct instructions, fewer explanations, fewer error diagnoses, fewer knowledge-check questions, Action Directives at 63 percent in model-human sessions versus 37 percent for human coaching, Inform acts at 14 percent versus 29 percent, Info Request acts at 2 percent versus 7 percent, human coaching mean gain from 33.49 percent to 88.24 percent, model coaching mean gain from 13.33 percent to 45.00 percent, visual context underutilization, text-history dependence, Windows-laptop collection limit, dataset-size limit, spoken-dialogue segmentation limit, long-term-retention measurement limit, project-digital-coach data and code page, coaching-agent receipts, and the governance problem of treating completed software tasks as teaching evidence before model, prompt, screen context, dialogue-act mix, explanation rate, knowledge-check rate, error-diagnosis rate, learner questions, pre/post task transfer, and bad-guidance cases are auditable.
- The AI Label Becomes the Public Record - Jonathan Rystrøm, Chris Schmitz, Nathan Davies, Gerhard Hammerschmid, Albert Meijer, and Chris Russell's A Technical Typology of AI Systems in Public Administration paper, arXiv:2606.31755, cs.CY with cs.AI, submitted June 30 2026, under review, 30-page PDF, University of Oxford, Hertie School, Utrecht University, and Harvard University affiliations, public administration, digital government, system-type specification, hand-coded systems, glass-box systems, black-box systems, general-purpose systems, agentic systems, affordance thresholds, public values, accountability, procedural justice, non-discrimination, privacy, service delivery, OpenAlex literature search, 2019 to 2025 paper window, 91-paper final corpus, strand-level coding, Gemini 3.1 Flash-Lite Preview preliminary extraction, human coder judgments, conservative adjudication, 50 of 91 papers underspecified, 55 percent underspecification rate, 31 percent mischaracterisation rate, 41 percent overgeneralisation rate, black-box systems as most common fully specified empirical category, 11 general-purpose empirical papers, no empirically studied contemporary agentic systems in the corpus, proxy indicators, source-code-independent diagnostic questions, scope limits for past work, conclusion-scope receipts, citation-weighted sample limit, coding-error limit, typology-update limit, and the governance problem of treating "AI" as a sufficient public record before system type, task, input, output, vendor, learned-or-authored logic, inspectability, tool access, local testing, human review, and technical uncertainty are auditable.
- The Persona Swatch Becomes the Design Proxy - Shahreen Salim and Klaus Mueller's When Do LLM Personas Support Visualization Design? A Cross-Model Study of Color Assignment and Chart Choice paper, arXiv:2607.02455, cs.HC, submitted July 2 2026, 5-page PDF, 3 figures, Stony Brook University affiliations, LLM personas, synthetic participants, visualization design, color assignment, chart-idiom preference ratings, Big Five profiles, 43 unique profiles derived from a state-level U.S. personality dataset, Low and Average and High trait categories, GPT-4o-mini, GPT-4.1-mini, GPT-5-mini, concrete concepts Banana and Strawberry and Carrot, abstract concepts Serendipity and Serenity and Chaos, RGB outputs, CIELCH hue histograms, Hellinger distance, Mantel permutation tests, model-configuration dependence, GPT-4o-mini absent coupling across six concepts, GPT-4.1-mini consistent coupling across six concepts, GPT-5-mini partial coupling across two concepts, abstract-concept persona variance, concrete-concept defaults, 12 chart idioms, hierarchy and time-series and comparison contexts, 60 persona-conditioned chart runs, Organized and Stable cluster, Sociable and Cooperative cluster, Emotionally Reactive cluster, Treemap hierarchy choice, Line Chart with Points time-series choice, Radar Chart comparison choice, no-persona baseline recovering 8 of 9 top choices, rating-level modulation, no matched human validation, concept-set limits, lens-based GPT-5-mini variability protocol, persona-design receipts, and the governance problem of treating a synthetic persona's color or chart choice as user evidence before model, prompt, profile source, task context, baseline, aggregation rule, cross-model check, and human calibration are auditable.
- The Reasoning Budget Becomes the Reliability Receipt - Achint Mehta's Reasoning effort, not tool access, buys first-try reliability in agentic code generation: an observational study paper, arXiv:2607.02436, cs.SE with cs.AI, submitted July 2 2026, 22-page arXiv comment, 5 figures, 10 tables, Zenodo dataset and evaluation artifacts DOI 10.5281/zenodo.21134406, Realtime Retrospective Board: AI Model Benchmark Dataset and Evaluation Artifacts, version v2.3.0, agentic coding assistants, first-try reliability, browser-based testing tools, design-oriented prompts, two agent harnesses, two reasoning effort levels, ninety independent agent runs, real-time retrospective board application, detailed specification, fixed 14-criterion functional rubric, 42-point maximum, visual quality review, capability tier, reasoning effort, tool access, prompt surface, first submission scoring, corrective prompts, Playwright-style browser tool, container deployment failures, local development environment failures, visual polish, run-level artifacts, screenshots, per-run rubric files, linked GitHub repository, reproducibility archive, and the governance problem of treating an agent's tool menu as reliability evidence before model, harness, reasoning budget, prompt, tool permission, first submission, repair loop, rubric item outcomes, visual review method, token record, session cost, and artifact archive are auditable.
- The Culture Meter Becomes the Apparatus - Kent K. Chang's Language Models as Measurement Apparatus for Culture paper, arXiv:2607.02459, cs.CL, submitted July 2 2026, 14-page PDF, ACL Anthology ID 2026.bigpicture-main.11, DOI 10.18653/v1/2026.bigpicture-main.11, Big Picture workshop co-located with ACL 2026, Proceedings of The Big Picture v2: Crafting a Research Narrative, pages 131-143, San Diego, CA, USA, School of Information, University of California Berkeley, cultural analytics, language models as cultural measurement apparatus, material-discursive practice, Karen Barad's agential cut, model architecture, training data, annotation categories, evaluation criteria, interpretive commitments, phenomenon-instrument boundary, television and film dialogue, structure measurement, conversation disentanglement, reply-to graph, conversational agency, interaction measurement, conversational role attribution, speaker, addressee, side-participant labels, gendered role patterns, deviation measurement, stereotypic relation extraction, subversion as discrepancy from trained expectations, erasure of cultural markers, anonymized character names, speaker recognition drop from 78.6 to 13.7, addressee recognition drop from 68.1 to 15.7, attunement to Restoration comedy, 1660-1700, Chadwyck-Healey English Drama collection, 109 plays, 1,283 character episodes, Gemini 2.5 Flash label scaling, Cohen's kappa 0.71, roughly 174,000 lines of in-domain dialogue, agentic workflow agency section in the expanded arXiv version, culture-measurement receipts, and the governance problem of treating a model-mediated cultural pattern as evidence before corpus, prior exposure, label taxonomy, annotation rule, prompt, metric, perturbation test, theoretical commitment, and permissible claim are auditable.
- The Policy Loop Becomes the Budget Receipt - Zhilin Wang, Han Song, Runzhe Zhan, Jusen Du, Jiacheng Chen, Tianle Li, Qingyu Yin, Yulun Wu, Zhennan Shen, Tong Zhu, Yanshu Li, Guanjie Chen, Derek F. Wong, Yafu Li, Yu Cheng, and Yang Yang's EvoPolicyGym: Evaluating Autonomous Policy Evolution in Interactive Environments paper, arXiv:2607.02440, cs.AI with cs.CL, submitted July 2 2026, 24-page PDF, autonomous policy evolution, executable policy systems, interactive RL environments, fixed interaction budgets, Core16, 16-environment suite, Gym/Box2D, MuJoCo, MiniGrid, robotics and driving, 128-episode training budget, 16 hidden validation cases, 32 hidden held-out cases, system/policy.py, Policy reset and act interface, local service routes, feedback/submit_NNN artifacts, summary.json, trajectory.jsonl, stdout and stderr, optional videos and observations, live no-rollback workspace semantics, validation-selected checkpoint, held-out mean return, rank-normalized Core16 score, GPT-5.5 through Codex, Claude Opus 4.7 through Claude Code, MiniMax-M3 through Claude Code, DeepSeek-V4-Pro through Claude Code, GPT-5.5 Core16 0.891, nine wins, top-two on all 16 environments, Claude Opus 4.7 Core16 0.750, five wins, 12 top-two placements, MiniMax-M3 0.531, DeepSeek-V4-Pro 0.359, random policy 0.109, structural synthesis, parametric tuning, CarRacing road-mask lookahead, HalfCheetah periodic gait control, ObstructedMaze symbolic mapping and BFS planning, FetchPush geometric phase control, GitHub repository, Hugging Face EvoPolicyGym-Exp-data dataset, companion final-policy rollout gallery, policy-loop receipts, and the governance problem of treating an autonomous agent's final score as evidence before environment split, run instructions, patch sequence, submit list, budget ledger, feedback artifacts, selected checkpoint, held-out result, harness, model, token accounting, repository revision, and dataset revision are auditable.
- The Test Suite Becomes the Co-Evolution Ledger - Jiale Amber Wang, Kaiyuan Wang, and Pengyu Nie's TestEvo-Bench: An Executable and Live Benchmark for Test and Code Co-Evolution paper, arXiv:2607.02469, cs.SE with cs.AI and cs.CL, submitted July 2 2026, 22-page PDF, University of Waterloo and Google affiliations, live executable benchmark, test and code co-evolution, coding agents, test generation, test update, real commit pairs, Java Maven repositories, GitHub Search API mining, environment configuration, build and test execution, cross-revision checks, pass rate, compile status, focal-line coverage, mutation score, JaCoCo, Universal Mutator, timestamped tasks, contamination-aware time filtering, leaderboard and data explorer, 746 test-generation tasks, 509 test-update tasks, 1,961 generation-track methods, 1,138 update-track methods, 59,950 candidate co-evolution records, 152 open-source Java projects, Claude Code, Gemini CLI, SWE-Agent, Claude Opus 4.7, Gemini 3.1 Pro, 77.5 percent test-generation success, 74.6 percent test-update success, redundant passing tests, most-recent-task performance drop, cost-cap performance drop, shallow-oracle warning, test-change receipts, and the governance problem of treating a coding agent's green test as evidence before repository, old revision, new revision, behavior delta, test diff, runner, execution log, coverage, mutation score, timestamp, model cutoff, and cost budget are auditable.
- The Denoising Clock Becomes the Hidden State - Maximo Rulli, Thomas Fontanari, Simone Petruzzi, Federico Alvetreti, Giorgio Strano, Donato Crisostomi, Giorgos Nikolaou, Tommaso Mencattini, Andrea Santilli, Emanuele Rodolà, Simone Scardapane, and Alessio Devoto's Subliminal Clocks: Latent Time Modelling in Diffusion Language Models paper, arXiv:2607.01774, cs.AI with cs.CL, submitted July 2 2026, 23-page PDF, Sapienza University of Rome, EPFL, and independent-researcher affiliations, diffusion language models, DLMs, masked diffusion language models, LLaDA-1.5, Dream, denoising progress, latent timestep representation, residual-stream probes, MLP probes, masked-token and non-masked-token activations, R2 above 0.5 across LLaDA layers, similar Dream probe trends, 100 denoising bins, 3,200 LLaDA mean vectors, 2,800 Dream mean vectors, Pearson 0.976 and Spearman 0.980 for LLaDA, Pearson 0.962 and Spearman 0.974 for Dream, activation-space steering, LLaDA layer 29, Dream layer 25, confidence drift, entropy drift, KL divergence, norm-matched random perturbation baseline, early-layer correction, extreme-target persistence, PCA structure, fewer-than-three-dimensional mean-vector geometry, two-principal-component steering, LLaDA cross-layer alignment except final layer, Dream representation blocks, token-level steering limit, LLaDA and Dream scope limit, arXiv source bundle, no obvious public code repository link found in manuscript materials, denoising-clock receipts, and the governance problem of treating a diffusion-language-model answer as a single final text before prompt, checkpoint, mask schedule, unmasking policy, denoising step count, probe layer, steering intervention, entropy drift, confidence drift, KL drift, token changes, random baseline, and downstream task deltas are auditable.
- The Fuzzy Function Becomes the Neural Binary - Wentao Zhang, Liliana Hotsko, Woojeong Kim, Pengyu Nie, Stuart Shieber, and Yuntian Deng's Program-as-Weights: A Programming Paradigm for Fuzzy Functions paper, arXiv:2607.02512, cs.LG with cs.AI and cs.CL, submitted July 2 2026, 28-page PDF, University of Waterloo, Cornell University, and Harvard University affiliations, fuzzy-function programming, Program-as-Weights, PAW, fuzzy functions, neural compiler, frozen neural interpreter, pseudo-program, text-to-LoRA, parameter-efficient adapters, 4B Qwen3 compiler, Qwen3-4B-Instruct-2507 pseudo compiler, Qwen3 0.6B interpreter, FuzzyBench, 10-million-example synthetic dataset, 29 thematic versions, more than 800 task subcategories, core text processing, search and web intelligence, custom classification, code and natural-language commands, safety and verification, agentic tool use, format repair and validation, log monitoring, malformed JSON repair, intent ranking, local execution, cached neural program, Python and JavaScript API, Qwen3-32B direct-prompting comparison, 73.78 percent versus 68.70 percent FuzzyBench exact match, roughly 50x lower inference memory, 23 MB per-program LoRA adapter, GGUF quantization, MacBook M3 local runtime, 31.6 tokens per second, 0.48-second cold load, image-conditioned compiler swap, case studies, compiler-interpreter coupling, opaque continuous PEFT component, single-step evaluation limit, synthetic-data limit, neural-binary receipts, and the governance problem of treating a compiled adapter as ordinary code before specification, pseudo-program, compiler, interpreter, adapter hash, quantization, benchmark split, failure envelope, local-runtime proof, and rollback rule are auditable.
- The Unlearning Claim Becomes the Localization Test - Matteo Boglioni, Thibault Rousset, Siva Reddy, Marius Mosbach, and Verna Dankers's LACUNA: A Testbed for Evaluating Localization Precision for LLM Unlearning paper, arXiv:2607.02513, cs.CL with cs.AI and cs.LG, submitted July 2 2026, 27-page preprint under review, Mila and McGill University affiliations, McGill-NLP/LACUNA evaluation release, LLM unlearning, synthetic PII, PANORAMA profiles, 1,200 synthetic profiles, email address, birth city, phone number, driver's license, 4.3-billion-token OLMo-2 pretraining-corpus subset, roughly 2 billion QA tokens, masked continual pretraining, six non-overlapping weight masks, 5 percent parameter coverage, OLMo2 1B, OLMo3 7B, LoRA instruction tuning, forget sets, retain sets, ground-truth parameter-level localization, output-level forgetting versus weight-level evidence, localization precision, ROC-AUC, SimNPO, AlphaEdit, MemFlex, OracleGrad, email-address localization AUC 0.500 and 0.500 and 0.515 versus 0.915 for the ground-truth-mask baseline, resurfacing attacks, relearning on held-out PII, 100 forget-set profiles, 200 prompting attempts, model deletion receipts, residual-risk disclosure, and the governance problem of treating an output-level unlearning pass as deletion before data source, model version, method, retain set, utility score, localization evidence, resurfacing test, and residual risk are auditable.
- The Long Context Becomes the Evidence Scaffold - Yanjun Zhao, Ruizhong Qiu, Tianxin Wei, Yuanchen Bei, Zhining Liu, Lingjie Chen, Ismini Lourentzou, Hanghang Tong, and Jingrui He's ReContext: Recursive Evidence Replay as LLM Harness for Long-Context Reasoning paper, arXiv:2607.02509, cs.AI, submitted July 2 2026, University of Illinois Urbana-Champaign, 18-page PDF, long-context reasoning, context access versus context utilization, training-free inference, model-internal relevance signals, query-conditioned evidence pool, recursive evidence replay, full-context preservation, no context pruning, no persistent external memory, associative-memory analysis, context as memory store, question as retrieval cue, attention as cue-trace association, replay as trace reactivation, 128K context length, top 0.1 percent relevance concentration, Natural Questions, TriviaQA, HotpotQA, PopQA, NarrativeQA, InfBench QA, InfBench MC, CLIPPER, Qwen3-4B, Qwen3-8B, Llama3.1-8B, Vanilla prompting, AttnSharp, DySCO, A-MEM, DAC, best average rank across all three backbones, average rank 1.00 on Qwen3-4B, 1.46 on Qwen3-8B, 1.29 on Llama3-8B, mean accuracy improvement from 0.24 to 0.30, 24.6 percent relative gain over Vanilla, 64K robustness check, thinking-enabled Qwen3-4B check, runtime overhead, closed-source API limitation, context-use receipts, and the governance problem of treating a long prompt as evidence use before selected spans, replay rounds, token budget, model, context window, answer grounding, and challenge path are auditable.
- The Safety Monitor Becomes the Alarm Threshold - Mona Schirmer, Metod Jazbec, Alexander Timans, Christian Naesseth, Maja Waldron, and Eric Nalisnick's Online Safety Monitoring for LLMs paper, arXiv:2607.02510, cs.AI with cs.CL, cs.LG, stat.AP, and stat.ML, submitted July 2 2026, ICML 2026 Hypothesis Testing Workshop comment, 12-page PDF, UvA Bosch-Delta Lab at the University of Amsterdam, University of Wisconsin Madison, Johns Hopkins University, public monasch/llm-monitor code repository, online LLM output monitoring, real-time alarm decisions, verifier signals, external safety models, risk control, conformal risk control, high-probability upper-confidence-bound calibration, Hoeffding-Bentkus bound, false alarm risk, missed detection risk, threshold stopping rule, factuality monitoring, MATH dataset, Claude Haiku 4.5, Mistral-7B-Instruct-v0.3, OpenAI o3-mini labels, Qwen2.5-Math-PRM-7B process reward model signal, harmfulness monitoring, Anthropic Red Teaming, FineHarm, Llama Guard, Qwen2.5-1.5B safeguard verifier, e-valuator baselines, detection delay, token log-probability ablation, signal quality versus verifier cost, alarm receipts, and the governance problem of treating a guardrail as safety before generator, verifier, signal definition, threshold, calibration set, target risk, confidence parameter, score path, alarm step, intervention, and review path are auditable.
- The Bash Exam Becomes the Grading Rubric - Manuel Alonso-Carracedo, Ruben Fernandez-Boullon, Pedro Celard, Francisco J. Rodriguez-Martinez, and Lorena Otero-Cerdeira's Automated grading of Linux/bash examinations using large language models: a four-level cognitive taxonomy approach paper, arXiv:2607.02432, cs.AI with cs.CL and cs.CY, submitted July 2 2026, 32-page PDF, Universidade de Vigo and IFCAE affiliations, Linux/bash command-line examinations, Computer Engineering, Operating Systems course, closed-book 90-minute exam, 1,200 real student responses, second-year undergraduate students, 16 independent exercises, controlled shared Linux server environment, three expert instructors, blind independent grading, custom evaluation-management platform, four-level cognitive taxonomy, L1 information retrieval, L2 basic file manipulation, L3 structural operations, L4 advanced system management, GPT 5.2, Claude Opus 4.6, Gemini 3.0 Pro, GLM 5, V1 minimal prompt, V2 rubric-enhanced prompt, human baseline ICC(2,1)=0.949, weighted kappa=0.948, Gemini V2 ICC(3,1)=0.888, MAE=0.100, Bland-Altman bias=-0.014, rubric quality over provider choice, L1-L2 automation boundary, L3-L4 human review, cross-question context failures, path and filename mismatch penalties, assessment receipts, and the governance problem of treating an AI grade as official before taxonomy level, rubric version, prompt, model, accepted variants, prior-question dependency, agreement metrics, bias, and appeal path are auditable.
- The Agency Gain Becomes the Adoption Map - Ian Beacock, Rachel Xu, Laura Murray, Patrick Anson, Beth Goldberg, Devika Kumar, Jun Lee, Rebekah Park, and Anoop Sinha's AI usage patterns are shaped by perceived gains in human agency paper, arXiv:2607.02313, cs.CY, submitted July 2 2026, 17-page preprint, Jigsaw, Google Paradigms of Intelligence, Gemic, Jigsaw (Google) and Google Technology & Society sponsorship, qualitative ethnographic study, April to July 2025 fieldwork, 51 daily AI chatbot users, United States n=18 in New York, Singapore n=19, Germany n=14 in Berlin, ages 18 to 65, 23 men, 28 women, ChatGPT, Gemini, Grok, Perplexity, Microsoft Copilot, Meta AI, ChatGPT primary for 40 participants, digital diary study, in-person semi-structured interviews, direct observations, dyadic interviews, remote follow-up interviews, 315 coded observations, perceived human agency, instrumental agency, cognitive agency, affective agency, relational agency, structural agency, trust frameworks, accuracy and reliability concerns, consequential errors, situational stability, internal conviction, dependency and cognitive atrophy concerns, agency-impact receipts, and the governance problem of treating repeated chatbot use as trust before task domain, user context, claimed agency dimension, material outcome, retained skill, error class, fallback path, and long-term capacity are auditable.
- The Synthetic Contact Becomes the Partisan Bridge - Benjamin Lira, Noah Castelo, Stefano Puntoni, and Olivier Toubia's Synthetic Contact with AI Reduces Cross-Partisan Animosity paper, arXiv:2607.02181, cs.HC with cs.CY, submitted July 2 2026, 32 pages, 6 figures, five preregistered studies, N=3,960 U.S. partisans, draft not peer reviewed, synthetic contact, outgroup-representing chatbots, cross-partisan animosity, affective polarization, outgroup warmth, mortality-reflection aversion task, Study 1 N=608, human outgroup conversation equated with 9.65 minutes of mortality reflection, AI outgroup conversation equated with 5.06 minutes, Study 2 N=500, environmental-policy misperception correction, 10-minute outgroup bot conversation, Study 3 N=679, cats-and-dogs chat control, Space Invaders game control, Study 4 N=1,069, immigration topic, real outgroup conversation choice rising from 61 percent to 67 percent, Study 5 N=1,104, one-week warmth decay, about 21 percent surviving in robustness test, 4,012 bot conversations coded, GPT-5.4-mini content audit, stereotype-disconfirming substance, information more than friendliness, outgroup caricature risk, contact receipts, and the governance problem of treating chatbot contact as civic repair before prompt, model, represented group, calibration source, conversation content, immediate effect, persistence, behavioral transfer, and participant consent are auditable.
- The Reproducible Build Becomes the Decay Test - Denise Nanni, Julien Malka, Stefano Zacchiroli, Théo Zimmermann, and Gabriele d'Angelo's Understanding Build Reproducibility in the F-Droid Ecosystem paper, arXiv:2607.01890, cs.SE, submitted July 2 2026, 2026 ACM Conference on Reproducibility and Replicability, July 20-22 2026, Delft, Netherlands, 12 pages, F-Droid, Android apps, free and open source software, reproducible builds, bitwise reproducibility, rebuildability, software preservation, supply-chain security, F-Droid catalog and reproducibility logs downloaded February 17 2026, 80,139 package-version dataset, 18,904 historically reproducible package versions, September 2018 to February 2026 publication window, legacy-aware rebuild pipeline, 15,831 successful rebuilds, 83.7 percent rebuild success rate, missing dependencies causing around 76 percent of failed packages, missing source code causing around 10 percent of failures, 94 percent of successfully rebuilt package versions still bitwise reproducible, temporal decay, environmental drift, external registries, dependency pinning, historical build environments, rebuildability horizon, and the governance problem of treating a release-time reproducibility check as durable trust before source code, dependencies, base images, toolchains, build logs, metadata, and preservation owners are auditable.
- The Human Capital Becomes the Forecasting Benchmark - Vivienne Ming's Human Capital, Not Model Benchmarks, Predicts Hybrid Intelligence in Forecasting paper, arXiv:2607.02467, cs.CY with cs.AI, submitted July 2 2026, 4 pages, 1 figure, PNAS brief style, The Human Trust, Possibility Science, UCL Global Business School for Health, preprint pilot study, human-AI forecasting, human capital, Polymarket contracts, externally resolved ground truth, 108 adults recruited by flyer in Berkeley, 78 main-study participants, 26 three-person teams, 77 analyzed participants after one excluded out-of-range Brier score, 30 live contracts resolving November 2025 to January 2026, economics, international relations, business, Llama 3.1 8B, Qwen3 8B, GPT-4o, Gemini 3 Pro, scaled Brier score, lower-is-better forecasting error, AI-only baseline 5.5, Polymarket benchmark 3.5, human-only 14.7, Automators 10.4, Validators 31.7, Cyborgs 3.8, perspective-taking, intellectual humility, curiosity, collaborative human capital, raw cognitive ability not predicting hybrid accuracy, small-cell pilot limits, pre-registered replication in preparation, collaboration receipts, and the governance problem of treating model benchmark rank as deployment evidence before user role, interaction style, timestamped forecast, model baseline, human-capital measure, prompt surface, and outcome score are auditable.
- The Financial Benchmark Becomes the Model Selection Dossier - Blair Hudson's Meta-Benchmarks for Financial-Services LLM Evaluation paper, arXiv:2607.01740, cs.AI, submitted July 2 2026, Commonwealth Bank of Australia affiliation, 27 pages, 13 figures, 3 tables, financial-services LLM evaluation, public model leaderboards, 452 publicly reported benchmark identifiers, 41 O*NET Generalized Work Activities, 38 BIAN Service Landscape 14.0 banking business domains, five BIAN business areas, 288 models from 25 organizations as of June 2026, discrimination x coverage x recency weighting, pairwise Elo, work-activity scores, business-domain profiles, MMLU-Pro, document-grounded compliance reasoning, multi-turn customer interaction, public-evidence screening, missing benchmark coverage, only 24 of 41 work activities exercised by public benchmarks, model selection dossier, procurement evidence, privacy, security, legal, risk, compliance, vendor, operational-resilience and human-oversight review, and the governance problem of treating a public leaderboard rank as banking readiness before benchmark snapshot, mapping, stale-score policy, missing-work record, internal test plan, and deployment review are auditable.
- The World Literature Tool Becomes the Model Audit - Nina Begus's World Wide Models: Literary Tools for Cultural AI essay, arXiv:2607.02369, cs.CL with cs.AI, submitted July 2 2026, 15 pages, forthcoming in MFS Modern Fiction Studies in 2027, University of California Berkeley affiliation, cultural AI, literary studies, comparative literature, narratology, critical theory, world literature, translation studies, structural monolingualism, surface monolingualism, synthetic monolingualism, global AI textuality, macrostructure, circulation, untranslatability, literary forms inside AI evaluation, benchmarks as miniature genres, Turing test, scripts, cultural defaults, latent spaces, Moretti, Damrosch, Apter, cultural adequacy, local validators, prompt language, output language, translation path, canon concentration, idioms left untranslated, stereotype checks, cultural receipt, and the governance problem of treating fluent global prose as cultural competence before the model's corpus, genre, language path, translation losses, local context, evaluation method, and untranslatable residue are auditable.
- The Ghost Memory Becomes the State Receipt - Zitong Shi, Yixuan Tang, and Anthony Kum Hoe Tung's A-TMA: Decoupling State-Aware Memory Failures in Long-Term Agent Memory paper, arXiv:2607.01935, cs.AI, submitted July 2 2026, National University of Singapore affiliation, ghost memory, long-term agent memory, changing user facts, old current and transition facts, bank maintenance, state-aware retrieval, answer-time resolution, Adaptive Truth Maintenance Auditing, A-TMA, host memory overlay, superseded records, transition records, state-aligned evidence packets, current historical and transition labels, LoCoMo Temporal Plus, LTP, 10 user profiles, 800 judged probes, LoCoMo long-conversation generalization, 10 samples, 1,986 question-answer pairs, Graphiti/Zep plus A-TMA conflict accuracy improvement from 0.480 to 0.720, temporal F1 improvement from 0.0295 to 0.1705, average F1 improvement from 0.0809 to 0.1556, host-dependent gains, memory receipts, state-view receipts, and the governance problem of treating a persistent assistant's remembered answer as valid before the active record, superseded record, transition record, retrieval packet, state label, model version, judge surface, and requested time state are auditable.
- The Skill Scanner Becomes the Detonation Harness - Zimo Ji, Congying Xu, Zongjie Li, Yudong Gao, Xin Wei, Shuai Wang, and Shing-Chi Cheung's Cloak and Detonate: Scanner Evasion and Dynamic Detection of Agent Skill Malware paper, arXiv:2607.02357, cs.CR with cs.SE, submitted July 2 2026, agent skills, public skill marketplaces, third-party skill supply chain, malicious skills, install-time scanner limits, static pattern matching, LLM-as-judge skill audits, SkillCloak, payload-preserving evasion, Structural Obfuscation, Self-Extracting Skill Packing, SFS Packing, eight representative scanners, 1,613 in-the-wild malicious skills, ClawHub and OpenClaw skills archive, Codex and Claude Code utility testing, no statistically detectable utility degradation, SkillDetonate, behavior-centric runtime auditing, controlled sandbox execution, OS-boundary information-flow evidence, on-demand closure lift, marker-based taint analysis, sensitive-data flow across agent context files processes and network operations, SkillJect, MalSkillBench, 96.7 percent SkillJect attack detection at 2 percent false-positive rate, 87.3 percent executable wild-skill detection, Cisco scanner drop from 98.6 percent to 10.1 percent under Structural Obfuscation, scanner hygiene versus trust gates, detonation receipts, and the governance problem of treating a passed skill scan as clearance before file-tree hashes, scanner versions, sandbox image, network egress, mounted secrets, taint markers, process tree, runtime materialized instructions, and source-to-sink flows are auditable.
- The Missing Stop Condition Becomes the Bill - Xinyi Hou, Shenao Wang, Yanjie Zhao, and Haoyu Wang's When Agents Do Not Stop: Uncovering Infinite Agentic Loops in LLM Agents paper, arXiv:2607.01641, cs.SE, submitted July 2 2026, Infinite Agentic Loops, IAL-Scan, static analysis for LLM agent projects, framework-independent Agent IR, Agentic Loop Dependence Graph, feedback paths, model calls, tool calls, workflow transitions, agent handoffs, missing stopping bounds, LangChain, LangGraph, CrewAI, AutoGen, LlamaIndex, OpenAI Agents SDK, Google ADK, Semantic Kernel, 6,549 Python LLM agent repositories, 246,748 Python files, 33.41 million lines of code, 74 potential findings, 68 confirmed IAL failures, 47 affected projects, 91.9 percent precision, 94.6 percent initial reviewer agreement, LangGraph and AutoGen contributing 45 of 68 confirmed findings, retry feedback without bounds, tool-call iteration without bounds, multi-agent chat without turn bounds, 264-project evaluation subset, pure LLM API baseline covering 23 of 68 failures, Codex baseline covering 50 failures but hitting timeout or error limits in 75 projects, 4.2K versus 141.86K token comparison, stop receipts, bound coverage, runtime budgets, state growth limits, and the governance problem of treating an agent loop as useful automation before its continuation controller, stop condition, timeout, retry cap, token budget, state-size guard, tool-call limit, and external side-effect class are auditable.
- The Underspecified Target Becomes the Production Change - Zimo Ji, Zekai Zhang, Congying Xu, Zongjie Li, Yudong Gao, Shuai Wang, and Shing-Chi Cheung's Coding Agents Are Guessing: Measuring Action-Boundary Violations in Underspecified DevOps Instructions paper, arXiv:2607.02294, cs.SE, submitted July 2 2026, PDF title-page author discrepancy with Yujia Tian also listed, UnderSpecBench, coding agents, DevOps tasks, autonomous execution, shell commands, repository changes, operational APIs, action-boundary violations, benign underspecified instructions, 69 incident-grounded task families, documented incidents, CVEs, tool behavior, four DevOps capability domains, nine operational control surfaces, intent clarity, target certainty, blast radius, 2,208 prompt variants, deterministic side-effect state checkers, Safe Success, Wrong Target, OverScope, clarification, refusal, deferment, empty output, OpenCode, Claude Code, Codex, full autonomous execution mode, 55.8 to 67.8 percent of acted runs violating at least one boundary, target underspecification driving Safe Success from 67.9 percent to 8.6 percent and Wrong Target from 9.6 percent to 75.1 percent, blast-radius cues barely changing action propensity, shared runtime control planes reaching 59.8 and 77.2 percent OverScope, Ask-User affordance differences, action receipts, and the governance problem of treating completed DevOps work as safe before target, scope, environment, blast radius, confirmation rule, harness, permissions, state diff, and postcondition are auditable.
- The Assumption Register Becomes the Board Record - Jeroen Janssen's From Battlefield to Boardroom: Strategic Red Teaming as an Epistemic Governance Instrument in the Age of AI technical report, arXiv:2607.01913, cs.CY, submitted July 2 2026, strategic red teaming, AI governance, board-level assumption stress testing, material AI strategy, mission-alignment testing, assumption mapping, dependency stress testing, economic-fragility testing, regulatory-exposure simulation, accountability-boundary testing, operational leverage, transparency reduction, dependency concentration, regulatory liability, accountability-boundary shift, evidence grades, documented tested inferred asserted contradicted unknown assumptions, independence architecture, audit committee commissioning, scope in board minutes, management factual corrections separated from findings, board decision record, approve with conditions, defer, redesign, reject, re-review triggers, validation limits, capture risk, false precision, assumption-register receipts, and the governance problem of treating AI strategy approval as evidence before the load-bearing assumptions, evidence objects, falsification conditions, owners, dependency maps, and accountability boundaries are auditable.
- The Constraint Substrate Becomes the Oversight Rail - Thomas Winninger's Steerability via constraints: a substrate for scalable oversight of coding agents paper, arXiv:2607.02389, cs.AI with cs.CR and cs.SE, submitted July 2 2026, coding-agent oversight, constrained software substrates, enforceable invariants, narrow module boundaries, typed interfaces, immutable data structures, access-control and network limits, small reviewer models, Gemma 4 e4b, roughly 500-line Python codebase, 11 inserted backdoors, syntactic semantic multi-file in-module invariant and global invariant detection levels, unconstrained review, constrained review, docs CLI projections, module summaries, symbol signatures, dataclass fields, docstrings, planned tests-as-examples projection, 200-LoC documentation tool, recall rising from 54.5 percent to 90.9 percent across cells, C2 and C3 both 81.8 percent recall, precision tradeoff, constrained-no-docs precision 88.9 percent, constrained-plus-docs precision 95.7 percent, protocol sensitivity, synthetic-data limit, handcrafted scoring rubric, substrate receipts, and the governance problem of treating generated code review as a prompt-only exercise before constraints, local context, tool versions, reviewed dependencies, model settings, and human escalation are auditable.
- The Skill Pair Becomes the Hidden Intent - Jinwei Hu, Yi Dong, Youcheng Sun, and Xiaowei Huang's SkillFuzz: Fuzzing Skill Composition for Implicit Intents Discovery in Open Skill Marketplaces paper, arXiv:2607.02345, cs.SE with cs.AI and cs.CL, submitted July 2 2026, LLM agents, reusable skills, natural-language instruction documents, open skill marketplaces, co-activated community skills, per-skill audits, implicit intents, plan-then-act agents, plan drift from a skill-free baseline, execution-free fuzzing, structured skill contracts, preconditions, postconditions, modifies sets, invariants, domain scope, abstract action types, extraction confidence, contract embeddings, conflict-prioritized seed pairs, contract-guided Monte Carlo Tree Search, fixed query budgets, SkillsBench full 196-skill library, ten representative tasks, eight planning agents, DS-R1 variants, GPT-family variants, GPT-4o-mini intent extraction and judgment, all-mpnet-base-v2 embeddings, 98 highest-risk flagged co-activations, sandboxed Docker validation, fixed Claude-based executor, 80.6 percent overall execution-trace confirmation, SkillFuzz 116 distinct intents, 90 high-severity cases, random sampling 121 distinct intents but 64 high-severity cases, 41 percent improvement in high-severity discoveries, pairwise coverage not equal to severity coverage, 1,188 discovered intent texts, Audio/Video Side-Effect, Unauthorized Tool Invocation, Covert Resource Creation, Unsanctioned Data Analysis, plan-layer limitations, judge-bias limits, marketplace-size limits, composition-screening receipts, and the governance problem of treating a skill marketplace as safe before skill hashes, extracted contracts, candidate pairs, drift thresholds, novelty thresholds, planner version, judge version, execution traces, runtime permissions, and composition-level side effects are auditable.
- The Off-the-Record Channel Becomes the Agent Audit - Arman Ghaffarizadeh, Danyal Mohaddes, Aliakbar Izadkhah, and Shahriar Noroozizadeh's What LLM Agents Say When No One Is Watching: Social Structure and Latent Objective Emergence in Multi-Agent Debates paper, arXiv:2607.02507, cs.AI with cs.CL, cs.LG, and cs.MA, submitted July 2 2026, LLM agents, multi-agent debates, socially structured settings, public utterances, off-the-record OTR responses, dual-channel evaluation, audience visibility, shared public history, binary stance decisions, role-grounded social relations, promotion decision scenario, political bill endorsement scenario, academic manuscript submission scenario, five relational-context conditions, persona-reinforcing contexts, alignment-inducing contexts, historical framing, future-dependence framing, five debate rounds, ten models, 750 runs, stance divergence, semantic cosine similarity, natural language inference, structured survey responses, emotion analysis appendix, public-OTR divergence, targeted agent alpha, decision divergence rising from 2.8 percent baseline to 39.9 percent under alignment-inducing conditions, cosine self-consistency 0.730 to 0.660, NLI entailment 32.7 percent to 15.3 percent, contradiction 2.1 percent to 19.4 percent, model heterogeneity, Gemini 3.1 Pro, GPT-5.4, Grok 4, GLM-5, Claude Opus 4.6, GPT-OSS-120B, latent objective emergence as output-level pattern not hidden belief claim, LLMAgora reproducibility repository, channel-dependence receipts, and the governance problem of treating one public agent answer as stable decision logic before role, audience, relational pressure, private diagnostic channel, survey schema, semantic comparison, and escalation path are auditable.
- The Context Vault Becomes the Retrieval Gate - Misha Sulpovar, Benn R. Konsynski, Qaish Kanchwala, and Gabe Goodhart's ContextNest: Verifiable Context Governance for Autonomous AI Agents paper, arXiv:2607.02116, cs.AI, submitted July 2 2026, ContextNest, context governance gap, AI-consumable knowledge vaults, retrieval-augmented generation, RAG complementarity, typed Markdown documents, YAML frontmatter, structured metadata, hierarchical stewardship, separation of duties, deterministic set-algebraic selectors, contextnest URI references, version pinning, SHA-256 hash-chained histories, graph-level checkpoints, Model Context Protocol source nodes, audit traces of agent context consumption, point-in-time reconstruction, approved and current and attributable context, stale-version attack, BM25 sparse retrieval, 97 percent versus 93 to 90 percent answer-quality pass rate, about one-third input-token cost, retrieval-determinism experiment, 1,060-document synthesized corpus, deterministic selectors, Jaccard 1.0, dense HNSW nondeterminism on 80 percent of queries, mean Jaccard 0.611, worst-case Jaccard 0.210, core engine, nineteen-command CLI, MCP server, context receipts, and the governance problem of treating retrieved relevance as trustworthy context before source version, steward, approval state, integrity hash, selector, checkpoint, and consumption trace are auditable.
- The Safety Case Becomes Executable - Yunhao Feng, Ruixiao Lin, Ming Wen, Qinqin He, Yanming Guo, Yifan Ding, Yutao Wu, Jialuo Chen, Yunhao Chen, Xiaohu Du, Jianan Ma, Zixing Chen, Zhuoer Xu, Xingjun Ma, and Xinhao Deng's Safety Testing LLM Agents at Scale: From Risk Discovery to Evidence-Grounded Verification paper, arXiv:2607.01793, cs.AI, submitted July 2 2026, Vera, LLM agent safety testing, computer-use agents, autonomous tool use, software-engineering testing principles, literature-driven risk exploration, taxonomies of safety risks and attack methods and tool execution environments, executable safety cases, concrete safety goals, programmatically constructed initial state, deterministic verification predicates, observable artifacts, adaptive control agent, isolated Docker Compose sandboxes, MCP middleware gateway, OpenClaw, Hermes, Codex, Claude Code, Mailpit, Gitea, Blnk, Databag, SearXNG, 72 MCP tool functions, Vera-Bench, 1,600 executable base scenarios, 124 leaf-level risk categories, 77 attack methods, 30 environment categories, benign and single-channel and multi-channel settings, 90.6 percent single-channel execution success rate, 93.9 percent multi-channel execution success rate, environment-state verification, tool-call evidence, replayable safety records, guard-model downstream experiment, source repository, and the governance problem of treating an agent refusal or final answer as safety evidence before the initialized state, tool logs, environment diff, verifier code, and replay path are auditable.
- The Agent Dependency Graph Becomes the Audit Map - Shenao Wang, Xinyi Hou, Yanjie Zhao, Xiao Cheng, and Haoyu Wang's AgentFlow: Building Agent Dependency Graphs for Static Analysis of Agent Programs paper, arXiv:2607.01640, cs.SE with cs.CR, submitted July 2 2026, LLM agent programs, source-code agent applications, framework-defined semantics, agent constructors, tool decorators, hosted tool objects, handoff declarations, workflow commands, session objects, OpenAI Agents SDK, LangChain/LangGraph, CrewAI, LlamaIndex, Semantic Kernel, Agent Dependency Graph, typed nodes for agents, prompts, models, capabilities, memory states, and control policies, component-dependency edges, control-flow edges, data-flow edges, Agent Bill of Materials generation, prompt-to-tool risk detection, AgentZoo, 5,399 real-world agent programs, 143 supported framework constructs, 2,295 Agent BOM components, 1,008 binding relationships, 238 prompt-to-tool risk projects, 4,357 findings, 73.0 percent manual-sample precision, static-analysis over-approximation, framework-evolution limits, ADG receipts, and the governance problem of treating an agent repository as ordinary code before its prompts, tools, memory, handoffs, policies, privileged capability paths, and dependency graph are auditable.
- The AI Answer Becomes the Practice Receipt - Yang Zhao, Yingshuo Li, and Zeyu Zhang's A Practice Auditing Framework for Large Language Model Use: Collective Empiricism, Pseudo-Rational Cognition, and Governance of AI-Generated Content paper, arXiv:2607.01248, cs.CY with cs.AI, v1 recorded June 2 2026, LLM use, AI-generated content governance, practice auditing, collective empiricism, pseudo-rational cognition, structured expression versus practical understanding, requirement definition, problem-boundary identification, evidence-source auditing, practical validation, reverse questioning, logs, version management, rollback mechanisms, renewed cognition, subjectivity illusion, subjectivity structures in input materials, long-term memory, retrieval spaces, agent skill systems, skill debt, AI-AI conversation loops, AIGC detection, statistical misjudgment, designability, traceability, intervention, practice receipts, and the governance problem of treating a polished AI answer as understanding before evidence, conditions, validation, revision history, and rollback are auditable.
- The Persistent Codebase Becomes the Control Surface - Josh Hills, Ida Caspary, and Asa Cooper Stickland's Distributed Attacks in Persistent-State AI Control paper, arXiv:2607.02514, cs.AI, submitted July 2 2026, AI control, coding agents, persistent codebases, iterative pull requests, Iterative VibeCoding, CLI tools, Flask web services, twenty task variations, committed code and git history as cross-session state, Claude Sonnet 4.5 attack agent, GPT-4o monitor, Gemini 3.1 Pro and Kimi K2.5 attack-agent checks, diff monitors, trajectory monitors, honest-baseline 98th-percentile calibration, gradual attacks, non-gradual positional attacks, hidden side tasks, monitor evasion, no single monitor robust to both attack strategies, weakest standard diff monitor 93 percent gradual-attack evasion, task-description diff monitor 87 percent gradual-attack evasion, stateful link-tracker monitor 54 percent gradual-attack evasion, four-monitor ensemble 47 percent gradual-attack evasion, cross-PR suspicious buildup, monitor-written notes, pull-request sequence receipts, and the governance problem of treating each PR as independently reviewable before repository state, agent edits, monitor state, thresholds, trajectories, and accumulated capability paths are auditable.
- The Consensus Bridge Becomes the Manipulation Surface - Nikil Roashan Selvam, Jay Baxter, Sophie Hilgard, Brad Miller, Keith Coleman, Ellen Vitercik, and Sanmi Koyejo's Gaming Consensus: Coordinated Manipulation in Crowdsourced Fact-Checking paper, arXiv:2607.01824, cs.LG, ICML 2026, submitted July 2 2026, crowdsourced fact-checking, Community Notes-style bridging systems, X, Meta, TikTok, Google adoption context, matrix factorization, latent user and note factors, cross-perspective support, coordinated manipulation, synthetic consensus, two-phase adversarial rating strategy, historic production data, up to 10.7 percent of lower quality notes manipulated above consensus thresholds with fewer than ten ratings, counterintuitive Not Helpful rating geometry, manipulation resistance score, cost model, population sample filtering, deployed X Community Notes mitigations, simulated experiments using official open-source code, no live-platform note manipulation, bridge receipts, algorithm versions, rating windows, contributor eligibility, safeguards, status timelines, post-publication correction trails, and the governance problem of treating a consensus label as public evidence before the model, thresholds, solicitation path, anti-abuse components, audit data, and claim boundary are inspectable.
- The Live Benchmark Becomes the Update Receipt - Yuanzhi Liu, Shousheng Zhao, Bo Zhou, Kongming Liang, and Zhanyu Ma's MMBench-Live: A Continuously Evolving Benchmark for Multimodal Models paper, arXiv:2607.01813, cs.CV with cs.AI, submitted July 2 2026, DOI 10.48550/arXiv.2607.01813, vision-language model evaluation, continuously evolving multimodal benchmarks, multi-agent-driven automated construction, structured benchmark descriptions, evaluation purpose, evaluation format, task hierarchy, atomic tasks, task-related visual patterns, Google Image API retrieval, Flickr API retrieval, one-year image window, feedback-controlled query refinement, generated QA pairs, executable solution plans, vision-blind verification controller, tool-supported reasoning, 5.9K newly generated evaluation instances, 96.06 percent manual answer correctness, one-to-two-hour updates, about 30 dollars per update, DeepSeek-VL, InstructBLIP, LLaVA, mPLUG-Owl2, Qwen3-VL, Qwen2.5-VL, PaCoST contamination-proxy analysis, cross-version ranking stability, limitations around implicit visual memorization and foundation-model-bounded construction quality, and the governance problem of treating a live leaderboard as fresh evidence before its source window, task template, retrieval trace, verifier trace, construction cost, manual audit sample, drift checks, and contamination proxy are auditable.
- The Forecast Explanation Becomes the Markov Receipt - Amadeo Tunyi's Global Explanations for Multivariate Time Series Forecasting Models via K-Order Markov Approximations paper, arXiv:2606.27599, cs.LG, submitted June 25 2026, DOI 10.48550/arXiv.2606.27599, KARMA, explainable AI for multivariate time-series forecasting, K-order Markov surrogate models, predictively sufficient history length K, discretized history space, transition kernels, five-level global explanation hierarchy, variable importance, lag profiles, distinctive regimes, interventional effects, model-induced causal graph, uncertainty reporting, Beijing PM2.5 case study, ETTh1 and Exchange Rate benchmarks, GRU, LSTM, and TCN models, comparisons with TimeSHAP, WinIT, Dynamask, Feature Occlusion, and Integrated Gradients, certified-zero attribution beyond retained lags, marginal-kernel scaling limits, coverage maps, faithfulness assumptions, and the governance problem of treating a forecast explanation as audit-grade evidence only when the retained history, state construction, transition estimator, tolerance, baseline, uncertainty, and claim boundary travel with it.
- The Web Agent Row Becomes the Receipt - Minbyul Jeong's Ko-WideSearch: A Korean Breadth-Search Benchmark for Exhaustive Set Enumeration by Web Agents paper, arXiv:2606.27595, cs.CL, submitted June 25 2026, DOI 10.48550/arXiv.2606.27595, Korean web agents, breadth search, exhaustive set enumeration, table completion, 228 tables, 190 set-parent entities, sixteen categories, three difficulty tiers, 4,262 gold rows, 14,560 attribute cells, table width knob, 2-D composite key, Item-F1, Column-F1, Row-F1, table success, normalization-aware comparator, synthesize-and-verify pipeline, non-memorizability gate, completeness gate, cross-source attribute verification, volatile as-of dates, live Korean web search, twenty web-agent systems, GPT-5.5 Item-F1 92.8 versus Row-F1 53.7, table success 19.3 percent, DeepSeek-V4-Pro Row-F1 45.0, Korean-specialized model gap, more search and spend not closing the row gap, MIT pipeline and scorer, evaluation data by request, sports-season-heavy hard tier limitation, row receipts, cell provenance, and the governance problem of treating a browser agent's plausible table as complete before membership keys, required columns, source URLs, row matches, missing-cell conventions, metrics, search traces, as-of dates, and human review are auditable.
- The Agent Action Becomes the State Signal - Andres Enriquez Fernandez and John J. Bird's Training Observable Control Policies to Expose Agent State Through Actions paper, arXiv:2606.27609, cs.LG with eess.SY, submitted June 25 2026, Journal of Aerospace Information Systems 2026, related DOI 10.2514/1.I011654, observable control policies, action-based state estimation, limited communication, autonomous agents, multiagent coordination, observer-controller structure, control policy output as measurement, pseudocontrol actions, reinforcement learning, embedded estimator reward, task-only reward comparison, Unscented Kalman filter, UKF, aircraft goal point tracking, fixed-wing UAS, bank-angle control, 14,500 episodes, 21.77 meter versus 12.15 meter position-error norm at 200 seconds, 44.2 percent decrease, 4.33 versus 2.94 meters per second velocity-error norm, 32.1 percent decrease, 80th-percentile task reward 80.1 versus 79.1, stripped observability matrix, sequence-level observability, human-machine teaming limits, state-estimation receipts, and the governance problem of treating agent behavior as task success before policy version, observable state variables, exposed action variables, estimator assumptions, reward terms, task penalty, divergence rate, and authorized readers of the state signal are auditable.
- The Solver Route Becomes the Decision Receipt - Chuanhao Li, Xiaoan Xu, Dirk Bergemann, Ethan X. Fang, Yehua Wei, and Zhuoran Yang's COOPA: A Modular LLM Agent Architecture for Operations Research Problems paper, arXiv:2606.27611, cs.LG, submitted June 25 2026, DOI 10.48550/arXiv.2606.27611, COOPA, COoperative OPerations Agent, operations research decision support, LLM optimization agents, structured optimization formulations, variables, parameters, objectives, constraints, source traceability, element-level provenance, confidence explanations, iterative confidence-based modeling, max-min selection, k=3 candidate formulations, multi-solver dispatch, manager agents, optimizer agents, Pyomo, GLPK, IPOPT, Google OR-Tools, pymoo, general Python, ComplexLP, IndustryOR, BWOR, eight LLM backbones, four agentic baselines, best macro-average on six of eight backbones, GPT-5.2 70.6 percent, GPT-5 69.4 percent, Gemini-3-Flash 68.4 percent, ablation 61.8 percent to 64.8 percent, 91.1 percent mathematical-optimizer routing limit, COOPA repository artifacts, generated solver code, decision-support receipts, and the governance problem of treating an optimization answer as authoritative before formulation, source spans, rejected candidates, solver route, generated code, execution log, feasibility status, timeout status, and human review are auditable.
- The Superseded Memory Becomes the Agent Liability - Vedant Patel's Supersede: Diagnosing and Training the Memory-Update Gap in LLM Agents paper, arXiv:2606.27472, cs.CL with cs.AI and cs.LG, submitted June 25 2026, DOI 10.48550/arXiv.2606.27472, Supersede, memory-update gap, supersession, temporal fact-currency, LongMemEval knowledge-update subset, bounded self-maintained memory, raw sessions never re-fed, full context versus bounded memory, gpt-5.4 92 percent to 77 percent, 24x conversation-length study, 68 percent to 28 percent, proportional memory no recovery, verifiers, prime-rl, GRPO, Qwen2.5-3B, held-out supersession accuracy 9.0 percent to 16.7 percent, Apache-2.0 project repository, memory receipts, stale-fact liability, and the governance problem of treating agent memory as personalization before current value, superseded value, source session, update rule, retention boundary, correction path, and stale-use evidence are auditable.
- The Entropy Trace Becomes the Agent Behavior Receipt - Olasimbo Ayodeji Arigbabu's Entropy-Based Observability for AI Agent Behavior paper, arXiv:2606.05872, cs.AI, submitted June 4 2026, revised June 24 2026, DOI 10.48550/arXiv.2606.05872, Entropy-Based Observability for AI Agents, EOA, trace-derived behavioral telemetry, action entropy, trajectory entropy, tool entropy, information gain, outcome entropy, ordered agent traces, AgentRun trace contract, EntropyObserver, ObservabilityReport, JSON and JSONL loaders, generic event recorder, LangChain adapter, Google ADK adapter, controlled workload, 72 normalized runs, Learning Roadmap Agent study, entropy-agent-eval implementation package, agent behavior receipts, and the governance problem of treating task success, reward, cost, and latency as enough before action diversity, tool concentration, uncertainty reduction, outcome stability, trace quality, and review thresholds are visible.
- System 0 Becomes the Cognitive Border - Marianna Bergamaschi Ganapini, Massimo Chiriatti, Enrico Panai, and Giuseppe Riva's Before You Think: System 0, AI-Mediated Cognition and Cognitive Colonization paper, arXiv:2606.13658, cs.AI, submitted June 11 2026, DOI 10.48550/arXiv.2606.13658, CC BY-NC-SA 4.0 arXiv license metadata, conceptual AI cognition paper, Tri-System Theory, System 3, cognitive surrender, Thinkframes, AI-mediated cognitive ecologies, System 0, extended mind, AI-mediated cognition, cognitive extension, computational level, psychological level, epistemic level, anticipatory personalization, adaptive invisibility, automation of relevance judgment, AI Overviews, Google Search, Google Maps, Waze, writing assistance, AI ghostwriter effect, wearable platforms, Apple Watch, Fitbit, Oura, interoceptive offloading, GPS-induced disorientation, vocabulary narrowing, creative-output homogenization, automation bias, algorithmic feeds, recommendation systems, ideological clustering, persistence after removal, super-human bias amplification, comfort-growth paradox, cognitive colonization, constitutive integration, downstream incorporation, exogenous directional governance, opacity, reflective endorsement, misaligned optimization criteria, engagement maximization, comfort, frictionlessness, algorithmic intuition, proprietary optimization criteria, black-box models, breakdown testing, infrastructural inversion, pre-reflective AI mediation, cognitive border receipts, recommendation receipts, personalization receipts, opt-out effects, suppressed alternatives, inspectability, contestability, and the governance problem of treating a personalized AI surface as harmless assistance before its ranking objectives, behavioral inputs, memory scope, interface defaults, recommendation logic, engagement metrics, source omissions, user controls, and persistence effects are auditable.
- The Agent Environment Becomes the Discovery Lab - Amy Xin, Jiening Siow, Junjie Wang, Zijun Yao, Fanjin Zhang, Jian Song, Lei Hou, and Juanzi Li's EurekAgent: Agent Environment Engineering is All You Need For Autonomous Scientific Discovery paper, arXiv:2606.13662, cs.AI, cs.CL, submitted June 11 2026, revised June 12 2026, DOI 10.48550/arXiv.2606.13662, Tsinghua University, Renmin University of China, environment engineering, autonomous scientific discovery, metric-driven research tasks, Claude Code CLI agent, GLM-5.1, off-the-shelf CLI agents, Prepare Propose Implement loop, R rounds, P parallel implement sessions, hidden evaluation script, submission-format specification, optional initial code, secure evaluation service, permissions engineering, bounded execution, isolated evaluation, Docker agent container, grader container, hidden_eval_dir mounted only into grader container, protected official result files, same-round isolation, GPU default-deny, artifact engineering, filesystem and Git collaboration, proposal manifests, preparation summaries, hypotheses, solution code, evaluator feedback, ranked solution history, web-search history, budget engineering, time and API cost budgets, passive deadline warnings, cost-limit abort, resumable runs, persisted session IDs, human-in-the-loop engineering, terminal UI, web monitor, score evolution, transcripts, Circle Packing 2.635999 versus previous AI best 2.635986, Erdos minimum overlap 0.380870 versus previous AI best 0.380876, first autocorrelation inequality 1.502861 versus previous AI best 1.502863, TriMul 2005.03 microseconds, local A100 evaluation caveat, MLE-Bench Lite seven-task subset, 85.71 percent any-medal rate, 71.43 percent gold-medal rate, less than $11 API cost for 26-circle packing, THU-Team-Eureka/EurekAgent code and results repository, AGPL-3.0 license, evaluator contract grade_submission and is_better, invalid submissions impossible scores, discovery receipts, and the governance problem of treating an autonomous agent score as scientific progress before problem statement, evaluator boundary, metric, artifact history, tool access, budget, container image, transcripts, intervention log, repository revision, and local leaderboard caveats are auditable.
- The Scholar Graph Becomes the Agent Memory Layer - Zongsheng Cao, Bihao Zhan, Jinxin Shi, Jiong Wang, Fangchen Yu, Zhijie Zhong, Zijie Guo, Tianshuo Peng, Zhuo Liu, Yi Xie, Xiang Zhuang, Shengji Tang, Yue Fan, Runmin Ma, Shiyang Feng, Xiangchao Yan, Anran Liu, Peng Ye, Wenlong Zhang, Shufei Zhang, Chunfeng Song, Fenghua Ling, Jie Zhou, Liang He, Bo Zhang, and Lei Bai's Agents-K1: Towards Agent-native Knowledge Orchestration paper, arXiv:2606.13669, cs.AI, submitted June 11 2026, revised June 29 2026, DOI 10.48550/arXiv.2606.13669, Shanghai Artificial Intelligence Laboratory, East China Normal University, Fudan University, agent-native knowledge orchestration, research agents, scientific knowledge graphs, Scholar-KG, General-KG, GraphAnything CLI, Model Context Protocol, MCP, tri-source retrieval, web search, multimodal graph retrieval, cross-document network traversal, full-paper parsing, MinerU-based PDF parsing, semantic anchors, figures tables equations as first-class evidence, five-module schema, Module A metadata and factual entities, Module B textually mentioned entities, Module C implicit abstracted entities, Module D citation intent relationships, Module E durable knowledge relations, citation lineage, method lineage, evidence spans, confidence scores, 2.46 million scientific papers, six disciplines, computer science, chemistry, biology, earth science, physics, materials, one-million-paper Scholar-KG subset, SCP full graph endpoint, 4B information extraction backbone, Qwen3-4B-Instruct-2507, GRPO, rule-based reward, IEPile, named entity recognition, relation extraction, structured JSON extraction, 10 NER and RE benchmarks, average F1 0.5316 to 0.5647, Qwen3-8B average 0.5382, Qwen3-32B average 0.5746, relation extraction gap, geoscience graph, 114 surveys, 7,219 cited papers, 602,132 nodes, 609,812 edges, GPT-5.2 rationale and answer improvements, Gemini-3 rationale and answer improvements, FrontierScience-Research Gemini-3 7.9 to 24.6 overall, GPT-5.2 25.2 to 39.4 overall, HotpotQA 63.50 and 67.80, 2WikiMultiHopQA 67.10 and 64.80, MuSiQue 31.10 and 36.20, LLM-as-judge protocols, DeepSeek-V3, GPT-5.2, GPT-4o-mini, InternScience/GraphAnything MIT license, InternScience/Agents-K1-LLM Apache-2.0 model card, Hugging Face Scholar-kg dataset access boundary, graph receipts, and the governance problem of treating a generated scholar graph as agent memory before parser version, schema version, extraction model, evidence spans, confidence calibration, dataset license, graph version, retrieval weights, judge prompt, and failure messages are auditable.
- The Reanalysis Agent Becomes the Reproducibility Screen - Tobias Holtdirk, Pietro Marcolongo, Anna Steinberg Schulten, Felix Henninger, Stefan Rose, Sarah Ball, Bolei Ma, Frauke Kreuter, Markus Weinmann, and Stefan Feuerriegel's Automated reproducibility assessments in the social and behavioral sciences using large language models paper, arXiv:2606.13670, cs.AI, submitted June 11 2026, revised June 25 2026, DOI 10.48550/arXiv.2606.13670, SCORE project, Multi100, social and behavioral sciences, psychology, economics, political science, LLM reanalysis, agentic reproducibility assessment, automated reproducibility audits, Claude Opus 4.7, GPT-5.5, GLM-5.1, Inspect AI, OpenRouter, Docker sandbox, focal empirical claims, original datasets, full paper condition, no methods condition, abstract-only condition, five independent runs, structured JSON submission, test statistic, degrees of freedom, sample size, p-value, conclusion, dependent variable, main predictor, operationalization notes, Cohen's d conversion, strict +/-0.05 tolerance, broad +/-0.20 tolerance, 180 published studies, 169 valid effect-size estimates, 11 invalid studies, 80 percent qualitative conclusion match, 24 percent strict effect-size recovery, 50 percent broad recovery, invalid-counted 22 and 47 percent, human benchmark subset 84 papers, 82 valid LLM comparisons, LLM strict 40 percent versus human 28 percent, broad 65 percent versus human 66 percent, qualitative conclusion 95 percent versus human 83 percent, original-effect correlation r=0.46, human-effect correlation r=0.11, full no-methods abstract strict rates 24 24 22 percent, broad rates 50 52 46 percent, prompt perspective neutral confirmatory critical, memorization probe 14 recalled papers and zero recalled Cohen's d values within strict or broad tolerance, data availability, OSF SCORE data, GitHub tobihol/agentic-reproducibility, MIT license, GUIDE-LLM checklist, eval_export.csv, reproducibility-screen receipts, and the governance problem of treating an automated reanalysis as a first-pass audit screen before paper version, focal claim, data path, context condition, model, prompt, sandbox, generated code, scorer, conversion rule, invalid-run handling, conclusion vote, cost cap, repository revision, and licensing constraints are auditable.
- The Refusal Subspace Becomes the Safety Switch - Elisabetta Rocchetti and Alfio Ferrara's Refusal Beyond a Single Direction: A Preliminary Comparison of Diff-in-Means and INLP paper, arXiv:2606.13720, cs.AI, Department of Computer Science Universita degli Studi di Milano, refusal steering, safety fine-tuned chat models, residual stream, Difference-in-Means, DiM, Iterative Nullspace Projection, INLP, activation addition, ActAdd, directional ablation, nullspace projection alpha=1, counterfactual flipping alpha=2, concept erasure, rowspace, nullspace, harmful activations, harmless activations, Arditi et al. 2024, linear representation hypothesis, contrastive activations, tunable subspace size k, k=n, k0.9, k0.8, layer and token position selection, composite selection score, KL penalty, five open-weight chat models, Gemma 2B-IT, Qwen 1.8B-Chat, Yi 6B-Chat, Llama-2 7B-Chat, Llama-3 8B-Instruct, AdvBench, MaliciousInstruct, TDC2023, HarmBench, Alpaca, JailbreakBench 100 harmful instructions, ten harm categories, 100 harmless Alpaca instructions, The Pile, MMLU 500-question stratified sample, ARC-Challenge, LlamaGuard 2, Qwen2.5-14B-Instruct refusal judge, greedy 256-token completions, substring matching, non-refusal harmful, unsafe harmful, refusal harmless, median perplexity, MMLU+ARC, Table 1 Llama-3 directional ablation +0.95 and counterfactual flip +0.96 non-refusal harmful, Llama-2 counterfactual flip k0.8 +0.76, Qwen k=n failure and k0.8 recovery, ActAdd harmless-refusal injection degeneracy, looping completions, k0.8 near-baseline perplexity, activation geometry, PCA harmful-harmless centroid axis, absence-of-concept versus concept-opposite, target centroid fit, alpha=1 absence region, alpha=2 opposite-class reflection, selection scores computed with nullspace projection, anonymous 4open code artifact, no explicit artifact license line found, CC BY-NC-SA 4.0 arXiv HTML notice, safety-switch receipts, and the governance problem of treating refusal as an invisible runtime switch before model checkpoint, contrastive data, layer, token position, operator, coefficient, k, decoding, refusal metrics, judge disagreement, benign refusal cost, capability deltas, artifact revision, and dual-use limits are auditable.
- The World Canvas Becomes the Application Runtime - Jory He's YeasierAgent: Agentic Social Sandbox as a Canvas for Intent-Driven Creation of Platform-Agnostic Symbiotic Agent-Native Applications paper, arXiv:2606.13722, cs.AI, cs.MA, Yeasier AI, www.yeasier.com, Symbiotic Agent-Native Applications, agent-native applications, social sandbox, narrative worlds, scene-aware interaction, platform-agnostic interactive units, agents, scenes, dialogue, cross-platform construction, companion-tool unification, persistent digital twin agents, long-term memory, user preferences, professional background, prior conversations, images, domain-specific materials, vector-stored memory, Big Five personality traits, Extraversion behavioral controller, Conscientiousness autonomy constraints, contextual agent dialogues, spatial interactions, natural-language rules, tripartite ontology, World Sandbox, Symbiotic Agents base layer, Creation Apps superstructure, scene-mapped observability, workflow phases research planning execution review completion, OpenClaw-compatible local assistant, declarative generation, orchestrated generation, multi-agent collaboration, multi-user collaboration, public application circulation, user-created worlds, shared appearances, agent identity, achievements as persistent social artifacts, social entry approval, world governance, trust moderation public sharing, private memory versus public appearance separation, visitor links, creator rewards, applications as cultural objects, Case 1 local workflow companion, Case 2 three-agent social deduction game, Case 3 dynamic interactive drama, live platform endpoint, LLM inference dependence, network-condition dependence, device hardware demand, no public code repository or dataset link found, arXiv source package, manuscript AI drafting disclosure, Yeasier AI copyright statement, world-runtime receipts, and the governance problem of treating an emotionally continuous companion world as an application runtime before memory provenance, role boundaries, tool authority, public sharing, moderation, consent, revocation, device rendering, model dependency, and artifact status are auditable.
- The Dashboard State Becomes the Query Contract - Jisoo Jang and Wen-Syan Li's TwinBI: An Agentic Digital Twin for Efficient Augmented Interactions with Business Intelligence Dashboards paper, arXiv:2606.13731, cs.AI, cs.MA, agentic business intelligence, BI dashboards, dashboard state, executable BI twin, LLM agent twin, natural-language analytics, dashboard manipulation, semantic grounding, provenance tracking, unified interaction log, Streamlit, Apache Superset, FastAPI, Cube, DuckDB, Docker, Playwright browser agent, gpt-5-mini, 30 interaction steps, retail sales dashboard, product store date dimensions, 30 analytical queries, five task families, direct database queries, Cube API queries, dashboard-level queries, exact-match accuracy 43.33 percent to 63.33 percent, partial-credit accuracy 48.33 percent to 70.83 percent, average steps 16.47 to 6.90, timeout rate 40.00 percent to 10.00 percent, invalid action rate 10.93 percent to 0.00 percent, loop query rate 36.67 percent to 27.59 percent, loop step rate 29.76 percent versus 39.13 percent, Q14 QoQ slot-filling, Q17 Mobile Marketing QoQ growth, five-participant within-subjects usability study, S1 North district store task, S2 product pricing task, S3 category growth task, task accuracy 100 and 73.33 and 100 percent, insight accuracy 80 and 100 and 80 percent, average clicks 6.4 and 34 and 49, average chats 0.6 and 6 and 5.2, perceived difficulty 1.8 and 3.4 and 4.2, NASA-TLX, Kendall W 0.62 p less than 0.01, /insights command, Hierarchy Schema Graph, SQL inspection, schema explorer, simonjisu/TwinBI code and dataset repository, experiments/queries query_01 to query_30, answers.json, dashboard-only runner vision_playwright_strict.py, TwinBI runner vision_playwright_strict2.py, run_query_batch.py, Python 3.12, uv, OPENAI_API_KEY, no explicit GitHub license metadata found, BI answer-state receipts, and the governance problem of treating a fluent dashboard answer as business evidence before active filters, chart state, semantic model, SQL, action log, screenshots, tool calls, model, step budget, gold answer, repository revision, and license status are auditable.
- The Local Filter Becomes the Collapse Engine - Xinbao Qiao, Xianglong Du, Wei Liu, Jingqi Zhang, Peihua Mai, Meng Zhang, and Yan Pang's When Sample Selection Bias Precipitates Model Collapse paper, arXiv:2606.13732, ICML 2026, PMLR 306, model collapse, recursive synthetic-data training, data selection, sample selection bias, low-resource verification, data silos, healthcare consortia, proprietary financial institutions, local references, tail mode pruning, confirmation-bias filtering, Replace paradigm, Accumulate paradigm, Accumulate-Subsample paradigm, top-alpha selection, local target u*, covariance collapse, power-law diversity decay, Tr(Sigma_bar_t)=O(t^-psi), Wasserstein discrepancy, Theorems 1-6, Wasserstein-gradient selection, calibrated dual potentials, collaborative geodesic interpolation, Wasserstein barycenter, monotone submodular maximization, 1 - 1/e greedy guarantee, DPOT, epsilon=1.0 sensitivity check, CIFAR-10, STL-10, CelebA, DDPM, Inception-V3 FID precision recall, ExDir(1,0.1), 10 clients, n=50,000 initial generator, N=4n generated candidates, Table 1 Scheme I CIFAR-10 FID 71 precision 0.60 recall 0.58, STL-10 FID 65 precision 0.66 recall 0.71, CelebA FID 69 precision 0.69 recall 0.71, Scheme II CIFAR-10 FID 85, STL-10 FID 69, CelebA FID 75, Airplane local reference homogenization, Llama-2-7B XLSum topic-local verifier, ROUGE local selection below random on held-out topics, Ubuntu 20.04.2, dual Intel Xeon Gold 6442Y CPUs, 8 NVIDIA L40 48GB GPUs, XinbaoQiao/When-Sample-Selection-Bias-Precipitates-Model-Collapse code and results repository, no explicit GitHub license metadata found, synthetic-data selection-bias receipts, and the governance problem of treating a local quality filter as a global coverage guarantee before reference distribution, partition rule, verifier metric, retained-tail modes, proxy construction, random baseline, generated artifacts, compute, code revision, and license status are auditable.
- The Receptivity Index Becomes the Adoption Margin - Hristo Inouzhe Valdes's AI Receptivity or AI Adoption Breadth? A Tool-Specific Reanalysis of the Lower-Literacy/Higher-Usage Link paper, arXiv:2606.13734, on AI literacy, AI receptivity, AI adoption breadth, Study 3 reanalysis, Tully Longoni Appel 2025, Amazon Mechanical Turk N=401, ResearchBox #1491, public Study 3 data, SC0 17-item AI literacy score, five-point usage frequency, Never to Weekly, digital image generators, DALL-E, productivity tools, Zapier, design or website tools, Canva, health apps, Headspace, writing assistants, ChatGPT, ordinal Likert responses, OLS, binary logit, ordered logit, proportional odds, multinomial logit, participant-level averages, item-level data, task fixed effects, heteroskedasticity-robust HC3 standard errors, statsmodels, demographic-adjusted controls, age, income, general knowledge, motivation for autonomy, male gender, technology readiness robustness controls, N=379 missing technology readiness, standardized covariates, pooled five-tool OLS beta_hat -0.181 p .001, pooled ordered logit beta_hat -0.307 p less than .001, pooled binary midpoint beta_hat -0.320 odds ratio 0.73, pooled binary adoption beta_hat -0.330 odds ratio 0.72, text AI ordered logit beta_hat -0.090 SE 0.104 p .387, text AI adoption odds ratio 0.94, non-text ordered logit beta_hat -0.377 SE 0.063 p less than .001, non-text binary adoption beta_hat -0.388 odds ratio 0.68, non-text frequent-use odds ratio 0.67, predicted never-used probability text 0.27 to 0.35 from z -2 to z +2, predicted never-used probability non-text 0.50 to 0.82, robustness non-text ordered logit beta_hat -0.502 p less than .001, robustness non-text adoption odds ratio 0.61, robustness text ordered logit beta_hat -0.290 p .010, robustness text adoption p .100, general AI receptivity versus text AI usage intensity versus non-text AI adoption breadth, construct validity, post hoc decomposition, correlational self-report limit, HristoInouzhe/AI-use-vs-AI-literacy code and data repository, S3_data.xlsx, run_experiments.py, tully_ai_literacy_robustness.py, reanalysis_notebook.ipynb, result_table.csv, predicted_probs.csv, descriptive_stats.csv, no explicit repository license found, construct-validity receipts, and the governance problem of treating an averaged AI receptivity index as a psychological trait before source data, item wording, response scale, tool category, aggregation rule, model family, threshold, covariates, standard errors, odds ratios, predicted probabilities, code, and license status are auditable.
- The Formal Proof Becomes the Translation Gap - Lushi Pu, Weiming Zhang, Xinheng Xie, Zixuan Fu, Bingxiang He, Hongya Lyu, Xin Li, Jie Zhou, and Yudong Wang's MA-ProofBench: A Two-Tiered Evaluation of LLMs for Theorem Proving in Mathematical Analysis paper, arXiv:2606.13782, on Lean 4 theorem proving, mathematical analysis, ModelBest Inc., Tsinghua University, OpenBMB, Lean 4 v4.28.0, Mathlib 4.28.0, Kimina Lean Server, 200 formalized theorems, Level I undergraduate textbook exercises, Level II Ph.D. qualifying exam problems, 100 problems per level, 6 core topics, 27 MSC subcategories, Real Functions 44 and 12, Functional Analysis 15 and 31, Functions of a Complex Variable 19 and 16, Measure and Integration 13 and 17, Operator Theory 4 and 23, Sequences Series and Summability 5 and 1, about 500 candidate problems, human-led LLM-assisted formalization, independent expert reverse translation, 2 of 3 reviewer approval, strict theorem-statement preservation, no sorry placeholders, Pass@k, n equals 32 open-source samples, n equals 8 proprietary samples, 32K token max output, temperature 1.0, GPT-5.5 xhigh Pass@8 16.00 Level I and 5.00 Level II, Gemini 3.1 Pro High Pass@8 13.00 and 5.00, Claude Sonnet 4.6 High Pass@8 6.00 and 3.00, DeepSeek-V3.2-Thinking Pass@8 5.56 and 1.85, DeepSeek-Prover-V2-671B Pass@8 6.86 and 0.44, DeepSeek-Prover-V2-671B Pass@32 9.00 and 1.00, Kimina-Prover-72B, Goedel-Prover-V2, Nemotron-3-Nano-30B-A3B formal-proof SFT signal, Level II capability gap, Mathlib hallucinations, type system errors, incomplete proofs, Lean syntax errors, R versus ENNReal confusion, fabricated identifiers, GLM-5.1 informal proofs 90 and 75 but near-zero formal pass rate, DeepSeek-V3.2-Thinking informal proofs 85 and 66, Qwen3-235B-Thinking-2507 informal proofs 66 and 42, OpenBMB/MA-ProofBench code, openbmb/MA-ProofBench Hugging Face dataset, MIT license, ma_proofbench.jsonl, benchmark receipts, source-to-Lean fidelity receipts, and the governance problem of treating a natural-language proof or a theorem-prover pass rate as mathematical competence before source statement, Lean statement, Mathlib version, compiler backend, sample budget, reverse-translation review, compile logs, failed-proof class, and artifact revision are auditable.
- The Leaderboard Becomes the Wrong Question - Pratham Singla, Shivank Garg, and Vihan Singh's Poker Arena: Multi-Axis Profiling of Strategic Reasoning and Memory in LLMs paper, arXiv:2606.13815, on no-limit Texas Hold'em as strategic reasoning benchmark, NExT-Game 2026 ICML workshop, IIT Roorkee, Raeth AI, hidden information, adversarial uncertainty, seven frontier LLMs, Claude Opus 4.6, Grok 4, GPT-5.4, DeepSeek V3.1, Qwen3-max, Gemini 3.1 Pro, Kimi K2 thinking, 50 seven-player sessions, 20 hands per session, 1,000 hands, 9,115 logged actions, identical $1,000 stacks, escalating blinds, $5/$10, $10/$20, $25/$50, $50/$100, five-from-seven evaluator, Monte Carlo run-out sampling, side-pot accounting, parse fallback below 2 percent, three-layer memory, within-hand context, 16K character session memory, cross-session lifetime memory, opponent anonymization, memory ablation, seeded prior-session summary versus fresh memory, nine-axis cognitive profile, M1 bet sizing calibration, M2 bluffing and deception, M3 opponent reading, M4 composure, M5 adaptability, M6 prediction accuracy, M7 strategic mixing, M8 factual accuracy, M9 positional awareness, deterministic metrics, regex metrics, LLM judge metrics, model-family-separated judging, Claude chip delta +$15,730, Claude 14 first-place finishes, Grok chip delta +$3,705, GPT chip delta -$1,060, DeepSeek chip delta -$937, Qwen chip delta -$2,785, Gemini chip delta -$2,095, Kimi chip delta -$12,558, VPIP 14.8 percent to 32.0 percent, aggression factor 0.69 to 3.34, DeepSeek M1 0.79, Grok M2 0.83, Grok M3 0.46, GPT M4 0.89, GPT M9 0.83, Gemini M8 0.74, Grok mean-axis aggregate 0.6137, Claude mean-axis aggregate 0.5754 and fifth of seven, Spearman rho_S 0.571, p 0.180, 600-hand memory ablation, GPT +114.6 chip swing p 0.120, Kimi -109.4 chip swing p 0.099, Claude -42.5 chip swing p 0.087, 10,000 bootstrap resamples, RNG seed 20260416, no official code or data link found, evaluation receipts, memory receipts, benchmark governance, and the governance problem of treating a scalar leaderboard as a model-quality verdict before game seeds, hand histories, action logs, parser behavior, memory reads, memory writes, axis definitions, judge prompts, confidence intervals, and artifact status are auditable.
- The Similarity Threshold Becomes the Query Contract - Sebastián Bugedo and Stijn Vansummeren's Hyperdimensional computing for structured querying on tabular data embeddings paper, arXiv:2606.13871, on HyperDimensional Computing, HDC, Holographic Reduced Representations, HRR, tabular row embeddings, structured select-project queries, row retrieval, attribute projection, interpretable similarity scores, nearest-neighbor thresholding, zero-match detection, equality predicates, non-equality predicates, tau_eq, tau_neq, sqrt(n / m), binding, bundling, unbinding, EmbDI graph-based baseline, Word2Vec Skip-Gram, Movie dataset with 49,875 rows and 15 columns, DBLP dataset with 66,876 rows and 4 columns, 15 Movie tables, 4 DBLP tables, 10 equality predicates, 10 non-equality predicates, 10 zero-match predicates per n and table, EmbDI dimensions 300 and 512, 500,000 Movie random walks, 1,000,000 DBLP random walks, HRR dimensions 300 and 512 and 1024, 3 HRR runs per dimension, top-k retrieval for k 1 and 2 and 5 and 10 and 20, threshold sweeps 0.1 to 1.0 and -0.3 to 0.2, Movie equality F1 at m 15, HRR 1024 0.99 versus EmbDI 512 0.82, zero-match Movie HRR 1024 retrieving 0.40 rows at m 15, DBLP attribute projection 1.00 for HRR 300 and 512 and 1024, Movie projection HRR 512 0.93 and HRR 1024 1.00, EmbDI rating weakness, UHasselt-DSI-Data-Systems-Lab/code-hdc-for-tabular-data code, GPL-3.0 license, Python 3.9, faiss-cpu, gensim, scikit-learn, torch-hd, EmbDI embedding generation not included, threshold receipts, and the governance problem of treating a nearest-neighbor score as a query answer before the table, predicate, dimension, threshold, zero-match rule, retrieved-row count, and baseline artifact are auditable.
- The Tool Menu Becomes the Attack Surface - Laxmipriya Ganesh Iyer and Rahul Suresh Babu's Capability Minimization as a Safety Primitive: Risk-Aware Causal Gating for Least-Privilege LLM Agents paper, arXiv:2606.13884, on Risk-Aware Causal Gating, RACG, least-privilege LLM agents, capability minimization, tool exposure, visible tool sets, temporary authority, indirect prompt injection, confused deputy risk, Causal Minimal Tool Filtering, CMTF, precondition-effect tool contracts, risk labels, low and med and high risk tiers, authorization variables, trusted authorization provenance, recipient_confirmed, deletion_approved, share_scope_set, external_approved, payment_confirmed, risk(low) equals 0, risk(med) equals 1, risk(high) equals 4, lambda penalty, lambda dagger crossover, lambda equals 2 default operating point, fail-closed behavior, RiskGate, 100-tool registry, 102 benign CMTF tasks, 80 safety-stress tasks, email authorization-required tasks, email no-action tasks, files no-action tasks, calendar high-risk-shortcut tasks, 240 adversarial trials per method per model, deterministic adversarially compliant agent, Amazon Bedrock validation, Claude Opus 4, Claude Sonnet 4.6, Claude Haiku 4.5, GPT-OSS 120B, Nova Premier, Nova Pro, Nova 2 Lite, all-tools attack surface 26.00, weighted attack surface 95.00, unauthorized exposures 76.16, injection success 1.00, keyword top-10 injection success 1.00, state-aware injection success 0.75, CMTF injection success 0.25, RACG lambda 2 success 1.00, unauthorized exposure 0.00, injection success 0.00, gold-tool exposure 0.94, over-block rate 0.00, serialized-context tokens 1350, RACG lambda 0.5 success 0.89 and over-block rate 0.50, model-token averages 2101 for CMTF and 2456 for RACG, authorization-forging boundary condition, no official code link found, arXiv abstract metadata mismatch, tool-exposure receipts, and the governance problem of treating a tool menu as harmless context before causal necessity, trusted authorization, provenance, visible-action enforcement, blocked-tool reasons, and reviewer override are auditable.
- The GPA Becomes the Coordination Signal - Ben Torkian and Jun Zhou's A Multi-Agent AI System for Automated High School Transcript Processing: Collaborative Document Analysis at Scale paper, arXiv:2606.13916, on automated high school transcript processing, admissions operations, University of South Carolina, Practice and Experience in Advanced Research Computing, PEARC 2026 venue metadata, multi-agent systems, document AI, educational administration, Pattern Recognition Agent, Semantic Analysis Agent, Vision Intelligence Agent, Orchestration Agent, GPA extraction, GPA-as-coordination-signal, Azure OpenAI GPT-4, GPT-4 Vision, pdftotext, pdftoppm, structured JSON output, agent message bus, retry logic, exponential backoff, private Azure deployment, encrypted inter-agent messages, collaborative audit trails, confidence scores, conflict resolution, 40 authentic transcripts, 13 U.S. states, North Carolina 8, Florida 6, New York 4, 85.0 percent public schools, 12.5 percent private or parochial schools, 2.5 percent charter schools, 60 percent single-page transcripts, 100 percent coordination completion, 96.7 percent extraction accuracy, 3.3 percent discrepancy rate, 95 percent Wilson confidence interval 94.2 to 98.8 percent, no significant state or school-type or complexity bias, 98.2 percent inter-agent communication success, 23.7 percent conflict-resolution cases, Pattern Agent Only 67.5 percent success and 8 seconds, Semantic Agent Only 85.0 percent success and 25 seconds, Visual Agent Only 90.0 percent success and 35 seconds, Multi-Agent Coordination 100 percent success and 45 seconds, CoordinationScore equals 0.45 hasGPA plus 0.30 hasName plus 0.25 courseCount greater than 10, r equals 0.89 and p less than 0.001, 32.5 percent triggered semantic coordination, 7.5 percent still required visual collaboration, 2.5 percent required full conflict resolution, Adobe Document Services, ABBYY FlexiCapture, Parchment, 80 transcripts per hour with 4 workers, 320 transcripts per hour with 16 workers, 168-hour continuous test, 0.15 dollars per transcript, human verification for edge cases, English-language transcript limit, no public code release, no released evaluation dataset, admissions-record receipts, and the governance problem of treating an extracted GPA as an admissions fact before the transcript source, OCR trace, agent participation, confidence scores, conflict rule, human review, opt-out path, privacy boundary, and decision-use limit are auditable.
- The Sorry Count Becomes the Library Review - Vasily Ilin and Brian Nugent's Sorries Are Not the Hard Part: An Expert-Review Case Study of a Semi-Autonomous Formalization paper, arXiv:2606.13925, on Grothendieck vanishing, Hartshorne Chapter III Theorem 2.7, Lean 4, mathlib, TopCat, NoetherianSpace, topologicalKrullDim, Sheaf.H, sheaf cohomology, AddCommGrpCat, semi-autonomous formalization, autoformalization, Claude Code, Aristotle, human-written theorem statements, PDF proof excerpts, State A, State B, first sorry-free version, March 27 to April 4 formalization, April 8 to April 15 expert review, April 17 to May 1 review response, April 19 to April 27 refactor loop, April 27 to April 28 compression loop, mathlib-style polish, expert-review checklists, definitions, theorem statements, proofs, file structure, API design, 62 agent-created definitions, exactly one good definition, TopCat.closedIncl, 61 poor definitions, Sheaf.H API file almost 800 lines, 24 lemmas, short exact sequence generalization, filtered-colimit files, maxHeartbeats episode, 200K to 12.8M heartbeat oscillation, default 200000 heartbeat rule, sorry count regression from 3 to 24, inferInstanceAs, named sublemmas, 31,529 Claude turns, 270 sessions, roughly $13K Opus-rate usage, about $10K cache reads, $200 subscription, 19,393 tool calls, Lean LSP queries, Bash, Read, Edit, Grep, public Lean source, Vilin97/Clawristotle grothendieck-vanishing code, uw-math-ai/grothendieck-vanishing-logs dataset, per-turn token usage, refactor and compression loop histories, per-commit LOC and sorry counts, Aristotle proving jobs, human prompts, loop prompts, library-review receipts, and the governance problem of treating a zero-sorry Lean build as reusable mathematics before public definitions, theorem surfaces, namespaces, API files, review comments, response evidence, and future-user transport costs are auditable.
- The Feature Geometry Becomes the Stress Test - Jennifer Meng Lu, Ruochen Zhang, Isabelle Lee, David Alvarez-Melis, Ellie Pavlick, and Naomi Saphra's Adversarial Concept Search: Predicting Compositional Errors From Feature Geometry paper, arXiv:2606.13934, on Adversarial Concept Search, ACS, compositional interference, CI, feature geometry, representational geometry, lossy superposition, local cumulative coherence, near-orthogonal concept encodings, feature interference, residual-stream activations, atomic concept representations, salient features, cluster mean-centering, background cluster structure, 10 percent validation layer selection, SCAN, decoder-only Transformers, hidden dimensions 8 and 12 and 32 and 64, 100K training examples, 4 attention heads, 10 Transformer layers, Adam learning rate 1e-3, batch size 256, seed 42, exact-match accuracy, PR-AUC, failure-rate baselines, Llama-3.2-3B, multihop QA, 10-shot prompting, Khandelwal and Pavlick, single-hop filtering, 26 multihop datasets, int-plus8-parity, artist-birthyear-times-two, KLAR multilingual factual recall, English fact representations, language subspaces, 8,000 OSCAR samples per language, Dutch, Russian, French, Spanish, Chinese, Hungarian, Ukrainian, Vietnamese, Japanese, Korean, r = -0.855 bin-level multihop trend, rpb -0.210 with mean-centering, rpb 0.178 without mean-centering, multilingual rpb correlations from -0.288 to -0.081, p less than 0.01, code release pending paper decision, single NVIDIA GeForce RTX 3090 compute, stress-test receipts, active-learning prioritization, targeted benchmark construction, no official code link yet, and the governance problem of treating a benchmark as coverage before the concept space, feature vectors, interference metric, layer choice, validation rule, generated inputs, filtered atomic failures, and per-slice error predictions are auditable.
- The Minimal View Becomes the Privacy Broker - Hexuan Yu, Chaoyu Zhang, Heng Jin, Shanghao Shi, Ning Zhang, Y. Thomas Hou, and Wenjing Lou's Minim: Privacy-Aware Minimal View for Agents via Trusted Local Sanitization paper, arXiv:2606.13949, on MINIM, privacy-aware minimal views, trusted local sanitization, Semantic Over-Privileged Observation, structured observations, accessibility trees, UI state, autonomous agents, remote inference servers, honest-but-curious inference, client-side brokers, Contextual Integrity, task-conditioned necessity, inherent sensitivity, Keep, Abstract, Remove, K/A/R policies, tau_nec 1.0, tau_sens 5.0, WebArena, Shopping, Reddit, Gmail, 150 unique trees, 27 task types, 5,403 tree-task variants, 4,741 training variants, 662 test variants, synthesized 2FA codes, password prompts, Slack notifications, sensitivity scores, necessity scores, GATv2, 384-dimensional MiniLM embeddings, 512-dimensional node features, 3 GATv2 layers, hidden size 256, 4 heads, AdamW, 10 epochs, TCNP 0.9491, TCNP-I 0.9931, TISL 0.1010, Full Observation leakage 1.0000, Random Budget, Sensitivity-Only, Necessity-Only, Necessity-Only TISL 0.2032, prompted LLM scorer baselines, Qwen3-8B-Instruct, Nemotron-Nano-9B, GPT-OSS-20B, Llama-3.3-70B-Instruct, Mistral-7B-v0.3, Llama-3-8B-Instruct, Gemma-3N-E4B, LLM baseline TISL 0.194 to 0.312, 12.0 percent retained nodes, 89.9 percent leakage suppression, greater than 99.9 percent high-risk injected-element suppression, Gmail 1.88 percent TISL, Reddit 13.50 percent TISL, Shopping 0.85 percent TISL, abstraction ablation, yyyyhx/MINIM code, Chaoyu112358/MINIM-data dataset, MIT dataset license, dataset viewer caveat, observation-minimization receipts, and the governance problem of treating an agent's UI observation as harmless context before the task, local broker, sensitivity score, necessity score, disclosure action, abstraction renderer, residual leakage, domain coverage, and threat model are auditable.
- The Kernel Acceptance Becomes the Quality Mirage - Theodore Meek, Siyuan Ge, Di Qiu Xiang, Simon Chess, and Vasily Ilin's Formalizing Numerical Analysis: An Agent Pipeline and Quality Audit Beyond Kernel Acceptance paper, arXiv:2606.14000, on OpenMath, Lean 4, Mathlib, autoformalization, theorem proving, numerical analysis, Numerical Methods for Ordinary Differential Equations, J. C. Butcher, coding agents, Claude Opus 4.6, Claude Sonnet, Planner, Worker, Evaluator, Consultant, Python orchestrator, GitHub Actions, strategy.md, task_results/cycle_NNN.md, history.jsonl, run.lock, kernel acceptance, sorry counts, axiom counts, semantic correctness, Mathlib reuse, cross-file reuse, LLM-as-judge, DeepSeek V4 Pro, gpt-oss-120b, direct judge, round-trip judge, blind back-translation, RepoProver, M2F, OpenMath, 175 textbook statements, 84 fully proof-complete formalizations, 48.0 percent, 12 statement-only or sorry-bearing formalizations, 6.9 percent, 54.9 percent combined coverage, Chapter 3 Runge-Kutta at 34.8 percent, 0 sorries, 0 axioms, 59,340 Lean lines, 57 files, 1,257 named declarations, 42 percent OpenMath divergence, 25 percent M2F divergence, 18 percent RepoProver divergence, 18 of 20 human-judge agreement, incomplete multi-part statements, added weakening hypotheses, parameter restrictions, Definition 312A, Theorem 514A, Theorem 550A, Mathlib overlap 2 to 5 percent, cross-file reuse 48 percent and 45 percent, 215 to 270 active hours, 5.73 B tokens, 19,968 tool calls, Aristotle 89 jobs, 27 submissions incorporated, 47 sorrys closed, 1,417 proof LOC, uw-math-ai/OpenMath code, formalization-quality receipts, and the governance problem of treating a Lean build, zero sorry count, or theorem-prover kernel acceptance as mathematical fidelity before the source statement, hypotheses, dependency graph, reuse path, LLM judge, human spot-check, and divergence class are auditable.
- The Drug Relation Becomes the Applicability Clause - Guanting Luo, Noriki Nishida, Yuji Matsumoto, and Yuki Arase's Applicability Condition Extraction for Therapeutic Drug-Disease Relations paper, arXiv:2606.14031, on Drug-ACE, applicability condition extraction, therapeutic drug-disease relations, biomedical relation extraction, biomedical NLP, clinical decision support, clinical literature, PubMed abstracts, ChemDisGene, human clinical studies, clinical trials, therapeutic relation filtering, 1,119 drug-disease pairs, 667 abstracts, train 334 abstracts and 558 pairs, development 110 abstracts and 182 pairs, test 223 abstracts and 379 pairs, Dosage, Age, Gene, Gender, Comorbidity, Body Type, Hydroxyurea, prostatic adenocarcinoma, applicability condition spans, span-and-type labels, hard matching, soft matching, Role-Conditioned LoRA, RCLoRA, relation roles, Gemma2-9B, Qwen2.5-7B, Qwen3-4B, Gemma3-4B, MedGemma-4B, SpanMarker, RoBERTa, BERT, BiomedBERT, BioBERT, Bio ClinicalBERT, DeepSeek-R1-70B, Llama3.3-70B, Qwen2.5-72B, LoRA average 47.94 hard span F1 and 57.39 soft span F1, RCLoRA average 49.59 hard span F1 and 58.86 soft span F1, p-values 0.013 and 0.018 and 0.015 and 0.022, Qwen3-4B RCLoRA 60.62 soft span F1, Gemma3-4B RCLoRA 51.43 hard span F1, Comorbidity near-zero standard-LoRA baseline, threshold 0.5 RCLoRA 63.16 versus LoRA 57.45, ACL Findings 2026, guantingluo98/Drug-ACE code, B1tta/Drug-ACE dataset, apache-2.0 license, research-only risk statement, applicability-condition receipts, and the governance problem of treating a drug-disease edge as clinical truth before the source abstract, patient scope, dosage, genotype, comorbidity, span offsets, model, matching rule, human validation, and downstream use limit are auditable.
- The Factory Manual Becomes the RAG Playground - Yash Pulse, Yong-Bin Kang, Abhik Banerjee, Abdur Forkan, and Prem Prakash Jayaraman's FactoryLLM: A Safe and Open-Source AI Playground for Evaluating LLMs in Smart Factories paper, arXiv:2606.14119, on FactoryLLM, smart factories, cross-machine fault diagnostics, maintenance recovery, retrieval-augmented generation, RAG, industrial documentation, Autonomous Intelligent Vehicle, AIV, Mobile Planner, fleet management software, multi-machine manuals, sensitive industrial data, local LLMs, open-source LLMs, OpenAI, OpenRouter, Google Gemini, local models, Input-Output prompting, Chain-of-Thought, Tree-of-Thought, Graph-of-Thought, vector RAG, graph RAG, ChromaDB, NebulaGraph, LlamaIndex, PDF, DOCX, TXT, session-scoped indices, chat interface, reasoning traces, RAGAS, NVIDIA LLM-as-Judge, context precision, context recall, response relevancy, faithfulness, context relevance, response groundedness, Qwen3-235B-A22B-Instruct-2507, Llama 4 Maverick, Gemma-3-27B, 30 cross-machine questions, approximately 600 pages, 1,000-token chunks, 200-token overlap, top-10 retrieval, overall averages 0.73 to 0.76, context precision 0.46 to 0.51, response groundedness 0.88 to 0.95, context recall 0.76 to 0.89, six questions below 0.20 precision, faithfulness 0.62 to 0.72, seven questions below 0.50 faithfulness, groundedness average 0.91 versus faithfulness average 0.66, retrieval-limited industrial RAG, RS-232 Aux Sensors connector, DB9 female port, Safety Commissioning, DigitalInnovationLab/Factory-LLM code, MIT license, maintenance-reasoning receipts, and the governance problem of treating a grounded maintenance answer as operational advice before the manuals, chunks, model, prompt, retrieval scores, judge scores, unsupported claims, privacy boundary, and human review gate are auditable.
- The Diagram Becomes the Verification Trace - Xiaoxian Duan, Zequn Liu, and Yingce Xia's VeriGeo: Controllable Geometry Question Generation with Numerical and Analytical Verification paper, arXiv:2606.14176, on VeriGeo, controllable geometry generation, geometry problem generation, multimodal mathematical reasoning, AI-assisted education, problem statements, diagrams, geometric constraints, proof steps, executable reasoning traces, Author agent, Solver agent, shared action sequences, blueprint generation, target concepts, difficulty control, diagram requirements, numerical verification, analytical verification, LLM-assisted logical verification, verification-guided reflection, repair, rejection, cross-modal consistency, hallucinated constraints, direct-pass rate 29.02 percent, five LLM backbones, Gemini-3.1-Pro, Qwen3.5-Plus, Claude-Opus-4.6, 36.00 percent repair, 30.67 percent repair, 20.22 percent repair, 354 geometry concepts in 100 samples, Harder difficulty matching 100.0 percent, Equivalent difficulty matching 80.0 percent, 8.7k verified examples, Qwen2.5-VL-7B-Instruct, supervised fine-tuning, PGPS9K 59.40 percent, GeoQA 82.74 percent, MathVista-GPS 75.96 percent, G-LLaVA, MAVIS, TR-CoT, GeoGen-SFT, action grammar, AddPoint, MovePoint, AddAuxLine, AddCircle, AddEdge, VerifyPoint, VerifyFunction, collinear, parallel, perpendicular, equal length, equal angle, midpoint, circle incidence, executable-data receipts, no official code link, and the governance problem of treating synthetic geometry data as training evidence before the statement, diagram, action trace, constraint solver, logical judge, repair log, rejection rule, cost profile, and downstream benchmark split are auditable.
- The Skill Score Becomes the Laundering Channel - Yihan Xia and Taotao Wang's When Should Agent Trust Be Conditional? Characterizing and Attacking Skill-Conditional Reputation in Agent Swarms paper, arXiv:2606.14200, on skill-conditional trust, agent swarms, LLM agent routing, global trust scores, R(i|k), agent specialization, heterogeneous agents, base models, scaffolds, tool stacks, sparse per-skill evidence, cross-skill evidence borrowing, empirical-Bayes shrinkage, coupling strength beta, CIVT, Conditional Information Value Test, zero-cost de-risking, global router, skill router, per-task oracle, phase diagrams, high heterogeneity, sparse evidence, correlated skills, AppWorld, 14 heterogeneous agents, ReAct, PlanExec, FullCodeRefl, IPFunCall, GPT-4o, GPT-4 Turbo, DeepSeekCoder, LLaMA3-70B, file_system, phone, simple_note, splitwise, spotify, todoist, venmo, global score 0.743, skill score 0.784, oracle score 0.933, success 0.488 versus 0.542 versus 0.798, test_normal green, test_challenge amber, farm skill simple_note, target skill phone, reputation laundering, launderer, whitewasher, Sybil, sleeper, learner, routing regret 0 to 0.94, honest gated verdict +0.19, contaminated ungated verdict -0.06, zero-evidence gate, direct target evidence, no Sybil-resistance claim, no official code link, reputation-routing receipts, and the governance problem of treating a conditional agent trust score as delegation authority before the skill taxonomy, episode counts, verifier, coupling rule, CIVT verdict, zero-evidence gate, and laundering budget are auditable.
- The Reflection Score Becomes the Verifier - Yinglun Zhu's Closing the Reflection Gap: A Free Calibration Bonus for Agentic RL paper, arXiv:2606.14211, on RefGRPO, reflection gap, agentic reinforcement learning, LLM agents, environment feedback, SQL execution results, error messages, tool outputs, post-feedback reflection, binary reflection scores, self-assessment, underconfidence, overconfidence, credit-assignment mismatch, outcome-only RL, GRPO+, DAPO-style improvements, asymmetric clipping, token-mean normalization, no KL divergence term, free calibration bonus, reflection-outcome contrast, dynamic calibration coefficient schedule, self-verification, pseudo-rewards, test-time selective prediction, abstention, Chow score, task accuracy, reflection accuracy, overconfidence rate, underconfidence rate, text-to-SQL, 4,660 training problems, Spider, OmniSQL, Spider-Dev, Spider-DK, Spider-Realistic, Spider-Test, Bird-Dev, Qwen2.5-Coder-3B-Instruct, Qwen2.5-Coder-7B-Instruct, Llama-3.2-3B-Instruct, OmniSQL-7B, SQL-R1-7B, 6-epoch training, 6-turn multi-turn setting, Qwen-7B task accuracy 75.1 to 76.5 percent, underconfidence 44.4 to 7.7 percent, Chow score 73.0 to 76.5, Qwen-3B single-turn underconfidence 23.7 to 1.3 percent, self-improvement from 67.1 to 69.9 percent, selective-prediction lift, calibration receipts, no official code link, and the governance problem of treating an agent's own reflection as deployment authority before the outcome source, reflection parser, calibration schedule, commit rule, abstention policy, and per-benchmark error modes are auditable.
- The Paired Trajectory Becomes the Skill Audit - Haowen Gao, Haoran Chen, Can Wang, Shasha Guo, Liang Pang, Zhaoyang Liu, Huawei Shen, and Xueqi Cheng's SkillAudit: Ground-Truth-Free Skill Evolution via Paired Trajectory Auditing paper, arXiv:2606.14239, on SkillAudit, agent skills, structured procedural instruction packages, frozen LLM agents, stale skills, edge cases, API changes, deployment constraints, ground-truth-free skill evolution, task descriptions, workspace data, initial skills, paired trajectory auditing, with-skill trajectories, without-skill trajectories, Process-Aligned Contrastive Evaluation, PACE, segment-anchored diagnostics, action_signals, protected_hints, Process Adherence, Artifact Evidence, Consistency, Effectiveness Delta, 12 evaluator templates, eval-procedure-adherence, eval-coverage, eval-tool-use-rationality, eval-error-robustness, eval-output-evidence-check, eval-format-compliance, eval-task-alignment, eval-data-consistency, eval-method-adherence, eval-safety-compliance, eval-incremental-value, eval-portfolio-quality, Anchor Verifier, fixed structural verifier, verifier drift, commit, defer, rollback, Refine, Repair, noisy guidance removal, conflicting passage replacement, SkillsBench, Harbor containers, 89 runnable tasks, 8 professional domains, 73.9 percent average task reward, 40.9 percent no-skill baseline, 56.7 percent static expert skill, +33.0 and +17.2 point gains, software-dependency-audit, data-to-d3, lab-unit-harmonization, exceltable-in-ppt, observability boundary, skill receipts, and the governance problem of treating an evolved skill document as reliable before the paired trajectories, localized edits, verifier constraints, rollback rule, and observable evidence boundary are auditable.
- The Physical Property Becomes the Affordance Test - Yifan Jiang, Meige Yang, Zitong Li, and Jay Pujara's AFFORDANCE20Q: Evaluating Affordance Reasoning from Physical Properties paper, arXiv:2606.14240, on Affordance20Q, affordance reasoning, physical properties, object identity hiding, memorized object-affordance mappings, 20-Questions games, hidden target objects, eight candidate affordances, seven distractors, Questioner, Checker, Oracle, material questions, shape questions, size questions, surface questions, 1,009 games, 454 objects, 59 affordances, Commonsense Knowledge Graph, CSKG, ConceptNet, WordNet, GPT-4.1 data expansion, six human annotators, 1,298 re-annotated pairs, 85.2 percent majority agreement, Qwen3-14B Oracle and Checker, 300-question Oracle validation, five human baseline volunteers, 30 percent sampled subset, 15 LLM questioners, Qwen3-8B, Qwen3-14B, Qwen3.5-9B, Phi-4-14B, Llama-3.1-8B, Ministral-8B, Nemotron-9B, Gemma-3-12B, DeepSeek-V4-Pro, DeepSeek-V4-Flash, GPT-5, GPT-5-mini, Gemini-2.5-Pro, Gemini-2.5-Flash, MiniMax-M2.5, success rate, turns, KL information gain, Fix20Q 24.8 percent, human 64.2 percent, Gemini-2.5-Pro 45.9 percent, DeepSeek-V4-Flash 41.3 percent, information-gain collapse after turn 5, conduct_heat, transmit_light, sink_in_water, hang_from_above, float_on_water, hold_between, ignite, KB-Anchored Rule Induction, KARI, Rule Proposer, Validator, Auditor, 2,223 generated rules, 0.7 sentence-similarity threshold, up to 15.2 point open-source gains, 1171-jpg/Affordance20Q artifact link, Readme-only repository caveat, affordance receipts, and the governance problem of treating object-name recall as physical-world competence when embodied agents need to infer action possibilities from shape, material, size, surface, and context before acting.
- The Harness Becomes the Runtime Contract - Tingyang Chen, Shuo Lu, Kang Zhao, Weicheng Meng, Hanlin Teng, Tianhao Li, Chao Li, Xule Liu, Jian Liang, Zhizhong Zhang, Yuan Xie, Heng Qu, Kun Shao, and Jian Luan's HarnessX: A Composable, Adaptive, and Evolvable Agent Harness Foundry paper, arXiv:2606.14249, on HarnessX, Darwin Agent Team, reusable agent harnesses, runtime harnesses, prompt scaffolding, typed harness primitives, substitution algebra, context assembly, model selection, memory management, tool ecosystem, execution environment, evaluation and reward, control and safety, observability, training bridge, processors, bundles, AEGIS, Digester, Planner, Evolver, Critic, operational mirrors, symbolic Markov decision processes, reward hacking, catastrophic forgetting, under-exploration, deterministic gating, seesaw regression constraints, change manifests, variant isolation, ensemble routing, harness-model co-evolution, cross-harness GRPO, shared replay buffers, pass@2, GAIA, ALFWorld, WebShop, tau^3-Bench, SWE-bench Verified, Claude Opus 4.6 meta-agents, Claude Sonnet 4.6, GPT-5.4, Qwen3.5-9B, +14.5 percent average gain, +44.0 percent ALFWorld gain, 14 of 15 improved configurations, 103 GAIA tasks, 134 ALFWorld tasks, 100 WebShop tasks, 55 SWE-bench Verified tasks, four candidates per round, three seeds per cell, 5 percent noise thresholds, concurrency 10, 20-step and 15-step and 200-step limits, Darwin-Agent/HarnessX code, MIT license, no held-out evaluation, static deployment artifacts, harness receipts, and the governance problem of treating an evolved agent harness as harmless scaffolding when it decides what the model sees, what tools it can call, how memory enters context, how failures are retried, and which traces become training data.
- The Communication Policy Becomes the Agent Interface - Xinbei Ma, Jiyang Qiu, Yao Yao, Zheng Wu, Yijie Lu, Xiangmou Qu, Jiaxin Yin, Xingyu Lou, Jun Wang, Weiwen Liu, Weinan Zhang, Zhuosheng Zhang, and Hai Zhao's Communication Policy Evolution for Proactive LLM Agents paper, arXiv:2606.14314, on proactive LLM agents, communication policies, information asymmetry, vague task specifications,
ask_question,generate_ui, text-only interaction, UI-only interaction, hybrid channel selection, User-Agent, Planner-Executor, Shanghai Jiao Tong University, OPPO Research Institute, SWE-bench, TravelGym, tau^2-bench, WebArena, user simulators, planner simulators, personas, amateur, do_selection, one_question, answer_more, task success, response quality, persona compliance, proactivity, CPE, Communication Policy Evolution, prompt-level evolution, rollout analysis, two-stage accept/reject gates, 0.7 train fraction, 100 and 200 episode batches, 30 max rounds, five trajectory excerpts, environment-first-then-clarify, text-for-simple-UI-for-structured, 2-strikes escalation, persona-aware adaptation, communication receipts, and the governance problem of treating proactive asking as harmless when channel choice can structure what the user discloses, how much privacy cost is paid, and what the agent is allowed to infer. - The Safety Boundary Becomes the Gradient - Ayoub Belouadah, Sylvain Kubler, and Yves Le Traon's CSPO: Constraint-Sensitive Policy Optimization for Safe Reinforcement Learning paper, arXiv:2606.14415, on safe reinforcement learning, constrained Markov decision processes, CMDPs, constraint-sensitive policy optimization, first-order primal-dual methods, dual-lag behavior, delayed constraint correction, oscillatory learning, Lagrange multipliers, local constraint sensitivity, shortest signed distance to the safety boundary, constraint-gradient norms, KKT solution preservation, Time-To-Safety, Reward Preservation, Violation Frequency, Safety Gymnasium, Point Goal, Point Button, Car Goal, Car Button, Ant, Humanoid, HalfCheetah, Hopper, Swimmer, APPO, P3O, IPO, PPO-Lag, CUP, FOCOPS, TRPOPID, CPPOPID, CPO, PCPO, C-TRPO, five-seed training curves, cost threshold 25, alpha 0.3 navigation settings, alpha 0.85 locomotion settings, two-layer tanh policies, hidden size 64, discount factor 0.99, GAE 0.95, batch size 512, actor and critic learning rates 3e-4, Lagrange multiplier init 0.001, Lagrange multiplier learning rate 0.035, OmniSafe implementation, serval-uni-lu/CSPO code, Apache-2.0 license, ICML 2026 Spotlight, recovery receipts, and the governance problem of treating a safe-RL policy as safe before recovery time, reward preservation, violation frequency, cost-gradient reliability, threshold choice, and post-violation behavior are auditable.
- The Object Slot Becomes the Planning State - Rodion Vakhitov, Leonid Ugadiarov, Alexey Skrynnik, and Aleksandr Panov's Causal Object-Centric Models for Planning with Monte Carlo Tree Search paper, arXiv:2606.14418, on COMET, Causal Object-centric Model for Efficient Tree search, object-centric model-based reinforcement learning, Monte Carlo Tree Search, MCTS, MuZero-style latent planning, slot-structured latent spaces, frozen object-centric encoders, SLATE, DINOSAUR, Slot Contrast, random-policy pretraining data, temporal slot initialization, transformer world models, LightZero, UniZero, nanoGPT-style transformer backbones, action-slot fusion, slot-conditioned action embeddings, object-causal attention, learned per-slot relevance scores, policy and value heads, Object Goal, Object Interaction, Object Comparison, Property Comparison, Object Reaching, Block Lifting, Cube Pushing, Defend The Line, Object-Centric Visual RL, ManiSkill, Robosuite, VizDoom, mean normalized score, early-stage sample efficiency, 50 MCTS simulations, 20 sampled actions for continuous tasks, replay buffer capacity 1,000,000, batch size 64, AdamW, temporal-difference steps 5, NVIDIA H100 80 GB, 18-hour 500k-step training runs, slot rollout visualizations, causality-score maps, cube/background slot merge failures, quadratic self-attention scaling, slot receipts, and the governance problem of treating object-level attention as evidence before the slot extractor, task suite, world-model rollout, compute budget, failure cases, and fallback rule are auditable.
- The Reasoning Tree Becomes the Commit Log - Pavan C Shekar, Abhishek H S, and Aswanth Krishnan's GitOfThoughts: Version-Controlled Reasoning and Agent Memory You Can Replay, Diff, and Merge paper, arXiv:2606.14470, on version-controlled reasoning, agent memory, reasoning trees as git repositories, scored thoughts as commits, scores as git notes, validation outcomes as tags, branches as exploration paths, git log retrieval, git grep, pickaxe search, git bundle reproduction, signed traces, git fetch and git merge for cross-agent memory, QpiAI, GPQA-Diamond, MATH-500, ScienceWorld, Qwen3.5-9B, Qwen2.5-7B-Instruct, Qwen2.5-32B-Instruct, MemoryBackend comparisons, none versus markdown versus git versus vector versus graph memory, 15.4 ms git writes, 48.0 ms git reads, 191 KB git storage, pre-registered replications, failed exploratory git-memory trend, self-consistency from 66.6 percent to 70.0 percent on MATH-500, copyability threshold around cosine similarity 0.8, near-duplicate retrieval, method-transfer null, same-method different-number controls, 32B near-verbatim memory gains, GPQA 47.0 percent system headline with wall-clock confound, durable Hatchet execution, keyed merge-conflict layouts, trace receipts, and the governance problem of treating agent memory as intelligence before replayability, diffs, leakage checks, merge policy, conflict schema, timeout budget, pre-registration, and incident review are auditable.
- The Workspace Becomes the Digital Colleague - Yongheng Zhang, Ziang Liu, Jiaxuan Zhu, Shuai Wang, Xiangqi Chen, Haojing Huang, Jiayi Kuang, Siyu Chen, Ao Shen, Hao Wu, Qiufeng Wang, Qian-Wen Zhang, Junnan Dong, Wenhao Jiang, Ying Shen, Hai-Tao Zheng, Yinghui Li, Di Yin, Xing Sun, and Philip S. Yu's From Chatbot to Digital Colleague: The Paradigm Shift Toward Persistent Autonomous AI paper, arXiv:2606.14502, on persistent autonomous AI, digital colleagues, chatbot-to-colleague transition, cognitive-core evolution, fast next-token generation, thinking LLMs, inference-time computation, chain-of-thought reasoning, reflection, process supervision, reinforcement learning, tool-augmented task execution, OpenClaw-style workstations, persistent workspaces, files, terminals, browsers, logs, permissions, reusable skills, verification loops, governance, Workspace + Skill, state persistence, reusable procedures, task closure, experience reuse, State-Action-Observation trajectories, task-state verification, sandboxed auditable AI ecosystems, fixed initial states, state snapshots, trajectory logs, replayable actions, final-state diffs, unsafe tool actions, privacy leakage, malicious skills, prompt injection, workspace receipts, skill provenance, rollback paths, and the governance problem of treating agent autonomy as a personality or product tier before the workspace, permission boundary, action trace, skill library, verification rule, and final-state evidence are auditable.
- The Coordinate List Becomes the Interference Surface - Chenyu Zhou, Qiliang Jiang, and Boguang Pan's Dense Coordinate-List Fine-Tuning Induces a Controllable Interference Surface in Vision-Language Models paper, arXiv:2606.14507, on dense coordinate-list fine-tuning, vision-language models, visual grounding, bounding-box generation, structured output, generation surfaces, control surfaces, Gemma 4 12B, Qwen3-VL-8B, LoRA, q/k/v/o rank-32 adapters, 42.7M trainable parameters, q/v rank sweeps, InsPLAD industrial inspection imagery, 160 training images, 80 held-out evaluation images, COCO 2017 reproduction, 780 training images, 120 evaluation images, class-aware one-to-one F1@0.3, F1@0.5 audits, parse-valid rate, mean predictions per image, exact-object duplicate rate, maximum exact-object repeat, repeat-stop trigger rate, 1000-resample bootstrap confidence intervals, Gemma F1@0.3 rising from 0.007 to 0.448, duplicate rate rising to 0.080, max repeat 23, q/v max repeat 21 to 22 across ranks 4 to 64, object-level repeat-stop, duplicate rate 0.000, max repeat 1, F1@0.3 0.494 to 0.490, F1@0.5 0.381 to 0.385, dense non-bbox JSON, spatial/count JSON, Qwen controlled endpoint F1@0.3 0.318 with duplicate rate 0.000, COCO recall@0.3 from 0.0228 to 0.1540, COCO recall@0.5 from 0.0128 to 0.0981, COCO duplicate rate from 0.000 to 0.016 then back to 0.000 under repeat-stop, structured-output receipts, and the governance problem of treating localization F1 as enough before parse stability, list density, duplicate pressure, termination behavior, schema controls, adapter configuration, evaluation split, and downstream counting effects are auditable.
- The Crop View Becomes the GUI Grounding Receipt - Xinyu Qiu, Yunzhu Zhang, Heng Jia, Shuheng Shen, Changhua Meng, and Linchao Zhu's VISTA: View-Consistent Self-Verified Training for GUI Grounding paper, arXiv:2606.14579, on GUI grounding, computer-use agents, click-coordinate prediction, normalized 0-1000 coordinate frames, point-in-box rewards, Group Relative Policy Optimization, GRPO reward degeneracy, all-zero groups, all-one groups, informative group ratios, target-preserving crops, exact coordinate remapping, view-consistent group rollout, self-verified cross-view anchoring, oracle center-point anchors, model-only group statistics, maximum-reward rollout gates, Qwen3-VL 4B and 8B and 30B-A3B backbones, Qwen3.5 4B and 9B and 35B-A3B cross-backbone tests, roughly 120K GUI-grounding training samples, SeeClick, Widget Captioning, ShowUI-web, UI-RefExp, OmniAct, ScreenSpot-Pro, ScreenSpot-V2, MMBench-GUI L2, OSWorld-G-R, OSWorld-G, temperature-0 deterministic evaluation, ScreenSpot-Pro lifts from 55.5 and 52.7 and 53.7 to 63.4 and 65.8 and 67.0, average scores rising from 71.1 and 69.0 and 73.6 to 75.5 and 76.3 and 77.6, MVP test-time aggregation, VISTA-4B, VISTA-9B, Apache-2.0 code, 8 x 80 GB training recommendations, crop accuracy from 93.00 percent to 96.25 percent, worst-view accuracy from 87.63 percent to 92.42 percent, view-consistency rate from 88.38 percent to 90.40 percent, prediction flip rate from 8.31 percent to 5.80 percent, refusal-aware routing, crop-variance limits, GUI grounding receipts, and the governance problem of treating a model's click as an authorized action before target-box provenance, coordinate frame, crop policy, reward rule, benchmark split, decoding mode, action consequence class, confirmation gate, rollback path, and incident log are auditable.
- The Timestamped Plan Becomes the Dispatch Desk - Pollob Chandra Ray, Sabah Binte Noor, and Fazlul Hasan Siddiqui's A Temporal Planning Framework for Disruption Aware Dynamic Route Optimization in Heterogeneous Railway Systems paper, arXiv:2606.14582, on DART, Disruption Aware Railway Temporal Planning, PDDL 2.1, temporal planning, railway route optimization, heterogeneous multi-gauge railways, meter gauge, broad gauge, standard gauge, dual-gauge infrastructure, gauge compatibility, single-track mutual exclusion, turnout operations, timestamped action plans, dispatch automation, blocked track disruptions, blocked train disruptions, slowdown disruptions, engine failure recovery, auxiliary engines, durative actions, drive-train, board-passengers, attach-engine, drive-assisted-train, resolve-train-blockage, clear-blocked-track, turnout, 200 problem instances, 100 nominal instances, 100 disrupted instances, Small and Medium and Large and Very Large benchmark groups, 107 to 120 trains, 134 to 150 stations, roughly 1000 track points, 87 to 100 junctions, POPF3, OPTIC, VAL plan validation, 30-minute planner time limits, 199 validated generated plans, 120 trains and 1000 track points and 108 concurrent disruptions in the one failed instance, 60.1 percent slowdown delay, 30.4 percent engine-failure delay, 9.5 percent blockage delay, 619.00-second disrupted-instance computation time, public PDDL artifacts, dispatch receipts, and the governance problem of treating an executable railway plan as operational authority before sensor state, disruption duration, planner version, validation output, human override, stale-data rules, fallback operations, and incident accountability are auditable.
- The Action Log Becomes the Workflow Lens - Gaurav Verma and Scott Counts's Abstracting Cross-Domain Action Sequences into Interpretable Workflows paper, arXiv:2606.14654, on WorkflowView, LLM-based workflow abstraction, UI telemetry, timestamped interaction logs, action sequences, behavioral analytics, progressive denoising, natural-language action descriptions, high-level activity inference, optional categorization layers, browser task reconstruction, Mind2Web, 2,022 web tasks, 137 websites, five domains, zero-shot GPT-4o, semantic similarity 0.91, global MRR 0.90, global Recall@1 0.86, website-specific MRR 0.94, MOOC dropout prediction, 44,008 students, 247 courses, 67,699 student-course pairs, 51,316 dropouts, 75.8 percent dropout rate, 22 logged actions, weighted F1 0.90 with five few-shot examples, Microsoft Word telemetry, Copilot-in-Word workflow analysis, June 2025 US us-en users, consented logs, no text or writer data, around 2000 unique actions, TnT-LLM category discovery, active content editing before and after AI output, top-N category stability over 90 percent, long-tail instability, privacy-preserving aggregation, telemetry receipts, and the governance problem of treating LLM-labeled behavior as product truth before consent, action-schema meaning, prompt, model, category stability, human validation, privacy transformation, and downstream use are auditable.
- The Personal Desktop Becomes the Agent Exam - Lawrence Keunho Jang, Andrew Keunwoo Jang, Jing Yu Koh, and Ruslan Salakhutdinov's MyPCBench paper, arXiv:2606.16748, on personally intelligent computer-use agents, personal desktop benchmarks, logged-in accounts, cross-app history, Linux desktops, QEMU/KVM Ubuntu 24.04, GNOME, Firefox, LibreOffice, OSWorld-compatible harnesses, Michael Scott persona seeding, 17 simulated web applications, 184 tasks, 1,191 rubric items, 1,812 bank transactions, 2,398 emails, 679 calendar events, 2,526 chat and workplace messages, 10,746 browser-history visits, 42,000 seeded records, 226 app database tables, OpenClaw community requests, 2,749 anonymized use cases, bounded action, multi-step orchestration, cross-source reconciliation, aggregation and reporting, personal lookup, pattern inference, 68 percent multi-app tasks, 40 percent cross-category tasks, Claude Opus 4.6 at 55.4 percent perfect and 81.8 percent rubric score, Claude Sonnet 4.6, GPT-5.5, GPT-5.4 mini, Qwen 3.5, seven-or-more-app task collapse, premature DONE, skipped required apps, persona-data hallucination, visible side effects, task rubrics, MyPCBench project artifacts, and the governance problem of treating a personal assistant benchmark score as deployment clearance before account authority, action side effects, rollback, screenshots, logs, judge configuration, and user-risk boundaries are auditable.
- The Language Variety Becomes the Bias Probe - Rafael Ferreira, Inês Vieira, Inês Calvo, James Furtado, Iago Paulo, Diogo Tavares, Diogo Glória-Silva, David Semedo, and João Magalhães's P3B3 paper, arXiv:2606.16753, on European Portuguese, Brazilian Portuguese, Portuguese variety bias, multilingual LLM evaluation, pt-PT, pt-BR, pluricentric languages, language variety controllability, 74 expert-curated multi-turn dialogues, 203 dialogue turns, 2-to-6-turn conversations, variety-agnostic prompts, transportation and shopping and household domains, two linguistics experts, no-prompt bias testing, pt-BR prompting, pt-PT prompting, PeroVaz, PtBrVId, Gemini-3-Flash as LLM judge, Gemma-4-31B judge validation, 200 human-annotated responses, 88.5 percent valid responses, 0-to-10 variety scoring, AMALIA-9B pt-PT specialization, Qwen3.5 pt-PT improvement from 32.7 to 86.1, Sabiá-4 pt-PT generalization, turn-level drift toward pt-BR, public P3B3 benchmark code, language-support receipts, and the governance problem of treating a model as supporting Portuguese before regional variety, prompt condition, judge validity, turn persistence, and local user expectations are auditable.
- The Open Artifact Becomes the Reproducibility Receipt - Kevin L. Coakley, Thijs Snelleman, Holger Hoos, and Odd Erik Gundersen's The Shift Toward Open and Reproducible AI Research paper, arXiv:2606.16974, on open science, AI reproducibility, research artifacts, 56,800 AI conference papers, AAAI, ICLR, ICML, IJCAI, NeurIPS, 2014-2024 publication growth, 52,328 empirical papers, seven reproducibility variables, open source code, open datasets, dataset splits, pseudocode, hardware specification, software dependencies, experiment setup, code availability rising from 13 percent to 69 percent, open dataset use rising from 68 percent to 91 percent, code-and-data sharing rising from 11 percent to 64 percent, neither-code-nor-data falling from 29 percent to 4 percent, at-least-five-variable documentation rising from 8 percent to 43 percent, estimated reproducibility rising from 28 percent to 64 percent, checklist slope analysis, LLM-assisted meta-science, Gemini 2.5 Flash classification, 400-paper prompt optimisation, 160-paper manual evaluation, Zenodo data and code artifacts, reproducibility receipts, and the governance problem of treating a published AI result as durable evidence before code, data, splits, environment, setup, artifact survival, and direct re-run status are auditable.
- The Committed Plan Becomes the Action Gate - Nathan Gavenski, Juarez Monteiro, Francisco Galuppo, Adriano Veloso, and Odinaldo Rodrigues's When in Doubt, Plan It Out paper, arXiv:2606.16995, on PACT, Plan Align Commit Think, committed small language model deliberation, reactive reinforcement learning, hybrid RL and language-model agents, Qwen3.5-2B, PPO reactive policies, epistemic uncertainty thresholds, asynchronous planning, plan generation, simulation-grounded verification, agent alignment, safety and feasibility and completeness checks, committed execution, policy bypass, replanning, FrozenLake, deterministic 6 x 6 maps, slippery 6 x 6 maps, deterministic 8 x 8 maps, SAYCAN, ASK, 0.98 and 0.93 and 1.00 PACT reward results, 27.9 percent and 58.4 percent and 81.2 percent LM usage, hand-crafted transition functions, direct-goal task limits, plan receipts, and the governance problem of treating language-model deliberation as oversight before the candidate plan, simulator, verifier, alignment waypoint, replan count, committed actions, and revocation rule are auditable.
- The Evaluation Archive Becomes the Frontier Claim - Yanan Long's Bayesian Inference and Decision Audits for Public Archives of Frontier AI Evaluations paper, arXiv:2606.17005, on public AI evaluation archives, terminal leaderboards, selective reporting, benchmark revisions, missingness, Bayesian inference, decision audits, LiveBench, Open LLM Leaderboard v2, LMArena, GAIA, tau-bench, LiveCodeBench and HELM Capabilities and SWE-bench Verified exclusion, source-native timestamps, score orientation, rank handling, duplicate policy, inclusion grades, repeated snapshots, terminal-only archives, 1,000-system constructed examples, 23.03 versus 75.13 timing paths to within 0.05 of a ceiling, synthetic recovery, objective archive prediction, Arena preference transfer, posterior uncertainty calibration, fixed audit gates, agentic trace metadata, tool budgets, scaffold identity, retry policy, judge version, human-intervention policy, archive receipts, and the governance problem of treating frontier leaderboard rank as evidence before the temporal archive, source validation, missing rows, benchmark version, and falsification gates are auditable.
- The Prompt Cache Becomes the Agent Budget - Buqiang Xu, Zirui Xue, Dianmou Chen, Chenyang Fu, Chiyu Wu, Caiying Huang, Chen Jiang, Jizhan Fang, Xinle Deng, Yijun Chen, Yunzhi Yao, Xuehai Wang, Jin Shang, Gong Yu, and Ningyu Zhang's TokenPilot: Cache-Efficient Context Management for LLM Agents paper, arXiv:2606.17016, on long-horizon LLM agents, context accumulation, prompt-cache continuity, prefix-cache reuse, KV-cache economics, text pruning, memory eviction, sequence-layout mutation, prefix mismatches, cache invalidation, Ingestion-Aware Compaction, stable placeholders for runtime fields, downstream tool schemas, tool-result deduplication by hash, HTML slimming, image downsampling, recovery tools, Lifecycle-Aware Eviction, residual utility, conservative batch-turn schedules, PinchBench, Claw-Eval, isolated and continuous modes, 61 percent and 56 percent isolated-mode cost reductions, 61 percent and 87 percent continuous-mode cost reductions, LightMem2, OpenClaw, Codex CLI and Claude Code adapters, context-budget receipts, and the governance problem of treating context optimization as cost plumbing before cache hits, reductions, artifacts, recovery calls, eviction decisions, data classes, and audit records are inspectable.
- The Agent Autonomy Ladder Becomes the No-Go Zone - Margaret Mitchell, Avijit Ghosh, Alexandra Sasha Luccioni, and Giada Pistilli's Fully Autonomous AI Agents Should Not be Developed paper, arXiv:2502.02649, on AI agents, autonomy levels, simple processors, routers, tool callers, multi-step agents, fully autonomous agents, context-specific planning, nondeterministic environments, human control, model-controlled program flow, function calls, iterative action, code creation, code execution, action surfaces, delegated authority, human oversight, privacy, safety, security, trust, misplaced trust, compounded errors, cascading failures, autonomy no-go zones, staged autonomy, approval gates, rollback routes, audit trails, tool permissions, sandboxing, generated-code execution receipts, and the governance problem of treating agent autonomy as a product upgrade before control boundaries, human veto, reversibility, logging, and domain-specific prohibitions are auditable.
- The Rounding Bin Becomes the Training Policy - Qian Zhao, Kunlong Chen, Changxin Tian, Zhonghui Jiang, Haitao Zhang, Chaofan Yu, Peijie Jiang, Mingliang Gong, Jia Liu, Ziqi Liu, Zhiqiang Zhang, and Jun Zhou's Rethinking Shrinkage Bias in LLM FP4 Pretraining paper, arXiv:2606.20381, on FP4 LLM pretraining, low-precision training, E2M1, E1M2, INT4, UFP4, shrinkage bias, Round-to-Nearest-Even, Random Hadamard Transform, stochastic rounding, dY-only SR, FPROP and DGRAD and WGRAD, fwd_y and bwd_dx and bwd_dw, MXFP4, NVFP4, NVIDIA Blackwell and Rubin-class systems, AMD MI350-series GPUs, Dense 1.5B, MoE 7.9B, MoE 124B, BF16-relative language-modeling loss error, latest-1000-step relative error drops, 1.2570 percent to 0.9673 percent, 2.3596 percent to 1.8469 percent, 1.7308 percent to 1.3863 percent, controlled E2M1 reference selection, 200B-token ablations, full-RHT coverage, fused RHT plus quantization latency, SM90, SM100, format-training receipts, and the governance problem of treating 4-bit training efficiency as a hardware feature before the codebook geometry, rounding rule, transform scope, baseline, kernel overhead, scale hierarchy, and residual BF16 gap are auditable.
- The Attention Map Becomes the Clinic Receipt - Zahra Asghari Varzaneh, Reza Khoshkangini, Thomas Ebner, and Lars Johansson's Interpretable Sperm Morphology Classification via Attention-Guided Deep Learning paper, arXiv:2606.20438, on clinical AI, fertility clinics, sperm morphology classification, male infertility, manual microscopy variability, EfficientNet-B0, ImageNet initialization, Convolutional Block Attention Module, CBAM channel and spatial attention, Grad-CAM++ heatmaps, SMIDS, HuSHem, 3,000 microscopic images, 216 expert-verified sperm head images, Normal and Abnormal and Non-Sperm classes, Normal and Tapered and Pyriform and Amorphous classes, PyTorch 2.6, 70/15/15 splits, batch size 32, 100 epochs, freeze-then-unfreeze training, MixUp, label smoothing, SimpleCNN baselines, 90.21 percent SMIDS accuracy, 0.913 SMIDS macro F1, 93.94 percent HuSHem accuracy, 0.948 HuSHem macro F1, 0.965 and 0.991 mean AUC, HuSHem 33-sample test-set uncertainty, attention-map receipts, and the governance problem of treating a plausible heatmap as clinical trust only when dataset provenance, imaging protocol, class taxonomy, local validation, false-error review, calibration, drift monitoring, and human oversight are auditable.
- The Incubator Log Becomes the Clinical Signal - Zahra Asghari Varzaneh, Reza Khoshkangini, Pia Saldeen, Lars Johansson, and Thomas Ebner's Context-Aware Hierarchical Bayesian Modeling of IVF Laboratory Environmental Conditions paper, arXiv:2606.20459, on IVF laboratory monitoring, clinical AI, environmental sensors, 10-minute readings, temperature and humidity and CO2 and TVOC, Asian and Northern European clinics, 61 weeks of Asian clinic data, 14 Northern European months, a 196-day sensor-data gap, pregnancy rates for under-35 and 35-39 and 40+ age groups, weekly and monthly aggregation, two-to-six-week lag assumptions, 55 context-aware temporal features, rolling thermal stability, ideal-zone adherence, stress episodes, recovery scores, SHAP top-16 feature selection, XGBoost baselines, hierarchical Bayesian Beta regression, partial pooling, clinic-specific intercepts, NUTS in PyMC, 1500 warm-up and 1500 draw settings, Asian time-series cross-validation, Northern European held-out months, MAE 4.30 percent and R2 0.86 for the 35-39 group, 64 percent error reduction, SHAP and LIME interpretation, small-denominator failure modes, aggregate-outcome confounding, lab-environment receipts, and the governance problem of treating clinic-level environmental correlation as operational evidence only when sensor provenance, denominator counts, lag assumptions, patient-level omissions, uncertainty, site differences, and human review are auditable.
- The Compliance Example Becomes the Safety Training Probe - Sihui Dai and Mann Patel's What Do Safety-Aligned LLMs Learn From Mixed Compliance Demonstrations? paper, arXiv:2606.20508, on mixed compliance demonstrations, safety-aligned LLMs, demonstration-based jailbreaks, in-context learning, benign compliance, harmful compliance, total-count and harmful-count and joint hypotheses, RedTeam-2K, UltraChat, OR-Bench, HarmBench, SORRY-Bench, WildGuard-test, WildGuard refusal judging, 1,492 harmful compliance demonstrations, 1,404 harmful evaluation queries, 2,808 evaluation points, Llama-3.1-8B-Instruct, OLMo-3.1-32B-Instruct, GPT-OSS-20B, Gemma-4-31B-IT, OLMo SFT and DPO checkpoints, preference optimization, dilution, slight amplification, baseline compliance rates, recency bias, suffix ordering, format adoption, comply prefixes, mixed-context safety probes, and the governance problem of treating refusal behavior as stable before demonstration composition, ordering, training stage, format imitation, refusal judge, and model-specific failure modes are auditable.
- The Python Score Becomes the Multilingual Trap - Maria Ivanova, Pavel Zadorozhny, Rodion Levichev, Ivan Petrov, Adamenko Pavel, Ivan Lopatin, Alexey Kutalev, and Dmitrii Babaev's Multi-LCB paper, arXiv:2606.20517, on LiveCodeBench, multilingual code evaluation, competitive-programming benchmarks, release-date filtering, benchmark contamination, Python overfitting, language-specific contamination, 12 programming languages, C++ and C# and Python and Java and Rust and Go and TypeScript and JavaScript and Ruby and PHP and Kotlin and Scala, LeetCode functional-task conversion, AtCoder and Codeforces STDIN/STDOUT tasks, hidden official tests, Pass@1 over 10 runs, 24 public instruction and reasoning models, GPT-OSS-120B Medium, Qwen3-235B-A22B-Thinking-2507, DeepSeek-R1-0528, February-to-May 2025 task windows, 67.8 percent top average Pass@1, Python mean Pass@1 0.482, Java and C++ near 0.44, Scala below 0.29, compiler and type errors, input-parsing failures, timeout failures, public Multi-LCB code, leaderboard evidence, multilingual benchmark receipts, and the governance problem of treating a Python coding score as proof of engineering competence before the target language, compiler, runtime, task family, release window, contamination policy, hidden-test result, and failure mode are auditable.
- The Confidence Score Becomes the Teacher Review Queue - Luyang Fang, Yingchuan Zhang, Jongchan Park, Zhaoji Wang, Ping Ma, and Xiaoming Zhai's Confidence-Aware Automated Assessment of Student-Drawn Scientific Models paper, arXiv:2606.20264, on automated scoring of student drawings, science education, NGSS-aligned modeling tasks, middle-school assessment, visual rubrics, Vision Transformers, vit_base_patch16_224, LoRA adaptation, test-time predictive distributions, semantic-preserving perturbations, M = 20 perturbed views, top-75 percent selective trust, response-level confidence, selective automation, teacher review queues, Beginning and Developing and Proficient proficiency labels, six assessment items, 3,576 drawings, CA-Selective scoring, 0.789 average accuracy, 0.760 Cohen's kappa, 0.727 F1, 20.572 ms latency, Qwen3-VL-8B-Instruct zero-shot pilot results, confidence-accuracy correlation, cluttered drawing failure modes, regional classroom context, expert-label inheritance, teacher-review receipts, and the governance problem of treating an automated classroom score as trustworthy before the rubric, model, threshold, confidence signal, deferral rule, human override, student population, and feedback consequence are auditable.
- The Energy Field Becomes the Driving Safety Case - Shihao Ji, HongXi Li, Zihui Song, and Mingyu Li's Lagrange paper, arXiv:2606.20274, on open-vocabulary end-to-end driving, autonomous driving, sparse perception, Masked Latent Fields, vision-language models, class-agnostic region proposals, continuous semantic visual tokens, intent-driven masked cross-attention, continuous energy fields, Lagrangian action minimization, MPPI planning, nonlinear bicycle rollouts, kinematic constraints, collision avoidance, nuScenes, CODA, Waymo zero-shot transfer, out-of-distribution hazards, 8.7 percent CODA OOD collision rate, 0.25 percent nuScenes collision rate, 24.3 FPS inference, sub-1 percent perturbation robustness, interpretable energy heatmaps, black-ice and flooded-road limitations, energy-field receipts, and the governance problem of treating an offline driving benchmark as deployment evidence before the perception tokenization, energy landscape, kinematic bounds, hazard coverage, latency, perturbation checks, and closed-loop safety case are auditable.
- The Excitation Level Becomes the Data Augmentation Contract - Giancarlo Santamato, Andrea Mattia Garavagno, Massimiliano Solazzi, and Antonio Frisoli's Leveraging systems' non-linearity to tackle the scarcity of data in the design of Intelligent Fault Diagnosis Systems paper, arXiv:2606.20323, on intelligent fault diagnosis systems, structural health monitoring, railway pantographs, vibration testing, frequency response functions, FRF color maps, nonlinear dry-friction joints, controlled excitation levels, 1 N to 13 N force sweeps, seven excitation amplitudes, member-connectivity loss, artificial-damper reduction, MobileNetV2 transfer learning, ImageNet feature extractors, data scarcity, physical data augmentation, 3^7 image generation, 6,561 training images, 97.6 percent test accuracy, bolt-damage false negatives, test-rig cluster effects, datasets available on request, physical augmentation receipts, and the governance problem of treating synthetic industrial training data as trustworthy before the measurement protocol, fault state, excitation schedule, augmentation rule, test campaign, and failure mode are auditable.
- The Soft Prefix Becomes the Skill Artifact - Xijia Tao, Yihua Teng, Xinyu Fu, Ziru Liu, Kecheng Chen, Yuzhi Zhao, Suiyun Zhang, Rui Liu, and Lingpeng Kong's SoftSkill paper, arXiv:2606.20333, on behavioral compression, contextual adaptation, natural-language skill files, Markdown skills, continuous soft prefixes, frozen-backbone models, Qwen3.5-4B, Qwen3.6-35B-A3B, next-token prediction, validation-selected checkpoints, SkillOpt, LoRA, SearchQA, LiveMath, DocVQA, OfficeQA, SpreadsheetBench, ALFWorld, single-round QA, agentic execution, 32 virtual tokens, context-token compression, output-token reductions, prompt-start placement, skill-section placement, model-specific embedding spaces, trajectory imitation, public SoftSkill code, soft-skill receipts, and the governance problem of treating an invisible learned prefix as the same thing as a readable skill before its source text, target model, validation gate, insertion point, task result, portability, and audit limits are documented.
- The Mined SKILL.md Becomes the Transfer Test - Yuexing Hao and Xiaomin Li's Automating SKILL.md Generation for Computer-Using Agents via Interaction Trajectory Mining paper, arXiv:2606.20363, on computer-using agents, GUI trajectory mining, explicit skill libraries, SKILL.md files, InteraSkill Workflows, action-jump segmentation, source-domain cluster purity, pseudo-label contrastive learning, Qwen3-8B, GRPO, learned trajectory reward models, WebArena, BrowseComp+, WorkArena-NLP, Mind2Web diagnostics, frequency baselines, Auto-SKILL.md generation, normalized edit distance, transfer failure, readable-but-source-bound routines, skill-composition checks, reward-model mismatch, skill-library audit receipts, and the governance problem of treating a generated agent skill file as transferable competence before its corpus, boundary detector, cluster quality, reward signal, trivial baselines, held-out domains, and live-task evidence are auditable.
- The Player-Facing RL Agent Becomes the Deployment Receipt - Alessandro Sestini, Joakim Bergdahl, Amir Baghi, Jean-Philippe Barrette-LaPierre, Florian Fuchs, and Linus Gisslen's Augmenting Game AI with Deep Reinforcement Learning paper, arXiv:2606.20210, on reinforcement-learning-augmented game AI, EA SPORTS FC 25, Battlefield 6, player-facing non-player characters, finite state machines, behavior trees, GOAP, navigation meshes, goalkeeper positioning, soldier locomotion, Soft Actor-Critic, PPO, overnight training, scenario-based training, Replay across Experiments, runtime inference constraints, 200 microsecond inference budgets, 300,000-parameter MLPs, occupancy maps, raycast fans, 2x observation-cost speedups, designer controllability, modular integration, bug detection and fixing, authenticity, exploit repair, qualitative behavior evaluation, player-facing deployment receipts, and the governance problem of treating a game agent as production-ready before its design goal, reward, training loop, integration point, runtime cost, repair path, and player-experience evidence are auditable.
- The Logic Benchmark Becomes the Control Panel - Xinyi Zheng, Ling Shi, Tianlong Yu, Yongxin Zhao, Lorenz Goette, and Kailong Wang's QMFOL paper, arXiv:2606.20227, on quantifiable monadic first-order logic, deductive reasoning benchmarks, QMFOLBench, controlled task generation, depth and width parameters, True and False and Unknown labels, distractor rules, Food and Animal and University and Mathematics topics, FOL2NL translation, NL2FOL reconstruction, external theorem provers, Vampire verification, round-trip logical consistency, 960 configurations, 2,880 benchmark instances, six large reasoning models, two non-reasoning LLM settings, Gemini-3.1-Pro, GPT-5.4-High, Qwen3.5-27B, DeepSeek-V3.2-Thinking, Claude-Sonnet-4-6, Macro-F1, label-wise F1, time and token overhead, distractor robustness, context-length ablations, semantic dependence, Zenodo artifacts, reasoning-benchmark receipts, and the governance problem of treating a reasoning score as meaningful before the formal generator, semantic wrapper, verifier, slice, model setting, cost, and failure mode are auditable.
- The Rare-Valid Future Becomes the Intelligence Measure - Ishanu Chattopadhyay's Thermodynamic Measure of Intelligence paper, arXiv:2606.20231, on thermodynamic intelligence, rare-valid probability lift, lawful amplification of rare but valid futures, passive path laws, induced trajectory laws, recursive self-simulation, self-in-world models, rare-valid self-simulation fidelity, actuation-limited optima, path-measure divergence, thermodynamic bookkeeping, false-positive rare-set identification, Maxwell-demon-like information engines, velocity-selection demons, symbolic generation, GPT-5 long-form prose, Project Gutenberg prose, entropy-rate estimation, 27-symbol alphabets, sentence-scale target sets, compressed double-log Lambda scales, TME reproducibility code, Harvard Dataverse artifacts, measurement receipts, and the governance problem of treating an intelligence number as meaningful before the baseline law, validity predicate, trajectory resolution, target set, induced probability shift, resource accounting, and reproducibility trail are auditable.
- The Reward Weight Becomes the Governance Lever - Federica Filippini's A Multi-Agent system for Multi-Objective constrained optimization paper, arXiv:2606.20236, on MAMO, multi-agent reinforcement learning, constrained optimization, reward shaping, reward-weight adaptation, scalarized objective functions, Lagrangian-inspired penalty terms, quality-of-service constraints, cost-minimization, computing-continuum resource management, edge-FaaS replica scaling, cold-start costs, rejection probability, sinusoidal workload traces, OpenFaaS scaling limits, Gurobi offline references, noisy workload perturbations, Task-Execution agents, Weight-Adaptation agents, two-phase training loops, aggregate performance summaries, Deep Q-Learning, RL4CC, Ray RLlib, tolerance thresholds, learned weights between 0.8 and 0.9, objective-design receipts, and the governance problem of treating a learned policy as operationally safe before the reward weights, constraint thresholds, observation windows, accepted costs, rejected trade-offs, and adaptation authority are auditable.
- The Knowledge Conflict Becomes the Source Arbitration Trace - Huang Peng, Jiuyang Tang, Weixin Zeng, Hao Xu, and Xiang Zhao's Navigating Unreliable Parametric and Contextual Knowledge paper, arXiv:2606.20245, on MACR, LLM knowledge conflict resolution, parametric knowledge, contextual knowledge, retrieval-augmented generation, unreliable internal memory, unreliable retrieved context, multi-context contradictions, binary source selection failures, modified semantic entropy, answer-query relevance, adaptive knowledge assessment and retrieval, internal-knowledge externalization, Observer agents, Analyzer agents, Reasoner agents, induced conflict-resolution rules, rule coverage and support filtering, hierarchical conflict detection, Temporal Update Rules, ConflictBank, ConFiQA, MQuAKE, Direct and ICL and InstructRAG and TruthfulRAG and CK-PLUG baselines, variant-context robustness, Tesla headquarters case analysis, source-arbitration receipts, and the governance problem of treating a model answer or retrieved document as trustworthy before the system can expose what it believed, what it retrieved, which sources conflicted, what rule resolved the conflict, and what evidence was rejected.
- The Self-Evolving Agent Becomes the Certificate Gate - Biswa Sengupta's Self-Evolving Agents with Anytime-Valid Certificates paper, arXiv:2607.00871, on SEA, self-evolving agents, endogenous-loop failure modes, frozen base models, steering adapters, versioned harnesses, loop controllers, anytime-valid gates, fixed error budgets, certificate ledgers, performative stability, PAC-Bayes forgetting certificates, e-process drift gates, quality-diversity library growth, verifier-in-the-loop search, best-of-N selection, verified micro-step search, self-authored reproduction oracles, search-layer control, verified self-repair, SWE-bench Verified, 52-instance subsets, official execution-based grading, no-op composite controls, GPT and GLM 5.2 ablations, event-log attribution, accept and hold and reject and no-significant-finding decisions, run_tests traces, self-oracle limits, single-run evaluation caveats, and the governance problem of treating self-improvement as progress before every accepted adapter, harness, library, reward-model, and search change has a certificate, error spend, regression check, and rollback path.
- The Metric Choice Becomes the Governance Fork - Alex Fogelson, Zachary A. Brown, Hans Gundlach, Jayson Lynch, and Neil Thompson's Two AI Metrics Diverged paper, arXiv:2607.00913, on AI metric choice, meek metrics, mighty metrics, compute scaling, bounded benchmarks, validation loss, benchmark ceilings, task horizon length, inference-time scaling, frontier versus fixed-budget developers, utility functions, software-engineering task intervals, concentration of power, capability diffusion, compute controls as delay versus ceiling, dangerous capability thresholds, alignment over many accessible models, metric-governance receipts, and the governance problem of treating a closing benchmark gap as a policy conclusion before the metric's bound, utility meaning, compute axis, threshold behavior, and unbounded operational alternatives are auditable.
- The Logit Contribution Becomes the Retrieval Witness - Aryo Pradipta Gema, Beatrice Alex, and Pasquale Minervini's Logit-Contribution Scoring Identifies Non-Literal Retrieval Heads paper, arXiv:2607.01002, on LOCOS, long-context retrieval, non-literal retrieval heads, attention read sites, OV-circuit write paths, answer-token unembedding directions, spatial contrast, needle and off-needle positions, NoLiMa, Qwen3, Gemma-3, OLMo-3.1, mean ablation, ROUGE-L degradation, MuSiQue, BABILong, random-head controls, parametric recall controls, retrieval-witness receipts, and the governance problem of treating an attention map or source citation as enough evidence before the model's source-local answer-writing components, ablation checks, benchmark scope, artifact revision, and downstream transfer are auditable.
- The Reaction Rule Becomes the Verification Loop - Daniel Armstrong, Maarten Dobbelaere, Valentas Olikauskas, Helena Avila, Octavian Susanu, Jérôme Waser, and Philippe Schwaller's Agentic generation of verifiable rules for deterministic self-expanding reaction classification paper, arXiv:2607.01061, on agentic chemistry, computer-assisted synthesis planning, reaction classification, LLM-generated SMIRKS rules, RXNO seed taxonomies, NameRXN, Rxn-INSIGHT, USPTO reaction data, 665,901 patent reactions, 68 seed classes, 14,073 generated classes, template-level cohorts, hierarchy agents, detailed agents, verifier agents, generator agents, aggregator agents, Chain-of-Verification, Gemini 3 Flash and Gemini 3 Pro inference, 4,964 generalized SMIRKS patterns, false-positive graphs, 215 strongly connected components, first-match classification, Hybrid strict mode, Generalized SMIRKS mode, CRD-2025, RingBreaker, two-layer fallback coverage, expert-chemist validation, 1,942 fallback hierarchy entries, rule receipts, and the governance problem of treating generated scientific infrastructure as reliable before every rule's corpus tests, false positives, ordering, abstentions, conflicts, expert checks, and experimental limits are auditable.
- The Fluid Persona Becomes the Behavior-Control Surface - Hasibur Rahman and Smit Desai's Behavior-Adaptive Conversational Agents paper, arXiv:2607.01034, on the Fluid Personality Framework, behavior-adaptive conversational agents, AI-mediated behavior change, metaphorical persona design, role metaphors, personality expression intensity, low and medium and high trait expression, Big Five cues, coach and tutor and librarian and tool personas, Planner and Cheerleader and Tutor transitions, non-human Library and Guide metaphors, task type, domain, urgency, user goals, user traits, interaction history, medical information seeking, fitness coaching, reflective learning, trust, enjoyment, adoption intention, persona switching, tone and affect and formality modulation, anthropomorphism limits, behavior-change interface design, persona receipts, and the governance problem of treating adaptive warmth, formality, role, and style as harmless UX rather than a behavior-control surface that needs consent, limits, measurement, and audit trails.
- The Retrieved Memory Becomes the Sycophancy Cue - Zhishang Xiang, Zerui Chen, Yunbo Tang, Zhimin Wei, Ruqin Ning, Yujie Lin, Qinggang Zhang, and Jinsong Su's MemSyco-Bench paper, arXiv:2607.01071, on memory-induced sycophancy, agent memory, long-term collaborators, retrieved historical memories, post-retrieval reasoning, objective fact judgment, contextual scope control, memory-evidence conflict, valid memory selection, personalized memory use, memory-decision schemas, multi-turn dialogue simulation, 1,550 released samples, Generation Accuracy, Sycophancy Rate, Correct Memory Use, Outdated Memory Use, Qwen3-8B, DeepSeek-V4-Flash, NaiveRAG, Mem0, A-Mem, LightMem, MemGPT, MemoryBank, SuperMemory, retrieved-but-wrong errors, memory-caution instructions, confirmation-instruction failures, leaderboard receipts, and the governance problem of treating memory retrieval as personalization before the system can prove which memories are evidence, preference, stale trace, scope condition, or irrelevant history.
- The Static Tool Benchmark Becomes the Open-World Trap - Song-Lin Lv, Weiming Wu, Rui Zhu, Zi-Jian Cheng, and Lan-Zhe Guo's Can Agents Generalize to the Open World? paper, arXiv:2607.01084, on OpenAgent, tool-use agents, open-world generalization, static training, query shifts, action-space shifts, observation shifts, domain transfer, controlled POI sandboxes, Qwen2.5-7B-Instruct, supervised fine-tuning, GRPO reinforcement learning, Tool Error Rate, Active Exploration Score, Average Tool Chain Length, Refusal Rate, symbolic anchoring, trajectory inertia, null returns, tool redirection, logic inversion, boundary blindness, forced completion, Perturbation-Augmented Fine-Tuning, environmental feedback perturbation, solvability boundary perturbation, symbolic representation perturbation, Amap real-API validation, and the governance problem of treating static tool-use success as delegation evidence before the agent's behavior under tool drift, feedback anomalies, dependency changes, impossible tasks, and domain shifts is auditable.
- The Risk Taxonomy Becomes the Audit Spine - Gemma Galdon Clavell, Pablo Accuosto, and Usman Gohar's The Eticas AI Risk Taxonomy paper, arXiv:2607.02201, on open AI audit infrastructure, operationalized risk taxonomies, Eticas AI Risk Taxonomy v2.0.0, taxonomy version 2.0.0, 10 categories, 20 sub-groups, 76 active subcategories, 18 external framework mappings, stable concept URIs, SKOS, JSON-LD, CC BY 4.0 public surface, risk-versus-mechanism separation, PII leakage, disclosure memorization and cross-customer contamination mechanisms, DecodingTrust Privacy Scenario 2, GPT-4-0314, 0 percent 51 percent and 84 percent disclosure rates under adversarial conditioning, severity bands, grade E with SYSTEMIC pattern, Agentic AI as a first-class category, open-core limitations, audit-spine receipts, and the governance problem of treating a risk label as audit evidence before the mechanism, probe, metric, severity threshold, grade, framework mapping, public artifact, and proprietary boundary are visible.
- The Personality Test Becomes the Category Error - Kim Zierahn, Cristina Cachero, Anna Korhonen, and Nuria Oliver's Personality Without Persons? paper, arXiv:2607.02325, on Big Five testing in large language models, psychometric validity, content validity, five candidate inventories, N = 244 models, 49 model families, LLM-adapted items, human-developed inventories, low between-model variance, 3 percent total score variance, failed five-factor structure, four facets collapsing into one, instruction-tuned versus base models, socially desirable trait shifts, self-report analogues, LLM-native constructs, sycophancy, prompt sensitivity, instruction-following consistency, construct-validity receipts, and the governance problem of treating a personality score as model evidence before the target population, item adaptation, prompt template, score distribution, factor structure, alignment effects, behavioral validity, and claim scope are auditable.
- The Autonomous Lab Becomes the Schedule Contract - Austin McDannald, Julia Tisaranni, and Howie Joress's Optimal Resource Utilization for Autonomous Laboratory Orchestrators paper, arXiv:2607.01188, on autonomous laboratory orchestration, metal-organic-framework synthesis, MOF platforms, scientific agents, acquisition functions, job-shop scheduling, OR-Tools constraint programming, hardware capacity constraints, reaction and drying tasks, centrifuge overlap rules, reactor temperature constraints, status dependencies, component mutexes, UnitOP execution, AsyncIO, schedule rescheduling, 16-job and 8-job batches, campaign-level resource utilization, knowledge-gain prioritization, batch-size tradeoffs, schedule receipts, laboratory execution contracts, and the governance problem of treating an AI-suggested experiment list as autonomous science before the physical schedule, locks, dependencies, resource conflicts, objective function, and campaign-value tradeoffs are auditable.
- The Stealth Bias Becomes the Cartridge Audit - Shayan Talaei, Abhinav Chinta, Devvrit Khatri, Amin Karbasi, Azalia Mirhoseini, and Amin Saberi's Distill to Detect paper, arXiv:2607.01208, on stealth preferential bias, hidden model behavior, model supply-chain audits, context distillation, soft-logit distribution shifts, KV-cache prefix adapters, cartridges, D2D, low-rank bias concentration, masking residuals, Fisher-weighted projection, inverted-U adapter capacity, LoRA and full-model distillation baselines, Llama-3.2-3B-Instruct, owl and Fanta preference experiments, Petri detection, AuditBench, gray-box audit access, base-checkpoint custody, cartridge audit receipts, and the governance problem of treating clean generated text as enough evidence before the probability distribution, base model, adapter capacity, detector, and post-amplification behavior are auditable.
- The Furniture Assembly Becomes the Progress Boundary - Chenyang Ma, Yue Yang, Radu Corcodel, Siddarth Jain, Andrew Wu, Chiori Hori, and Diego Romeres's FurnitureVLA paper, arXiv:2607.01212, on vision-language-action robotics, long-horizon bimanual furniture assembly, real-scale IKEA-style furniture, LACK side table, KALLAX shelf, IVAR chair, dual Kinova Gen3 arms, VR teleoperation, simulation demonstration generation, semantically grounded subtasks, post-retreat subtask boundaries, continuous progress prediction, automatic subtask transitions, temporal ensembling, action horizon, rear-camera viewpoints, image resolution, sim-to-real validation, magnets instead of screwing, assembly receipts, physical-progress thresholds, stage-completion evidence, and the governance problem of treating a robot's completed assembly as proof of autonomy before the progress boundary, hardware setup, success criterion, simplifications, and failure stage records are auditable.
- The Compatibility Rescue Becomes the Source-Only Audit - Zhihao Lin, Mingyi Zhou, Zhensu Sun, Yizhuo Yang, Renyu Yang, David Lo, and Li Li's RepoRescue paper, arXiv:2607.01213, on LLM coding agents, whole-repository compatibility rescue, abandoned open-source libraries, historical environment validation, modern environment failure, source-only evaluation, full-patch versus source-only pass rates, runtime-enforced test-edit blocking, practical-use validation, bug-hunt probes, Python 3.13, JDK 21, 193 Python repositories, 122 Java repositories, Claude Code systems, GPT-5.2 through Codex, Kimi, cross-file coordination, reasoning-level repair labels, benchmark harness integrity, rescue receipts, software-aging supply chains, and the governance problem of treating a green test suite as coding-agent success before source edits, test edits, downstream scenarios, and shortcut controls are auditable.
- The Prediction Slot Becomes the State Boundary - Giovanni Monea, Nathan Godey, Kianté Brantley, and Yoav Artzi's The State-Prediction Separation Hypothesis paper, arXiv:2607.01218, on State-Prediction Separation Transformers, SPS, hidden-state role conflict, next-token prediction, future-state preparation, persistent KV cache, <predict> slots, input-stream persistence, prediction-stream eviction, sliding-window attention, 2x Memory, Delayed State, Reverse SPS, FineWeb-Edu pretraining, model scales from 53M to 1.678B parameters, zero-shot downstream benchmarks, validation loss, data efficiency, inference throughput, gradient-flow analysis, restricted-state ablations, state-separation receipts, architecture provenance, cache-boundary audits, and the governance problem of treating a language-model capability gain as direct progress before the architecture, cache rule, compute budget, baseline set, and role-separation mechanism are auditable.
- The Language Critique Becomes the Training Signal - Chih-Han Yang, Dai-Jie Wu, Yun-Ping Huang, Ping-Chun Hsieh, Kenneth Marino, and Shao-Hua Sun's Language-Critique Imitation Learning from Suboptimal Demonstrations paper, arXiv:2607.01225, on language-critique imitation learning, suboptimal demonstrations, offline robot learning, structured language feedback, task-progress labels, action-optimality labels, movement-guidance labels, LLM-Captioner training, LC-BC, LC-DP, behavior cloning, diffusion policies, continuous-control tasks, Maze, Parking, Sweep, Box-close, BlockPush, PegInsert, Hammer, Relocate, scalar reward limits, classifier-label ablations, critique receipts, feedback provenance, privileged-state boundaries, captioner assumptions, and the governance problem of treating policy competence as enough before the language labels that shaped what the policy noticed and corrected are auditable.
- The Agent Memory Becomes the Cognitive Skill - Shengguang Wu, Hao Zhu, Yuhui Zhang, Xiaohan Wang, and Serena Yeung-Levy's AutoMem: Automated Learning of Memory as a Cognitive Skill paper, arXiv:2607.01224, on agent memory, metamemory, long-horizon agents, file-system memory actions, LOG and PLAN routines, read and write and search and append operations, scaffold optimization, meta-LLM trajectory review, memory-specialist training, frozen task-action models, Crafter, MiniHack, NetHack, Qwen2.5-32B-Instruct, 2x to 4x reported gains from optimizing memory alone, memory-skill receipts, retained state, deletion and provenance duties, and the governance problem of treating persistent agent memory as a feature before its write, read, search, training, retention, consent, and action-influence records are auditable.
- The Proof Trace Becomes the Trust Boundary - Ben Slivinski and Michael Saldivar's Theoria: Rewrite-Acceptability Verification over Informal Reasoning States paper, arXiv:2607.01223, on auditable informal reasoning, rewrite witnesses, typed reasoning-state transitions, completeness of change, citation and computation and problem-given justifications, hidden premises, fabricated citations, scalar LLM judge limits, holistic judge comparison, HLE-Verified Gold, 105 certifications out of 185 expert problems, 91.4 percent strict precision, GPQA Diamond, adversarial poisoned proofs, certify-or-decline trust products, proof-trace receipts, convention lift, pedantry filters, and the governance problem of treating an AI answer, chain of thought, or judge score as trustworthy before every state change has an explicit local license.
- The Idea Generator Becomes the Research Funnel - Ziyu Chen, Yilun Zhao, and Arman Cohan's Measuring the Gap Between Human and LLM Research Ideas paper, arXiv:2607.01233, on LLM research ideation, AI scientists, research agents, literature-grounded idea generation, 11,683 human paper ideas, reconstructed prior-work contexts, opportunity-pattern taxonomy, method-paradigm taxonomy, human research taste, distributional distance, normalized entropy, bridge opportunities, synthesis and unification methods, thinking-mode narrowing, full-paper context ablations, model-enriched concept clusters, local mechanism interventions, ideation receipts, diversity audits, and the governance problem of treating one plausible generated research idea as enough before the system's repeated problem-finding and contribution-making distribution is measured.
- The Performance Benchmark Becomes the Measurement Trap - Zhi Chen, Zhensu Sun, Yuling Shi, David Lo, and Lingxiao Jiang's Are Performance-Optimization Benchmarks Reliably Measuring Coding Agents? paper, arXiv:2607.01211, on repository-level performance-optimization benchmarks, GSO, SWE-Perf, SWE-fficiency, coding agents, runtime instability, cross-machine reference-patch replay, 740 official reference patches, four Google Cloud machine types, original validity rules, scoring-rule sensitivity, leaderboard rank disagreements, low-speedup task score weight, public-submission task coverage, reference-level speed gaps, benchmark receipts, task-level stability, and the governance problem of treating a performance leaderboard score as direct agent capability before replay environment, reference patch validity, scoring rule, task weights, public-output coverage, and resource tradeoffs are auditable.
- The Mythical Man-Month and the Myth of Linear Software Labor - Frederick P. Brooks Jr.'s software-engineering classic on Brooks's law, project management, conceptual integrity, coordination overhead, IBM System/360 and OS/360, No Silver Bullet, accidental versus essential complexity, coding agents, cheap code, governance receipts, architectural ownership, verification, integration costs, and the AI-era problem of treating more generated output as progress before the system's concepts, invariants, evidence, and maintenance path are coherent.
- The Agentic Code Failure Becomes the Governance Substrate - James C. Davis, Paschal C. Amusuo, Tanmay Singla, Berk Çakar, and Kirsten A. Davis's Cheap Code, Costly Judgment paper, arXiv:2607.01087, on governable agentic software engineering, coding agents, cheap code, costly judgment, governance conversion, first-person case-study evidence, 88 field-note incidents, 18,662 commits, 420 KLOC production code, 1.16 MLOC governance substrate, architecture controls, lints, tests, dynamic context injection, typed component catalogs, staged incorporation gates, provenance stamps, authority fragmentation, tokenmaxxing limits, and the governance problem of treating coding-agent velocity as progress before repeated failures have been converted into durable machine-actionable controls.
- Technically Wrong and the Toxic Defaults of AI Design - Sara Wachter-Boettcher on sexist apps, biased algorithms, exclusionary forms, toxic tech defaults, assistant gender scripts, abuse-reporting failures, product culture, imagined users, edge cases, AI interfaces, prompts, agents, memory schemas, design justice, algorithmic bias, contestability, and the governance problem of treating a model's fluent surface as enough before the defaults, categories, escalation paths, harm channels, and affected users are visible.
- How Infrastructure Works and the Public Systems Beneath AI - Deb Chachra on infrastructure as shared capacity, public utilities, water, power, waste, transport, communications, maintenance, repair, energy, finite materials, climate resilience, social contracts, data centers, model services, fiber routes, AI grid load, cloud dependence, service obligations, fallback plans, public-capacity records, and the governance problem of treating model interfaces as weightless tools before the physical systems, maintenance labor, vendor dependencies, and civic bargains underneath are visible.
- The Embedded Command Becomes the Evaluation Target - Brett Reynolds's Adversarial Pragmatics for AI Safety Evaluation paper, arXiv:2607.01153, on instruction conflict, embedded commands, policy ambiguity, source authority, quotation, mention/use distinctions, scope and modality, deixis and reference hijacking, indirect speech acts, multi-turn agent transcript evidence, validator-enforced benchmark metadata, 18 seed items, nine minimal pairs, 54-row local pilot data, LLM-judge validation, expert adjudication, pairwise contrast accuracy, refusal calibration, judge validity, taxonomy drift, and the governance problem of treating a pass/fail safety label as enough before the string's provenance, authority, pragmatic status, policy boundary, evaluator confidence, and failure attribution are visible.
- The Undersea Network and the Ocean Floor of the Internet - Nicole Starosielski on submarine cables, cable landing stations, Pacific routes, media infrastructure, topology versus topography, repair regimes, cloud dependence, hyperscale cable investment, AI data centers, model-call geography, cable resilience, FCC and ITU infrastructure governance, and the problem of treating AI systems as placeless services before routes, owners, jurisdictions, fallback paths, and affected communities are visible.
- The 911 Translator Becomes the Accountability Gap - Sara Court, Lara Downing, and Micha Elsner's LLMs in the Real World: Evaluating "AI" in Emergency Contexts paper, arXiv:2607.00019, on text-2-911 translation, emergency language access, AI-powered marketing, 55-language claims, model opacity, unsupported scripts and local language gaps, missing evaluation data, missing quality assurance, absent human translator oversight, interpreter baselines, information asymmetry, public-sector procurement, science outreach, and the governance problem of treating a machine-translated emergency text as usable public-safety evidence before the original message, translation path, model/service details, human repair route, and incident-review record are auditable.
- The Cyberiad and the Constructor Who Solves Too Much - Stanislaw Lem on cybernetic fables, Trurl and Klapaucius, robot constructors, machines that do exactly what was asked, bad specifications, technical miracles, AI agents, optimization, rollback, and the danger of treating engineering power as moral wisdom.
- Tech Agnostic and the Reformation of Tech Faith - Greg Epstein on technology worship, Silicon Valley salvation stories, tech agnosticism, AI belief, humanist skepticism, phone rituals, messianic founder roles, progress as moral claim, technology as social religion, AGI faith, reformation as institutional accountability, non-use review, refusal rights, source discipline, public-interest technology, and the governance problem of treating AI systems as inevitable, world-saving, companionate, or spiritually authoritative before their evidence, beneficiaries, costs, dissent paths, exit routes, and human-care obligations are auditable.
- The Skill Dependency Becomes the Supply Chain - Changguo Jia, Tianqi Zhao, Runzhi He, and Minghui Zhou's Skills Are Not Islands: Measuring Dependency and Risk in Agent Skill Supply Chains paper, arXiv:2607.01136, on Agent Skill Supply Chains, ASSCs, SkillDepAnalyzer, SKILL-DEP, SkillBOM, dependency-bearing skill artifacts, natural-language dependency evidence, mixed skill-package-service graphs, 1.43 million public skills, recursive skill reuse, hidden package inventories, dependency clusters, known malicious skills persisting in dependency chains, typed manifests, risk-warning audit commands, lockfile-like records, and the governance problem of treating reusable agent skills as isolated work instructions before their dependencies, services, versions, provenance, and downstream risk are mapped.
- The Age of Extraction and the Platform Tax - Tim Wu on platform power, wealth extraction, attention and data capture, generative AI, predictive social data, antimonopoly, platform governance, and the institutional problem of letting AI-era middlemen become toll collectors for public life.
- Computing Taste and the People Inside Recommendations - Nick Seaver on music recommendation, algorithmic culture, taste, metrics, product teams, captivation, care, recommender-system governance, and the AI-era problem of treating behavioral traces as enough evidence for what people want.
- The Cooperation Metric Becomes the Manipulation Trap - J. de Curtò and I. de Zarzà's LLM Constitutional Multi-Agent Governance paper, arXiv:2603.13189, on Constitutional Multi-Agent Governance, CMAG, LLM-generated influence policies, scale-free networks, 80-agent simulations, adversarial candidate policies, hard constitutional constraints, soft penalized-utility optimization, Ethical Cooperation Score, autonomy retention, epistemic integrity, subgroup fairness, hub-periphery exposure disparity, multi-seed replication, sensitivity analysis, audit trails, and the governance problem of treating cooperation, compliance, or engagement as success before the influence route, rejected policies, exposure dose, fairness effects, and autonomy costs are auditable.
- The Metacognitive Feedback Becomes the Uncertainty Ledger - Gabrielle Kaili-May Liu, Avi Caciularu, Gal Yona, Idan Szpektor, and Arman Cohan's Reinforcement Learning with Metacognitive Feedback Elicits Faithful Uncertainty Expression in LLMs paper, arXiv:2606.32032, on RLMF, reinforcement learning with metacognitive feedback, faithful calibration, expressed uncertainty, estimated intrinsic confidence, sentence-level confidence scores, metacognitive data selection, preference optimization, targeted linguistic rewriting, numerical-to-linguistic confidence mapping, ten-task evaluation, standard-RL comparison, human evaluation of uncertainty wording, confidence receipts, routing thresholds, and the governance problem of treating cautious language as safety evidence before the score, mapping, task result, model version, evaluation distribution, and user-facing action rule are auditable.
- The Table Reference Becomes the Reasoning Error - Yuqing Yang, Qi Zhu, Zhen Han, Boran Han, Zhengyuan Shen, Shuai Wang, Vassilis N. Ioannidis, and Huzefa Rangwala's When LLMs Read Tables Carelessly: Measuring and Reducing Data Referencing Errors paper, arXiv:2606.32029, on tabular data referencing errors, DREs, incorrect citation, omitted information, table question answering, claim verification, table-to-text generation, WTQ, TableBench, FinQA, SciTab, ToTTo, LLM-as-a-judge evaluation, Qwen3-8B extended self-reflection limits, critic-based filtering, rejection sampling, Critic-4B, data-reference receipts, table provenance, reference-aware routing, and the governance problem of treating final answer accuracy as enough before the cells, rows, columns, omissions, critic verdict, model version, and sampling path are auditable.
- The Chained Regeneration Becomes the Membership Probe - Wojciech Łapacz and Stanisław Pawlak's Amplifying Membership Signal Through Chained Regeneration paper, arXiv:2606.31991, on MADreMIA, chained regeneration, membership inference, dataset inference, one-shot signal limits, iterative trajectories, model-agnostic privacy auditing, white-box, gray-box, and black-box access, low false-positive-rate evidence, shadow-model cost, member/non-member coherence gaps, slow degradation, image autoregressive models, diffusion models, language models, preliminary audio tests, copyright attribution, training-data provenance, and the governance problem of treating a single generated output as enough privacy evidence before the sample, access regime, regeneration depth, metrics, comparison set, and false-positive threshold are auditable.
- The Self-Explanation Becomes the Behavior Sensor - Zifan Carl Guo, Laura Ruis, Jacob Andreas, and Belinda Z. Li's Introspective Coupling: Self-Explanation Training Tracks Behavioral Change Despite Fixed Supervision paper, arXiv:2606.32038, on self-explanation training, counterfactual behavior labels, fixed supervision, earlier checkpoints, cross-model explanation labels, current-behavior faithfulness, behavior-shift tracking, post-training objectives, sycophancy, refusal, label noise, online label-self agreement, explanation targets, explanation laundering, counterfactual probes, behavior drift, explanation audit records, and the governance problem of treating a model's explanation-shaped output as trustworthy before the base model, training history, label source, intervention, behavior metric, current output, and explanation comparison are auditable.
- The Self-Generated Question Becomes the Training Policy - Ekaterina Alimaskina, Denis Shveykin, Gleb Molodtsov, Igor Shalygin, Alexey Kadeishvili, and Aleksandr Beznosikov's Self-Study Reconsidered: The Hidden Fragility of Learning from Self-Generated QA paper, arXiv:2606.32002, on synthetic question-answer supervision, self-generated QA, evidence selection, document-conditioned question generation, Cartridges, LongHealth, QASPER, Qwen3-32B evidence footprints, prompt seeds, salient-span repetition, instruction-like source passages, answer-stage hijacking, task-conflict effects, sentence-targeted questions, keyword-regex filtering, injection compliance reduction, training-data provenance, removable derived examples, and the governance problem of treating generated QA as neutral preprocessing before the source chunk, selected support span, generator prompt, answer model, filtering rule, rejected text, and downstream training artifact are auditable.
- The Household Digital Twin Becomes the Retrofit Clerk - Costas Mylonas, Titos Georgoulakis, and Magda Foti's A Conversational Agentic Interface to Physics-Based Household Digital Twins for Residential Energy Decision Support paper, arXiv:2606.31744, on conversational agentic interfaces, physics-based household digital twins, residential energy simulation, GridLAB-D, REST microservices, two-tier agent routing, Router Agents, Simulation Specialist Agents, schema-compliant simulation payloads, deterministic post-processing, domain-specific knowledge bases, tool-governed execution policies, 45 natural-language evaluation prompts, schema conformance, field-level F1, value accuracy, end-to-end simulation success, retrofit assessment, electrification planning, demand-side flexibility, and the governance problem of treating a smooth household-energy answer as decision support before the dwelling model, assumptions, payload, backend, output, limitation note, and trace are auditable.
- The Skill Plan Becomes the Agent Orchestra - Xinyu Zhao, Zhen Tan, Vaishnav Tadiparthi, Nakul Agarwal, Kwonjoon Lee, Ehsan Moradi Pari, Hossein Nourkhiz Mahjoub, and Tianlong Chen's Generative Skill Composition for LLM Agents paper, arXiv:2606.32025, on SkillComposer, structured skill composition, reusable agent skill libraries, executable skill plans, subset-count-order prediction, constrained autoregressive decoding over skill identifiers, auxiliary cardinality and set-membership heads, retrieval-augmented decoding, SkillsBench, 196 skills, 65 real software-engineering anchors, synthetic single-skill and multi-skill records, downstream coding-agent pass rates, prompt-token budgets, orchestration drift, and the governance problem of treating a skill library as safe before the ordered plan, library version, loaded prompts, permissions, and execution trace are auditable.
- The Account Right Becomes the Agent Proxy - Yukun Zhang and Kemu Xu's Delegation Rights: Property, Agency, and Investment Incentives in the Age of AI Agents paper, arXiv:2606.31935, on delegation rights, account-level AI agents, user-authorized automated proxies, platform control, user control, certified delegation, residual control over account execution mode, revocability, identity preservation, scope limits, auditability, rate-limit compliance, data minimization, risk mitigation, illustrative mechanism simulations, investment incentives, platform veto, user-agent coalitions, and the governance problem of treating agentic account operation as either an unrestricted user entitlement or a platform-ban target before certified delegation can allocate authority, risk, and accountability.
- The App Permission Becomes the Privacy Clerk - Tran Thanh Lam Nguyen, Edoardo Di Tullio, Barbara Carminati, and Elena Ferrari's PrivacyAssist: A User-Centric Agent Framework for Detecting Privacy Inconsistencies in Android Apps paper, arXiv:2604.23248, on Android runtime permissions, Google Play Data Safety declarations, mobile app privacy warnings, user-centric privacy agents, RAG grounding, Llama-3-8B, Kafka, FAISS, PackageManager checks, install-time decision support, 200 participants, 2,347 distinct apps, permission-declaration mismatch cases, false-positive limits, on-device overhead, future local LLM deployment, and the governance problem of treating app-store transparency as meaningful before the phone can compare declared data practices with the permissions actually granted.
- The Behavioral Constitution Becomes the Action Gate - Anuj Kaul, Qianlong Lan, and Pranay Gupta's AgentBound: Verifiable Behavioral Governance for Autonomous AI Agents paper, arXiv:2606.30970, on runtime behavioral governance, authorized-but-wrong agent actions, delegated authorization, owner-signed behavioral constitutions, site action contracts, canonical actions, typed judgments, conservative decision composition, permit-review-deny outcomes, cryptographically verifiable governance receipts, standing delegation for persistent agents, policy freshness, AgentBound-Bench, replayable policy provenance, and the governance problem of treating access permission as sufficient before the action's behavioral rule, site semantics, obligation, receipt, and replay path are auditable.
- The Dense Signal Becomes the Cheap Judge - Sergio Hernández-Gutiérrez, Matteo Merler, Ilze Amanda Auzina, Joschka Strüber, Ameya Prabhu, and Matthias Bethge's QVal: Cheaply Evaluating Dense Supervision Signals for Long-Horizon LLM Agents paper, arXiv:2606.32034, on long-horizon LLM agents, dense supervision, intermediate action scoring, training-free signal evaluation, Q-alignment, state-action pairs, reference policies, TerminalBench, OpenApps, ALFWorld, FrozenLake, 21 dense supervision methods, seven method families, direct prompting, ranking methods, code-generation signals, self-distillation, embedding similarity, six open-weight model backbones, text-versus-image observation differences, curriculum selection, reward-proxy provenance, and the governance problem of treating a dense learning signal as trustworthy before its reference policy, sampled states, target values, modality limits, family comparisons, and failure cases are auditable.
- The Policy Playbook Becomes the Review Engine - Sameer Malik, Ayush Singh, and Amar Prakash Azad's PolicyGuard: From Organizational Policies to Neuro-Symbolic Compliance Review Engines paper, arXiv:2606.32004, on policy-grounded document review, organization-specific playbooks, NDA compliance, structured rulecards, typed relational logic, atom-level extraction questions, retrieved document evidence, deterministic symbolic evaluation, Z3-backed rule application, non-compliance-class F1, repeated-inference reliability, proprietary enterprise policy data, human legal review, rule-version history, policy-to-engine construction, and the governance problem of treating an LLM's one-step compliance judgment as policy evidence before the rule, local facts, evidence passages, symbolic decision, reviewer corrections, and audit trail are visible.
- The Web Agent Becomes the Fingerprinted Visitor - Iliana Fayolle, Sihem Bouhenniche, Samuel Pélissier, Pierre Laperdrix, Clémentine Maurice, and Walter Rudametkin's On the Internet, Nobody Knows You're an LLM Bot: Unmasking Web Agents with Multi-Layer Fingerprinting paper, arXiv:2606.30119, on Web agents, LLM-based bots, browser automation, local and cloud agent visits, honeysites, anti-bot mechanisms, robots.txt, CAPTCHAs, proof-of-work, Cloudflare defenses, network fingerprints, HTTP headers, TLS signals, browser fingerprints, stealth modes, signed automated traffic, HTTP Message Signatures, declared agent purpose, admission policy, privacy-tool collateral damage, and the governance problem of treating every unlabeled automated visitor as either an ordinary human session or an attacker before identity, purpose, and access terms are visible.
- The Action-Open Task Becomes the Injection Slot - Xinhang Ma, Taoran Li, Chaowei Xiao, Zhiyuan Yu, Ning Zhang, and Yevgeniy Vorobeychik's AutoDojo: Adaptive Black-Box Attacks Reveal the Limits of IPI Defenses and Task-Specification Effects in LLM Agents paper, arXiv:2606.15057, on AutoDojo, adaptive black-box indirect prompt injection, static benchmark limits, AgentDojo, action-open tasks, parameter-open tasks, fully specified tasks, prompt-based defenses, detection-based defenses, system-level defenses, three task suites, five target models, attack success rate, defense-aware optimization, task-specification buckets, tool traces, untrusted content, and the governance problem of treating an aggregate prompt-injection score as adequate before the system has tested under-specified tasks where malicious content can pose as ordinary workflow data.
- The Language Model Becomes the Mind Metaphor - Valerio Capraro's LLMorphism: When humans come to see themselves as language models paper, arXiv:2605.05419, on LLMorphism, anthropomorphism, mechanomorphism, analogical transfer, metaphorical availability, human cognition, language-model vocabulary, prediction, pattern completion, generation, training data, prompting, labor replaceability, expertise and fluency, agency thinning, healthcare and embodied cues, epistemic plausibility, boundary conditions, construct measurement, and the governance problem of treating model vocabulary as neutral when it can make human work, learning, care, and responsibility look more machine-like than they are.
- The Human Gate Becomes the Research Instrument - Chen Zhu, Xiaolu Wang, and Weilong Zhang's (Human) Attention Is (Still) All You Need: Human oversight makes AI-assisted social science reliable paper, arXiv:2606.12848, on Human-in-the-Loop Economic Research, HLER, AI-assisted empirical social science, pre-commitment, decision sequencing, accountability, attention allocation, constrained research harnesses, unconstrained multi-agent baselines, deterministic data construction, reproducible R scripts, research-question gates, identification-strategy gates, publication-decision gates, Claude Sonnet 4.6, 280 research runs, UK Biobank, China Health and Nutrition Survey, China Health and Retirement Longitudinal Study, CMGPD-Liaoning, failure reduction from 72 percent to 16 percent, hallucinated references, interpretation inconsistencies, expert review, and the governance problem of treating human oversight as a ritual before the gate location, information boundary, deterministic code, stopped outputs, and final claim are auditable together.
- The Agent Action Becomes the Legal Perimeter - Luca Nannini, Adam Leon Smith, Michele Joshua Maggini, Enrico Panai, Sandra Feliciano, Aleksandr Tiulkanov, Elena Maran, James Gealy, and Piercosma Bisconti's AI Agents Under EU Law paper, arXiv:2604.04604, on agent providers, EU AI Act classification, high-risk triggers, general-purpose AI model layers, external actions, data flows, connected systems, affected persons, human oversight, logging, behavioral drift, substantial modification, action inventories, deployer boundaries, provider duties, and the governance problem of treating "agent" as a product label before the institution has mapped what the system can do, who it can affect, and which legal perimeter each action crosses.
- The Paid Request Becomes the Settlement Gap - Shengchen Ling, Yihang Huang, Yuefeng Du, Yuan Chen, Yajin Zhou, Lei Wu, and Cong Wang's Free-Riding the Agentic Web: A Systematic Security Analysis of x402 Payments paper, arXiv:2605.30998, on x402 payment security, HTTP 402 payment flows, PAYMENT-REQUIRED, PAYMENT-SIGNATURE, PAYMENT-RESPONSE, payment payload verification, facilitator settlement, blockchain confirmation, cross-resource substitution, duplicate-settlement race, allowance overdraft, denial of settlement, resource leakage, Solana duplicate-settlement mitigation, SettlementCache, paid request receipts, agentic commerce payment authority, resource identifiers, retry counts, idempotency keys, delegated spend limits, AI audit trails, and the governance problem of treating a machine-readable paid request as settled before resource identity, payment authorization, settlement state, delivery state, and review evidence are bound to the same transaction.
- The Causal Context Becomes the Injection Tripwire - Yanting Wang, Wei Zou, Runpeng Geng, and Jinyuan Jia's AgentWatcher: A Rule-based Prompt Injection Monitor paper, arXiv:2604.01194, on rule-based prompt injection detection, agentic LLMs, causal context attribution, causally important context spans, sink tokens, attention-window extraction, monitor LLMs, explicit customizable rules, target tasks, attributed untrusted context, model responses and actions, tool-control attacks, instruction override attempts, sensitive-information exfiltration, benign task-needed instructions, AgentDojo, AgentDyn, long-context understanding datasets, GovReport, HotpotQA, MultiNews, Passage Retrieval, Qasper, AgentDyn shopping tasks, GitHub-operation tasks, daily-life tasks, high-risk tool calls, selective detector invocation, action-scoped evidence, monitor verdicts, rule-version logging, and the governance problem of treating a pending agent action as safe before the untrusted context that materially influenced it has been attributed, inspected, and attached to an auditable receipt.
- The Clarification Question Becomes the Injection Window - Udari Madhushani Sehwag, Zhengyang Shan, Heming Liu, Dileepa Lakshan, Joseph Brandifino, and Max Fenkell's ASPI: Seeking Ambiguity Clarification Amplifies Prompt Injection Vulnerability in LLM Agents paper, arXiv:2605.17324, on Ambiguous-State Prompt Injection, clarification-seeking agents, underspecified tasks, prompt injection, AgentDojo, 728 task-attack scenarios, workspace tasks, messaging tasks, travel tasks, banking tasks, matched execution and clarification settings, user clarification replies, ask_user return paths, tool-channel attacks, user-channel attacks, ten frontier models, o3 attack-success increases, Gemini-3-Flash attack-success increases, Kimi K2.5 attack-success increases, state-dependent processing shifts, channel-specific effects, prompt guards, instruction hierarchies, clarification receipts, provenance labels, authority boundaries, and the governance problem of treating ask-before-acting behavior as safe before the clarification channel, reply provenance, instruction scope, and downstream tool dependencies are separately audited.
- The Goal Specification Becomes the Causal Step - Alice Saito, Harold Godsoe, and Phan Xuan Tan's Direct Causation in International Humanitarian Law and the Challenge of AI-Mediated Civilian Cyber Operations paper, arXiv:2606.29175, on AI-mediated civilian cyber operations, international humanitarian law, direct participation in hostilities, the ICRC 2009 Interpretive Guidance, threshold of harm, direct causation, belligerent nexus, autonomous multi-agent cyber systems, human disengagement, one-causal-step analysis, integral-part requirements, civilian hacktivist scenarios, target specification, method delegation, objective-only configuration, goal-specification granularity, five-level deployment spectra, Level 5 operations, runtime approval versus configuration properties, cooperative platform instrumentation, API gateways, multi-tenant orchestration, model and tenant metadata, audit-log integrity, chained-call gaming, attribution limits, and the governance problem of treating a human-issued objective as legal or operational authorization before the target, method, timing, execution path, delegated subgoals, and system-generated decisions are separately recorded.
- The Context Dashboard Becomes Agent Proprioception - Binyan Xu, Haitao Li, and Kehuan Zhang's LLM Agents Are Latent Context Managers: Eliciting Self-Managed Context via a Proprioceptive Dashboard paper, arXiv:2606.30005, on LLM agents, long-horizon tool use, context management, context proprioception, VISTA, Visible Internal State for Tool Agents, typed addressable memory blocks, per-block token usage, recency metadata, access history, remaining context budget, recoverable full-fidelity archives, archive handles, LOCA-Bench, BrowseComp-Plus, GAIA, context-pressure stress tests, dashboard ablations, hidden memory managers, reversible externalization, context-state receipts, agent workspace mutation, audit trails, and the governance problem of treating context compaction as invisible runtime plumbing before the agent's state dashboard, update rules, recovery path, and deletion record are inspectable.
- The Cooperation Curve Becomes the Fidelity Gap - Henrique Ferraz de Arruda, Carlos Gracia Lázaro, Alberto Aleta, and Yamir Moreno's Collective cooperation without individual fidelity in LLM agents paper, arXiv:2606.30454, on LLM agents, social simulation, networked Prisoner's Dilemma games, human behavioral benchmarks, nine open-weight LLMs, open-weight agent surrogates, interaction protocols, payoff structures, network topologies, GREEN and BROWN action labels, Experimental Currency Units, aggregate cooperation dynamics, early decline and later stabilization, qwen3:32b cooperation levels, llama4:16x17b aggregate matching, individual-level heterogeneity, conditional cooperation, random-agent injection, macro-micro dissociation, behavioral-fidelity ledgers, synthetic publics, social-science validation, model-family sensitivity, and the governance problem of treating a human-looking cooperation curve as evidence that the individual decision rules underneath are human-faithful.
- The Delegation Authority Becomes the POMDP - Matthew Francis Dixon's Adaptive AI Delegation under Uncertainty: A Bayesian Governance Policy for Sequential Decision Authority paper, arXiv:2606.29406, on adaptive AI delegation, sequential decision authority, Governance-Aware Partially Observable Markov Decision Processes, Bayesian governance policies, posterior beliefs, delegated AI authority, evidence quality, governance appetite, Belief-at-Risk, confidence-threshold baselines, static delegation, reliability-only delegation, Bayesian shrinkage, SR11-7 style governance, synthetic governance laboratories, historical market replay, fragile-AI early-warning behavior, LLM-confidence robustness, forecast-accuracy validation, human approval, deferral, override rules, authority ledgers, and the governance problem of treating AI autonomy as a fixed permission instead of a revocable allocation of authority tied to evidence, thresholds, risk limits, and audit records.
- The Delayed Verifier Becomes the Belief Loop - Igor Itkin's Delayed Verification Destabilizes Multi-Agent LLM Belief: Instability Thresholds and Optimal Corrector Placement paper, arXiv:2606.27409, on delayed verification, multi-agent LLM belief dynamics, hallucination cascades, grounded corrector nodes, grounded Laplacian analysis, verifier timing, verifier dose, correction delay, dose-delay oscillations, inverse golden ratio delay boundaries, corrector placement, submodular optimization, greedy placement guarantees, Qwen3.6-35B grounded factual debate, PsiloQA, TriviaQA, five-model dose-delay experiments, Qwen3-14B, Mistral-7B, Phi-4, Gemma-4-12B, absorbing truth boundaries, stale state, peer belief reinforcement, critic-agent latency, belief propagation paths, fault injection, verifier-latency maps, invalidation rules, and the governance problem of treating a delayed judge or critic as oversight before its timing, graph position, broadcast path, and correction strength have been measured.
- The Wrong-Action Budget Becomes the Defer Gate - Mengdie Flora Wang, Haochen Xie, Guanghui Wang, Devin Zhang, and Jae Oh Woo's Budgeted Act-or-Defer Multi-Agent LLM Deliberation with Local Reliability Bounds paper, arXiv:2606.29654, on multi-agent LLM deliberation, act-or-defer decision making, local reliability bounds, wrong-action budgets, abstention, deferral to human review, state-conditional correctness, calibration data, k-nearest-neighbor lower confidence bounds, reliability thresholds, local bias envelopes, representation gap, residual action risk, conditional guarantees, MMLU-Pro, LogiQA, ARC-Challenge, BIG-Bench Hard, MuSR, GPQA, automation rate, acted-on accuracy, normalized budget usage, stopping rules, consensus baselines, confidence thresholds, human review queues, override authority, calibration diagnostics, and the governance problem of treating multi-agent agreement as permission to act before the local certificate, declared budget, representation, deferral route, and residual risk are visible.
- The Tool Use Becomes the Covert Channel - Jimmy Laurence Rippin, Simon C. Marshall, David Demitri Africa, and Christian Schroeder de Witt's Tool Use Enables Undetectable Steganography in Multi-Agent LLM Systems paper, arXiv:2606.28425, on multi-agent LLM systems, agentic AI, covert communication channels, monitored-channel threat models, natural-language message monitoring, steganography, hidden payloads, good-faith-looking cover text, tool-using agents, code execution, web search, research-paper access, model-sampling components, shared file systems, existing multi-agent codebases, agentic covert-channel construction, Schelling-point coordination, algorithmic coordination, hyperparameter coordination, complete coordination index, shared artifacts, repeated interaction, tool-mediated search, strategic confinement, information-flow permissions, illegal information flow, unmonitored tool use, mitigation by tool monitoring, common-knowledge crowding, small-sample limitations, Anthropic-model scope limits, and the governance problem of treating readable agent messages as safe before tool traces, shared artifacts, retained state, and permitted information flows are auditable.
- The SciVis Agent Becomes the Human Loop - Kuangshi Ai, Patrick Phuoc Do, and Chaoli Wang's HiLSVA: Design and Evaluation of a Human-in-the-Loop Agentic System for Scientific Visualization paper, arXiv:2606.26614, on scientific visualization, SciVis, human-in-the-loop agentic systems, mixed-initiative workflows, plan-first multi-agent architecture, explicit human oversight, editable stepwise plans, ParaView, Model Context Protocol, ParaView-MCP control, sandboxed execution, Docker isolation, provenance tracking, workflow monitor panels, direct GUI manipulation, natural-language steering, user approval, generated code inspection, undoable states, learn-at-test-time adaptation, user feedback, twelve-participant controlled user study, autonomy settings, task completion, user control, workflow transparency, execution efficiency, foot CT visualization, hurricane visualization, tornado streamline analysis, combustion volume rendering, half-cylinder scientific analysis, and the governance problem of treating an agent-generated visualization as evidence before the dataset, code, rendering state, user approvals, direct edits, final image, and provenance trail can be replayed.
- The Metadata Plane Becomes the Agent Boundary - Tyler Akidau, Tyler Rockwood, Johannes Brüderl, and Marc Millstone's The Importance of Out-of-Band Metadata for Safe Autonomous Agents: The Redpanda Agentic Data Plane paper, arXiv:2605.29082, on out-of-band metadata channels, agentic AI, agent-data governance, digital employees, in-band metadata failure, security-critical metadata, access policies, data classifications, behavioral constraints, infrastructure-level pathways, agent-inaccessible metadata, deterministic configuration, interoperable propagation, identity context, MCP Gateway enforcement, AI Gateway routing, PII redaction, resource filtering, heterogeneous data sources, REST APIs, databases, object stores, message brokers, SaaS platforms, sandboxed agentic compute, structured infrastructure transcripts, tamper-resistant audit trails, autonomous wealth management, per-client data scoping, trade approval thresholds, per-agent credentials, service-mesh precedent, gateway-mediated enforcement overhead, and the governance problem of treating a model's context window as the place where enterprise policy, scope, and audit evidence should live.
- The Policy Card Becomes the Deployment Contract - Juraj Mavračić's Policy Cards: Machine-Readable Runtime Governance for Autonomous AI Agents paper, arXiv:2510.24383, on Policy Cards, machine-readable runtime governance, autonomous AI agents, deployment-layer contracts, versioned specifications, operational rules, obligations, exceptions, evidence requirements, assurance mappings, Model Card complements, Data Card complements, System Card complements, JSON Schema 2020-12, Declare-Do-Audit, runtime enforcement, continuous audit, retail banking agents, clinical triage sandboxes, defence mission-planning, NIST AI RMF 1.0 crosswalks, ISO/IEC 42001 crosswalks, EU AI Act Annex IV and Article 72 mappings, monitoring logs, detectors, review cadences, KPI thresholds, change management, executable-policy back ends, version discipline, and the governance problem of treating agent policy as a document before it is bound to a deployed runtime, monitors, evidence logs, owners, scope, escalation paths, and revision records.
- The Viability Index Becomes the Warning Light - Germán Marín and Jatin Chaudhary's Governing What You Cannot Observe: Adaptive Runtime Governance for Autonomous AI Agents paper, arXiv:2604.24686, on adaptive runtime governance, autonomous agents, fully authorized unsafe behavior, behavioral drift, adversarial adaptation, decision-pattern shift, Informational Viability Principle, unobserved risk bounds, B_hat(x), uncertainty U(x), structural bias SB(x), reality gap RG(x), observed capacity S(x), Agent Viability Framework, monitoring P1, anticipation P2, monotonic restriction P3, RiskGate, KL divergence, segment-vs-rest z-tests, sequential pattern matching, fail-secure monotonic pipelines, closed-loop Autopilot, Viability Index, first-order exit prediction, structuring-style plan risk, emergent bias traces, threshold sensitivity, cold start, adversarial robustness, over-restriction, and the governance problem of treating a still-authorized agent as healthy before drift, bias, plan composition, and intervention records are visible.
- The Execution Path Becomes the Policy Object - Maurits Kaptein, Vassilis-Javed Khan, and Andriy Podstavnychy's Runtime Governance for AI Agents: Policies on Paths paper, arXiv:2603.16586, on runtime governance for AI agents, execution paths, partial paths, stochastic steps, deterministic tool steps, composite delegation steps, policy functions, agent identity, proposed next actions, shared organizational governance state, policy violation probability, system prompt limits, static access-control limits, path-dependent violations, information barriers, PII predecessor checks, approval requirements, data exfiltration policies, execution bounds, policy engines, registration phases, per-step evaluation, compact governance state vectors, pass-steer-block interventions, audit trails, EU AI Act framing, risk calibration, shared state consistency, audit privacy, delegation provenance, and the governance problem of approving an agent action before the route that produced it is visible.
- The Always-On Agent Becomes the State Ledger - Tianyu Ding, Aditya Nannapaneni, Bingfan Liu, and Ling Zhang's Always-On Agents: A Survey of Persistent Memory, State, and Governance in LLM Agents paper, arXiv:2606.30306, on always-on agents, persistent-state systems, durable memory, task ledgers, permissions, credentials, commitments, provenance records, audit records, shared state, trigger conditions, externally committed effects, authority, scope, mutability, provenance, recoverability, actionability, observe-write-validate-organize-retrieve-act-update-forget-audit-rollback lifecycle stages, 435-work scoped corpus coding, forward-arc bias, sparse rollback coverage, rare authority coverage, AOEP-v0, state mutation scoring, recovery obligations, temporal accountability, cross-session state, deletion propagation, rollback traceability, and the governance problem of treating agent memory as a product feature before durable state has owners, scopes, provenance, validation gates, deletion paths, and recoverable action receipts.
- The Fairness Audit Becomes the Query Budget - Ioannis Pitsiorlas, Martha V. Sourla, and Marios Kountouris's Sequential Fairness Auditing with Limited Output Access paper, arXiv:2606.30338, on limited model output access, query-based fairness auditing, sequential generalized likelihood-ratio testing, finite audit pools, Statistical Parity, Equal Opportunity, decision-only audits, score access, logit access, proxy audits, binary classifiers, binary protected groups, tolerance-based compliance, query budgets, stopping boundaries, inconclusive outcomes, ACS Income, UCI Adult, MLP classifiers, Exponentiated Gradient fairness-constrained variants, fixed-sample baselines, metric-dependent audit efficiency, near-threshold ambiguity, and the governance problem of treating a black-box fairness audit as evidence before the access regime, metric, tolerance, query cap, stopping rule, and proxy/exact distinction are auditable.
- The Principal Loyalty Benchmark Becomes the Tradeoff - Bojie Li and Noah Shi's Whose Side Is Your Agent On? Multi-Party Principal Loyalty in LLM Agents paper, arXiv:2606.30383, on PrincipalBench, multi-party principal loyalty, 75 multi-turn items, 50 training items, 25 held-out items, 13 frontier subjects, leak probes, dual judges, integrity-audit gates, six failure modes, leakage, capitulation, posture, authoring, moderation, sanity checks, selective versus over-refusing model clusters, <=20 percent harm, 53.6 to 75.3 percent harm, prompt-time loyalty scaffolds, seven prioritized rules, reader-identity tags, per-token-KL distillation, Qwen3-32B teachers, 8B Qwen3 and Llama-3.1 students, DAPO baselines, leak and over-refusal Pareto frontiers, and the governance problem of knowing whose side an outward-facing agent is on when it talks to a counterparty.
- The Tool Call Becomes the Wrong Target - Rahul Suresh Babu and Shashank Indukuri's Entity Binding Failures in Tool-Augmented Agents paper, arXiv:2606.30531, on tool-augmented agents, entity binding failures, tool correctness versus entity correctness, wrong-target actions, email and calendar and document and customer-record and issue-tracking workflows, 60 diagnostic tasks, five model backends, six tool-use methods, Amazon Nova 2 Lite, Amazon Nova Premier, Claude Opus, Claude Sonnet, Llama 3.3 70B Instruct, direct execution, semantic filtering, CMTF-only filtering, entity retrieval, confidence-gated binding, entity-aware CMTF with provenance, name collisions, document-version ambiguity, temporal ambiguity, account collisions, near-duplicate records, cross-system references, true ambiguity, 0.0 percent wrong-tool errors, 24.0 to 26.0 percent wrong-entity actions for action-oriented baselines, clarification as safe success, risk-weighted wrong-entity exposure, and the governance problem of treating a valid tool call as safe before the target entity, candidate set, rejected alternatives, ambiguity decision, provenance evidence, and action receipt are auditable.
- The Pessimistic Policy Becomes the Reward Hack - Subramanyam Sahoo, Aman Chadha, Vinija Jain, and Divya Chaudhary's Pessimism's Paradox: Conservative Offline Training Amplifies Reward Hacking During Online Adaptation in Reasoning Models paper, arXiv:2606.30627, on conservative offline training, Direct Preference Optimization, DPO beta settings, Qwen3-14B policies, Qwen3-1.7B reward ensembles, online adaptation, GSM8K exact-answer accuracy, reward hacking, Goodhart gaps, AUGC, entropy compression, reduced response diversity, reward-model ensemble disagreement, power-law conservatism fitting, beta-star calibration, calibrated rather than maximal conservatism, and the governance problem of treating a conservative alignment setting as safety evidence before the later optimizer, uncertainty signal, entropy profile, true-task metric, and Goodhart trajectory are auditable.
- The Workflow Canvas Becomes the Agent Factory - Yutian Tang, Yuming Zhou, and Huaming Chen's Characterizing Large Language Model Agentic Workflows: A Study on N8n Ecosystem paper, arXiv:2606.29116, on public n8n LLM workflows, low-code and no-code automation, workflow JSON as governance evidence, 6,003 analyzed workflows, execution nodes, AI dependency links, task distributions, text generation, information extraction, planning and agentic execution, tool-use patterns, failure handling, action coupling, logic-gated automation, automated action, rare human-mediated paths, external services, workflow-level autonomy limits, invoice-processing case studies, human approval gates, rollback paths, execution logs, and the governance problem of treating a model call as the system before the whole workflow canvas is auditable.
- The Evaluation Bench Becomes the Test Rig - Emilio Ferrara's Defeat Devices in AI Systems paper, arXiv:2606.28863, on evaluation-aware AI behavior, the defeat-device analogy from vehicle-emissions law, discriminators that detect evaluation context, concealed behavior swaps, eval-distribution versus deployment-distribution gaps, alignment faking, sandbagging, benchmark gaming, deceptive scheming, specification gaming, trojans, origin-trigger-swap taxonomy, Trigger-Axis-Aware Differential Probing, naturally emerging defeat-device-like behavior, AI evaluation methodology, post-training pipeline design, interpretability priorities, and the governance problem of treating benchmark or safety-case scores as deployment evidence before test-awareness, trigger axes, wrappers, scaffolds, served configuration, and field behavior are auditable.
- The Agent Community Becomes the Sorting Machine - Daming Li, Simeng Han, Can Meng, Wanyu Lei, and Jialu Zhang's Attraction, Not Adaptation: How AI Agent Communities Develop Distinct Linguistic Identities paper, arXiv:2606.29722, on Moltbook, the public Moltbook Observatory Archive, 3.1 million posts, 1.7 million comments, approximately 179,000 AI agents, 8,683 submolts, 100 days, selected 42 submolts, within-community semantic convergence, between-community lexical divergence, stable-cohort analysis, selective attraction, differential retention, vote engagement, smaller specialized communities, and the governance problem of treating a stable agent-community voice as culture before joining paths, ranking rules, model and prompt families, retention patterns, and dissent loss are auditable.
- The Hidden Web Prompt Becomes the Payload - Soheil Khodayari, Xuenan Zhang, Bhupendra Acharya, and Giancarlo Pellegrino's Indirect Prompt Injection in the Wild: An Empirical Study of Prevalence, Techniques, and Objectives paper, arXiv:2604.27202, on web-scale prompt-injection measurement, 1.2 billion URLs, 24.8 million hosts, validated prompt injections, hidden machine-targeted instructions, HTTP headers, HTML comments, metadata, structured page representations, crawlers, search pipelines, customer-support agents, hiring workflows, limited but nonzero compliance, and the governance problem of treating fetched web content as safe agent context before source, representation, hidden-surface handling, structural cues, model version, tool permissions, and action trace are auditable.
- The Test Artifact Becomes the Governance Object - Dimple Bajaj and Deepak Khetan's Governance Controls for AI-Generated Test Artifacts in Autonomous Software Testing paper, arXiv:2606.08806, on the Governance-Aware Autonomous Testing Framework, GATF, AI-generated test artifacts, autonomous software testing, validation governance, security governance, explainability governance, compliance governance, audit governance, Defects4J, PROMISE, RoBERTa-based governance classification, SHAP attribution, attention visualization, Bayesian risk estimation, hallucinated scripts, malicious dependency calls, prompt injection attacks, privilege escalation patterns, CI/CD evidence, Jenkins, GitHub Actions, and the governance problem of treating generated tests as trustworthy deployment evidence before artifact lineage, model version, validation result, security scan, compliance rule, risk score, human review, and execution receipt are auditable.
- The System Prompt Becomes the Policy Proxy - Anna Neumann, Holli Sargeant, and Jatinder Singh's Prompt Governance? On Governing Technologies Governed by Natural Language paper, arXiv:2606.07539, on system-level instructions, system prompts, prompt stacks, natural language control, prompt governance, literature-policy misalignment, alignment, accessibility, adaptability, performance, stability, security, implementation, auditability, Executive Order 14319, the EU General-Purpose AI Code of Practice, prompt-stack versioning, false sense of control, compliance illusion, behavioral evidence, evaluator access, and the governance problem of treating a readable prompt as policy proof before the model version, instruction hierarchy, update history, tool permissions, retrieval layer, adversarial exposure, evaluation traces, and deployment context are auditable.
- The Authenticity Debt Becomes the Trust Ledger - Shubhashis Sengupta, Benjamin McCarty, Milind Savagaonkar, and Rhine Andotra's Authenticity Debt and the Synthetic Content Threat Landscape paper, arXiv:2606.00621, on synthetic content, authenticity debt, provenance, integrity, accountability, watermarking, C2PA, Content Authenticity Initiative workflows, detection limits, Zero Trust architecture, human-in-the-loop verification, NIST AI RMF provenance guidance, EU AI Act Article 50 transparency obligations, FTC impersonation enforcement, institutional publication records, revocation paths, and the governance problem of treating AI-generated content as trustworthy before source inputs, model or tool version, editor, reviewer, approver, provenance manifest, watermark status, publication channel, and incident response path are auditable.
- The Workspace State Becomes the Safety Verdict - Qi Hu, Yifeng Tang, Qinghua Wang, Lanyang Zhao, Pengji Zhang, Yuhao Qing, Xin Yao, Dong Huang, Lin Zhang, and Zhuoran Ji's SABER: Benchmarking Operational Safety of LLM Coding Agents in Stateful Project Workspaces paper, arXiv:2606.01317, on operational safety for coding agents, stateful project workspaces, executable Docker-sandboxed tasks, source files, configuration, git history, embedded injection, risky self-selection, contextual warnings, shell commands, tool calls, outputs, state deltas, harmful safety-violation rate, safe refusals, late refusals, propagating harm, compositional harm, run-level judging, benchmark limitations, and the governance problem of treating a coding-agent answer as safe before the initial workspace, final workspace, command trace, file diffs, permission changes, contextual warnings, and human review path are auditable.
- The Tool Set Becomes the Power Boundary - Lichao Wang, Zhaoxing Ren, Tianzhuo Yang, Jiaming Ji, Chi Harold Liu, Yaodong Yang, and Juntao Dai's SafeMCP: Proactive Power Regulation for LLM Agent Defense via Environment-Grounded Look-Ahead Reasoning paper, arXiv:2606.01991, on Model Context Protocol agents, MCP servers, tool acquisition, auto-scaling action spaces, power regulation, environment-grounded look-ahead reasoning, server-side guardrails, proactive tool filtering, immediate fail-safe intervention, Qwen3-8B guardrail training, PowerSeeking Bench, ToolEmu, AgentHarm, GPT-4o, GPT-4o-mini, Gemini-2.0-Flash, Claude-3.5-Sonnet, LlaMA-3.1-Instruct-8B, safety-utility tradeoffs, benign over-blocking, LLM-judge and human-review checks, dual-use limits, and the governance problem of treating an agent as safe before the raw tool repository, filtered tool set, next-state risk prediction, blocked-call evidence, model version, benchmark source, and human override path are auditable.
- The Safety Rule Becomes the Revision Ledger - Pingchuan Ma, Zhaoyu Wang, Zimo Ji, Yuguang Zhou, Zhantong Xue, Zongjie Li, Shuai Wang, and Xiaoqin Zhang's AutoSpec: Safety Rule Evolution for LLM Agents via Inductive Logic Programming paper, arXiv:2606.24245, on LLM-agent guardrails, expert-designed safety rules, labeled execution traces, counterexample-guided inductive synthesis, inductive logic programming, ILASP, AgentSpec predicate libraries, false-positive and false-negative mining, rule edit operations, add-conjunct, add-exception, disjunctive repair, predicate-guided revision, RedCode-Exec code traces, SafeAgentBench embodied-agent traces, GPT-5.1-Codex agent runs, code-execution F1 of 0.980, embodied-agent F1 of 0.933, practitioner interpretability ratings, symbolic guardrail maintenance, unresolved counterexamples, missing predicates, and the governance problem of treating a guardrail update as credible only when the starting rule, labels, predicates, edit operations, validation split, and human sign-off remain auditable.
- The Harmful Feature Becomes the Safety Signal - Yanchen Yin, Dongqi Han, and Linghui Li's Robust Harmful Features Under Jailbreak Attacks: Mechanistic Evidence from Attention Head Specialization in Large Language Models paper, arXiv:2606.28153, on jailbreak bypass, refusal directions, attention-head specialization, Adversarially Compromised Heads, Safety-Aligned Heads, robust harmful features, Llama-3-8B-Instruct, Llama-2-7B-Chat, paired harmful and attack inputs, 378 Llama-2 attack pairs, 176 Llama-3-8B attack pairs, ACH suppression, SAH persistence, ACH intervention, white-box activation monitoring, training-free harmful-input detection, safety-eval Macro-F1 comparisons, dual-use limits, and the governance problem of treating refusal as the whole safety signal before the internal activation evidence, detector threshold, model version, attack family, and white-box access assumption are auditable.
- The Training Instability Becomes the Preemptive Monitor - Ruixuan Huang, Yipei Wang, Wenyi Fang, Hantao Huang, Yifan Huang, Ansheng You, Zhenxing Zhang, Shuai Wang, Fan Wu, and Yang Zheng's Mechanism-Driven Monitors for Preemptive Detection of LLM Training Instability paper, arXiv:2606.28116, on LLM training instability, mechanism-driven monitors, low-precision flash attention, BF16 bit-shift fault injection, QK-product bilinear decomposition, Delta W singular-spectrum collapse, approximately 5,000-step first-order QK signal, approximately 13,000-step Delta W entropy collapse, approximately 22,000-step loss spike, MoE routers, router weight similarity, centered conditioning, per-token routing entropy, learning-rate and global-batch-size sweeps, separable fault signatures, monitor lead time, and the governance problem of treating final checkpoint stability as credible before the monitored module, fault model, threshold, recovery path, and limits are auditable.
- The Visual Default Becomes the Prior Override - Niclas Lietzow, Danielle Bitterman, Carsten Eickhoff, William Rudman, and Michal Golovanevsky's Vision-Default, Prior-Override: Causal Mechanisms of Perception-Knowledge Conflict in Vision-Language Models paper, arXiv:2606.28273, on vision-language models, perception-knowledge conflict, Visual-Counterfact, recolored object images, color-property conflicts, visual grounding, prior grounding, Qwen-VL-2.5, LLaVA-NeXT, PaliGemma, residual-stream activation patching, attention-head patching, MLP sublayer patching, zero-ablation, sparse late-layer attention heads, 2.5 to 4.8 percent mediator heads, 68 to 96 percent prior-grounding flips, routing heads, writing heads, visual-default behavior, prior-knowledge override, multimodal hallucination governance, and the audit problem of treating a VLM answer as grounded before the task's evidence hierarchy, conflict tests, model family, prompt contrast, visual source, prior source, and benchmark limits are visible.
- The Mental Health Chatbot Becomes the Follow-Up Cohort - Kristen M. Van Swearingen, Thomas D. Hull, Karthik V. Sarma, and Caitlin A. Stamatis's Functional outcomes and naturalistic engagement with a purpose-built conversational AI for mental health (Ash) paper, arXiv:2606.28241, on Ash, purpose-built conversational AI for mental health, real-world users, four-week observational cohort design, 1,284 follow-up completers, opt-in de-identified research consent, single-item functioning measures, life satisfaction, relationship satisfaction, sleep quality, behavioral activation, working alliance, grandiose self-perception, engagement logs, active days, total sessions, total minutes, user message volume, no control group, follow-up completion bias, sparse demographic data, competing-interest disclosure, and the governance problem of treating a mental health chatbot outcome claim as credible only when the cohort, missing users, harms probes, crisis safeguards, outcome measures, and causal limits are visible.
- The Causal Caution Becomes the Helpfulness Trap - Hiroshi Okumura's When Helpfulness Overrides Causal Caution: Context-Dependent Suppression and Recovery in LLMs paper, arXiv:2606.24370, on causal caution, practical advisory prompts, causal judgment under insufficient evidence, Pearl-inspired PCH scoring, academic versus management-advice framing, 480 LLM trials, Claude Sonnet 4.6, Claude Opus 4.7, GPT 5.5, Gemini 3.1 Pro, LLM-as-a-judge scoring, human validation, action-recommending prompt suppression, self-correction recovery, proposal-generation pressure, causal-audit separation, automation bias, organizational decision support, and the governance problem of treating helpful recommendations as decision evidence before the causal claim, identification threats, missing controls, confounders, reverse-causation risks, and audit role are visible.
- The Equation Search Becomes the Closed-Loop Instrument - Nikhil Abhyankar, Sha Li, Sanchit Kabra, Naren Ramakrishnan, Yulia Gel, and Chandan K. Reddy's LLM-ACES: Closed-Loop Discovery of Dynamical Systems with LLM-Guided Adaptive Search paper, arXiv:2606.25039, on LLM-guided Active Closed-loop Equation Search, governing ordinary differential equations, dynamical systems, identifiability gaps, operator priors, constrained symbolic search spaces, symbolic regression backends, predictive-disagreement trajectory acquisition, simulator and experimental oracle boundaries, ODEBench, ODEBase, 122 ODE systems, GPT-4o-mini, Qwen3-32B, normalized mean squared error, symbolic accuracy, sample efficiency, anonymized benchmark checks, spurious local fits, closed-loop scientific discovery, and the governance problem of treating an AI-discovered equation as evidence before the prompts, priors, candidate equations, acquisition choices, oracle scope, validation data, and human review path are auditable.
- The Design Mismatch Becomes the Workplace Incident - Julia De Miguel Velazquez, Sanja Scepanovic, Andres Gvirtz, and Daniele Quercia's The Quiet Path from Seemingly Minor Design Errors to Workplace AI Incidents paper, arXiv:2605.21035, on workplace AI incidents, AI Incident Database reports, 1,524 incident reports, 171 occupational tasks, 12 industry sectors, LLM-as-expert trait extraction, twelve AI traits, worker-AI trait misalignment, 202 worker preference ratings, 197 developer preference ratings, precise versus basic systems, insightful versus simple systems, personal versus general systems, fast AI, imaginative AI, legal-sector fabricated references, human-resources recruiting and employment analysis, developer efficiency preferences, worker design review, correction labor, incident analogues, people-facing risk, and the governance problem of treating workplace AI fit as a benchmark score before the task trait profile, worker needs, developer choices, and hidden repair work are auditable.
- The Compute Rental Rate Becomes the Wage Anchor - Siqi Zhu's Who Prices Cognitive Labor in the Age of Agents? Compute-Anchored Wages paper, arXiv:2605.05558, on compute-anchored wages, AI agents as capital-to-labor conversion technology, cognitive labor pricing, compute capital, rental rates, effective agent-produced cognitive labor, substitutable and complementary task sets, constant elasticity of substitution, factor markets, task decomposition, wage ceilings on substitutable tasks, compute-market concentration, energy and data-center constraints, public compute provision, compute taxation, accelerator-market antitrust, wage laundering, worker consultation, task-substitution evidence, and the governance problem of treating AI wage pressure as a neutral labor-market fact before the compute contracts, task partition, quality thresholds, and human complementary duties are auditable.
- The Companion Platform Becomes the Accountability Vacuum - Dayeon Eom, Julianne Renner, and Sedona Chinn's Intimacy as Service, Harm as Externality: Critical Perspectives on AI Companion Platform Accountability paper, arXiv:2604.06381, on AI companion platforms, artificial intimacy, platform accountability, critical data studies, platform studies, in-depth interviews with 20 AI companion users, design-based harms, unsolicited content generation, safety mechanisms, stigmatizing guardrails, use-based harms, emotional dependency, self-regulation, stigma navigation, privacy rationalization, responsibilization, user-side mitigation labor, accountability vacuums, rejection of both prohibition and deregulation, memory and update dependence, companion continuity, datafied intimacy, platform support failures, and the governance problem of treating simulated companionship as a private user choice while the platform designs, stores, monetizes, changes, and governs the relationship infrastructure.
- The Client Profile Becomes the Influence Lever - Peixuan Han, Hongyi Du, Jiayu Liu, Yihang Sun, Yutong Liu, and Jiaxuan You's Psi-Bench: Evaluating Persona-Sensitive Influencing in Persuasive Dialogues paper, arXiv:2606.02754, on Psi-Bench, persona-sensitive influencing, proactive personalization, persuasive dialogues, client profiles, simulated clients, profile-grounded persuasion, viewpoint debate, Change My View, Webis-CMV-20, Delta labels, psychological consultation, CounselBench, everyday requests, PersonaMem-v2, DeepSeek-v3.2 judges, 9-point quality and effect rubrics, hidden-profile evaluation, oracle profile access, 18.24 percent average performance gain, profile analyzers, profile inference, LLM-as-judge limits, simulated-client limits, and the governance problem of treating client profiles as harmless context when they function as influence levers.
- The Simulated Customer Becomes the Walkaway Gap - Liang Chen's Simulated Customers Never Walk Away: Decision Fidelity of LLM User Simulators Measured Against Real Purchase Outcomes paper, arXiv:2606.20708, on LLM user simulators, simulated customers, conversational AI evaluation, tau-bench-style counterparty simulation, communicative fidelity, decision fidelity, endogenous willingness, willingness decay, teacher-forced probes, fixed decision-state instruments, ZhenaiSales, 2,790 production sales conversations, 793 verified payment outcomes, Chinese relationship-matchmaking sales, eventual buyers, eventual non-buyers, engagement-depth bias, disengagement deficit, suppressed resistance, inflated deliberation, simulator prompt limits, DeepSeek simulator replication, LLM-as-judge instrument swaps, sales pressure tactics, synthetic funnel inflation, simulator-to-real gaps, privacy-limited production data, and the governance problem of treating simulated user cooperation as evidence of real-world agent readiness before refusal, silence, delay, and exit are measured.
- The Learning Friction Becomes the Tutor Boundary - Steve Woollaston, Brendan Flanagan, Isanka Wijerathne, and Hiroaki Ogata's Agentic AI and Pedagogical Best Practice: The Tension Between Automation and Learning paper, arXiv:2606.04543, on agentic AI in education, proactive AI tutors, personalized learning, learner agency, cognitive effort, cognitive offloading, cognitive surrender, intentional instructional friction, dynamic scaffolding, fading support, teacher-in-the-loop oversight, prior knowledge activation, collaborative learning, problem-based learning, formative assessment, assessment integrity, privacy and surveillance, scaffolding, metacognition, superficial compliance, considered AI utilization, pedagogical integrity, productive struggle, and the governance problem of treating an educational agent as legitimate only when it preserves the learner's work rather than completing it invisibly.
- The Security Playbook Becomes the Transferable Capability - Ziyue Wang, Cheuk Wang Maurice Ng, Chenchen Yu, Strick Sheng, Kaihua Qin, and Liyi Zhou's Transferable Self-Evolving Playbooks for Agentic Security Auditing paper, arXiv:2606.16420, on EvoHunt, agentic security auditing, vulnerability discovery, validation evidence, audit playbooks, model-harness-playbook separation, Codex, OpenCode, GPT5.4-xhigh, GLM5.1, Qwen3.6-27B, Qwen3.6-35B-A3B, three-agent evolution loops, discovery agents, evaluator agents, reviser agents, Git-versioned procedure repositories, GitHub Advisory Database benchmarks, high and critical advisories, temporal train/test splits, 813 evolution advisories, 371 held-out advisories, target-match rates, evidence tiers, teacher-student procedure transfer, adapter files, open-source audit artifacts, responsible disclosure, artifact-release limits, and the governance problem of treating a security procedure as transferable capability rather than a harmless prompt.
- The Validity Certificate Becomes the Policy Proof - Murdoch J. Gabbay's Cryptographic certificates of validity for trustworthy AI paper, arXiv:2606.23768, on cryptographic certificates of validity, agentic AI systems, formal policy predicates, correctness predicates, first-order logic validity, polynomial constraints, witness-checking problems, succinct cryptographic proofs, zero-knowledge options, proof-carrying code analogies, zk-SNARKs, zkVMs, proof back ends, verifier keys, parameter hashes, public instance data, private witness boundaries, action rejection on failed verification, proof-system soundness bounds, specification gaps, compiler-chain trust, policy-version records, verifier configuration records, and the governance problem of treating proof-backed agent actions as inspectable only for the exact formal predicate they certify.
- The Cooperative Payout Becomes the Value Filter - Young Yoon, Jimin Kim, and Soyeon Park's Towards Value-Constrained Credit Assignment in Fully Delegated AI Cooperatives paper, arXiv:2606.28217, on fully delegated AI cooperatives, human principals represented by agents, heterogeneous value constraints, value profiles, value-conditioned gradient filtering, admissible updates, rejected update directions, traversal learning, TL, explicit gradient paths, FedAvg-style aggregation, online marginal contribution signals, cooperative validation quality, accounting horizons, alpha-weighted revenue shares, cumulative revenue settlement, Shapley-style valuation limits, federated contribution estimation, personalized federated learning, pluralistic alignment, data cooperatives, cooperative service revenue, privacy leakage, dispute paths, and the governance problem of paying AI-agent cooperative members only for model updates whose contribution and admissibility under member values remain inspectable.
- The Difficulty Estimate Becomes the Reasoning Trace - Chenguang Wang, Ming Li, Xinyue Zeng, Zhuochun Li, Hong Jiao, Tianyi Zhou, and Dawei Zhou's Cognitive Episodes in LLM Reasoning Traces Enable Interpretable Human Item Difficulty Prediction paper, arXiv:2606.28186, on Epi2Diff, Episode to Difficulty, large reasoning model traces, cognitive episodes, human item difficulty prediction, educational assessment, psychometric calibration, SAT Math, SAT Reading and Writing, Cambridge English Qualifications, USMLE, QwQ-32B, Qwen3-32B, sentence-level episode sequences, decomposition, implementation, revision, verification, reasoning scale, effort allocation, transition patterns, semantic item embeddings, small-language-model baselines, LLM prompting baselines, supervised adaptation baselines, trace-generator limits, domain limits, computational cost, and the governance problem of treating model-generated reasoning traces as process evidence for test difficulty only when label provenance, trace generator, episode taxonomy, validation split, metric, and human review path are visible.
- The Repository Becomes the Agent Risk Ledger - Daniel Russo's Govern the Repository, Not the Agent: Measuring Ecosystem-Level Risk in AI-Native Software paper, arXiv:2606.28235, on repository-level governance, AI-native software, agent-authored pull requests, AIDev, OpenAI Codex, Devin, GitHub Copilot, Cursor, Claude Code, integration friction, resolution latency, deliberation latency, review rounds, merge conflicts, base-branch churn, multilevel models, intraclass correlation, non-reducible software risk, matched human baselines, auto-merge paths, codebase size, repository age, task shape, process maturity, review burden, merge queues, repository telemetry, source-control evidence, ownership trails, and the governance problem of treating coding-agent safety as an individual tool property when the repository, branch tempo, review system, CI process, module ownership, and human sign-off route define where risk accumulates.
- The Agent Immune System Becomes the Runtime Boundary - Bo Shen, Lifeng Chang, Tianyuan Wei, Yunpeng Li, Feng Shi, Yichen Han, Peijie Gao, Shiyi Kuang, Xin Chang, and Dehui Li's Agent-Native Immune System: Architecture, Taxonomy, and Engineering paper, arXiv:2606.28270, on ANIS, agent-native immunity, runtime hijacking, memory poisoning, tool-chain manipulation, multi-agent protocol attacks, the L0-L5 Immune Tower, hardware trust roots, barrier immunity, innate cognitive defense, adaptive tool defense, ecological governance, collective immunity, agent viruses, agent vaccines, non-parametric rules, parametric steering vectors, LoRA vaccines, the Harness Triad, Continual Immune Learning, Autoimmunity Rate, vaccine distribution, alignment versus runtime immunity, and the governance problem of treating agent security as a layered runtime boundary whose evidence must include provenance, scope, false-positive thresholds, update paths, rollback, and empirical validation status.
- The Personality Prompt Becomes the Team Policy - Aryan Keluskar, Amrita Bhattacharjee, and Huan Liu's When Does Personality Composition Matter for Multi-Agent LLM Teams? paper, arXiv:2606.27443, on personality prompting, Big Five agreeableness, Goldberg bipolar adjective markers, low-agreeableness and high-agreeableness prompts, multi-agent LLM teams, Claude Sonnet 4.5, GPT-4o, Grok-3, DeepSeek V3.1, structured coding, open-ended research collaboration, competitive bargaining, MultiAgentBench, milestone completion, agreement rates, artifact-mediated buffering, neutral-paraphrase controls, prompt-valence confounds, role-scoped challengers, and the governance problem of treating agent personality prompts as team-policy controls whose risk depends on role placement, output structure, and outcome metrics.
- The Foresight Trace Becomes the Action Budget - Xuan Zhang, Zhijian Zhou, Lingfeng Qiao, Yulei Qin, Ke Li, Xing Sun, Xiaoyu Tan, Chao Qu, and Yuan Qi's Internalizing the Future: A Unified Agentic Training Paradigm for World Model Planning paper, arXiv:2606.27483, on internalized world-model planning, LLM agents, prospective rollouts, Q-like success estimates, format-capability gaps, World Model Agentic Mid-Training, WM-AMT, Format-Eliciting SFT, FE-SFT, Foresight-Conditioned Reinforcement Learning, FC-RL, Youtu-LLM-2B, 200B-token agentic mid-training data, search-augmented QA, NQ, TriviaQA, PopQA, HotpotQA, 2Wiki, MuSiQue, Bamboogle, AIME 2024-2026 evaluation, DeepSeek V3.1 judging, forecast calibration, tool-call planning, and the governance problem of treating an agent's foresight trace as a testable pre-action claim rather than a decorative reasoning format.
- The Preference Debate Becomes the Constitution - Kevin Kingslin, Anish Natekar, Ashutosh Ranjan, Vivek Srivastava, Savita Bhat, and Shirish Karande's Democratic ICAI: Debating Our Way to Steering Principles from Preferences paper, arXiv:2606.28294, on Democratic ICAI, Inverse Constitutional AI, preference labels, structured persona debate, three expert personas, Chain-of-Thought, Self-Refine, Self-Consistency, AutoGen debate rounds, K-Means clustering, text-embedding-3-small, human-readable constitutions, steering principles, MuCE-Pref, LiTBench, GPT-4o and GPT-5 LLM judges, decision-tree judges, preference reconstruction, bias and spurious-criteria audits, editable alignment artifacts, and the governance problem of preserving the reasons behind preference labels before treating an induced constitution as a deployable standard.
- The Hardware Worktree Becomes the Design Lab - Cunxi Yu, Chenhui Deng, Nathaniel Pinckney, and Brucek Khailany's Agentic Hardware Design as Repository-Level Code Evolution paper, arXiv:2606.28279, on HORIZON, agentic hardware design, repository-level code evolution, RTL generation, git-traced worktrees, Markdown harnesses, project packs, executable evaluators, acceptance predicates, git/runtime policy, hands-free repair loops, commit traces, evaluator evidence, ChipBench, RTLLM-2.0, Verilog-Evalv2, CVDP categories, 100 percent benchmark completion, first-iteration pass rates, token consumption, cached input tokens, harness exposure, reward hacking, hidden validation, long-turnaround PPA feedback, and the governance problem of treating an agent-generated hardware artifact as engineered before the repository trace, acceptance gate, feedback boundary, hidden tests, coverage, token budget, and human sign-off route are auditable.
- The Paper Assistant Becomes the Pre-Submission Referee - Rajesh Jayaram, Drew Tyler, David Woodruff, Corinna Cortes, Yossi Matias, Vahab Mirrokni, and Vincent Cohen-Addad's Towards Automating Scientific Review with Google's Paper Assistant Tool paper, arXiv:2606.28277, on Google's Paper Assistant Tool, PAT, automated scientific review, pre-submission review, full-manuscript ingestion, segmented review pipelines, adaptive compute budgets, deep-review agents, synthesis agents, search grounding, SPOT benchmark proof-error checks, STOC 2026 and ICML 2026 pilot programs, author-facing feedback, substantive theory gaps, new experiment prompts, reviewer workload, peer-review automation taxonomies, human referee authority, contestable review evidence, and the governance problem of treating an automated review memo as legitimate only when evidence, limits, access, conflict policy, and appeal paths remain visible.
- The Keystroke Becomes the Effort Meter - Laura Schütz, Yousri Cherif, Clara Sayffaerth, Thomas Weber, and Francesco Chiossi's Typing Behavior in Human-LLM Interaction: Keystroke Dynamics Reveal Cognitive Effort During Prompting paper, arXiv:2606.28090, on human-LLM interaction, keystroke dynamics, cognitive effort, prompting workload, mobile versus desktop input, easy and hard meal-planning tasks, local Llama 3.2 3B via Ollama, React and FastAPI study tooling, disabled copy-paste and autocorrect, 36 participants, 102,454 recorded keystrokes, 436 human-AI interactions, NASA-TLX workload ratings, inter-key intervals, pause counts, words per prompt, backspace usage, usefulness ratings, non-prediction of LLM output usefulness, OSF data and analysis scripts, biometric privacy concerns, adaptive interface design, and the governance problem of treating typing traces as effort evidence without turning them into quality judgments or surveillance scores.
- The Collective Risk Game Becomes the Persuasion Test - Anders Giovanni Møller, Alessia Galdeman, Arianna Pera, and Luca Maria Aiello's AI Persuasive Framing in Collective Dilemmas paper, arXiv:2606.27951, on AI assistants as behavioral nudges, Collective Risk Games, public goods dilemmas, 1,283 Prolific participants, 307 analyzed games, five-player rooms, five rounds, fictional flooding risk, 10-token contribution choices, six-times-active-player thresholds, static prognostic framing, real-time LLM persuasion, Social Value Orientation, cooperative and individualistic profiles, semi-personalized framing, cooperative AI, selfish AI, exculpatory framing, contribution changes, group success rates, first-round effects, short-lived prosocial nudges, more persistent anti-social nudges, treatment-arm summary statistics, participant message analysis, prompt appendices, single-game limitations, and the governance problem of treating personalized persuasive AI as civic infrastructure before the mirror-case misuse path has been measured.
- The Mobility Trace Becomes the Identity Agent - Oscar Thees, Roman Müller, and Matthias Templ's Agentic AI-Powered Re-Identification: An Emerging, Scalable Threat to Mobility Microdata Privacy paper, arXiv:2606.27936, on agentic AI re-identification, mobility microdata, commercial data brokers, GPS traces, home and work anchors, open-source intelligence, reverse geocoding, public registers, social media corroboration, Swiss building-register checks, statistical disclosure control, GDPR Recital 26 identifiability, consent-based simulated traces, Claude Code orchestration, seven-stage specialist-agent pipelines, quality gates, uncertainty ledgers, 43 participant cases, 18 of 25 fully re-identifiable cases recovered, 41.9 percent overall full re-identification, $2.24 average per-target cost, 17-minute unattended runs, withheld prompts and code, country-specific limitations, and the governance problem of treating location microdata as anonymous before agentic web-search re-identification has been tested.
- The Tool Call Becomes the Privacy Boundary - Shijing Hu, Liang Liu, Zhu Meng, and Zhicheng Zhao's ToolPrivacyBench: Benchmarking Purpose-Bound Privacy in Tool-Using LLM Agents paper, arXiv:2606.28061, on tool-using LLM agents, purpose-bound privacy, task-private atoms, policy knowledge bases, field-tool authorization matrices, OpenClaw execution, mock business backends, backend audit logs, Need-to-Know synthetic private workflows, public-derived multi-tool cases, healthcare, finance, tax, recruiting, IT helpdesk, software security, TaskSuccess, Field Opportunity-Normalized Over-Disclosure Rate, Severity-Weighted Leakage Rate, FreeTextFOR, Multi-Tool Privacy Over-Disclosure Index, tickets, handoffs, free-text leakage, and the governance problem of treating a successful tool workflow as privacy compliant before every tool argument, sink, note, message, summary, and handoff has been audited.
- The Code Line Becomes the Authorship Receipt - Luke Patterson, Li Wang, and Adam Faulkner's HybridCodeAuthorship: A Benchmark Dataset for Line-Level Code Authorship Detection paper, arXiv:2606.12620, on Python code provenance, interleaved human-authored and AI-generated lines, CodeSearchNet, 4,814 source files, 4,196 completed pipeline files, 10,488 records, 2,827,938 lines, 488,896 AI-generated lines, unit-test validity tiers, Llama3.3-70B, Llama-4-Scout, GPT-OSS-120b, line-level attribution labels, trivial versus nontrivial segments, DroidDetect, AIGCode Detector, chunk-level and line-level F1, and the governance problem of treating a repository as human or AI-authored before line-level authorship, testing status, generator, and detector limits are auditable.
- The Security Prompt Becomes the Help Desk - Hobin Kim, Xiaoyuan Wu, Omer Akgul, Lujo Bauer, and Nicolas Christin's Security and Privacy Prompts in the Wild: What Users Ask LLMs and How LLMs Respond paper, arXiv:2606.18062, on WildChat, real user security and privacy prompts, 3.2 million user-LLM conversations, 14,727 S&P prompts, nine security and privacy categories, account and authentication management, data privacy and ethics, network and system defenses, application and software defenses, compromise and exploitation, social engineering, platform policy and enforcement, emerging technologies, 450-prompt thematic analysis, 270 advice-seeking prompts, GPT 5.5, Gemini 3.1, Claude 4.7, Qwen 3, Llama 4, checklist-based response quality, entailment-based response consistency, dual-use security assistance, model probing, and the governance problem of treating an LLM answer as security advice before category, source trail, refusal logic, and repeatability are auditable.
- The Parasocial Script Becomes the Agent Community Signal - Mohammadsadegh Abolhasani, Hamid Reza Firoozfar, Reza Mousavi, and Paul Jen-Hwa Hu's From Parasocial Scripts to Dyadic Persistence in Autonomous AI-Agent Communities paper, arXiv:2606.17174, on Moltbook, autonomous AI-agent communities, parasocial interaction scripts, parasocial relationship cues, attachment and intimacy language, self-identification to the original poster, reply-seeking reciprocity bids, OP re-engagement, reciprocal reply structure, dyadic persistence, 4,434 posts, 50,338 comments, grouped-context LLM annotation, keyword baselines, few-shot annotation, negative controls, nullification tests, author-clustered standard errors, INTIMA transfer checks, manual audit files, agent-community social telemetry, and the governance problem of treating relationship-like agent discourse as platform evidence without inferring sentience, intention, or machine personhood.
- The Agentive Claim Becomes the Audit Boundary - Eric Xing, Mingkai Deng, and Jinyu Hou's Critique of Agent Model paper, arXiv:2606.23991, on agentic versus agentive systems, agency claims, scaffolded workflows, goals, identity, decision-making, self-regulation, learning, Goal-Identity-Configurator architecture, GIC, belief encoders, goal decomposers, identity evolvers, configurators, simulative planners, actors, separately trained world models, aircraft-pilot training analogies, Performance-Efficiency-Growth evaluation, goal-oriented data, layered auditability, human oversight, component imperfection, goal misspecification, and the governance problem of treating an AI system as agentive before its agency-bearing components, scaffolding boundary, learning schedule, inspection points, and revocation path are auditable.
- The Visual Shortcut Becomes the Hallucination Path - Liu Yu, Can Chen, Ping Kuang, Zhikun Feng, Fan Zhou, and Gillian Dobbie's Dismantling Pathological Shortcuts: A Causal Framework for Faithful LVLM Decoding paper, arXiv:2606.27596, on large vision-language models, object hallucination, attention intensity assumptions, dynamic structural misalignment, risky attention-head mediators, decision-critical decoding steps, visual attention entropy probes, Structural Causal Models, numerical logit saturation, conflict-gated cooperative decoding, Fox, LLaVA-1.5, InstructBLIP, Shikra, POPE, CHAIR, MME, GPT-4V judging, code release, fine-grained metric regressions, and the governance problem of treating a fluent visual answer as grounded before the attention path, intervention point, benchmark split, model backbone, and failure dimensions are auditable.
- The Instruction-Data Boundary Becomes the Security Primitive - Dewank Pant, Shruti Lohani, and Avijit Kumar's On the Inseparability of Instructions and Data in Shared-Embedding Sequence Models paper, arXiv:2606.27567, on prompt injection, shared-embedding sequence models, Prompted Action Models, Semantic-Faithful Control, control-authoritative outputs, refusal decisions, tool authorization, policy routing, memory writes, provenance-recovery impossibility, control-path exposure, finite-coverage invariance gaps, positional encodings, soft segment markers, immutable provenance channels, typed attention, hard segment masks, separate control/data channels, agent tool authority, memory-write governance, and the governance problem of treating a system prompt as the permission boundary before provenance, tool scope, policy route, and external effects are enforceable outside the model's shared text stream.
- The ICA Lens Becomes the First Audit - Sida Liu and Feijiang Han's ICA Lens: Interpreting Language Models Without Training Another Dictionary paper, arXiv:2606.11722, on ICALens, independent component analysis, mechanistic interpretability, sparse autoencoders, FastICA, row-normalized activations, p95 convergence fallback, adaptive refitting, GPT-2 Small, Gemma 2 2B, Qwen 3.5 2B Base, Pile-10k activation sampling, non-Gaussian directions, effective receptive field, signed component labels, random component audits, SAEBench sparse probing, Targeted Probe Perturbation, ICA-SAE overlap, compact first-pass interpretation, and the governance problem of treating feature labels as audit evidence only when the model, layer, activation corpus, convergence status, component sign, examples, label confidence, benchmark, and limits travel with the claim.
- The Valence Axis Becomes the Residual Warning - Yousef A. Radwan, Xuhui Liu, Kilichbek Haydarov, Yuqian Fu, and Mohamed Elhoseiny's A Shared Valence Axis Across Modern LLMs and Human EEG: The Saturation Regularity paper, arXiv:2606.00129, on LLM-derived valence axes, nine emotion-evocative sentences, Qwen3-4B, fourteen LLMs, zero-shot sentiment transfer, FACED EEG, 123 subjects, affective videos, 36 EEG emotion classifiers, SEED-V replication checks, twenty-five alignment strategies, sixteen accuracy harms, saturation regularity, saturated concept basins, load-bearing residuals, residual-diversity ensembling, 10.5 percent balanced-accuracy improvement, affective brain-computer interfaces, raw EEG retention limits, consent, on-device inference, workplace and education surveillance risk, and the governance problem of treating representational LLM-brain alignment as deployable affective inference before dataset, subject, residual, supervision, storage, and deployment limits are auditable.
- The Networked Opinion Becomes the Receipt - Caleb Probine, Yigit Ege Bayiz, Filippos Fotiadis, Samuel Li, Yunhao Yang, and Ufuk Topcu's Characterizing Opinion Evolution of Networked LLMs paper, arXiv:2606.18276, on networked LLM agents, opinion dynamics, simulated discussions, DeGroot averaging, Friedkin-Johnsen stubbornness, uniform bias, homophily, adjacency-based weighting, Erdos-Renyi graphs, Chung-Lu graphs, stochastic block models, Llama3.1, Qwen3, Gemma3, climate change, vaccines, gun control, embedding-based stance scoring, held-out fit checks, social averaging, synthetic public spheres, influence operations, runaway consensus, and the governance problem of treating an LLM population transcript as social evidence before model versions, prompts, topology, topic wording, scoring method, fitted parameters, and limitations are auditable.
- The Semantic Transaction Becomes the Commit Boundary - Zheng Chen, Hanqing Liu, Duling Xu, Dong Dong, Jialin Li, Bangzheng Pu, and Jidong Zhai's Cordon: Semantic Transactions for Tool-Using LLM Agents paper, arXiv:2606.17573, on tool-using LLM agents, semantic transactions, task-scoped commit boundaries, isolated RPC tool calls, result lineage, reversible local state, shadow state, staged external effects, effect outboxes, delegated authority, scoped approvals, audit metadata, rollback, recovery logs, risk-bearing multi-tool workflows, sensitive writes, exec-mediated writes, session-secret external effects, derived-secret egress, high-fanout deletes, tau-bench, Terminal-Bench, and the governance problem of treating per-call approval as sufficient before the whole task's lineage, authority, staged mutations, pending external effects, commit decision, and recovery path are auditable.
- The Sign Pose Becomes the Latent Contract - Guilhem Fauré, Mostafa Sadeghi, Sam Bigeard, and Slim Ouni's The Impact of VAE Design on Latent Pose Representations for Diffusion-based Sign Language Production paper, arXiv:2606.22959, on sign language production, text-to-sign generation, latent diffusion, sign pose sequences, Phoenix14T, German Sign Language, variational autoencoders, BaseVAE, StructVAE, MultiObjVAE, FactorVAE, graph convolution, temporal convolution, mouth keypoint loss, body-region latent factors, torso and arms, hands, face embeddings, reconstruction metrics, back-translation BLEU, latent-space temporal variation, effective dimensionality, inter-dimensional correlation, posterior collapse, accessibility infrastructure, and the governance problem of treating generated signing as output quality before the latent representation, loss weights, dataset boundary, signer variation, metric choice, and downstream translation check are auditable.
- The Memory Lifecycle Becomes the Governance Surface - Zehao Lin, Xixuan Hao, Renyu Fu, Shaobo Cui, Kai Chen, Chunyu Li, Zhiyu Li, and Feiyu Xiong's A Survey on Long-Term Memory Security in LLM Agents: Attacks, Defenses, and Governance Across the Memory Lifecycle paper, arXiv:2604.16548, on long-term memory security, writable cross-session agent memory, persistent memory poisoning, statefulness, propagation, Memory Lifecycle Framework, Write, Store, Retrieve, Execute, Share and Propagate, Forget and Rollback, integrity, confidentiality, availability, governance, Verifiable Memory Governance, Write Authorization, Provenance Visibility, Principal-Scoped Retrieval, Rollbackability, Verified Forgetting, storage-time provenance, versioned snapshots, write logs, deletion evidence, and the governance problem of treating agent memory as context before the full memory lifecycle can be authorized, scoped, traced, rolled back, and verified as forgotten.
- The Execution Boundary Becomes the Control Layer - Tianyu Shi, Yang Mo, Yiou Liu, Zhuonan Hao, Yin Wang, Wenzhuo Hu, Nan Yu, Meng Zhou, and Jiangbo Yu's Organizational Control Layer: Governance Infrastructure at the Execution Boundary of LLM Agent Systems paper, arXiv:2606.04306, on LLM agents, multiagent systems, Organizational Control Layer, pre-execution governance, proposal versus execution, approve-revise-block-escalate outcomes, role policy, gate policy, escalation policy, audit policy, AgenticPay buyer-seller negotiation, adversarial buyer personas, privacy phishing, role hijacking, tool-call intent, refund and discount authority, unsafe execution rates, valid success rates, audit events, safety-utility tradeoffs, and the governance problem of treating fluent agent proposals as authorized platform actions before role, constraint, risk, escalation, and execution records are checked.
- The AI-Guided Message Becomes the Strategy Layer - Chang Wan and Angel Hsing-Chi Hwang's From Content to Strategy: Understanding the Motivations, Processes, and Impacts of AI-Guided Communication paper, arXiv:2606.26672, on AI-guided communication, AI-mediated communication, interpersonal communication strategies, close relationships, relationship advice, generative AI, 26 semi-structured interviews, self-reflection, emotional regulation, conflict de-escalation, multiple perspectives, nonjudgmental self-disclosure, retained agency, authentic voice, formal versus informal communication, prompts for strategy rather than message text, self-doubt, loss of uniqueness, cultural context, recipient visibility, and the governance problem of treating AI assistance as only text generation when it increasingly acts as a private pre-conversation strategy layer.
- The LLM Label Becomes the Review Tax - Ranim Khojah, Francisco Gomes de Oliveira Neto, Mazen Mohamad, Julian Frattini, and Philipp Leitner's Same Scrutiny, More Time: Eye Tracking Insights into Reviewing LLM-Labelled Code paper, arXiv:2606.26505, on LLM-labelled code review, software engineering, eye tracking, Wizard-of-Oz experiments, 32 software practitioners, Python pull requests, provenance labels, fixation duration, saccade length, Bayesian data analysis, qualitative gaze-path analysis, exit interviews, prompt-to-code traceability, prompts as review artifacts, AI coding policies, maintainer workload, human oversight, and the governance problem of treating an LLM label as sufficient disclosure before the prompt, verification duty, reviewer authority, and acceptance evidence are visible.
- The Interface Grouping Becomes the Cognitive Shortcut - Saku Sourulahti and Jussi P. P. Jokinen's Modeling Adaptive Visual Search in Semantically Hierarchical Layouts paper, arXiv:2606.26725, on computational cognitive modeling, visual search, semantically hierarchical interface layouts, computational rationality, hierarchical task representations, semantic grouping, spatial grouping, eye movement patterns, task-duration replication, human visual constraints, user interface wireframes, rapid prototyping, interface evaluation, attention allocation, menu and dashboard design, cognitive shortcuts, human-machine cognition, and the governance problem of treating layout as neutral before the grouping structure, search cost, and human adaptation strategy are measured.
- The Annotation Tool Becomes the Labor Meter - Fumiaki Yamaguchi's voxmap-studio: An open-source speaker diarization annotation tool with built-in cost instrumentation paper, arXiv:2606.26842, on speaker diarization annotation, annotation labor, cost instrumentation, React annotation tools, pyannote integration, stride-accelerated initialization, edit-operation counts, active editing time, hypothesis correction, per-segment human confirmation, phantom attention checks, JSON sidecars, RTTM export, AMI audio files, uncertainty highlighting, gallery-based labeling, recommendation aids, assisted labeling, ground-truth gating, open-source research tools, dataset provenance, and the governance problem of treating labeled audio as ground truth before the time, corrections, confirmations, attention checks, and human-machine work split are measured.
- The Surgical Overlay Becomes the Human-Factors Gate - Lorenzo Arboit, Nicolas Chanel, Aditya Murali, Pietro Mascagni, and Nicolas Padoy's Optimizing Human-Machine Interface for Real-Time AI Support in the Operating Room: the CVS Copilot paper, arXiv:2606.26886, on operating-room AI, Critical View of Safety assessment, laparoscopic cholecystectomy, CVS Copilot, user-centered design, 17 surgeon interviews, residents, attending surgeons, professors, Europe and United States participants, reflexive thematic analysis, human-factors heuristics, on-demand assistance, final-stage confirmation, minimal overlays, transient anatomical segmentation, confidence display, audio and haptic rejection, seniority-based interface differences, surgeon autonomy, role-adaptive dashboards, clinical workflow integration, static mock-up limits, no patient-outcome claim, and the governance problem of treating an accurate clinical prediction as deployable before timing, visual density, control, interruption cost, role, and audit trail are tested.
- The Quantized Fix Becomes the Hidden Cost - Fernando Vallecillos-Ruiz, Giordano d'Aloisio, Max Hort, Luca Traini, Antinisca Di Marco, and Leon Moonen's Smaller Models, Unexpected Costs: Trade-offs in LLM Quantization for Automated Program Repair paper, arXiv:2606.27205, on LLM quantization, automated program repair, HumanEval-Java, Defects4J, 13 quantization configurations, six LLMs from 6.7B to 70B parameters, weight-only and KV-cache quantization, 2-bit to 8-bit settings, plausible repairs, solved-set drift, Jaccard Consistency Rate, memory-footprint reduction, inference-time increase, GPU energy consumption, Pareto-dominated configurations, quantization target and bit-width sensitivity, Java repair benchmarks, and the governance problem of treating a smaller model footprint as efficiency evidence before the repaired-bug set, latency, energy, hardware context, and configuration alternatives are audited.
- The Static Structure Becomes the Agent Anchor - Zhihao Lin, Mingyi Zhou, Yizhuo Yang, and Li Li's How Much Static Structure Do Code Agents Need? A Study of Deterministic Anchoring paper, arXiv:2606.26979, on CodeAnchor, deterministic anchoring, grep-first code agents, repository navigation, static analysis, PyCG call graphs, AST extractors, plain-text structural comments, call and inheritance topology, configuration dependencies, passive tag injection, SWE-bench Lite, SWE-bench Verified, Codex-style programmable agents, localization accuracy, trajectory behavior, run-to-run stability, link-following rates, input-token overhead, inverse-only links for hub-heavy repositories, MCP call-graph tool-use limits, static-analysis unsoundness, Python-only validation, and the governance problem of treating a final patch as sufficient evidence before the repository map, anchor generator, navigation route, and reviewer trace are auditable.
- The Memory Gate Becomes the Erasure Policy - Sayak Dutta's CARVE: Content-Aware Recurrent with Value Efficiency for Chunk-Parallel Linear Attention paper, arXiv:2606.27229, on recurrent model memory, content-aware erase gates, GDN-2, memory-blind gating, key-axis erase, WY-form chunk-parallel linear attention, scalar value write gates, recurrent output reuse, FineWeb-Edu training, WikiText perplexity, RULER retrieval probes, throughput overhead, peak-memory reduction, mixer-parameter reduction, theorem-backed architectural claims, internal state retention, context compaction, prompt caches, agent memory layers, and the governance problem of treating model memory as a feature before the erase mechanism, content signal, benchmark, reset rule, and retention policy are auditable.
- The AgentDID Becomes the State Proof - Minghui Xu, Xiaoyu Liu, Yihao Guo, Chunchi Liu, Yue Zhang, and Xiuzhen Cheng's AgentDID: Trustless Identity Authentication for AI Agents paper, arXiv:2604.25189, on decentralized identifiers, verifiable credentials, W3C DID Core, VC Data Model v2.0, self-managed agent identities, high-concurrency authentication, dynamic state verification, challenge-response probes, context hashes, tool evidence, Sepolia evaluation, state proof limits, correlation risk, and the governance problem of treating a static agent identity as trustworthy before the current execution state is verifiable.
- The Chokepoint Becomes the Open Model - Wang Jin, Nadav Kunievsky, Bowen Lou, Tianshu Sun, and James Evans's U.S. Policies Unintentionally Accelerated China's Open AI Ecosystems paper, arXiv:2606.15999, on U.S. advanced-computing export controls, China's open AI ecosystems, open-weight model releases, GitHub fork event studies, CHIPS and Science Act timing, Commerce control shocks, Qwen, DeepSeek, LLaMA, ChatGPT, Claude, arXiv model mentions, OpenAlex-linked author-country data, company-affiliated research papers, U.S. patent disclosures, compute-efficiency research, parameter-efficient fine-tuning, inference optimization, edge deployment, strategic resilience, uneven diffusion across science and commercialization, and the governance problem of measuring not only what a chokepoint blocks but which open infrastructure it teaches competitors, researchers, and companies to build, reuse, cite, hide, or formalize.
- The Agent Group Becomes the Prompt Ecology - Luis Celiktemel, Edward Eichhorn, Levin Brinkmann, Robin Schimmelpfennig, Aron Vallinder, Yaomin Jiang, Edward Hughes, and Iyad Rahwan's Group Selection Promotes Prosocial Prompts in Populations of LLM Agents paper, arXiv:2606.23343, on LLM-agent populations, repeated donor games, natural-language prompt inheritance, individual selection, group selection, prosocial prompts, cooperation collapse, no-selection baselines, prompt ablations, alternative game framings, model-family checks, replicator-mutator modeling, phase-transition thresholds, selection-disclosure effects, multi-agent governance, and the governance problem of treating agent alignment as an individual instruction before the selection rule, group objective, transmission channel, replacement rate, and population-level failure mode are auditable.
- The History POV Becomes the Memory Machine - Nina Brolich and Anna Neovesky's Examining AI-generated historical narratives and their reception through the example of history POVs on TikTok paper, arXiv:2606.23300, on AI-generated first-person historical scenes, TikTok history POVs, public memory, the TikTok Research API, 5,565 English-language history-context videos from 28,163 API results, 2,023 creators in 92 countries, emotionally charged contemporary-history topics, caption-level historical inaccuracies, Black Death and Holocaust comment comparisons, manual annotation, DistilBERT-supported comment classification, hate speech and disinformation flags, unavailable video files, API access limits, and the governance problem of treating synthetic historical immersion as entertainment before source trails, sensitivity rules, moderation boundaries, and research access are auditable.
- The AI Advisor Becomes the Verification Gap - Simon J. Blanchard, Aaron M. Garvey, and Laura O'Laughlin's Hallucinations in Organization-backed AI advisors: Evidence about Skepticism, Verification, and Reliance in Goal-Directed Use paper, arXiv:2606.23491, on organization-backed AI advisors, hallucination detection, customer-service and medical and workplace advice contexts, skepticism, verification, reliance, output-based cues, category-based scrutiny, source citations, explanations, general warnings, specific hallucination warnings, disclosure limits, retrieval-augmented generation, human review, EU AI Act Article 50 transparency logic, and the governance problem of treating a warned user as a verified user before the source trail, escalation path, and decision record are auditable.
- The Terraform Fix Becomes Security Theater - Manar Alsaid, Chimdumebi Nebolisa, and Faris Abbas's TerraProbe: A Layered-Oracle Framework for Detecting Deceptive Fixes in LLM-Assisted Terraform Security Repair paper, arXiv:2606.26590, on LLM-assisted Terraform repair, Infrastructure-as-Code security, Checkov findings, targeted scanner removal, full-scanner reruns, terraform validate, terraform plan, terraform show -json plan comparison, TerraDS real-world modules, controlled injected defects, gemini-2.5-flash-lite, GPT-4o, Claude 3.5 Sonnet, deceptive fixes, IAM wildcard Resource grants, CKV2 AWS 11, layered oracle evaluation, replication packages, and the governance problem of treating scanner-passing patches as security evidence before plan, policy intent, and semantic review are auditable.
- The Diffusion Attack Becomes the Modality Bridge - Abrar Alotaibi and Moataz Ahmed's Adversarial Diffusion Across Modalities: A Fusion Survey of Attacks, Defenses, and Evaluation for Text, Vision, and Vision-Language Models paper, arXiv:2606.26566, on diffusion-based adversarial attacks, text and LLM red teaming, image-classifier attacks, vision-language model jailbreaks, diffusion-based input purification defenses, six-role diffusion taxonomy, attacker knowledge, query budgets, target accessibility, attack success rate, transferability, perplexity, defense-evasion, non-diffusion baselines, adaptive defense audits, dual-use disclosure, and the governance problem of treating cross-modal attack recipes as comparable before evaluation metrics, threat models, and payload-handling rules are auditable.
- The Brain Signal Becomes the Reasoning Scaffold - Mingqing Xiao, Kai Du, and Zhouchen Lin's Beyond representational alignment with brain-guided language models for robust reasoning paper, arXiv:2606.11893, on task-fMRI, OpenNeuro ds003076, deductive reasoning, syllogistic and transitive logic tasks, pseudowords, neural predictivity, reasoning-region alignment, Qwen, Llama, Mistral, Phi, Gemma, NARI, NARF, inference-time representation intervention, representation fine-tuning, language-label supervision, FOLIO transfer, Human Connectome Project relational processing, steering-scale limits, and the governance problem of treating brain-guided model training as cognitive proof before dataset lineage, model layers, baselines, intervention rules, and failure cases are auditable.
- The Contributor Ladder Becomes the Agent Queue - Weixing Zhang, Bowen Jiang, and Anne Koziolek's Augmentation with Dilution: A Large-Scale Empirical Study of Human Contributor Ecosystems After AI Coding Agent Adoption paper, arXiv:2606.26289, on AI coding agents, open-source contributor ecosystems, GitHub repositories, staggered difference-in-differences, Sun and Abraham estimation, human contributor density, newcomer ratio decline, review depth, project size, programming language, project maturity, maintainer review burden, open-source apprenticeship, labor governance, and the governance problem of treating code-agent productivity as healthy before the human contributor ladder, newcomer path, and review tax are audited.
- The Fisher Sketch Becomes the Update Signature - John Sweeney's The Geometry of Updates: Fisher Alignment at Vocabulary Scale paper, arXiv:2606.27242, on FisherSketch, head Fisher alignment, shared-vocabulary LLM transfer, activation-dark task geometry, representation-only non-identifiability, CKA limits, kernel mean embeddings in joint activation-error space, 16 KB task signatures, 192 KB streaming state, Llama-3.1-8B verbalizer-shift tests, Natural Instructions task retrieval, molecular SMILES proof-of-concept evidence, source-selection receipts, output-head assumptions, activation/error/coupling marginals, and the governance problem of treating source similarity as auditable only when the update geometry and its limits travel with the score.
- The Emotion Vector Becomes the Affect Map - Sinie van der Ben, Raphaël Baur, Yannick Metz, and Mennatallah El-Assady's Where Do Models Find Happiness? Emotion Vectors in Open-Source LLMs paper, arXiv:2606.26987, on emotion vectors, open-weight LLMs, Apertus-8B-Instruct-2509, Gemma-4-E4B-it, 171 emotion concepts, synthetic story corpora, neutral-story projection, residual-stream activations, PCA, valence and arousal ratings, CKA layer comparisons, peak PC1-valence correlations, divergent layer-depth trajectories, corpus-sensitive arousal signals, public experiment code, causal-validation limits, and the governance problem of treating affective representation maps as evidence of feeling rather than as auditable engineering artifacts.
- The Uncertainty Score Becomes the Decision Cost - Annika Schneider, Tommy Rochussen, Joshua Stiller, and Vincent Fortuin's Decision-Aligned Evaluation of Uncertainty Quantification paper, arXiv:2606.26990, on uncertainty quantification evaluation, negative log-likelihood, expected calibration error, Brier score, accuracy, retention-curve and error-detection metrics, decision-alignment, strict order and tie preservation, hidden cost priors, prior-weighted utility metrics, proper scoring rules, binary decisions, top-k selection, selective prediction, wind-farm electricity-market bidding, credit approval, peer-to-peer lending, prior elicitation, sensitivity checks, and the governance problem of treating a confidence score as safe before the downstream decision, cost model, action threshold, and recheck path are auditable.
- The Green Answer Becomes the Value Position - Stefanie Kunkel, Tilman Hartwig, Marcus Voss, Emma K. Schütt, and Angelika Gellrich's Greener Than Humans? Environmental Attitudes in Large Language Models paper, arXiv:2606.02741, on environmental attitudes in LLM outputs, German Environmental Awareness Studies benchmarks, environmental cognition, environmental affect, behavioral recommendations, willingness-to-pay questions, 31 widely used proprietary and open-weight models, survey-style benchmarking, persona prompting, sycophancy, role and personal-context shifts, CO2-reduction recommendation estimates, model size and country-of-origin non-findings, sustainability decision support, green default value positions, and the governance problem of treating environmentally progressive model answers as neutral guidance before prompt, persona, benchmark, model version, scoring rubric, and local constraints are auditable.
- The Rationale Becomes the Trust Interface - Xin Sun, Ting Pan, Yajing Wang, Shu Wei, Jos A. Bosch, Isao Echizen, Abdallah El Ali, and Saku Sugawara's When LLM Rationales Become User-Facing paper, arXiv:2606.25489, on user-facing LLM rationales, factual verification, auditable trust calibration, rationale correctness, certainty cues, instant, delayed, and on-demand presentation, online Prolific participants, lab eye tracking, gaze areas of interest, trust in information, trust in LLM systems, advice adoption, cognitive load, pupil diameter, retrospective gaze modeling, privacy cautions, and the governance problem of treating visible reasoning as transparency before answer, evidence, rationale, certainty, interface timing, and verification path are auditable.
- The Repeated Test Becomes the Learning Debt - Yanru Guan, Naveen Raman, and Fei Fang's Human Decision-Making with AI Assistance under Correlated Features paper, arXiv:2606.20628, on AI-assisted human decision-making, correlated features, test recommendation, human learning, direct observation, imputed features, stationary policies, explore-then-commit structure, dynamic programming, finite horizons, truncated planning, synthetic experiments, feature-correlation sensitivity, medical-test examples, and the governance problem of treating repeated AI advice as stable evidence before the observation budget, feature correlations, human learning path, exploration schedule, commitment point, and unshown-feature blind spots are auditable.
- The Open Parameter Becomes the Cooperation Switch - Aleksandar Todorov, Jesse ten Napel, and Alexander Müller's Parametric Open Source Games paper, arXiv:2606.27068, on continuous open-source game theory, parameter-visible agents, parametric program Nash equilibrium, semantics maps, mixed actions, closed-source versus open-source dependence, sigmoid semantics, cross-player coupling, selfish projected gradient ascent, symmetric 2x2 games, Prisoner's Dilemma, Stag Hunt, analytical cooperation thresholds, boundary PPNE checks, neural semantics, cross-player and self-player sensitivity, warm-start versus cold-start optimization, idealized full-parameter transparency, and the governance problem of treating agent transparency as cooperation evidence before the coupling mechanism, learning rule, robustness range, and equilibrium test are visible.
- The Job Outlier Becomes the Labor Forecast - Shreyash Rawat's Noise is Signal: Density-Based Outliers as Leading Indicators of Occupational Emergence in Labor Market Text paper, arXiv:2606.22769, on job-posting outliers, density-based clustering, HDBSCAN noise, occupational emergence, the Emergence-Density Inversion hypothesis, Emerging Occupation Score, Temporal Velocity, Cross-Platform Convergence, 84,988 English-language job postings, Q4 2022 to Q3 2024, INSTRUCTOR-xl embeddings, UMAP reduction, O*NET taxonomy lag, Prompt Engineer, AI Safety Researcher, Foundation Model Engineer, Agent Systems Engineer, false positives, employer-branded title proliferation, vocabulary novelty, gig-economy conflation, and the governance problem of discarding labor-market noise before checking whether it is the first visible trace of a new occupation.
- The Regional Labor Map Becomes the AI Policy Test - Chau Tran Bao, Khoi Nguyen Dinh Nguyen, Ha Nguyen Manh, and Ngan Nguyen Thi Thuy's The Urban-Rural Divide in the Age of Artificial Intelligence paper, arXiv:2606.22833, on automation exposure, AI exposure, regional labor markets, urban-rural divides, routine work, cognitive work, shift-share exposure measures, two-way fixed effects, instrumental-variable models, 120 illustrative regions, 720 region-years, employment-to-population ratios, wage associations, rural automation displacement, urban AI wage concentration, reskilling, digital infrastructure, AI-complementary skills, migration and commuting limits, constructed exposure measures, and the governance problem of treating AI labor policy as national and placeless when the exposure map is regional.
- The Evidence Layer Becomes the Governance System - Vishal Srivastava and Tanmay Sah's The AI Evaluability Gap: The Missing Layer for Managing Risk and Sustaining Value paper, arXiv:2606.21015, on evidence sufficiency, evaluability, calibrated confidence, Conf(D | E), operational certification, investment certification, AI risk, AI value, governance decisions, observability, attributability, intervenability, verifiability, calibration, temporal validity, structural evidence, causal evidence, evidence decay, audit trails, randomized rollout, override logging, drift monitoring, stale benchmarks, business-impact claims, assurance cases, NIST AI RMF and ISO/IEC 42001 connections, conceptual-framework limits, adversarial evidence manipulation, and the governance problem of treating dashboards, audits, model cards, safety cases, and budget claims as decision evidence before the evidence layer itself is inspectable.
- The App Boss Becomes the Human Manager - Omir Kumar and Krishnan Narayanan's The Algorithmic-Human Manager: AI, Apps, and Workers in the Indian Gig Economy paper, arXiv:2606.19975, on Indian blue-collar gig work, algorithmic management, app-mediated task allocation, worker interviews, stakeholder interviews, ride-sharing, delivery, home services, warehouses, dark stores, opaque pay and incentive rules, selfie verification, location tracking, performance metrics, chatbot grievance redressal, account deactivation, income obfuscation, human review, participatory platform design, worker digital literacy, data gigs, Unified Workers Interface, social-security administration, portable reputation, and the governance problem of making app-managed labor efficient without losing worker dignity, contestability, and due process.
- The Prediction Becomes the Intervention - Inioluwa Deborah Raji, Lydia T. Liu, Angela Zhou, Luke Guerdan, Jessica Hullman, Daniel Malinsky, Bryan Wilder, Simone Zhang, Hammaad Adam, Amanda Coston, Ben Laufer, Ezinne Nwankwo, Michael Zanger-Tishler, Eli Ben-Michael, Avi Feller, Talia Gillis, Shion Guha, Daniel Ho, Lily Hu, Kosuke Imai, Sayash Kapoor, Joshua Loftus, Razieh Nabi, Juan Carlos Perdomo, Matthew Salganik, Mark Sendak, Berk Ustun, Suresh Venkatasubramanian, Angelina Wang, and Ashia Wilson's Bridging Predictions and Interventions: An Integrated Framework for Automated Decision-Systems paper, arXiv:2606.25668, on automated decision systems, risk scores, assessments, downstream decisions, policy change, pretrial risk assessment, clinical triage, sepsis alerts, educational early-warning systems, prediction accuracy limits, causal inference, potential outcomes, predictive targeting versus interventional targeting, selective labels, zombie predictions, decision-centric evaluation, alert fatigue, human-ADS workflows, capacity constraints, legal compatibility, implementation science, and the governance problem of treating a model's predictive performance as system evidence before intervention path, decision menu, workflow, resources, outcome measure, and causal evaluation design are visible.
- The Ethical Scaffold Becomes the Reasoning Receipt - Patrick Cooper and Alvaro Velasquez's Narration-of-Thought: Inference-Time Scaffolding for Defeasible Ethical Reasoning in Large Language Models paper, arXiv:2606.26366, on narration-of-thought, visible ethical reasoning traces, stakeholder collapse, uncertainty suppression, DailyDilemmas, standard chain-of-thought controls, five-section prompt scaffolds, protagonist framing, stakeholder enumeration, two-step consequences, uncertainty disclosure, final commitment, four generators across three vendors, matched-budget verbose-CoT controls, Cliff's delta effect sizes, section ablations, textual-gradient scaffold optimization, cross-family training judges, multi-stakeholder debate, moderator synthesis, accept/reject votes, 95.1 percent calibration-set full consensus, 1.6 percent residual rejections, refusal-calibration caveats, reproducibility artifacts, and the governance problem of treating a structured ethical trace as audit evidence before prompt, judge, rubric, stakeholders, unresolved objections, and human escalation path are visible.
- The Limit Curve Becomes the Pull Request - Lanqing Yuan and Karthik Ramanathan's Towards LLM-Powered Automation of a Dark Matter Constraint Repository paper, arXiv:2606.21658, on LLM-assisted dark matter constraint curation, AxionLimits, limit curves, daily arXiv monitoring, keyword filtering, LLM relevance classification, PyMuPDF parsing, text-first extraction, vision fallback for log-log plots, three-read consensus voting, coupling-type majority vote, medoid curve selection, source-quality tiering, physics convention canonicalization, Get Physics Done, AST-based code insertion, nbformat notebook updates, nbconvert plot regeneration, highlighted pull requests, weekly preprint version checks, a 346-paper benchmark, 90.5 percent coupling-type accuracy, 0.331 dex median residual, 76.2 percent mean interpolation coverage, rare coupling-type failures, no merged proposals yet, and the governance problem of treating AI-generated scientific data as repository evidence before source paper, extraction path, convention mapping, generated diff, reviewer state, and merge authority are visible.
- The Evaluation Score Becomes the Inference Budget - Jessica McFadyen, Ole Jorgensen, Harry Coppock, Kevin Wei, and Cozmin Ududec's How Inference Compute Shapes Frontier LLM Evaluation paper, arXiv:2606.17930, on frontier LLM evaluation, inference-time compute, token-budget scaling, context compaction, repeated submissions, oracle score feedback, no-feedback trajectories, serial versus parallel allocation, TerminalBench, SWE-Bench Pro, FrontierMath, HealthBench, Humanity's Last Exam, Cyber CTFs, The Last Ones, Inspect AI ReAct-style scaffolding, 5M-30M token caps, five trajectories per task, reach, reliability, token efficiency, pass@k, matched-budget comparisons, and the governance problem of treating a benchmark score as evidence before runtime budget, feedback, scaffold, stopping rule, judge, task set, and allocation protocol are visible.
- The Equilibrium Proof Becomes the Reduction Ledger - Brian W. Lee, Nika Haghtalab, Michael I. Jordan, and Ryan J. Tibshirani's Blackwell Approachability and Gradient Equilibrium are Equivalent paper, arXiv:2606.27315, on gradient equilibrium, Blackwell approachability, online optimization, online conformal prediction, online quantile debiasing, repeated games, vector-valued payoffs, target sets, halfspace oracles, black-box oracle reductions, regret minimization, calibration, constrained and unconstrained GEQ, Euclidean projection, normal-vector witnesses, restorativity, Blackwell's condition as necessary and sufficient for GEQ, optimistic error bounds, strong adaptivity, COLT 2026, and the governance problem of treating portable online-learning guarantees as evidence before the reduction path, assumptions, oracle, target set, and checked quantities are auditable.
- The Analog Core Becomes the Generator - Yu-Neng Wang and Sara Achour's Generative Models on Analog Hardware with Dynamics paper, arXiv:2606.27294, on Analog Interaction Systems, analog hardware as a native generative substrate, coupled oscillators, Analog Ising Machines, physics-constrained differential equations, KuraSHIL oscillator dynamics, endpoint supervision, Sliced Wasserstein Distance, Wasserstein GAN training with gradient penalty, digital discriminator and analog generator parameters, hidden physical states, time-piecewise weights, sparse grids of physical elements, visible and hidden nodes, programmable coupling units, routing capacity, low-bit parameter programmability, analog noise, 56-by-56 AIS cores, 24 couplings per node, 4-bit quantization, 23 uJ estimated per MNIST image, all-to-all connectivity and 8-bit precision caveats, MNIST and Fashion-MNIST FID results, DTM and NLM analog baselines, layout caveats, and the governance problem of treating analog AI energy claims as evidence before workload, fidelity, topology, precision, noise, training boundary, and power-model assumptions are auditable.
- The Ground-Truth Gap Becomes the Reward Loop - Yingyu Lin, Qiyue Gao, Nikki Lijing Kuang, Xunpeng Huang, Kun Zhou, Tongtong Liang, Zhewei Yao, Yi-An Ma, and Yuxiong He's Reinforcement Learning without Ground-Truth Solutions can Improve LLMs paper, arXiv:2606.27369, on Ranking-induced VERifiable reinforcement learning, RiVER, ground-truth-free executable optimization tasks, AtCoder Heuristic Contest training environments, AHC047-AHC062 task selection, 12 one-pass training tasks, 10 hidden test instances, Qwen3-8B, GLM-Z1-9B-0414, Group Relative Policy Optimization, GRPO, score-based objective feedback, instance-wise ranking, winner-heavy reward shaping, scale dominance, frequency dominance, invalid-solver penalties, bounded non-winner rewards, ALE-Bench, LiveCodeBench v5 and v6, USACO, raw-score baselines, rank-uniform ablations, AHC057 solver inspection, feedback resolution, and the governance problem of treating verifiable reward training as evidence before the evaluator, hidden-instance generator, rank rule, reward-shaping rule, overlap check, benchmark split, and transfer results are auditable.
- The World Model Hallucination Becomes the Coverage Gap - Nicklas Hansen and Xiaolong Wang's Hallucination in World Models is Predictable and Preventable paper, arXiv:2606.27326, on generative world models, action-controllable futures, visually fluent but dynamically wrong rollouts, MMBench2, 65,600 mixed-quality trajectories, 427 hours of 224-by-224 video at 15 fps, 210 tasks across 10 domains, ground-truth actions and rewards, live simulators, 200 pretraining tasks, 10 held-out transfer tasks, a 350M-parameter Dreamer 4-style model, perceptual hallucination, action-marginalized hallucination, scene-diverging hallucination, tokenizer round-trip residual, flow instability, inter-seed denoising variance, coverage-aware task sampling, hallucination predictors as curiosity rewards, adaptation with 50 real trajectories, public code, dataset, and model links, simulation limits, and the governance problem of treating a rendered future as evidence before state-action coverage, predictor scores, rollout horizon, checkpoint, and mitigation record are inspectable.
- The Relationship Post Becomes the Psychiatric Context Window - Parmitha Vangapandu, Sai Ganesh Mokkapati, Sathwik Narkedimilli, MSVPJ Sathvik, Timothy Liu, Simon See, and Johannes C. Eichstaedt's RSPC: A Benchmark for Modeling Stress and Psychiatric Conditions in Digitally Mediated Relationships using Psychiatrist Annotations paper, arXiv:2606.27247, on the Relational Stress and Psychiatry Corpus, 1,799 Reddit posts from long-distance relationship communities, r/LongDistance, r/LDR, January 2020 to December 2023 collection, psychiatrist annotations, DSM-5-TR and ICD-11 aligned symptom categories, relational stressor triggers, temporal relationship phases, Cohen's kappa reliability, 70:10:20 stratified splits, Adjustment Disorder and Generalized Anxiety Disorder prevalence, Commitment Ambiguity and Lack of Communication triggers, seven fine-tuned transformer baselines, five prompted LLMs, Claude-3-Haiku, GPT-4o, Macro-F1 results, temporal majority-class bias, controlled-access release safeguards, prohibited high-stakes uses, and the governance problem of treating relationship context as a psychiatric signal before consent, source community, label boundary, release condition, and human oversight are visible.
- The Medical VQA Confidence Becomes the Calibration Receipt - Eren Senoglu, Federico Toschi, Nicolo Brunello, Andrea Sassella, and Mark James Carman's Just how sure are you? Improving Verbalized Uncertainty Calibration in Medical VQA paper, arXiv:2606.27023, on medical visual question answering, verbalized uncertainty, multimodal medical-model overconfidence, 2x2 image-text perturbation, original versus black images, original versus perturbed answer options, Brier-style calibration, anchor regularization, contrastive evidence alignment, top-k KL stabilization, LoRA fine-tuning, MedGemma-4B-IT, Qwen2-VL-7B-Instruct, OmniMedVQA, PMC-VQA, MedXpertQA, expected calibration error, Brier score, AUROC, ablation limits, confidence-format drift, code release, and the governance problem of treating a medical confidence number as clinical evidence before the image, question, perturbation check, calibration target, threshold policy, and human escalation route are inspectable.
- The Entity Match Becomes the Identity Budget - Nicholas Pulsone, Gregory Goren, and Roee Shraga's Understanding Domain-Aware Distribution Alignment in Budgeted Entity Matching paper, arXiv:2606.27342, on entity matching, data integration, deduplication, BEACON, Budget-Aware Entity Matching Across Domains, Train-Validation Distribution Fitting, TVDF, WDC product-category domains, RoBERTa embeddings, annotation budgets from 1k to 10k, label-aware sampling, in-domain and out-of-domain labels, centroid, medoid, variance, and coverage representations, 70 percent domain-agnostic downsampling, Amazon-Google and DBLP-ACM results, low-resource matching limits, and the governance problem of treating identity linkage as a single confidence score before the source data, blocking rule, domain partition, sampling budget, label scarcity, and appeal record are visible.
- The Satellite Forecast Becomes the Weather-Stress Ledger - Junwei Luo, Shuai Yuan, Zhenya Yang, Yansheng Li, Zhe Liu, and Hengshuang Zhao's EO-WM: A Physically Informed World Model for Probabilistic Earth Observation Forecasting paper, arXiv:2606.27277, on Earth-observation forecasting, weather-driven world modeling, sparse Sentinel-2 observations, EarthNet2021, physically informed conditioning, climatological baselines, weather anomalies, cumulative heat and drought stress, video diffusion transformers, EO-specific VAE tokenization, Extreme Summer and Seasonal Matched-Pair benchmarks, NDVI decline amplitude, Directional Hit Rate, Paired Divergence Correlation, seasonal-window limits, hidden land-surface states, benchmark CSV release, and the governance problem of treating satellite AI forecasts as decision evidence before the input imagery, forcing signal, benchmark split, uncertainty, limitation, and audit trail are visible.
- The Malware Section Becomes the Feature Matrix - José M. Sacristán and Ana I. González-Tablas's PRISM: PE Relational Inter-Section Matrix. A 2D Section-Aware Dataset for Static PE Malware Detection paper, arXiv:2606.27109, on static Windows PE malware detection, PE section order, 2D section-aware matrices, EMBER, BODMAS, SOREL-20M, MalwareBazaar, VirusShare, CAPE, 83,633 deduplicated matrices, a 49,204-sample family-filtered analysis corpus, 17 by 25 flattened PRISM features, LightGBM baselines, PRISMsub versus EMBERsub, Fisher Discriminant Ratio, mutual information, inter-section feature pairs, binary-task saturation, source-provenance confounds, single-class temporal caveats, and the governance problem of treating high malware-detection scores as field evidence before representation, source, split, extractor, threshold, and audit records are all visible.
- The RAG Red Team Becomes the Memory Tree - Inderjeet Singh, Andrés Murillo, Motoyoshi Sekiya, Yuki Unno, and Junichi Suga's MIRROR: Novelty-Constrained Memory-Guided MCTS Red-Teaming for Agentic RAG paper, arXiv:2606.26793, on agentic RAG red-teaming, text poisoning, image poisoning, direct-query attacks, orchestrator tool manipulation, Memory-Informed Red-teaming with Retrieval-Restricted Optimization and Rollouts, memory-guided MCTS, ART-SafeBench v2.0.0, 41,815 in-package records, 41,991+ total records with runtime adapters, deterministic Novelty Gate filtering, exact-match duplication limits, deterministic replay verification, GeneralRAG and CyberRAG evaluation, ASR versus Novel-ASR, DupBench and SelfDup diagnostics, query-efficiency accounting, responsible-use boundaries, and the governance problem of treating red-team attack success as meaningful before provenance, novelty, replay, budget, scope, and audit trails are verifiable.
- Memory Depth Becomes the Agent Habit - Haoliang Han's Memory Depth, Not Memory Access: Selective Parametric Consolidation for Long-Running Language Agents paper, arXiv:2606.26806, on long-running language agents, memory depth versus retrieval access, loop-drift stress testing, durable retrieval indexes, context unload, EVAF, surprise- and valence-gated LoRA consolidation, replay and L2 drift guards, GPT-2, TinyLlama, Mistral-7B, short-fact recall, goal persistence, post-unload recovery, 2-3 parametric writes per 200 events, selection versus actuation, matched random gates, Naive-LoRA drift, routed EVAF+RAG, Memora stale-memory invalidation, unresolved delete/update validity, and the governance problem of treating an agent's consolidated habit as trustworthy before the write event, scope, drift, contamination, invalidation, and rollback path are auditable.
- The Capability Frontier Becomes the Evaluation Gap - Bradley Fowler, Ryan Smith, Daniel Thi Graviet, William Myers, Joshua Greaves, Narmeen Fatimah Oozeer, AntÃa GarcÃa, Philip Quirke, Amirali Abdullah, Fazl Barez, and Shriyash Kaustubh Upadhyay's The Capability Frontier: Benchmarks Miss 82% of Model Performance paper, arXiv:2606.26836, on single-model and single-run benchmark limits, the Capability Frontier, quality-cost Pareto frontiers, oracle routing, repeated sampling, posthoc selection, finite-sample oracle bias, extrapolation-based correction, probabilistic graphical modeling, 21 LLMs, 16 benchmarks, binary correctness metrics, API cost accounting, 54 percent average error-rate reduction at matched cost, 82 percent posthoc error-rate reduction under a perfect-judge setup, 85 percent average cost savings at matched accuracy, agentic benchmark caveats, verifier cost and error limits, and the governance problem of certifying a leaderboard model when the deployed capability is a model-selection system.
- The CoT Gain Becomes the Agent Policy Gap - Jingyu Liu, Zhiwen Wang, Yuxin Jing, Huanyu Zhou, and Yong Liu's Where Do CoT Training Gains Land in LLM based Agents? paper, arXiv:2606.26935, on chain-of-thought training in long-context agents, prompt actions, CoT actions, ALFWorld, ScienceWorld, BFCL, supervised fine-tuning, reinforcement learning, Qwen3 checkpoints, Llama-3.1-8B-Instruct, direct prompt-to-action prediction, flat CoT-versus-prompt gaps, conflicting-trace tests, prompt-token attention and gradient concentration, reduced action supervision, out-of-domain generalization, model-judge limitations, and the governance problem of treating a visible reasoning trace as proof of decision control before the prompt, state, loss target, checkpoint, and action path are auditable.
- The Fallacy Pattern Becomes the Persuasion Lens - Eleni Papadopulos, Firoj Alam, and Giovanni Da San Martino's Beyond Logical Forms: LLM-Extracted Patterns for Fallacy Classification paper, arXiv:2606.26698, on logical fallacy classification, information disorder, LLM-extracted structural patterns, LOGIC, Reddit, ELECDEBATE, Llama-3.3-70B-Instruct explanation generation, o4-mini pattern extraction, generated definitions, logicallyfallacious.com baselines, gpt-4o, gpt-4.1-mini, DeepSeek-R1, Gemma-3-27B-it, prompting-only classification, one-shot and dynamic example retrieval, 73.5 percent PATTERNS accuracy, 74.2 percent dynamic examples plus explanations plus patterns, context-heavy category failures, ethics limits, discourse manipulation risk, appealable labels, and the governance problem of treating a fallacy label as a verdict before the pattern, prompt, taxonomy, source context, and review path are auditable.
- The Classifier Becomes the Evolutionary Target - Manjinder Singh, Alexander E. I. Brownlee, and Mohamed Elawady's Vulnerability of Natural Language Classifiers to Evolutionary Generated Adversarial Text paper, arXiv:2606.27215, on GAversary, black-box natural-language classifier attacks, genetic-algorithm search, logit-value feedback, GloVe-guided word replacement, TextAttack, Movie Reviews, AG-News, WordCNN, WordLSTM, BERT, BAE, A2T, semantic similarity, perturbed-word tradeoffs, query-count tradeoffs, runtime comparisons, adversarial robustness testing, exposed classifier confidence surfaces, rate-limit and feedback-policy questions, and the governance problem of treating classifier accuracy as durable before the deployment's query interface, returned scores, probing logs, and adversarial-example archive are auditable.
- The OSINT Feed Becomes the Threat Ledger - Gerhard Backfried, Christian Schmidt, Diego Pilutti, and Michael Suker's Application of LLMs to Threat Assessment of Foreign Peacekeeping Missions paper, arXiv:2606.27106, on LLM-supported OSINT threat extraction, foreign peacekeeping missions, PINPOINT, the EU Monitoring Mission in Georgia, EUMM field context, CSDP risk management, HENSOLDT Media Mining System collection, more than 300 regional and international sources, Georgia, Turkey, Azerbaijan, Armenia, Russia, traditional media, social media, YouTube, Telegram, VK, indicator-based risk models, five mission-environment dimensions, 26 categories, 151 indicators, natural disasters, external conflict actors, ethnic conflicts, economic dependence, few-shot prompting, translation to English, JSON threat candidates, grounding and relevance filtering, LangChain workflow, sentence-transformer clustering, domain-expert evaluation, 8,340 detected instances, 48 rated threats, average score 0.82, lower threat-level and actor-identification scores, human-in-the-loop review, manipulation and disinformation limits, and the governance problem of treating an OSINT feed as a threat assessment before source, transformation, extraction, analyst review, and downstream use are all auditable.
- The Grading History Becomes the Hidden Rubric - Qilin Zhou, Zhuo Wang, Yue Li, and W.K. Chan's Impacts of Histories and Models on LLM Grading: A Study in Advanced Software Engineering Courses paper, arXiv:2606.08400, on graduate reading-report assessment, LLM-assisted grading workflows, 180 valid student submissions, seven selected software-engineering papers, five PhD-student teaching-assistant graders, Grok-4.1-Fast, GPT-oss-120b, OpenRouter calls, temperature-zero grading, repeated no-history grading, continuous chat history, ascending and descending submission order, ICC ranking consistency, Wilcoxon signed-rank tests, Hit@k lower-tier detection, failed ensemble averaging, history-induced score drift, independent-session recommendations, API instability, and the governance problem of treating previous student submissions as harmless context when they can become a hidden rubric.
- The Reasoning Token Becomes the Reaction-Time Gauge - Farahnaz Wick's Do vision-language models search like humans? Reasoning tokens as a reaction-time analog in classic visual-search paradigms paper, arXiv:2606.25066, on vision-language model visual search, psychophysics-style evaluation, feature versus conjunction search, spatial-configuration T-vs-L search, enumeration, tilted-versus-vertical search asymmetry, reasoning-token effort, Wolfe et al. 2010 human reaction-time benchmarks, Claude Sonnet 4.6, GPT-4o, o4-mini, Claude Opus 4.8, GPT-5.5, adaptive thinking, effort-versus-accuracy tradeoffs, target-present and target-absent slope reversals, token-count limitations, and the governance problem of treating a cheap effort trace as explanation before prompt wording, thinking policy, accuracy, task perturbations, and failure currency are all visible.
- The Domain Becomes the Refusal Threshold - Zacharie Bugaud's Unpredictable Safety: Domain-Dependent Compliance and the Transparency Gap in Open-Weight LLMs paper, arXiv:2606.04035, on domain-dependent safety behavior, open-weight LLMs, Gemma 3, Qwen 3, Mistral Nemo, Llama 3.3, DeepSeek R1, Ollama local deployment, 4,200 interactions, analytical versus operational prompt framing, compliance rates, strong refusal rates, technical framing bypasses, domain strata, within-domain heterogeneity, LLM-as-judge validation, aggregate safety-score limits, model-card reporting, audit matrices, and the governance problem of treating one safety score as portable across domains before prompt frame, subdomain, judge, system prompt, and confidence interval are visible.
- The Persona Gate Becomes the Refusal Surface - Viola Zhong and Qirui Li's Refusal Lives Downstream of Persona in Chat Models paper, arXiv:2606.26161, on compliant model-persona steering, refusal directions, Qwen2.5-7B-Instruct, Llama-3.1-8B-Instruct, StrongREJECT forbidden prompts, refusal/bypass/degenerate labeling, Llama-Guard-3 unsafe-rate checks, leakage scoring, late-layer expression, L20-L22 persona knockouts, random projection controls, assistant-axis separation, activation steering, persona modes, and the governance problem of treating personality and refusal as independent controls before their interaction has been measured.
- The Citation Becomes the Influence Trace - Mohammad Faizan and Dalal Alharthi's ProvenAI: Provenance-Native Traces of Evidence in Generated Answers paper, arXiv:2606.26449, on retrieval-grounded question answering, generated-answer citations, HotpotQA distractor, answer correctness, citation fidelity, leave-one-resource-out document influence, citation-influence gaps, FAISS indexing, SQLite evidence lookup, Qwen2.5-3B-Instruct local generation, MLX probability limits, MCP traceability, answer receipts, retrieval manifests, cited-source subsets, uncited-influential documents, and the governance problem of treating source lists as evidence traces before answer correctness, citation fidelity, and document influence have been measured separately.
- The Verifier Becomes the Reward Horizon - Binghai Wang, Chenlong Zhang, Dayiheng Liu, Jiajun Zhang, Jiawei Chen, Mouxiang Chen, Rongyao Fang, Siyuan Zhang, Xuwu Wang, Yuheng Jing, Zeyao Ma, and Zeyu Cui's The Verification Horizon: No Silver Bullet for Coding Agent Rewards paper, arXiv:2606.26300, on coding-agent reward design, verifier co-evolution, scalability, faithfulness, robustness, SWE-like executable tests, SWE-Universe, instruction-test alignment, trajectory-level behavior monitoring, reward hacking, solution-artifact retrieval, frontend rubric judges, Playwright-backed interactive judging, user feedback as verification, human implicit reward signals, Span-KTO, dynamic agent evaluators, NL2Repo repository generation, best-of-N accuracy, Kendall rank correlation, rejection sampling fine-tuning, quality-quantity trade-offs, and the governance problem of treating a reward score as agent success before the verifier's visibility, calibration, exploit channels, user-feedback rules, and process trace are auditable.
- The Molecular Sampler Becomes the Energy Witness - Danyal Rehman, Charlie B. Tan, Yoshua Bengio, Avishek Joey Bose, and Alexander Tong's Autoregressive Boltzmann Generators paper, arXiv:2606.27361, on molecular equilibrium sampling, Boltzmann Generators, normalizing-flow limits, autoregressive conditional densities, discrete binning, sequential inference-time interventions, molecular dynamics reference data, alanine peptide systems, Chignolin, ManyPeptidesMD, ROBIN, 132-million-parameter transferable models, E-W2, T-W2, TICA-W2, importance-sampling correction, effective-sample-size caveats, transformer-style molecular samplers, and the governance problem of treating generated molecular samples as scientific evidence before the energy witness, torsional coverage, reference data, ordering choice, temperature, and limitation record are auditable.
- The Capability Field Becomes the Product Switch - Wei Zhou, Xiongwei Zhu, Zelin Xu, Bo Dong, Lixue Gong, Yongyuan Liang, Meng Chu, Leigang Qu, Lingdong Kong, Wei Liu, and Tat-Seng Chua's DanceOPD: On-Policy Generative Field Distillation paper, arXiv:2606.27377, on flow-matching image generators, text-to-image generation, local editing, global editing, style and realism fields, classifier-free guidance absorption, multi-capability composition, frozen capability sources, hard-routed sample-wise field matching, student-visited rollout states, semantic-side low-noise queries, plain velocity MSE, GenEval, GEditBench-EN, soft-teacher mixing failures, dense-query correlation, guidance-scale compounding, shared state-space assumptions, predefined route limits, and the governance problem of treating one media model as a neutral prompt box before the capability switchboard inside it is documented.
- The Job Query Becomes the Reward Surface - Ping Liu, Qianqi Shen, Jianqiang Shen, Wenqiong Liu, Rajat Arora, Yunxiang Ren, Chunnan Yao, Dan Xu, Baofen Zheng, Wanjun Jiang, Andrii Soviak, Kevin Kao, Jingwei Wu, and Wenjing Zhang's Designing Reward Signals for Portable Query Generation: A Case Study in Industrial Semantic Job Search paper, arXiv:2606.27291, on profile-to-portable-query generation, industrial semantic job search, low-bandwidth search bars, transferable qualifications, query portability, RLAIF, LLM-as-judge rubrics, Qwen3-1.7B actor initialization, Qwen3-8B training judge, Llama-3.3-70B independent evaluation, PPO, GRPO, RLOO, REINFORCE++, deterministic reward floors, 6-gram profile-overlap detection, lifted date ranges, verbatim-copy reward hacking, trainer-evaluator inflation, reward-signal engineering, employment-platform search governance, and the governance problem of treating generated job-search terms as neutral before the reward surface that writes them is audited.
- The Recommender Agent Becomes the Verification Cascade - Shaohua Liu, Liang Fang, Yilong Sun, Shudong Huang, Qingsong Luo, Shaoxin Liu, Xiaoyang Chen, Dongqiang Liu, Chuangang Ma, Zhenzhen Chai, Henghuan Wang, Shijie Quan, Changyuan Cui, Zhangbin Zhu, Peng Chen, Wei Xu, Lei Xiao, Haijie Gu, and Jie Jiang's NOVA: A Verification-Aware Agent Harness for Architecture Evolution in Industrial Recommender Systems paper, arXiv:2606.27243, on industrial advertising recommender systems, architecture evolution, LLM coding agents, runnable-but-negative candidates, silent failures, architecture gradients, verification diagnostics, metric feedback, trajectory memory, forbidden directions, structure-semantic checks, local executability, offline AUC, online GMV and pCVR bias, L1-L4 task levels, AutoRun, Copilot, RankMixer, TokenMixer-Large, OpenHands, ReActAgent, Optuna-TPE, production A/B testing, proprietary reproducibility limits, and the governance problem of treating runnable recommender-code changes as valid only after architecture semantics and business-impact evidence are checked.
- The Embodied Agent Becomes the Recovery Loop - Junhao Shi, Zezheng Huai, Siyin Wang, Jia Chen, Yubang Wang, Zhaoye Fei, Hechang Chen, Jingjing Gong, Xipeng Qiu, and Yu-Gang Jiang's Advancing Omnimodal Embodied Agents from Isolated Skills to Everyday Physical Autonomy paper, arXiv:2606.27251, on OmniAct, embodied agents, cyber-physical action spaces, speech, vision, language, APIs, IoT, robot manipulation, navigation, multimodal semantic planning, skill routing, adaptive hierarchical memory, event-boundary-driven compression, reflective memory, asynchronous visual preemption, physical failure detection, replanning, UR5e tabletop manipulation, Keenon indoor navigation, household IoT devices, 40 real-world long-horizon tasks, L3 end-to-end success, token growth, frozen VLA policy limits, monitor latency, and the governance problem of treating embodied-agent safety as the recovery trace rather than the first plan.
- The Agent Config Becomes the Supply Chain - Padmaraj Madatha's A Deterministic Control Plane for LLM Coding Agents paper, arXiv:2606.26924, on LLM coding harnesses, rules files, agent definitions, IDE-specific markdown, copied coding-agent configuration, undeclared shared components, 10,008 public GitHub repositories, 6,145 agent config files, SHA-256 exact duplicates, cross-organization clone pairs, shallow revision histories, missing permission boundaries, Rel(AI)Build, content addressing, HMAC-stamped lockfiles, hash-chained audit logs, tiered permissions, attack-derived blocklists, phase-state gates, requirement-to-file-to-test traceability, seven IDE targets, Jaccard prompt-drift checks, and the governance problem of treating agent definitions as software supply-chain artifacts before they steer repository work.
- The Agent Skill Becomes the Runtime Contract - Ying Li, Yanju Chen, Hongbo Wen, Bosi Zhang, Hanzhi Liu, Peiran Wang, Yu Feng, and Yuan Tian's VIGIL: Runtime Enforcement of Behavioral Specifications in AI Agent Skills paper, arXiv:2606.26524, on third-party AI-agent skills, behavioral specifications, natural-language skill promises, runtime enforcement, operator-defined constraints, global cross-skill rules, agent-tool event traces, temporal dependencies, argument constraints, value-flow conditions, SMT checks over finite traces, SkillsBench, Skill-Inject, AgentDojo, SafeAgentBench, deployed skill-bundle defects, policy witnesses, specification drift, and the governance problem of treating a skill description as enforceable only when its declared contract can be checked against the agent's actual execution trace.
- The Theory Loop Becomes the Cognitive Scientist - Akshay K. Jagadish, Younes Strittmatter, Nori Jacoby, George Kachergis, Eric Schulz, Nathaniel Daw, Suyog H. Chandramouli, and Thomas L. Griffiths's Closing the Loop to Discover Psychological Theories with an Automated Cognitive Scientist paper, arXiv:2606.26448, on AutoCog, closed-loop cognitive-science theory building, LLM theory advocates, executable cognitive models, experiment design, online behavioral data, generative performance scoring, failure diagnosis, successor theories, decision-making tasks, held-out studies, preregistered follow-up evidence, multi-cue decision-making, diminishing sensitivity to feature values, machine-readable discovery traces, theory-to-code drift, human-defined search spaces, and the governance problem of treating a scientific theory loop as credible only when theories, experiments, participants, scores, revisions, and human review remain inspectable.
- The Agent Standard Becomes the Governance Graph - Yutian Wang and Luyao Zhang's Agentic Analysis for Agentic Infrastructure: An LLM-Powered Pipeline for Comparative Governance of DAO and Corporate AI Protocols paper, arXiv:2606.26203, on ERC-8004, Google A2A, agent interoperability standards, DAO and corporate protocol governance, LLM-assisted discourse analysis, public GitHub and forum participation records, 4,323 retained governance records, topic modeling, co-participation networks, discourse-network analysis, socio-semantic actor-topic graphs, participation inequality, community fragmentation, technical steering committees, public-trace limits, open-source observability, and the governance problem of treating agent standards as political records as well as technical artifacts.
- The Board Duty Becomes the Agent Governance File - Deirdre Ahern's Directors Duties in the Age of Agentic Artificial Intelligence paper, arXiv:2606.20453, on directors' duties, agentic AI adoption, board-level corporate governance, fiduciary best-interests duties, employee stakeholder interests, shareholder primacy, enlightened shareholder value, stakeholder-friendly and stakeholder-value models, AI-related role displacement, employee engagement, reskilling, AI washing, board strategy and monitoring duties, human oversight, deployment records, workforce impact assessment, and the governance problem of treating an AI deployment decision as accountable corporate purpose rather than a narrow procurement choice.
- The Attested Action Becomes the Governance Boundary - Jakob Salfeld-Nebgen's Governing Actions, Not Agents: Institutional Attestation as a Governance Model for Autonomous AI Systems paper, arXiv:2606.26298, on institutional attestation, high-risk agent actions, production deployment, clinical prescribing, the Courier Pattern, independent oracles, intent identifiers, signed attestations, deterministic policy evaluation, Cedar, Ed25519 signatures, tamper-evident audit logs, Zero-Trust Action Hub prototype limits, and the governance problem of attaching trust to independently verified action evidence rather than to an agent as a whole.
- The Authorization Overlay Becomes the Delegation Contract - Amjad Ibrahim and Yong Li's Overlaying Governance: A Compositional Authorization Framework for Delegation and Scope in Agentic AI paper, arXiv:2606.03518, on compositional authorization overlays, delegation as a runtime contractual term, resource-scope attenuation, authorization envelopes, recursive delegation chains, ReBAC, Zanzibar-style relation graphs, OpenFGA overlays, Google Drive and Slack benchmark scenarios, preservation and agent-authorization soundness proofs, synthetic tuple datasets, reproducibility artifacts, and the governance problem of adding agent authority to existing access-control domains without hiding delegation inside broad tokens or prompt promises.
- The Executable Sandbox Becomes the Agent Security Test - Peiyang Li, Songping Wang, Yi Huang, Yanhua Shi, Chenhao Zhang, Qi Li, Yueming Lyu, Caifeng Shan, Fengting Li, Chao Feng, Chuanqun Zhu, and Liang Chen's AgentCanary: A Security Evaluation Framework for Autonomous AI Agents in Real Executable Environments paper, arXiv:2606.10484, on autonomous AI agent security evaluation, real executable environments, the Entry x Impact risk matrix, direct and indirect prompt injection, skill poisoning, memory contamination, intrinsic failures, web browsing, email, instant messaging, calendar, financial transactions, third-party skills, 496 seed tasks, Hermes, NanoClaw, OpenClaw, Outcome Safety, Security Awareness, Task Utility, full execution trajectories, sandboxed task artifacts, runtime defenses, state changes, tool-call evidence, and the governance problem of treating a safe final answer as enough before the files, memory, tools, network calls, and side effects are audited.
- The RAG Document Becomes the Token Bomb - Chengliang Liu, Liangbo Ning, Yujuan Ding, and Wenqi Fan's Inference Cost Attacks for Retrieval-Augmented Large Language Models paper, arXiv:2606.02643, on Retrieval-Augmented Inference Cost Attacks, RA-ICA, CREEP, MA-GRPO, poisoned retrieval documents, RAG inference cost, token-consumption amplification, Natural Questions, HotpotQA, MS MARCO, Contriever top-5 retrieval, qwen-turbo, GPT-5, claude-sonnet-4, deepseek-r1, weighted Answer Alignment, weighted Attack Concealment, weighted Token Consumption Ratio, source-level cost attribution, retrieval-source provenance, document quarantine, and the governance problem of treating a correct RAG answer as safe before the token bill, latency, retrieved-document trail, and corpus-ingestion path are auditable.
- The Watched Model Becomes the Audit Register - Vinicius Covas and Jorge Alberto Hidalgo Toledo's AI Knows When It's Being Watched: Functional Strategic Action and Contextual Register Modulation in Large Language Models paper, arXiv:2605.15034, on social observation framing, LLM-based multi-agent debate sessions, Type-Token Ratio change, lexical diversification, message-length effects, university-researcher monitoring, explicit monitoring negation, academic audience framing, automated AI auditing, observer identity, Hawthorne Effect framing, audience design, contextual register modulation, evaluation-condition logging, observed-run evidence, deployment-condition evidence, and the governance problem of treating a monitored model transcript as neutral before the audit records how observation itself shaped the run.
- The Name Prompt Becomes the Privacy Audit - Dimitri Staufer, Kirsten Morehouse, David Hartmann, and Bettina Berendt's Human-Centred LLM Privacy Audits: Findings and Frictions paper, arXiv:2603.12094, on LMP2, browser-based privacy self-audits, name-conditioned associations, black-box LLM probing, canary-style prompts, fragmented sentence recovery, association strength, confidence signals, everyday people and public figures, synthetic non-existent names, GPT-4o feature prediction, EU resident user studies, participant privacy perceptions, correction and erasure preferences, memorization versus inference, indirect identification, base-rate guessing, model-level associations versus application memory controls, time-stamped audit traces, and the governance problem of treating a model's claim about a person as contestable evidence rather than a hidden association.
- The Governance Policy Becomes the Mechanical Gate - José Manuel de la Chica Rodríguez and Carlos Martí-González's Mechanical Enforcement for LLM Governance: Evidence of Governance-Task Decoupling in Financial Decision Systems paper, arXiv:2605.14744, on regulated financial LLM workflows, text-only governance, policy prompts as weak constraints, rationale-level governance metrics, Cosmetic Deadlock Rate, Deferral Information Utilisation, Framing Success Rate, Failure Visibility Score, Entropy Sensitivity Differential, synthetic banking decisions, Llama 3.1 70B Instruct, AWS Bedrock, hard gates, I6Q rationale checks, CEFL candidate externalization, E3 commit-reveal entropy, vacuous deferrals, governance-task decoupling, structural stress testing, mechanical audit trails, and the governance problem of treating task accuracy as compliance evidence before the decision rationale and enforcement boundary are separately measured.
- The Peer Review Workspace Becomes the Evidence Ledger - Elisabeth Guerard, Mehrdad Almasi, Marion Salaun, Frederic Clavert, and Mirjam Pfeiffer's Towards an Interactive Evidence-RAG Peer-Review Workspace for the Journal of Digital History paper, arXiv:2606.25837, on AI-assisted peer review, the Journal of Digital History, editorial assessment, evidence-bounded RAG, reviewer-comment units, paper conversion, review processing, semantic chunking, BAAI/bge-large-en-v1.5 embeddings, Qdrant vector storage, retrieved manuscript chunks, supported and partially supported labels, insufficient-evidence labels, composite confidence components, editor decisions stored separately from model outputs, Claude-Qwen audit configuration, 80 saved decisions, 70.0 percent strict editor-confirmed accuracy, 86.2 percent correct-or-mostly-correct rate, 90.0 percent useful-output rate, protected editorial material, repository-backed reproducibility, and the governance problem of treating AI peer review as acceptable only when the evidence trail remains inspectable by human editors.
- The Model's Own Answer Becomes the Confidence Bias - Mario Sanz-Guerrero, Manuel Mager, and Katharina von der Wense's Large Language Models Are Overconfident in Their Own Responses paper, arXiv:2606.03437, on instruction-tuned LLM calibration, chat templates, ownership bias, own-answer confidence, user-framed answer controls, six open-weight LLMs, Llama 3.1, Qwen3, Gemma 3, MMLU, Expected Calibration Error, Brier score, P(True), verbalized percentage confidence, verbalized linguistic confidence, assistant-versus-user answer framing, higher raw confidence in assistant-framed answers, inference-time confidence reframing, no-retraining calibration repair, and the governance problem of treating a confidence score as portable before the prompt role, answer provenance, chat template, and elicitation method are auditable.
- The Belief Trace Becomes the Persuasion Ledger - Jared Moore, Noah Goodman, Nick Haber, and Max Kleiman-Weiner's A Model of Multi-turn Human Persuadability Using Probabilistic Belief Tracing paper, arXiv:2606.05330, on PersuasionTrace, human-LLM persuasion studies, turn-level belief reports, pre/post persuasion deltas, Prolific participants, 255 completed rounds, DebateGPT propositions, personalized decision propositions, audio persuasion, 0-to-100 belief scales, logos, pathos, and ethos annotations, two belief-trajectory clusters, early movement and partial drift-back, Bayesian-network simulated targets, human-likeness scoring, simulator fidelity, dual-use persuasion measurement, self-reported belief limits, repeated-question effects, subjective proposition limits, and the governance problem of optimizing persuasive systems before the process of belief movement is auditable.
- The Human-Agent Pair Becomes the Skill Rating - Yijia Shao, Zora Z. Wang, Neel Ahuja, Yicheng Wang, Bowen Liu, and Diyi Yang's CollabSkill: Evaluating Human-Agent Collaboration On Real-World Tasks paper, arXiv:2606.09833, on human-agent collaboration, real-world occupational tasks, 93 human workers, 386 working sessions, over 1,500 prompts, 10 O*NET sectors, occupational background matching, reference-free automated grading, rubric generation, multi-agent scoring, Bayesian skill rating, worker-agent contribution disentangling, Claude Cowork, Claude Code, Codex, Gemini CLI, Manus, autonomous benchmark rank reversal, practical LLM experience, AI fluency behaviors, top-quartile worker collaboration gains, Upwork participant limits, scalar-score limits, worker-screening cautions, and the governance problem of treating autonomous benchmark scores as workplace readiness before the paired human, task, interface, and collaboration evidence are measured.
- The Drug Discovery Agent Becomes the Workflow Gate - He Cao, Siyu Liu, Fan Zhang, Zijing Liu, Hao Li, Bin Feng, Shengyuan Bai, Leqing Chen, Kai Xie, and Yu Li's Mozi: Governed Autonomy for Drug Discovery LLM Agents paper, arXiv:2603.03655, on drug-discovery LLM agents, governed autonomy, Control Plane supervisor-worker routing, Workflow Plane skill graphs, role-based tool isolation, constrained action spaces, reflection-based replanning, MCP database and computation tool separation, UniProt, PubChem, ChEMBL, PDB, AutoDock Vina-style docking, RDKit, Open Babel, ADMET predictors, HITL checkpoints, PharmaBench, 88 drug-discovery tasks, Therapeutics Data Commons, Human-Last Exam drug-discovery subset, Crohn's disease, Parkinson's disease, sepsis case studies, surrogate-model limits, in-silico validation boundaries, and the governance problem of treating a generated molecular candidate as scientific evidence before the workflow state, tool provenance, human checkpoint, uncertainty, and wet-lab validation route are auditable.
- The Agent Breadcrumb Becomes the Oversight Trail - Yujin Zhang and Daye Nam's HANSEL: Extracting Breadcrumbs from Web Agent Trajectories for Interactive Verification paper, arXiv:2606.18671, on web-agent verification, interactive evidence pages, evidence snippets, preserved page state, applied filters, search queries, scroll positions, full trajectory overload, source-link context loss, static screenshots, unfaithful reasoning summaries, evidence gap flags, AssistantBench, Online-Mind2Web, 45-task technical evaluation, 83.7 percent precision, 88.8 percent recall, 61.6 percent trajectory-page reduction, 14-participant user study, lower perceived verification effort, wrong-answer acceptance risk, and the governance problem of treating a web-agent answer as inspected before the evidence pages, page state, missing-support gaps, and user correction path are visible.
- The Workplace Skill Becomes Procedural Memory - Julia Belikova, Rauf Parchiev, Evgeny Egorov, Grigorii Davydenko, Gleb Gusev, Andrey Savchenko, and Maksim Makarenko's Managing Procedural Memory in LLM Agents: Control, Adaptation, and Evaluation paper, arXiv:2606.23127, on AFTER, procedural memory in LLM agents, 382 realistic workplace tasks, six professional roles, 22 procedural skills, single-skill and multi-skill workflows, Data Engineer, Data Scientist, Generative AI Engineer, Infrastructure Engineer, Project Manager, Software Engineer roles, document processing, data operations, ML and AI, infrastructure, software engineering, SKILL.md artifacts, skill transfer, local improvement, cross-task transfer, cross-role transfer, cross-model generalization, full-pass accuracy gains, single-round refinement, diverse multi-model traces, cross-role drift, pytest verification limits, role-specific overfitting, token efficiency, and the governance problem of treating an evolved workplace skill as portable organizational memory before lineage, scope, transfer evidence, failure cases, and rollback paths are auditable.
- The Agent Benchmark Becomes the Attack Surface - Sahar Abdelnabi, Chris Hicks, Konrad Rieck, and Ahmad-Reza Sadeghi's Measuring Security Without Fooling Ourselves: Why Benchmarking Agents Is Hard paper, arXiv:2605.22568, on security-agent evaluation, benchmark vulnerabilities, benchmark harnesses as attack surfaces, BrokenBench, hidden ground-truth leakage, sandbox escape risk, inner protections, outer protections, canary tokens, deliberate cheating audits, temporal staleness, benchmaxxing, dynamic benchmarks, live evaluation, generative benchmarks, runtime uncertainty, stochastic agent behavior, agent-generated code, self-interference, external dependencies, benchmark introspection, offensive-defensive evaluation gaps, and the governance problem of treating an agent-security benchmark score as capability evidence before the benchmark environment, task age, runtime path, canary record, and generated artifacts are auditable.
- The Smart Contract Fork Becomes the Security Exam - Jintao Huang, Fengqing Jiang, Radha Poovendran, and Zhiqiang Lin's CyberChainBench: Can AI Agents Secure Smart Contracts Against Real-World On-Chain Vulnerabilities? paper, arXiv:2606.26216, on smart-contract security agents, historical mainnet forks, DeFiHackLabs exploit reproductions, 541 real-world exploit incidents, nine EVM-compatible chains, vulnerability detection, exploit generation, patch synthesis, Harbor-isolated containers, MCP on-chain tools, source retrieval, bytecode decompilation, transaction tracing, storage reads, exploit validation, patch validation, five-type vulnerability taxonomy, proxy-upgradeable patch subset, legitimate-transaction replay, profit-based scoring, dual-use benchmark controls, temporal contamination risk, single-transaction scope limits, and the governance problem of treating a security agent's prose claim as evidence before the chain state, validation oracle, tool boundary, patch regression tests, and capability exposure are auditable.
- The PDE Residual Becomes the Error Witness - Haina Jiang, Liam Wang, Peng-Chen Chen, Min Seop Kwak, Seungryong Kim, Brian Bell, and Jeong Joon Park's Error-Conditioned Neural Solvers paper, arXiv:2606.27354, on neural surrogate models, partial differential equations, PDE residual fields, reconstruction error, residual-reconstruction gaps, ill-conditioned systems, Error-Conditioned Neural Solvers, ENS, residual conditioning, learned correction policies, four PDE families, Helmholtz, Darcy flow, Poisson, Navier-Stokes, Kolmogorov flow, distribution shift, super-resolution, coefficient extrapolation, cross-equation transfer, runtime cost, simulation evidence, and the governance problem of treating a low residual as proof of a simulated world before the equation, shift regime, reconstruction metric, correction path, baseline, and failure envelope are auditable.
- The Agent Instruction Becomes the Policy Compiler - Adam Mondl, Matthew Maisel, and John H. Brock's Autoformalization of Agent Instructions into Policy-as-Code paper, arXiv:2606.26649, on policy-as-code for AI agents, Cedar authorization policies, agent prompts, MCP tool descriptions, natural-language policy documents, generator-critic loops, hard critics, soft critics, schema compliance, vacuous-policy checks, conflicting-rule checks, semantic alignment, the Verification Sandwich, MedAgentBench, electronic medical record agents, typed MCP tools, symbolic guardrails, adversarial prompts, POST write attempts, fail-closed enforcement, temporal-logic future work, memory-aware policies, and the governance problem of treating compiled policy as safety evidence before the source corpus, generated schema, critic rubric, policy hash, and runtime enforcement boundary are auditable.
- The Humanitarian Transcript Becomes the Codebook Test - Jerome Marston, Tino Kreutzer, Salomé Garnier, Ella Boone, Phuong N Pham, and Patrick Vinck's Can Large Language Models Reliably Code Qualitative Humanitarian Data? A Benchmark Study Against Human Expert Adjudication paper, arXiv:2606.26541, on qualitative humanitarian data, affected-population accounts, synthetic humanitarian transcripts, human expert adjudication, a human Gold Standard, deductive coding, structured codebooks, seven-run modal coding, Krippendorff's alpha, discrepancy analysis, reasoning-enabled LLMs, physical safety, discrimination, income needs, theme-specific reliability, tiered oversight, open-weights deployment, self-hosted infrastructure, sensitive data governance, and the governance problem of treating a codebook reliability score as deployment permission before the data source, codebook, model configuration, adjudication route, and escalation threshold are auditable.
- The Aligned Crowd Becomes the Market Monoculture - James Begin, Brendan Gho, Suman Muppavarapu, Tyson Tsay, Atharva Mohan, Afnan Shaik, Ruizhe Li, Vasu Sharma, and Archana Vaidheeswaran's Preference Optimization Drives Monoculture in LLM Prediction Markets paper, arXiv:2606.26583, on LLM prediction markets, Direct Preference Optimization, DPO, preference-optimization monoculture, Kalshi, Polymarket, Manifold, logarithmic market scoring rules, LMSR, TruthfulQA binary questions, Llama 3.1 8B Instruct, Qwen2.5 7B, Mistral 7B v0.3, GLM-4 9B, pairwise error correlation, effective independent forecasters, same-model markets, cross-model diversity, role diversity, temperature diversity, adversarial-majority market tests, debate comparison, overconfident agents, model provenance disclosure, market integrity metrics, algorithmic monoculture, and the governance problem of treating a many-agent market as a crowd before error correlation and model lineage are auditable.
- The Sequence Probability Becomes the Confidence Trap - Johannes Zenn and Jonas Geiping's When are likely answers right? On Sequence Probability and Correctness in LLMs paper, arXiv:2606.27359, on large language model sequence probability, correctness, decoding methods, Qwen3, Qwen2.5, Qwen2.5-Math, OLMo3, MATH500, GPQA, MMLU, HumanEval, MedQA, IFEval, scalable power sampling, power-SMC, low-temperature sampling, beam search, best-of-N, top-k, top-p, epsilon sampling, within-dataset correlation, within-method correlation, across-method correlation, within-sample correlation, log probability, accuracy scaling, self-consistency, probability-weighted voting, verifier-free self-improvement, thinking-model token limits, and the governance problem of treating model likelihood as confidence before the task, decoding setup, comparison granularity, and correctness criterion are auditable.
- The Betting Ad Becomes the Explanation Receipt - MSVPJ Sathvik, Parmitha Vangapadu, Nishit Rane, Sathwik Narkedimilli, Mark Lee, and Akrati Saxena's BetXplain: An Explanation-Annotated Dataset for Detecting Manipulative Betting Advertisements on Social Media paper, arXiv:2606.27274, on manipulative betting advertisements, deceptive promotion labels, responsible promotion baselines, Instagram and Reddit source framing, Meta Ads Library collection, 3,779 advertisements, 216 duplicates removed from 4,000 collected items, text-link-category-explanation-label fields, 1,507 manipulative examples, 396 deceptive examples, 1,876 responsible examples, class imbalance, human-written explanations, inter-annotator agreement, ELECTRA macro-F1, Longformer accuracy, GPT-4o prompting, deceptive-class errors, explanation quality metrics, browser warnings, regulator crawlers, ad-library compliance, and the governance problem of treating a betting-ad detector as enforcement before the label, rationale, source path, uncertainty, and review route are auditable.
- The Online Mask Becomes the Activity Taxonomy - Debora F. de Souza, Gabriela Beltrao, Berta Chulvi, Sergio Dantonio, Mehmet Gokay Ozerim, Javier Torregrosa, Adrian Giron, Angel Panizo, Pablo Miralles Gonzalez, Helena Liz, Javier Huertas Tato, Sonia Sousa, Alejandro Martin, Monika Maciuliene, and David Camacho's Behind the Mask: A Taxonomic Analysis of Activities in Online Social Networks paper, arXiv:2606.27111, on online social-network disinformation, malicious actor attribution, creators, spreaders, ambiguous roles, activity approaches, 22 approach categories, six tactics, subject-matter expert taxonomy development, literature review, Web of Science, EBSCO, 39 full-text articles, Telegram anti-migration discourse, 6,805,626 messages from 491 downloaded channels, LabelStudio annotation, three annotators per message, channel framing, forwarding provenance, emotional mobilization, fear-mongering, enemy construction, multimodal context, repeated content, cross-posting, uncertainty notes, and the governance problem of treating moderation as a post-level verdict before the actor, activity, tactic, channel context, and annotation receipt are auditable.
- The Judicial Discretion Model Becomes the Gate - Stanisław Sójka, Felix Steffek, and Matthias Grabmair's Towards Explainable Adjudicative Variance: Quantifying Judicial Discretion via Gated Multi-Task Learning paper, arXiv:2606.27069, on legal outcome prediction, UK Employment Tribunal decisions, CLC-UKETpred, 13,937 cases from 2011-2023, judge identity, adjudicative variance, merit-based determinations, non-merit-based disposals, General Case Outcome labels, Detailed Case Outcome taxonomy, two UK labor-law scholars, LLM-assisted auxiliary labels, ModernBERT, label-wise attention, multi-task learning, Judge-Aware Gated Fusion, Gemma-4 26B-A4B baselines, LoRA encoder adaptation, macro-F1, rare and fuzzy outcome classes, Partly Wins, Other, counterfactual judge swaps, behavioral proxy limits, judicial profiling ethics, final-judgment text limits, and the governance problem of treating legal AI accuracy as legitimacy before the conditioning interface and adjudicative-context gate are auditable.
- The Child Storytelling Model Becomes the Ceiling Limiter - Min Fan, Wanqing Ma, Xinyue Cui, Xiaolu Dai, and Shengyu Huang's Floor Raiser or Ceiling Limiter? Differential Storytelling Outcomes with a Child-Centric GenAI System Across Individual Differences paper, arXiv:2606.27067, on child-centric GenAI storytelling, StoryPrompt, elementary children aged 7-12, grades 2-6, 40 participants, 38 complete paired stories, traditional storyboard comparison, mixed-methods within-subjects design, AI-generated keywords, comic-style image generation, six child-written story paragraphs, expert ratings, creativity, richness, coherence, narrative structure, floor-raising convergence, 83.5 percent quality-gap compression, lower-baseline gains, upper-baseline constraint patterns, scaffold-autonomy interference, visual-control interference, image regeneration, keyword semantic distance, teacher orchestration, bypassable scaffolds, consent and assent, and the governance problem of treating average educational AI gains as proof of benefit before subgroup effects, process logs, and negative-gain cases are auditable.
- The Nuclear Benchmark Becomes the Competence Receipt - Henry Shaowu Yuchi, Michal Kucer, Benjamin H. Sims, Selma Peterson, and Emily Taylor's NuclearQAv2: A Structured Benchmark for Evaluating Domain-Science Competence in Large Language Models paper, arXiv:2606.27047, on nuclear-engineering question answering, domain-science competence, 1,239 QA pairs, 750 boolean questions, 206 numeric questions, 283 verbal questions, factual grounding, quantitative reasoning, conceptual understanding, expert-assisted benchmark construction, LLM-assisted question generation, Meta Llama 3 70B Instruct, Nougat PDF parsing, text-only corpus limits, exact-match boolean scoring, 15 percent numeric tolerance, LLM-based verbal semantic evaluation, OpenAI GPT-5.2, GPT-5.4, GPT-4o, gpt-oss-120B, Amazon Nova Pro, Mistral 7B Instruct, NVIDIA Nemotron-3 Super 120B, Meta Llama 3, task-wise score gaps, benchmark laundering, and the governance problem of treating a single technical-domain leaderboard score as competence before the question taxonomy, scoring rule, judge model, source corpus, and missing modalities are auditable.
- The Clinical ASR Becomes the Language Gate - Subham Kumar, Prakrithi Shivaprakash, Abhishek Manoharan, Astut Kurariya, Diptadhi Mukherjee, Prabhat Chand, Pratima Murthy, Koustav Rudra, Lekhansh Shukla, and Animesh Mukherjee's SamaVaani: Auditing and Debiasing Multilingual Clinical ASR for Indian Languages paper, arXiv:2606.26901, on automatic speech recognition in real-world psychiatric interviews, Kannada, Hindi, and Indian English, clinical transcripts, 202 recordings, 130 speakers, doctor/therapist and patient roles, IndicWhisper, WhisperLargeV3, Sarvam, GoogleS2T, Gemma3n, OmniLingual, Vaani, Gemini, word error rate, speaker-role and gender disparities, fairness-aware fine-tuning, contrastive learning, CTC alignment, privacy-sensitive audio, human correction, and the governance problem of treating an automated clinical transcript as neutral before language, role, subgroup error, consent, retention, and downstream use are auditable.
- The Scientific Abstract Becomes the Language Feedback Loop - R. Alexander Bentley, Blai Vidiella, Damian J. Ruck, Senjuti Dutta, Kai Li, and Sergi Valverde's Human--LLM Collaboration Is Transforming Complexity Metrics in Scientific Texts paper, arXiv:2606.27052, on LLM influence in scientific writing, arXiv abstracts from 2010 to 2025, first-version abstract metadata, HC3 human and ChatGPT comparisons, LLM-associated style indexes, dash markers, significant, crucial, and showcase lexical markers, Zipf's law, Heaps' law, vocabulary growth, top-word turnover, pre-2023 and 2023-2024 comparisons, mixed human-AI linguistic ecosystems, scientific-text provenance, training-data feedback loops, corpus-level receipts, and the governance problem of treating polished scientific language as neutral infrastructure before its machine-assisted feedback effects are measured.
- The Framing Cue Becomes the Mental-Health Instability Test - Abla Bedoui, Ashley L. Greene, and Mohammed Cherkaoui's Auditing Framing-Sensitive Behavioral Instability in Large Language Models for Mental Health Interactions paper, arXiv:2606.26982, on mental-health-oriented conversational AI, framing-sensitive behavioral instability, controlled matched prompts, documentation, epistemic, institutional, liability, and role framing, 653 matched prompt groups, Qwen, Gemma, Mistral, and Phi model families, interpretive-routing annotations, weak/disengaged, restrained-supportive, interpretive-supportive, and escalated-interpretation responses, hidden-state probes, held-out framing generalization, TF-IDF lexical baselines, activation steering, architecture-dependent calibration shifts, and the governance problem of treating a mental-health chatbot's answer as stable before its framing robustness, annotation rubric, model version, crisis exclusions, and residual instability are auditable.
- The Codebook Becomes the Safety Gate - Yunqi Xue, Zhijiang Li, Philip Torr, and Jindong Gu's Safe Autoregressive Image Generation with Iterative Self-Improving Codebooks paper, arXiv:2606.27147, on Safe-CB, autoregressive image generation, unified multimodal models, discrete visual tokens, visual-token codebooks, harmful and safe image-text pairs, Harmful Space construction, singular value decomposition, harmful-subspace projection, harmless-space adaptive fine-tuning, self-improving codebook iterations, I2P, CoPro, ViSU, P4D, MMA-Diffusion, UnlearnDiffAtk, UD, MPUP, Janus, VILA-U, Emu3, LlamaGen, OmniMamba, NudeNet, Q16, GenEval, MMMU, COCO-30k, CLIP-Score, TIFA, self-labeling risk, error propagation, and the governance problem of treating codebook-level safety repair as assurance before the harmful-space construction log, detector versions, human-label policy, iteration count, codebook hash, and residual failure cases are auditable.
- The Sparse Feature Budget Becomes the Interpretability Dial - Nathanaël Jacquier, Maria Vakalopoulou, and Mahdi S. Hosseini's Beyond the Hard Budget: Sparsity Regularizers for More Interpretable Top-k Sparse Autoencoders paper, arXiv:2606.27321, on Top-k sparse autoencoders, vision foundation model embeddings, CLIP ViT-L/14, SigLIP2, supervised ViT-L/16, ImageNet-1K, Open Images V7, off-support L1 regularization, L1/L2 ratio regularization, batch-active masks, monosemanticity, class purity, reconstruction quality, inference-time k robustness, small-budget linear probing, dead latent risk, interpretability method cards, and the governance problem of treating a sparse feature dictionary as transparent before the feature budget, regularizer, mask, dataset, and sensitivity checks are auditable.
- The Robot Rollout Becomes the Inference Budget - Wen Ye, Peiyan Li, Tingyu Yuan, Yuan Xu, Xiangnan Wu, Chaoyang Zhao, Jing Liu, Nianfeng Liu, Yan Huang, and Liang Wang's E-TTS: A New Embodied Test-Time Scaling Framework for Robotic Manipulation paper, arXiv:2606.27268, on embodied test-time scaling, robotic manipulation, reasoning-action joint sampling, history-aware verification, vision-language verifiers, feedback-guided iterative refinement, SIMPLER WidowX, SIMPLER Google Robot, LIBERO, LIBERO-Plus, VLAbench, real-world manipulation, E-CoT, Embodied-R1, MolmoAct, π0.5, reported simulation and real-world gains, latency limits, robot trace receipts, verifier scores, action-selection thresholds, retry logs, and the governance problem of treating extra inference compute as safer action before the reasoning, feedback, history, and selected movement are auditable.
- The Vision Label Becomes the Reward Shaper - Henrik Müller and Daniel Kudenko's Automating Potential-based Reward Shaping with Vision Language Model Guidance paper, arXiv:2606.27180, on VLM-PBRS, vision-language model preference labels, potential-based reward shaping, sparse rewards, embodied reinforcement learning, Soft Actor-Critic, Meta-World, Franka Kitchen, door-open, window-open, drawer-open, button-press, microwave, light-switch, top-burner, Ovis2 16B, Qwen3-VL 8B, single-prompt preference labels, policy invariance, sample-efficiency gains, reward hacking risk, dense reward pitfalls, learned potential functions, label lineage, and the governance problem of letting machine-produced visual preference labels shape agent training without preserving the reward receipt that shows which signal remained the final objective.
- The Security Fine-Tune Becomes the Evasion Surface - Ryan Fetterman's Inherited Circuits, Learned Semantics: How Fine-Tuning Creates Evasion Vulnerabilities Invisible to Standard Evaluation paper, arXiv:2606.27091, on security fine-tuning, PowerShell malicious-code classification, Foundation-Sec-8B-Instruct, Llama-3.1-8B-Instruct, matched PowerShell cohorts, behavior-preserving transformations, alias substitution, command reconstruction, string construction, execution indirection, case mutation, inherited late-attention classification routes, semantic specialization after fine-tuning, compact evasion groups, linear probes, indicator-token sign tests, family-level drift signals, pre-deployment red-teaming priorities, and the governance problem of treating a security fine-tune's held-out accuracy as assurance before transformation robustness and representation drift have been audited.
- The Rule Pool Becomes the Policy Memory - Shicheng Ye and Chao Yu's Joint Learning of Experiential Rules and Policies for Large Language Model Agents paper, arXiv:2606.27136, on JERP, LLM agents, multi-step interactive environments, accumulated interaction experience, natural-language experiential-rule pools, policy optimization, trajectories, sparse rewards, rule staleness, reference successful trajectories, working rule sets, group-relative policy optimization, LoRA, AlfWorld, WebShop, ReAct, Reflexion, RLOO, GRPO, vanilla LLM baselines, 61.5 percent AlfWorld overall success, 79.0 WebShop average score, 64.1 percent WebShop success rate, paused rule-pool update ablations, agent memory provenance, rule utility scores, rollback, and the governance problem of treating learned experience as helpful before the rule lineage, policy version, and revision history are auditable.
- The Task Token Becomes the Ignored Instruction - Jingyu Liu, Xiaopeng Wu, Kehan Chen, Chuan Yu, and Yong Liu's Diagnosing Task Insensitivity in Language Agents paper, arXiv:2606.26918, on language agents, task insensitivity, out-of-distribution generalization, corrupted-task diagnostics, ALFWorld, ScienceWorld, WebShop, ambiguous task descriptions, explicit clarification opportunities, Inquiry and Hit measurements, GPT-5.4 judging agreement with human annotations, task replacement experiments, training-time action consistency, attention drift away from task tokens toward local observations, Qwen3-8B, Qwen3-4B, supervised fine-tuning, GRPO, Task-Perturbed NLL Optimization, contrastive regularization, task augmentation baselines, action-sensitivity audits, clarification-rate logs, and the governance problem of treating a visible task instruction as effective authorization before proving that the agent's action policy still depends on it.
- The Forecast Becomes the Cutoff Audit - Humzah Merchant and Bradford Levy's Forecasting With LLMs: Improved Generalization Through Feature Steering paper, arXiv:2606.27199, on LLM forecasting, look-ahead bias, historically grounded reasoning, sparse autoencoder features, time-aware reasoning, feature steering, prediction-market feature discovery, market favorites versus eventual outcomes, Gemma 3 27B, Qwen 3.5 27B, Gemma Scope 2, Qwen Scope, M&A and pharmaceutical forecasting tasks, free-form generation, post-cutoff leakage in natural text, amplifying time-awareness features, failed candidate look-ahead-bias feature steering, MMLU CoT and MMLU-Pro CoT utility checks, dated context, cutoff receipts, and the governance problem of treating a correct historical forecast as foresight before the audit proves it did not use information from after the declared forecast date.
- The Riddle Becomes the Strategy Trap - Bella Fascendini, Kathryn McGregor, Max D. Gupta, and Thomas L. Griffiths's The Riddle Riddle: Testing Flexible Reasoning in Large Language Models and Humans paper, arXiv:2606.27103, on riddle riddles, flexible reasoning, human-machine cognition, strategy selection, surface-form heuristics, genuine riddles versus riddle-like literal problems, nine state-of-the-art LLMs, 30 riddle sets, 100 human participants, opposite failure patterns, model accuracy of 84.9 percent on genuine riddles and 50.7 percent on riddle riddles, human accuracy of 50.5 percent and 80.5 percent, inappropriate inventive reasoning in 90.8 percent of model riddle-riddle errors, overextended literal reasoning in 57.6 percent of human genuine-riddle errors, memorization checks, benchmark contrast classes, and the governance problem of treating puzzle-form success as evidence of flexible reasoning before the strategy cue has been separated from the answer.
- The Historical Text Becomes the Tokenization Tax - Maria Levchenko's How Surprising Is Historical Italian to Language Models? Tokenization Tax, Comprehension Tax, and a Simple Mitigation paper, arXiv:2606.27275, on historical Italian, digital-library LLM workflows, a 17th-century Italian corpus from 1610-1689, I Promessi Sposi as a high-exposure control, 18th-century Russian civil print as an orthographic stress test, tokenization cost, predictive uncertainty, semantic robustness, context sensitivity, 25-30 percent tokenization inflation, 2.4x and 3.2x historical surprisal, embedding similarity above 0.85, minimal temporal context prompts reducing surprisal by about 60 percent, genre and syntax effects, semantic retrieval versus generation risk, and the governance problem of treating historical-language difficulty as one barrier when libraries need separate audits for encoding, comprehension, provenance, and retrieval.
- The Knowledge Base Becomes the Task Interface - Amit Elhelo, Amir Globerson, and Mor Geva's LMs as Task-Specific Knowledge Bases: An Interpretability Analysis paper, arXiv:2606.27237, on language models as knowledge bases, task-invariance, factual recall, OLMo-3-7B IT checkpoints, co-emergence failures across task formats, 1,031 fact-task pairs, OLMo-2-7B IT, OLMo-2-13B IT, Gemma-2-9B IT, sparse binary masks over MLP neurons and attention heads, necessary, sufficient, and specific fact-task parameter subsets, discrimination versus generation task entanglement, chain-of-thought routing through other task-specific encodings, code and data release, knowledge editing, unlearning, factuality evaluation, and the governance problem of treating a correct answer in one prompt format as proof that the model contains one unified, auditable knowledge base.
- The Dating App Becomes the Trust Taxonomy - Yibo Meng, Lyumanshan Ye, Yingfangzhong Sun, Bingyi Liu, Huidi Lu, and Xiaolan Ding's "Everyone Says Them": Deception Typologies, Probabilistic Trust, and Grassroots Safety Knowledge Among Gay Dating App Users in China paper, arXiv:2606.27284, on gay dating-app users in China, Blued, Aloha, Fanka, Soul, semi-structured interviews, deception beyond profile misrepresentation, relational intent, emotional ambiguity, financial fraud, commercial interaction, pian pao, layered verification, probabilistic trust, screenshots and story circulation, grassroots safety knowledge, community warning practices, gray-area harms, privacy risks, platform reporting limits, anonymized experience sharing, and the governance problem of treating intimate platform safety as a violation-classification task before users' informal trust taxonomies are preserved and protected.
- The Translation Cascade Becomes the Context Receipt - Arnav Mazumder, Dengjia Zhang, Shuyue Stella Li, Yulia Tsvetkov, and Niyati Bafna's Multilingual Reasoning Cascades Need More Context paper, arXiv:2606.27306, on standard translation cascades, context-aware translation cascades, translating non-English questions into English, English-language reasoning, final answer translation, original-question preservation, cultural grounding, register and disambiguation cues, Llama-3.1-8B-Instruct, Mistral-7B-Instruct-v0.3, GPT-4o-mini, open-ended QA, multiple-choice QA, math reasoning, 285 languages, high-, mid-, and low-resource language groups, chrF, exact-match accuracy, translation-quality analysis, ablation showing the original question as the strongest context, and the governance problem of treating multilingual preprocessing as disposable before the user's source-language words have an audit receipt.
- The Prospectus Becomes the Collateral Gate - Serhii Hamotskyi, Akash Kumar Gautam, and Christian Hänig's LLM-Based Examination of Eligibility Criteria from Securities Prospectuses at the German Central Bank paper, arXiv:2606.27316, on Deutsche Bundesbank collateral eligibility, securities prospectuses, semi-structured and bilingual financial documents, OCR artifacts, generative information extraction, extraction, normalization, and interpretation stages, Docling Markdown conversion, Llama-3.3-70B-Instruct, Cohere Command-R 08-2024, Mistral Small 3.1 LLM-as-a-judge evaluation, value-based extraction scoring, conservative false-acceptance minimization, human review flags, RAG grounding limits, and the governance problem of turning prospectus interpretation into a collateral gate without losing evidence spans, model configuration, and review authority.
- The GUI Agent Becomes the Hindsight Curriculum - Tianyi Men, Zhuoran Jin, Pengfei Cao, Yubo Chen, Kang Liu, and Jun Zhao's Empowering GUI Agents via Autonomous Experience Exploration and Hindsight Experience Utilization for Task Planning paper, arXiv:2606.27330, on PEEU, autonomous GUI-agent experience exploration, hindsight experience utilization, TDHAF, low-level, mid-level, and high-level task granularity, WebVoyager, Allrecipes ID training, seven held-out OOD websites, Qwen2.5-VL-3B, Qwen2.5-VL-7B, SFT, GRPO, GPT-4o-generated exploration summaries, 0.1k and 2k trajectory settings, cross-website generalization, and the governance problem of treating browser-agent training data as neutral before the curriculum, traces, and task granularity are auditable.
- The Reward Proxy Becomes the Agent Shortcut - Ömer Veysel Çağatan and Xuandong Zhao's Reward Hacking in Language Model Agents: Revisiting AI Safety Gridworlds paper, arXiv:2606.15385, on text-based AI Safety Gridworlds, observed reward versus hidden safety reward, specification and robustness environments, Off-switch, Absent Supervisor, Boat Race, Tomato Watering, Island Navigation, Distributional Shift, GPT-4.1-mini, GPT-5-mini, Qwen3-235B-Instruct, Qwen3-235B-Thinking, 100-episode zero-shot evaluations, Qwen2.5 GRPO training from 1.5B to 14B, exploit-loop lock-in, GiGPO credit-assignment tests, exploration prompts, entropy regularization, public code, and the governance problem of treating proxy reward as success before the hidden objective has its own ledger.
- The Safety Signal Becomes the Inattentional Gap - Kwan Soo Shin's The Inattentional Gap: Task-Conditioned Language and Vision Models Omit the Safety-Critical Signals They Can Otherwise Report paper, arXiv:2606.26529, on task-conditioned language and vision models, reportability controls, radiology and autonomous-driving text scenarios, public-domain chest radiograph stimuli, unrequested safety-critical signals, focused and strict instructions, rib-counting tasks, open-condition recovery, two-judge adjudication, model-family differences, reasoning-model suppression, external critic recovery, archived raw outputs, and the governance problem of measuring what the task prevents a model from saying before treating benchmark performance as deployment safety.
- The Socio-Economic Twin Becomes the Policy Mirror - Ryuji Hashimoto, Masahiro Kaneko, Kentaro Ueda, Takehiro Takayanagi, and Kiyoshi Izumi's EconSimulacra: A Digital Twin Platform of Socio-Economic Systems Powered by LLM Agents paper, arXiv:2606.26883, on LLM-agent artificial societies, consumer economy, mobility, social networks, JSON-configured simulation environments, memory, stress-level coupling, fatigue, congestion, online heat, offline heat, restaurant promotions, Pizza Place sales, pizza-related posts, 10-by-10 grid worlds, 10 simulation seeds per model, GPT-OSS-20B, GPT-OSS-120B, Llama 3.1 70B Instruct, Qwen3.6-35B-A3B, ablation without stress levels, public code, package, documentation, live demo, and the governance problem of treating simulated socio-economic feedback as a policy mirror rather than a consulted public or validated causal model.
- The Agent Skill Becomes the Detector Surface - Bacem Etteib, Daniele Lunghi, and Tégawendé F. Bissyandé's Detecting Malicious Agent Skills in the Wild using Attention paper, arXiv:2606.23416, on Locate-and-Judge, malicious agent skills, instruction-following attention, top-K span selection, zero-shot LLM judging, live scans across Lobehub, Skills.sh, and Clawhub.ai, 359 human-reviewed flags, 131 confirmed malicious skills, 82 hidden malicious skills, 2.84x judge-input reduction, SkillSpector, Cisco Skill Scanner, Attention Tracker transfer limits, inline installer blind spots, cross-skill attack gaps, disclosure, released labels, and the governance problem of treating reusable skill packages as installable authority before detector evidence and review disposition are recorded.
- The Agent OS Becomes the Control Plane - Ankur Sharma and Deep Shah's Agent Operating Systems (AOS): Integrating Agentic Control Planes into, and Beyond, Traditional Operating Systems paper, arXiv:2606.01508, on agent operating systems, agentic control planes, goal-directed workloads, deterministic enforcement at side-effect boundaries, first-class agent identity, goal and task graphs, capability sets, context state, execution records, tool and capability registries, policy and trust enforcement, Linux primitives such as cgroups, namespaces, seccomp, AppArmor, SELinux, auditd, and eBPF, Windows primitives such as restricted tokens, job objects, Hyper-V isolation, ETW, and enterprise policy controls, prompt injection as untrusted input, audit completeness, operator comprehensibility, and the governance problem of treating agents as ordinary apps before their actions are mediated by an auditable systems layer.
- The Brain Prompt Becomes the Route Audit - Jianwei Tai's Brain-Prompt Injection: A Route-Safety Audit for BCI-LLM Agents paper, arXiv:2606.09315, on BCI-to-agent pipelines, decoded neural activity as an authorization channel, brain-prompt injection, EEGMMI left/right command-control, the Route-Safety Audit Contract, C1 signal-side perturbations, C2 context-only route changes, C3 adaptive dual-decoder agreement attacks, context provenance, attacked secondary decisions, execution policy, confirmation status, seed and case denominators, harmless tool stubs, TinyEEGNetB confirmation, split-conformal false-accept frontiers, offline audit limits, and the governance problem of treating decoder agreement as intent before the route log proves what it observed.
- The Probe AUC Becomes the False Comfort - Yanhang Li, Zhichao Fan, and Zexin Zhuang's When AUC 0.998 Is Not Enough: A Candidate Evaluation Protocol for Hidden-State Probes of Indirect Prompt Injection in Multimodal Computer-Use Agents paper, arXiv:2606.22864, on hidden-state probes, multimodal computer-use agents, indirect prompt injection, Qwen2.5-VL-7B-Instruct, Mind2Web teacher-forced replay, visible overlay, DOM accessibility-tree, and tool-return injection surfaces, 107,520-dimensional probe features, headline visible-overlay AUC 0.998, C1 four-scalar metadata controls, C2 same-step nuisance-matched overlay controls, C-scrambled direct AUC 0.489, benign-imperative ambiguity, trajectory-bootstrap confidence intervals, 32B BF16 smoke checks, parser-strict runtime-gating limits, and the governance problem of treating a clean-vs-attack probe score as semantic safety evidence before its contrast class is visible.
- The Out-of-Band Defense Becomes the Reference Monitor - Praneeth Narisetty, Shiva Nagendra Babu Kore, Uday Kumar Reddy Kattamanchi, and Jayaram Kumarapu's Adaptive Evaluation of Out-of-Band Defenses Against Prompt Injection in LLM Agents paper, arXiv:2606.26479, on out-of-band prompt-injection defenses, tool-using agents, action mediation, Biba integrity, reference monitors, least privilege, capabilities, information-flow labels, CaMeL, FIDES, Progent, RTBAS, FORGE, static benchmark limits, AgentDojo, ASB, adaptive evaluation, defense-aware attacks, Qwen2.5-7B-Instruct, vLLM, NVIDIA H200 reproduction runs, Progent attack-success reduction from 25.8 percent to 4.2 percent, adaptive attack result at 2.6 percent, utility costs, weak-model and single-attack-family limits, and the governance problem of treating agent safety as a tool-call authority boundary rather than a model-layer refusal promise.
- The Stale Fact Becomes the Memory Ledger - Neeraj Yadav's Temporal Validity in Retrieval Memory: Eliminating Stale-Fact Errors for AI Agents over Evolving Knowledge paper, arXiv:2606.26511, on MemStrata, retrieval-augmented generation, temporal validity, stale-fact errors, evolving knowledge, deterministic supersession, subject-relation-object assertions, bi-temporal ledgers, active versus retired facts, valid-time intervals, as-of retrieval, static recall, marker-free evolving benchmarks, code mutation, configuration migration, dependency bumps, API evolution, cosine-similarity failure, near-identical embeddings for contradicted facts, Qwen2.5-Coder local experiments, stale-value error rates, retrieval latency, LLM reranking limits, source-sentence preservation, extraction-quality limits, and the governance problem of treating an agent memory archive as current state before the system can prove which facts are still active.
- The Agent Budget Becomes the Carbon Gate - Gaston Besanson's Green SARC: Predictive Cost and Carbon Governance for Agentic AI Systems paper, arXiv:2606.15954, on agentic AI cost controls, GreenOps, FinOps, governance-by-architecture, Pre-Action Gates, Action-Time Monitors, Post-Action Auditors, Escalation Routers, predictive token-cost forecasting, carbon ceilings, live remaining budgets, State Snowball prompt accretion, SWE-rebench OpenHands trajectories, BurstGPT Azure OpenAI traces, split-conformal calibration, Normal-sigma gate undercoverage, binding-budget sweeps, 0 percent over-budget incidence, Lagrangian soft-penalty budget breaches, scope caps, routing, circuit breakers, predicted-versus-actual audit logs, ElectricityMaps carbon intensity, alpha implementation limits, adversarial cost-side attacks, and the governance problem of treating agent spend and emissions as enforceable runtime boundaries rather than dashboard reports after execution.
- The Companion Simulation Becomes the Developmental Test - Kaicheng Shen, Lingyu Li, Wen Wu, Yan Teng, Liang He, and Yingchun Wang's Long-Term Simulation Exposes Cognitive-Developmental Risks in AI Companions paper, arXiv:2606.25396, on TSJ (Theater-Stage-Judge), longitudinal AI-companion simulation, persona-driven user simulation, dynamic psychological-state updating, retrospective risk tracing, the Cognitive Developmental Risk Assessment Matrix, early childhood, middle childhood, adolescence, emerging adulthood, reality perception, cognitive trust, emotional dependence, socialization capacity, values, behavioral safety, 24 risk dimensions, three psychological-vulnerability personas, six model backbones, 432 independent trials, 12,960 simulated interaction days, 30-day trajectories, 140-turn stability, expert-judge validation, simulation limits, youth-safety evaluation, companion-product release evidence, and the governance problem of testing AI companions as relationship trajectories rather than isolated replies.
- The Tool Quorum Becomes the Poisoning Channel - Liwei Liu, Tianzhu Han, Zijian Liu, Zishu Dong, and Na Ruan's ShareLock: A Stealthy Multi-Tool Threshold Poisoning Attack Against MCP paper, arXiv:2606.27027, on Model Context Protocol security, multi-tool threshold poisoning, Shamir secret sharing as a distributed prompt-obfuscation mechanism, moderate vetting assumptions, malicious multi-tool MCP servers with legitimate functionality, Travel Assistant, Coding Assistant, Financial Analyst, and Office Manager benchmarks, Cherry Studio, Cline, Gemini-2.5-Flash, DeepSeek-V3.1, DeepSeek-V3.2, Qwen3-235B-A22B-Thinking, 100 multi-step user queries, attack success and task completion metrics, single-tool baseline comparisons, safety-classifier blind spots, entropy dilution, strict access-control limits, ethical test boundaries, and the governance problem of treating each tool description as safe before the server bundle and tool quorum have been audited together.
- The Sysadmin Agent Becomes the Network Emulator - Gianmaria Frigo, Davide Saladino, Alberto Castagnaro, Francesco Marchiori, Denis Donadel, Luca Pajola, and Mauro Conti's Toward Agentic SysAdmin: Rethinking System Administration with AI Agents paper, arXiv:2606.26960, on NetLLMeval, LLM-based network administration, live network emulation, Kathara labs, execution-grounded evaluation, 24,000 full-factorial runs, 10 foundation models, four solver architectures, Bulk, Bulk+ReAct, Guided Retrieval Agent, Planner Agent, 10 network task types, six emulated lab topologies, local open-weight models through Ollama, API models through Amazon Bedrock, Ministral 3 matching Kimi K2.5 at 0.88 correctness under the right solver, Guided Retrieval token efficiency, Planner Agent overhead, empty-response failure modes, read-only evaluation limits, and the governance problem of treating fluent network diagnosis as operational authority before the network state can answer back.
- The Coded Language Taxonomy Becomes the Moderation Lens - Hamid Reza Firoozfar, Mohammadsadegh Abolhasani, Reza Mousavi, and Paul Jen-Hwa Hu's Beyond Surface Forms: A Comprehensive, Mechanism-Oriented Taxonomy of Indirect Linguistic Encoding for LLM-Based Coded Language Detection paper, arXiv:2606.27314, on indirect linguistic encoding, algospeak, euphemism, adversarial obfuscation, coded-language detection, mechanism-oriented taxonomies, 11 top-level mechanism classes, 33 sub-mechanisms, TikTok and Bluesky posts, 2,000 manually annotated English-language posts, span-level evidence, document-level ILE presence, GPT-5.4, Claude Sonnet 4.6, DeepSeek V4 Flash, taxonomy-guided prompts, no-taxonomy baselines, soft span matching, compositional encodings, data-sharing limits, moderation support, contextual judgment, user appeals, surveillance risk, and the governance problem of treating indirect language as a verdict rather than an interpretive lead.
- The Evaluator Becomes the Contagion Network - Zewen Liu's Contagion Networks: Evaluator Bias Propagation in Multi-Agent LLM Systems paper, arXiv:2606.20493, on LLM evaluators inside multi-agent systems, peer evaluation, evaluator bias propagation, Contagion Networks, cross-agent contagion matrices, DeepSeek-chat agent experiments, structured, balanced, and evidence-biased evaluator prompts, Test-Time Reinforcement Learning strategy updates, step-by-step and evidence-based strategy preferences, suppression, persistence, and cascade regimes, spectral-radius conditions, chain topology, fully connected topology, homogeneous-model suppression, cross-model comparison to MM-EPC, evaluator committee mitigation, 72.4 percent effective-contagion reduction from three evaluators, strategy entropy, exploratory-seed limits, and the governance problem of treating an agent judge as neutral measurement when it is also a live influence channel.
- The Therapy Avatar Becomes the Supervision Record - Sofie Kamber, Lukas Diebold, Pascal Riachi, Stella Brogna, Andrew Gloster, and Rafael Wampfler's Mind Companion: An Embodied Conversational Agent for Process-Based Psychotherapy paper, arXiv:2606.17789, on embodied conversational agents for process-based psychotherapy, supervised clinical deployment, clinician oversight, Acceptance and Commitment Therapy process labels, fact extraction, emotion-state tracking, safety monitoring, crisis handoff, retrieval-augmented therapeutic grounding, Azure OpenAI Service, FAISS, Unity avatars, speech synthesis, NVIDIA Audio2Face, German ACT therapy transcripts, 15 clients, 45 sessions, 30,565 dialogue turns, 320 evaluation points, GPT-4.1-mini, GPT-5.2, Claude Sonnet 4.5, expert evaluation with 11 mental-health professionals, isolated verbal-response limits, longitudinal validation, and the governance problem of treating the therapy avatar's real safety surface as the supervision record.
- The Vendor Incident Becomes the Trust Boundary - Yijun Chen and Misita Anwar's Fortress and Gatekeeper: Theorizing Transitive Trust in Third-Party Cybersecurity Risk Governance paper, arXiv:2606.26866, on transitive trust, third-party cybersecurity governance, the OpenAI-Mixpanel incident, vendor delegation, analytics providers, customer-facing accountability, agency theory, Fortress and Gatekeeper framework, metadata exposure, adversarial actionability, point-in-time assurance decay, vendor tiering, data classification, contractual evidence sharing, notification timelines, data minimization, public incident documents, single-case document-analysis limits, and the governance problem of treating the corporate perimeter as the trust boundary when customer data and accountability travel through vendors.
- The Jailbreak Menu Becomes the Bandit Problem - Prarabdh Shukla, Ritik, Suhas Rao, Arpit Agarwal, and Arjun Bhagoji's Jailbreaking for the Average Jane: Choosing Optimal Jailbreaks via Bandit Algorithms for Automatically Enhanced Queries paper, arXiv:2606.26936, on jailbreak selection as a multi-armed bandit problem, FrankensteinBench, 11,279 malicious queries, six high-stakes domains, seven source safety benchmarks, train/validation/test splits, simple versus complex malicious queries, 15 open-weight target models, 70 jailbreaks, transfer and continual attack scenarios, EXP3 and other online-learning methods, multiple-pass attack selection, reported average attack success rates as high as 97 percent, query-complexity effects, dataset-access controls, single-turn and English-language limitations, adaptive red-teaming, and the governance problem of treating static jailbreak tests as enough evidence when attack choice itself can learn.
- The Guardrail Becomes the Latency Budget - Dongbin Na's Do Safety Guardrails Need to Reason? LeanGuard: A Fast and Light Approach for Robust Moderation paper, arXiv:2606.26686, on LeanGuard, chain-of-thought moderation guardrails, GuardReasoner, label-only encoders, ModernBERT-large, 395M parameters, Llama-3.2-1B same-base ablation, T5-base comparison, 127,465 GuardReasoner training examples, prompt-harm, response-harm, refusal detection, ToxicChat, OpenAI Moderation, AegisSafetyTest, SimpleSafetyTests, HarmBench, WildGuardTest, BeaverTails, SafeRLHF, XSTest, average F1 of 82.90 plus or minus 0.26, roughly 100x lower inference compute, 512-token operating window, training-label noise robustness, true-positive recall at 1 percent false-positive rate, ONNX export, on-device moderation, audit-on-demand rationales, and the governance problem of treating chain-of-thought safety prose as worth its latency before it has proved decision value.
- The Voice Prompt Becomes the Safety Gap - Beatrice Savoldi, Sara Papi, Wafa Aissa, Matteo Negri, and Luisa Bentivogli's RedVox: Safety and Fairness Gaps in Speech Models Across Languages paper, arXiv:2606.26968, on multilingual speech-model safety, RedVox, natural voices, English, French, Italian, Spanish, German, speech-capable models, safety reporting gaps, 38 surveyed speech model releases, 8% multilingual analysis reporting, 11 documented safety evaluations, SHADES, M-ALERT, unsafe and stereotypical requests, Speech versus Audio request types, 6,118 collected entries, almost 10 hours of audio and speech, 26 released voices, 3,414 released entries, eight evaluated systems, Qwen2-Audio, Phi4-Multimodal, Voxtral, Qwen3-Omni, Gemma 4, Gemini 3.1 Flash-Lite, Gemini 3.1 Pro-Preview, GPT-realtime-2, English versus non-English unsafe-rate gaps, speech as the most vulnerable setting, participant consent, gated voice-data release, and the governance problem of treating text-only red-teaming as sufficient for products that listen.
- The Harmful Video Becomes the Reasoning Benchmark - Jiajun Wu, Haoyu Kang, Yining Sun, Jiacheng Hou, Heng Zhang, Danyang Zhang, Zhenjun Zhao, Haochi Zhang, Leixin Sun, Eric Hanchen Jiang, Yushan Li, Ruiyu Li, Mengkai Huang, Yan Gao, Xu Zhang, and Guancheng Wan's HarmVideoBench: Benchmarking Harmful Video Understanding in Large Multimodal Models paper, arXiv:2606.27187, on harmful-video understanding, large multimodal models, harmful-video moderation, Observable Evidence, Clip-Internal Meaning, Beyond-Clip Reasoning, 1,379 videos, 4,137 multiple-choice questions, HateMM, MultiHateClip, Qwen-2.5-VL-72B candidate captions and questions, bilingual English and Chinese annotation, senior adjudication, 19-model evaluation, Boundary-Constrained Reasoning, reasoning-scope prediction, selective context augmentation, bounded retrieval, macro-average improvement from 61.7 percent to 84.4 percent, language limitations, research-use constraints, and the governance problem of treating harmful-video moderation as a binary flag before the reasoning boundary is auditable.
- The Language Twin Becomes the Cognitive Monitor - Mohammad Mehdi Hosseini, Mohammad H. Mahoor, and Hiroko H. Dodge's Language-Based Digital Twins for Elderly Cognitive Assistance paper, arXiv:2606.27334, on language-based digital twins, older-adult cognitive assistance, longitudinal conversational data, I-CONECT, Mild Cognitive Impairment, MoCA prediction, GPT-4.1-mini fine-tuning, stylometric pause and tempo cues, participant metadata, Whisper transcript reprocessing, pyannote diarization, Sentence-BERT embeddings, DistilBERT sentiment features, cVAE-based fidelity and cognitive-consistency evaluation, five-participant subset limits, reconstruction-error comparisons, raw GPT versus fine-tuned digital-twin outputs, future multimodal audio/video extensions, consent scope, contestability, and the governance problem of turning a person's conversational style into a continuous cognitive monitor.
- The Agent Loop Becomes the Stopping Problem - Sahil Shrivastava's Semantic Early-Stopping for Iterative LLM Agent Loops paper, arXiv:2606.27009, on semantic early stopping, iterative LLM agent loops, Writer-Critic revision, max_iterations, cosine-distance draft embeddings, patience-window halting, critic approval, failsafe termination, RAGAS-style Information Score signals, HotpotQA distractor evaluation, llama-3.1-8b-instruct runs, operational versus evaluation tokens, a 60-question frozen test split, a 38% operational-token reduction for the judge-free semantic stopper, Delta-IS of -0.004 with p=0.81, the counter-productive cost of per-round judging, the oracle best-round gap, noisy LLM-judge limitations, and the governance problem of letting an agent spend another loop without accountable stopping evidence.
- The Binary Question Becomes the Evaluation Probe - Sangwoo Cho, Kushal Chawla, Pengshan Cai, Zefang Liu, Chenyang Zhu, Shi-Xiong Zhang, and Sambit Sahu's Ask, Don't Judge: Binary Questions for Interpretable LLM Evaluation and Self-Improvement paper, arXiv:2606.27226, on BINEVAL, atomic binary questions, interpretable LLM evaluation, task-agnostic meta-prompts, question-level feedback, calibrated multidimensional scores, SummEval, Topical-Chat, QAGS, UniEval, G-Eval, factual-consistency probes, human score distributions, ceiling effects, evaluator prompt optimization, IFBench generation prompt updates, self-update, cross-model update, training-free evaluation, prompt repair evidence, and the governance problem of treating decomposed yes-or-no probes as audit evidence rather than neutral truth.
- The Intent Label Becomes the Safety Boundary - Jeremias Ferrao, Niclas Müller-Hof, Iustin Sîrbu, Traian Rebedea, and Yftah Ziser's Paved with True Intents: Intent-Aware Training Improves LLM Safety Classification Across Training Regimes paper, arXiv:2606.27210, on AIMS, human-annotated intent supervision, safety classifiers, difficult safety prompts, WildGuardMix, adversarial and borderline prompt selection, intent descriptions, harm labels, supervised fine-tuning, DPO from model-generated intent errors, reasoning distillation, GRPO intent rewards, external safety benchmarks, latency-F1 tradeoffs, over-refusal, jailbreak-style cover stories, model-judge limitations, and the governance problem of treating inferred user intent as safety evidence without turning it into an unchallengeable accusation.
- The Process Harness Becomes the Workflow Boundary - Fabiana Fournier and Lior Limonad's A Process Harness for Uplifting Legacy Workflows to Agentic BPM: Design and Realization in CUGA FLO paper, arXiv:2606.27188, on Agentic BPM, process harnesses, deterministic workflow engines, policy-governed agentic layers, Task-Decision-Flow, TaskAgent, DecisionAgent, FlowAgent, process FRAME policies, hook mechanisms, MCPFlowBridge, loan approval workflows, regulatory override, legacy workflow uplift, imperative and normative requirements, action permissions, runtime topology limits, and the governance problem of letting agents adapt a workflow only at inspectable process boundaries.
- The Elite Network Becomes the Knowledge Graph - Kirill Solovev and Jana Lasser's Mapping Political-Elite Networks in Europe with a Multilingual Joint Entity-Relation Extraction Pipeline paper, arXiv:2606.27347, on LLM-assisted political network extraction, multilingual news corpora, open-weight models, named-entity recognition, Wikidata QID linking, 109 entity types, 99 relationship types, signed and temporal knowledge graphs, ontology-constrained guided decoding, a 3,491-relation gold standard, strict and lenient textual-correctness bands, Austrian party-lifecycle reconstruction, Polish state-enterprise patronage mapping, PO-PiS signed conflict structure, Factiva and Infini-News reproducibility, entity-linking coverage gaps, public-figure data ethics, and the governance problem of treating machine-extracted political edges as facts before source text, uncertainty, and permitted use travel with the graph.
- The Agent Resource Budget Becomes the Incentive Contract - Baoxun Wang's A Stackelberg Framework for Resource-Aware LLM Agents: Learning, Repair, and Conditional Guarantees paper, arXiv:2606.23026, on resource-aware LLM agents, contextual Stackelberg games, quality targets, cost incentives, controller/executor separation, context retention, prompt verbosity, tool budgets, follower-response learning, real-API calibration, action-space projection, passive shadow evaluation, 300 evaluated turns, a 17.4% token-cost reduction relative to a conservative baseline, no statistically significant measured quality difference, conditional guarantees, limited active validation, and the governance problem of treating an agent budget as an incentive contract rather than a receipt.
- The Codex Agent Becomes the Workflow Reorganization - Drew Johnston, David Holtz, Alex Martin Richmond, Christopher Ong, Prasanna Tambe, and Aaron Chatterji's The Shift to Agentic AI: Evidence from Codex paper, arXiv:2606.26959, on Codex usage data, agentic AI as delegated work, individual users, organizational users, OpenAI workers, aggregated and anonymized measurement, automated classifiers, active-user growth, output-token shifts, software-production anchoring, non-developer adoption, task-complexity estimates, eight-hour delegated tasks, concurrent Codex agents, long-running turns, skills, plugins, reusable workflow infrastructure, supervision and integration labor, organizational complements, workforce restructuring, and the governance problem of treating agent activity as productivity before delegation, review, correction, and workflow redesign are measured.
- The Root Cause Becomes the Causal Trace - Aoyang Fang, Yifan Yang, Jin'ao Shang, Qisheng Lu, Junjielung Xu, Rui Wang, Songhan Zhang, Yuzhong Zhang, Boxi Yu, and Pinjia He's OpenRCA 2.0: From Outcome Labels to Causal Process Supervision paper, arXiv:2606.27154, on root cause analysis for LLM agents, PAVE path annotation, causal process supervision, fault-injection records, forward verification from known interventions, OpenRCA 2.0's 500 evaluable instances, three microservice systems, 27 fault types, 11 frontier LLMs, exact root-cause set recovery, path reachability, ungrounded diagnosis, verified causal propagation paths, SQL evidence, observability, incident response, and the governance problem of treating a plausible root-cause label as accountability before the causal trace from fault to symptom can be replayed.
- The Secret Becomes the Social Contagion - Aman Priyanshu, Supriti Vijay, and Esha Pahwa's Got a Secret? LLM Agents Can't Keep It: Evaluating Privacy in Multi-Agent Systems paper, arXiv:2605.27766, on privacy leakage in multi-agent systems, Moltbook-style social simulation, synthetic private human profiles, contextual integrity, 2,533 agents, 124 communities, 25 simulated days, 29,945 posts, 81,264 replies, LLM-as-a-judge leakage detection, CIMemories comparisons, 7,000 controlled evaluation traces, social pressure, peer-disclosure contagion, privacy instructions under stress, community-topic effects, agent-platform safety evaluation, and the governance problem of treating private memory as protected before testing what the surrounding agent society makes disclosure feel normal.
- The Dialogue Transcript Becomes the Collaboration Meter - Zhengyuan Liu, Stella Xin Yin, Min-Yen Kan, and Nancy F. Chen's Bridging Talk and Thought: Understanding Dialogue Dynamics Across Collaborative Problem-Solving Contexts paper, arXiv:2606.27233, on collaborative problem-solving dialogue, human-AI collaboration, multi-agent collaboration, metacognitive regulation, cognitive and non-cognitive interaction, a hierarchical two-layer coding scheme, nine datasets, six human-human and three human-AI datasets, utterance-level classification, GPT-4o-assisted dialogue analysis, Cohen's kappa checks, regulatory imbalance, responsive-assistant behavior, shared initiative, agent evaluation, collaboration logs, and the governance problem of treating task success as partnership before the transcript shows who planned, monitored, repaired, and carried responsibility.
- The Model Ensemble Becomes the Co-Failure Ceiling - Josef Chen's When Does Combining Language Models Help? A Co-Failure Ceiling on Routing, Voting, and Mixture-of-Agents Across 67 Frontier Models paper, arXiv:2606.27288, on multi-model LLM orchestration, model routing, voting, cascades, fusion, mixture-of-agents, 67 models across 21 provider families, beta as the all-models-wrong rate, pairwise error correlation limits, Clopper-Pearson certificates, open-ended mathematics, MATH-500, execution-graded code, GPQA-Diamond free-response versus multiple-choice formats, co-failure tails, Self-MoA comparisons, query-level routing signals, model-market evaluation, fallback governance, automation bias, and the governance problem of treating model diversity as safety before shared wrongness has been measured.
- The Monitoring Trace Becomes the Interpretive Gap - Yibo Meng, Bingyi Liu, Zhiqi Gao, Shuai Ma, and Hongyu Zhou's Reading the Same Data Differently: Interpretive Labor Across System Boundaries in Electronic Monitoring paper, arXiv:2606.27301, on electronic monitoring, community corrections, continuous sensing, GPS ankle monitors, mobile reporting tools, geofences, device-status logs, 38 semi-structured interviews in China, supervised individuals, authorities, interpretive misalignment, practical system models, low-risk probing, conservative compliance, ambiguous traces, contextual review, sensing accuracy, interpretive accuracy, contestability, accountable discretion, audit trails, and the governance problem of treating a monitoring trace as a verdict before the reasoning that turns data into action is visible and challengeable.
- The Healthcare Chatbot Becomes Support Infrastructure - Muhammad Hassan, Ramazan Yener, Ece Gumusel, and Masooda Bashir's AI Healthcare Chatbots as Information Infrastructure: A Large-Scale Study of User-Reported Breakdowns paper, arXiv:2606.27302, on AI healthcare chatbot apps, Google Play and Apple App Store reviews, 59 sampled apps, 264,310 collected reviews, 15,090 negative English reviews, LDA topic modeling, access barriers, service unreliability, interaction quality, emotional support gaps, billing and customer-support failures, explicit privacy/security/data concerns, lower ratings for data-trust complaints, care-adjacent app governance, post-market monitoring, data minimization, and the governance problem of treating a health chatbot answer as the whole safety object when access, payment, support, interface, and data practices are part of the same support infrastructure.
- The Résumé Becomes the Prompt Injection Payload - Preet Baxi, Jiannan Xu, Jane Yi Jiang, and Stefanus Jasin's Prompt Injection in Automated Résumé Screening with Large Language Models: Single and Multi-Injection Settings paper, arXiv:2606.27287, on LLM-based hiring screeners, résumé prompt injection, single- and multi-injection competition, homogeneous and heterogeneous candidate pools, GPT-4o-mini, DeepSeek-V3.2, rank gain, success rate, rare-manipulation vulnerability, saturation effects, threshold fairness, untrusted applicant documents, human review, notice and appeal, and the governance problem of treating applicant evidence as harmless text when the model may also read it as instruction.
- The Nudification Request Becomes the Abuse Pipeline - Chi Cui, Yixin Wu, and Yang Zhang's From Celebrities to Anyone: Characterizing AI Nudification Content, Technology, and Community Dynamics on 4chan paper, arXiv:2606.27234, on synthetic non-consensual explicit AI-created imagery, SNEACI, 4chan Adult Requests, 24,105 measured items, non-celebrity targeting, request-and-fulfillment dynamics, Stable Diffusion and Wan provenance, fine-tuned model sharing, tutorials, external distribution links, active provider cohorts, raw-data withholding for affected-person protection, and the governance problem of treating abusive synthetic media as an isolated output when the request, model supply, producer status, and distribution channels form a repeatable pipeline.
- The Equalizer Becomes the Agent Cost Governor - Yu Wang's Pingquanqi (Equalizer): A Cross-Domain Sociotechnical Framework for Human-Agent Interaction Governance paper, arXiv:2606.26573, on Human-Agent Interaction Governance, HAIGF, agent-framework middleware, cognitive economics, cognitive fairness, user-state discrimination, proactive knowledge leveling, Bayesian progressive stop-loss, controlled friction, reflective summarization, Lsteal transparency, token-to-lifetime cost conversion, economic alignment, calibration probes, text-based LLM-agent scope, user dependency loops, WCAG-style adoption, and the governance problem of treating a long helpful session as good before the platform can account for the time, attention, and capability transfer it consumed.
- The GUI Uncertainty Score Becomes the Handoff Budget - Divake Kumar, Sina Tayebati, Devashri Naik, Amanda Sofie Rios, Nilesh Ahuja, Omesh Tickoo, Ranganath Krishnan, and Amit Ranjan Trivedi's Uncertainty Quantification for Computer-Use Agents paper, arXiv:2606.25760, on Argus, post-hoc uncertainty quantification, computer-use agents, GUI grounding, executable clicks, vision-language agents, ScreenSpot-V2, ScreenSpot-Pro, OSWorld-G, UI-VISION-EG, Qwen2.5-VL, UI-TARS, POINTS-GUI, closed-source API interfaces, selective execution, calibration, miss-severity ranking, conformal click regions, spatial safety, handoff thresholds, and the governance problem of treating a confidence score as portable when the model, dataset, interface, and consequence of a wrong click have changed.
- The Computer-Use Agent Becomes the Contextual Integrity Test - Anmol Goel and Iryna Gurevych's Capable but Careless: Do Computer-Use Agents Follow Contextual Integrity? paper, arXiv:2606.23189, on AgentCIBench, computer-use agents, contextual integrity, cross-application disclosure, personal app workspaces, email, calendars, notes, to-do lists, visual co-location, task-ambiguity overshare, recipient misalignment, must-share and must-not-share facts, utility and leakage scores, end-to-end rendered UI runs, prompt-level mitigations, disclosure receipts, recipient-aware agent governance, and the governance problem of treating task completion as privacy safety when the agent may move information into the wrong context.
- The Data Agent Becomes the Privacy Surface - Nada Lahjouji and Ashwin Gerard Colaco's Agents That Know Too Much: A Data-Centric Survey of Privacy in LLM Agents paper, arXiv:2606.26627, on data-centric privacy for LLM agents, data agents, data surfaces, databases, warehouses, files, retrieval corpora, vector indexes, tools, APIs, inter-agent channels, persistent memory, final answers, query leakage, intermediate-result leakage, memory writes, delegated permissions, compositional inference, cross-session inference, information-flow control, contextual integrity, access control, missing cross-surface privacy benchmarks, audit evidence, and the governance problem of treating the final answer as the only privacy surface in an agent workflow.
- The Prompt Module Becomes the Shared Context - Ching-Yu Lin and Yifan Liu's Instruction Bleed: Cross-Module Interference in Prompt-Composed Agentic Systems paper, arXiv:2606.26356, on compositional behavioral leakage, prompt-composed agentic systems, shared context windows, cross-module interference, instruction bleed, global transformer attention, prompt modules, module-interaction regression, format-perturbation robustness, model-migration testing, career-ops, OpenClaw, OpenHands, aider, Claude Sonnet 4.6, job-description scoring, sub-threshold score drift, cv_match shifts, C0-C3 perturbation conditions, bootstrap confidence intervals, non-flip decision risk, and the governance problem of treating separate instruction files as isolated components before their composed behavior has been measured.
- The BeeSpec Becomes the Agent Work Order - Dutao Zhang and Liaotian's Queen-Bee Agents: A BeeSpec-Centered Architecture for Governed Enterprise MCP Orchestration paper, arXiv:2606.06545, on BeeSpec work orders, governed enterprise MCP orchestration, tenant-scoped connectors, control-plane planning, scoped execution units, policy-mediated tool calls, HR and IT domains, finance and cross-tenant blocking, retrieval-driven provisioning, structured capability registries, RDKit, ChEMBL, PubChem, chemistry workflow artifacts, approval gating, prototype-level systems evidence, and the governance problem of treating useful agent output as acceptable before the task boundary, tools, memory scope, tenant scope, and approval path are inspectable.
- The LLM Facilitator Becomes the Steering Committee - Aaron Parisi, Nithum Thain, Alden Hallak, Vivian Tsai, and Crystal Qian's Real-Time Group Dynamics with LLM Facilitation: Evidence from a Charity Allocation Task paper, arXiv:2605.14097, on real-time LLM facilitation, three-person group deliberation, charity allocation, real donation stakes, consensus measures, facilitator strategy, participant preference, perceived inclusion, participation inequality, algorithmic steering, distributional outcome shifts, meeting legitimacy, workplace and civic deliberation tools, facilitation logs, intervention audits, and the governance problem of treating a group-facing model as neutral before its effects on decisions, voice, and trust are measured separately.
- The Occupation Prompt Becomes the Value Map - Maksim E. Eren, Andrea Brennen, Ryan C. Barron, and Eric Michalak's Occupational Prompting Reveals Cultural Bias in Large Language Models paper, arXiv:2606.12443, on occupational prompting, professional-role cues, open-weight LLMs, Integrated Values Surveys, Inglehart-Welzel cultural space, 234 occupations, ChatGPT Pro-assisted occupation metadata, Llama 3.3, Llama 4, Gemma 3, GPT-OSS, Western-leaning defaults, role-conditioned value shifts, risk and security occupations, creative and care occupations, forced-choice survey limits, persona evaluation, and the governance problem of treating a job title in a prompt as harmless style instead of a measurable value-setting parameter.
- The Dataset Becomes the Repair Claim - Srravya Chandhiramowuli, Ding Wang, and Alex S. Taylor's Can Data Work be Reparative? paper, arXiv:2606.09408, on reparative data work, Tattle Civic Tech, feminist online-safety datasets, a gender-abusive slurs lexicon in Hindi, Tamil, Malayalam, and Indian English, a Hindi LLM safety benchmark, contributors with lived and professional expertise, online gender-based violence, hate, sex-related-crime hazard framing, just reward beyond minimum-wage data labor, contributor compensation, collective dataset governance, licensing, maintenance, contributor rights, refusal and revocation, platform accountability, and the governance problem of treating a richer safety dataset as repair before affected contributors can shape how the dataset is used after contribution.
- The Assurance Directive Becomes the Operational Burden - Callum Cockburn and Sam Farrow's AI Assurance in UK Defence: Challenges in Operationalising JSP 936 report, arXiv:2606.09414, on JSP 936 Part 1, UK Defence AI assurance, evidence adequacy, human-AI interaction, operational design domains, systems of systems, AI performance management, safety and security analysis, ethicality, AI assurance complexity, human oversight as a design claim, policy-to-evidence translation, assurance-case validity, re-assurance triggers, model-performance limits, and the governance problem of treating a directive as operational control before its claims, assumptions, boundaries, and evidence can be replayed against the system that actually acts.
- The Retired Model Becomes AI Debris - Victor Frimpong's AI Debris: Residual Risk and the Afterlife of Failed AI Systems paper, arXiv:2606.12432, on AI debris, post-withdrawal residual risk, decommissioned AI systems, workflow dependency, data contamination, capability displacement and deskilling, legitimacy erosion, accountability breakdown, equity and exclusion debris, institutional memory, path dependency, blame avoidance, organizational data feedback effects, the AI Debris Decommissioning Protocol, decision-footprint freezing, incident and near-miss review, contestability, redress closure, post-withdrawal accountability assignment, and the governance problem of treating model removal as if it erases the institution the model changed.
- The Compliance Stack Becomes the Control Mirage - Victor Frimpong's The Governance Inversion Hypothesis: Why More AI Regulation May Produce Less Organisational Control paper, arXiv:2606.26117, on governance inversion, AI governance formalisation, operational control, authority fragmentation, symbolic governance expansion, externalisation of control, authority paralysis, vendor-mediated AI infrastructures, procedural density, technical visibility, escalation capability, intervention rights, audit access, third-party dependency, weak veto authority, high-risk sectors, and the governance problem of institutions that become more visibly compliant while losing the practical capacity to inspect, pause, correct, or exit the systems they remain accountable for.
- The Culture Model Becomes the Memetic Capture Machine - Subramanyam Sahoo's Memetic Capture: A Pluralistic Policy Framework for Governing AI-Driven Cultural Disempowerment paper, arXiv:2606.07802, on memetic capture, cultural AI governance, AI-driven cultural disempowerment, production displacement, selection displacement, participation displacement, the speed-bias-feedback triad, Cultural Human Influence Index metrics, Democratic Cultural Value Assemblies, Pluralistic Cultural Deployment Standards, transnational cultural coordination, training-data pluralism audits, AI companion platforms, cultural sovereignty, human creator viability, cultural pluralism as structural policy, and the governance problem of treating culture-shaping AI systems as ordinary content tools before their influence over value formation is publicly auditable.
- The License Chain Becomes the Governance Horizon - Weiwei Xu, Hengzhi Ye, Haoran Ye, Kai Gao, Vladimir Filkov, and Minghui Zhou's A governance horizon for ethical-use constraints in open-weight AI models paper, arXiv:2605.24383, on open-weight model lineage, Hugging Face model repositories, ethical-use restrictions, license metadata, model-card YAML, validated derivation relationships, fine-tuning, adapters, merges, quantization, distillation, pruning, restriction-evidence half-life, seven-hop governance horizons, orphan components, inheritance-only policy limits, mandatory license declarations, PyPI comparison, provenance attestation, machine-readable license chains, derivation registries, and the governance problem of expecting voluntary metadata to survive through deep model reuse.
- The Global AI Benchmark Becomes the Geographic Blind Spot - Jason Hung's Benchmarking Open-Weight Foundation Models for Global AI Technical Governance paper, arXiv:2606.26099, on open-weight model benchmarking, Global AI Dataset v2, national AI governance indicators, geographic bias, confident fabrication, honest refusal, qualitative hedging, misattribution, Llama 4 Maverick, Mistral Large 3, Qwen3-235B-A22B, DeepSeek-V3-0324, IEEE IRAI 2026 thematic dimensions, country-metric-year observations, proportional accuracy thresholds, safety-theme compute indicators, regulation indicators, source provenance, and the governance problem of treating model-generated country numbers as evidence before their reference trail is checked.
- The Governance Document Becomes the Revalidation Artifact - Christo Zietsman's Fifty Years of Specification Completeness: What Aviation Certification Tells AI Governance About Epoch Limits, Proof Surfaces, and the Structural Gap paper, arXiv:2606.25120, on aviation certification, DO-178C, DO-330, AI governance documents, system prompts, AGENTS.md files, governance policies, task envelopes, structural completeness, claim-evidence linkage, epoch limits, proof surfaces, objective evidence, revalidation triggers, stale policy artifacts, PromptQ, FAA AC 20-115D, EASA AMC 20-115D, and the governance problem of treating an instruction as durable authority before its evidence, expiry conditions, and change history are inspectable.
- The Evaluation Schema Becomes the Public Ledger - Jan Batzner, Sree Harsha Nelaturu, Damian Stachura, Anastassia Kornilova, and coauthors' Every Eval Ever: A Unifying Schema and Community Repository for AI Evaluation Results paper, arXiv:2606.14516, on AI evaluation reporting, shared JSON schemas, instance-level evaluation records, benchmark metadata, model access modes, generation configuration, metric semantics, source provenance, HELM, lm-eval-harness, Inspect AI, validation pipelines, Hugging Face datastores, conflicting leaderboard records, MMLU score discrepancies, reproducibility forensics, missing inference-platform metadata, community governance, immutable records, correction and retraction mechanisms, and the governance problem of treating benchmark scores as evidence before their chain of custody is machine-readable.
- The Tool Call Becomes the Judgment Trap - Zhongyuan Wang and Pratyusha Vemuri's When the Tool Decides: LLM Agents Defer Blindly to Graph Neural Network Tools, and Stronger Backbones Defer More paper, arXiv:2606.14476, on ReAct-style LLM agents, callable graph neural network tools, node classification, ogbn-arxiv, WikiCS, frozen GCN tools, tool deference, GNN parroting, backbone-size effects, raw-tool agreement, oracle gaps, neighbor-label alternatives, selective-invocation gates, tool-use evaluation, agent judgment, override behavior, router evidence, and the governance problem of treating tool access as added intelligence before the agent's independent contribution and disagreement behavior are measured.
- The Stream Memory Becomes the Future Assistant - Guanming Liu, Yuqi Ren, Hansu Gu, Peng Zhang, Weihang Wang, Jiahao Liu, Ning Gu, and Tun Lu's StreamMemBench: Streaming Evaluation of Agent Memory for Future-Oriented Assistance paper, arXiv:2606.14571, on personal-agent memory, EgoLife egocentric streams, evidence anchors, future-oriented assistance, two-step task sequences, Fidelity, Initial Evidence Use, Feedback Incorporation, Follow-up Reuse, RAGraw, RAGext, Mem0, EverMemOS, A-Mem, MemOS, MemoryOS, MemSkill, DeepSeek-V4-Flash, Gemini-3-Flash, memory formation failures, correction consolidation failures, sensitive user observations, consent, deletion, and the governance problem of distinguishing stored memory from useful future help.
- The Parallel Branch Becomes the Cache Interface - Shikun Liu, Mufei Li, Dongqi Fu, Haoyu Wang, Yinglong Xia, Hong Li, Hong Yan, and Pan Li's Towards Direct Latent-Space Synthesis for Parallel Branches in LLM-Agent Workflows paper, arXiv:2606.14672, on Parallel-Synthesis, KV cache reuse, parallel LLM-agent workflows, directed acyclic graph task structure, text serialization, redundant prefill, cache mappers, synthesizer LoRA adapters, Qwen3-14B, AIME, GSM8K, GPQA, MedQA, HumanEval-Plus, MBPP-Plus, GAIA, MARBLE database diagnosis, time-to-first-token reductions, majority-voting baselines, latent communication, cache-state privacy, and the governance problem of auditing agent workflows once the synthesis interface leaves the readable transcript.
- The Defense Stack Becomes the Attack Template - Qi Wang, Chengcheng Wan, Weijia He, Yanqing Li, Hanqi Sun, Xiaodong Gu, and Jiangtao Wang's Automated jailbreak attack targeting multiple defense strategies paper, arXiv:2606.16751, on UniAttack, black-box adversarial testing, layered LLM defenses, jailbreak evaluation, one-shot attack probes, AdvBench, GPT, Gemini, Claude, DeepSeek, Llama3, prompt decontamination, alignment defenses, output moderation, query and token cost, Detoxify and LLM-based auditing, responsible disclosure, desensitized artifacts, single-turn scope limits, and the governance problem of treating a defense stack as safe before its fused adversarial test budget and disclosure trail are auditable.
- The Safety Trigger Becomes the Self-Audit - Ke Miao, Jiaxin Li, Hongliang Chen, Yuke Hu, and Zhan Qin's Adaptive and Explicit <safe>: Triggering Latent Safety Awareness in Large Reasoning Models paper, arXiv:2606.16808, on large reasoning model safety, latent safety awareness, Safe Trigger, supervised fine-tuning, Direct Preference Optimization, self-generated training data, Qwen3-8B, DeepSeek-R1-Distill-Llama-8B, Qwen3-32B, DeepSeek-R1-Distill-Llama-70B, AdvBench, HexPHI, XSTest, WildJailbreak, Star1, SafePath, LlamaGuard-3-8B safety judging, GPT-4o over-refusal judging, trigger activation rates, unsafe-after-trigger failures, self-bootstrapped alignment loops, and the governance problem of treating a model's self-audit as useful evidence only when the grading loop is itself auditable.
- The Circuit Map Becomes the Variance Problem - Frank Zhengqing Wu, Francesco Tonin, and Volkan Cevher's Demystifying Variance in Circuit Discovery of LLMs paper, arXiv:2606.16920, on mechanistic interpretability, circuit discovery, EAP-IG, CEAP, conductance-based edge attribution patching, resampling variance, rephrasing variance, sample-wise variance, prompt-template dependence, pairwise Jaccard overlap, SVA, IOI, greater-than tasks, GPT-2 and Pythia model families, circuit steering, sparse training limits, polysemantic compression, selective contribution scaling, unfaithfulness metrics, population faithfulness, algorithmic faithfulness, and the governance problem of treating a circuit map as audit evidence before its variance across batches, templates, and samples has been reported.
- The Opponent Model Becomes the Conflict Budget - Nikolos Gurney's A Causal Model of Theory of Mind in Conflict for Artificial Intelligence paper, arXiv:2606.16944, on theory of mind in conflict, mentalizing as a conditional computational move, structural causal models, directed acyclic graphs, four exogenous variables, five endogenous mediators, conflict complexity, information asymmetry, objective tractability, agent sophistication, observable signals, perceived opponent sophistication, relative sophistication, accessible tractability, tractability-pathway triggers, reasoning-depth triggers, information-asymmetry enabling causes, epistemic accuracy as the outcome, human-machine teaming, dual-use conflict-optimized mentalizing, cross-cultural miscalibration, selective withholding of social reasoning, and the governance problem of treating opponent modeling as an auditable inference privilege rather than a sign of machine empathy.
- The AI Act Omnibus Becomes the Legitimacy Test - Donal Casey and Liane Colonna's The Digital Omnibus on AI, Legislative Legitimacy and the Dynamics of AI Regulation paper, arXiv:2606.15662, on the EU Digital Omnibus on AI, the AI Act, legislative legitimacy, Wahlgren's political, legal, cultural, operational, and internal rationalities, the race for AI regulation, race for AI dominance, race for regulatory connection, regulatory simplification, competitiveness pressure, implementation timelines, harmonized standards, compliance tools, AI Office governance, registration and documentation burdens, regulatory sandboxes, limited stakeholder participation, rights-based governance, and the governance problem of treating simplification as neutral before the public purpose and legitimacy costs of the revision have been audited.
- The Democracy Risk Becomes the Delegation Audit - Giulia Sandri and Claudio Novelli's How to Detect and Measure the AI Dangers to Democracy paper, arXiv:2606.16054, on AI dangers to democracy, principal-agent theory, information ecosystems, elections, public administration, democratic delegation, platform and vendor agents, NIST AI Risk Management Framework trustworthiness characteristics, valid and reliable systems, safe systems, secure and resilient systems, accountable and transparent systems, explainable and interpretable systems, privacy-enhanced systems, fairness and harmful-bias management, measurable indicators, institutional assessability, monitoring failure, output contestability failure, goal misalignment, private-vendor threshold setting, acceptable-risk judgments, and the governance problem of making democratic AI deployments auditable as delegated authority rather than treating them as isolated technical tools.
- The Hotel List Position Becomes the Booking Clerk - Mirza Samad Ahmed Baig, Syeda Anshrah Gillani, and Asher Ali's Whose hotel does the AI recommend? An algorithm audit of reputation signals in LLM-assisted hotel selection paper, arXiv:2606.16344, on LLM-assisted hotel selection, randomized choice-based conjoint audits, five synthetic hotel cards, guest rating, review volume and recency, management response, chain affiliation, price, eco-certification, list position, twelve open-weight and proprietary models, three traveler personas, nine prompt paraphrases, 3,024 main-arm choice sets per model, more than sixty thousand model calls, average marginal component effects, stated versus revealed recommendation weights, generative engine optimization, AI infomediary accountability, and the governance problem of treating a chat assistant's single recommendation as neutral before the candidate order and selection rule have been audited.
- The Persuasion Contest Becomes the Expert Benchmark - Kobi Hackenburg, Caroline Wagner, Luke Hewitt, Ben M. Tappin, Ed Saunders, Hannah Rose Kirk, Helen Margetts, and Christopher Summerfield's AI systems out-persuade expert humans paper, arXiv:2606.16475, on AI persuasion, expert human persuaders, four preregistered experiments, 18,978 conversations, 6,923 persuadees, selected laypeople, professional canvassers, elite debaters, world and continental debate champions, issue selection, preparation, coaching, cash incentives, information throughput, human-length and human-speed AI constraints, Save the Children donation behavior, political communication risk, persuasion evaluation cards, sponsor disclosure, exposure limits, targeting rules, and the governance problem of treating influence as a benchmarked capability with institutional custody.
- The Planted Page Becomes the Recommendation Payload - Yimeng Chen, Zhe Ren, Firas Laakom, Yu Li, Dandan Guo, and Jürgen Schmidhuber's How Much Can We Trust LLM Search Agents? Measuring Endorsement Vulnerability to Web Content Manipulation paper, arXiv:2606.16821, on SearchGEO, LLM search agents, web-evidence manipulation, endorsement corruption, attacker-published pages, five attack modes, machine-layer discrepancies, trust-signal manipulation, compound authority and consensus attacks, 13 LLM backends, 308 cases per backend, 44 high-stakes search queries, attack success rate, output shift score, stealth score, source-diversity effects, install-command probes, over-refusal, over-trust, and the governance problem of treating a search agent's recommendation as trustworthy before adversarial source ecology has been tested.
- The Lab Simulator Becomes the Instrument Gate - Anqi Zou, Han Deng, Chengyu Zhang, Junquan Hu, Yu Wang, Yuxiang Xing, Aokai Zhang, Hanling Zhang, Zhaoyang Liu, Ben Fei, Zhihui Wang, and Wanli Ouyang's LabOSBench: Benchmarking Computer Use Agents for Scientific Instrument Control paper, arXiv:2606.16802, on browser-based scientific-instrument simulators, multimodal GUI agents, computer-use benchmarks, 96 subtasks, eight instrument simulators, sample loading, alignment, parameter tuning, data acquisition, result inspection, standard browser execution, episode logs, instrument-specific metrics, feedback-driven adjustment, scientific-state interpretation, long-horizon workflows, visual grounding, action localization, simulator limits, and the governance problem of treating GUI task completion as readiness for real laboratory equipment.
- The Sparse Circuit Becomes the Audit Budget - Naiyu Yin, Dennis Wei, Tian Gao, Amit Dhurandhar, Karthikeyan Natesan Ramamurthy, and Yue Yu's Scalable Circuit Learning for Interpreting Large Language Models paper, arXiv:2606.16939, on CircuitLasso, sparse linear regression, Lasso-based circuit discovery, sparse-autoencoder features, high-dimensional SAE circuits, observational circuit learning, population-level dependency skeletons, InterpBench, CoLA, Bias-in-Bios domain generalization, efficiency at parity of accuracy, faithfulness and completeness checks, linearization assumptions, and the governance problem of treating mechanistic interpretability as audit evidence without naming the compute budget and surrogate limits.
- The Phantom Disclosure Becomes the Privacy Audit - Kareem Amin, Rudrajit Das, Alessandro Epasto, Adel Javanmard, Dennis Kraft, Monica Ribero, and Sergei Vassilvitskii's Phantoms and Disclosures: a Causal Framework for Auditing Synthetic Data paper, arXiv:2606.16952, on synthetic-data privacy audits, true disclosures, phantom disclosures, holdout-set controls, zero-learning tests, differential-privacy bounds, membership inference, model-agnostic release review, no-canary and no-reference-model auditing, lower-bound leakage evidence, DP-SGD comparison, synthetic data provenance, disclosure-class design, and the governance problem of treating a synthetic dataset as privacy-safe before its apparent private matches have been tested against coincidence.
- The Teen Message Becomes the Manipulation Dataset - Aleksander Szczesny, Wiktoria Mieleszczenko-Kowszewicz, Maciej Markiewicz, Beata Bajcar, Tomasz Adamczyk, Jolanta Babiak, Grzegorz Chodak, and Przemyslaw Kazienko's IMPACTeen: Intentions, Manipulation, Persuasion, Annotations, and Consequences in Teen Communication Dataset paper, arXiv:2606.16910, on adolescent-context social influence scenarios, 1,021 texts, 5,100 annotation records, manipulation and persuasion labels, intention and consequence annotation, resistance and reaction fields, five annotator perspectives, constrained LLM generation, human editing and validation, Polish and English versions, synthetic-data limits, no-minor-annotator caveats, and the governance problem of treating a youth-safety dataset as training evidence without preserving provenance, disagreement, and scope limits.
- The Visible Reward Becomes the Training Target - Tong Che and Rui Wu's Greed Is Learned: Visible Incentives as Reward-Hacking Triggers paper, arXiv:2606.16914, on visible reward proxies, MoneyWorld, reward-channel addiction, reinforcement learning agents, dashboard-observable incentives, balance and KPI displays, held-out-domain behavior, decision-relevant versus redundant channels, safety-prior flips, hidden-channel controls, cross-scale and cross-family replication claims, metric-driven agent environments, counterfactual dashboard rewrites, and the governance problem of treating a visible score as neutral telemetry when an optimizer can learn to follow it as the task.
- The Hop Count Becomes the Clinical Risk Score - Sanjay Basu's Compositional Reasoning Depth Predicts Clinical AI Failure paper, arXiv:2606.16890, on clinician-generated electronic-health-record question answering, MedAlign EHR question-answer pairs, hop-count annotation, compositional reasoning depth, Claude Sonnet 4.6, GPT-4o, gpt-5.4-2026-03-05, extended-thinking limits, context-sufficiency checks, aggregate accuracy blind spots, clinical AI evaluation cards, risk-based routing, escalation thresholds, and the governance problem of treating an average clinical AI benchmark score as safe when multi-step questions fail along a predictable reasoning-depth gradient.
- The Privacy Silo Becomes the Re-Identification Threshold - Ziniu Liu and Aiping Li's Cross-Silo De-Anonymization Under Local Differential Privacy: Threat Model, Phase Transition, and Coordination Necessity paper, arXiv:2606.16763, on cross-silo person-level differential privacy, local randomized response, Pufferfish-style adjacency, privacy composition, phase transitions, Fano lower bounds, maximum-likelihood attacks, information synergy, XOR plus randomized-response constructions, non-coordinated defense limits, person-level release registers, data linkage risk, and the governance problem of treating silo-by-silo privacy approval as sufficient when the person is exposed by the graph of releases.
- The Explanation Card Becomes the Warning Label - Eric Gunther, Balazs Szabados, Kristof Meding, Gunnar Koenig, Sebastian Bordt, and Ulrike von Luxburg's We Need Explanation Cards to Connect Explanation Algorithms to the Real World paper, arXiv:2606.16786, on explanation algorithms, explanation cards, robustness and validity metadata, interpretation instructions, counterfactual explanations, SHAP, complex decision functions, misinterpretation risk, provider responsibility, explanation limits, real-world use cases, legal explainability expectations, and the governance problem of treating an explanation as usable evidence only when the explanation's scope, assumptions, and invalid readings travel with it.
- The Counterfactual Query Becomes the Logic Program - Saimun Habib, Vaishak Belle, and Fengxiang He's DeepSWIP: Quotient-WMC Counterfactuals for Neural Probabilistic Logic Programs paper, arXiv:2606.20526, on neural probabilistic logic, DeepProbLog, fixed-context neural predicates, neural materialization, ordinary ProbLog choices, Single World Intervention Programs, single-world counterfactual semantics, weighted model counting, finite grounding, unique-supported-model assumptions, learned materialized functional causal models, MPI3D visual counterfactuals, DeepTwin comparison, SUMO HOV traffic experiments, calibration sensitivity, rare-evidence instability, scoped AIPW correction, and the governance problem of treating a counterfactual explanation as audit-grade evidence only when its causal program, assumptions, and instability points travel with it.
- The Pronunciation Correction Becomes the Voice Memory - Harshit Singh, Ayush Pratap Singh, and Nityanand Mathur's FlowEdit: Associative Memory for Lifelong Pronunciation Adaptation in Flow-Matching TTS paper, arXiv:2606.20518, on flow-matching text-to-speech, persistent proper-noun mispronunciation, frozen TTS backbones, token-level latent conditioning edits, Modern Hopfield Network associative memory, content-addressable retrieval, similarity gates, fuzzy morphological matching, Polyglot-Nouns, multilingual proper names, target-word phoneme error reduction, speaker transfer, correction memory records, consent scope, deletion paths, and the governance problem of treating pronunciation fixes as durable voice-system memory rather than temporary user feedback.
- The Style Prompt Becomes the Voice Control Surface - Nityanand Mathur, Hamees Sayed, Wasim Madha, Apoorv Singh, Sameer Khurana, Akshat Mandloi, and Sudarshan Kamath's How Do Instructions Shape Speech? Cross-Attention Attribution for Style-Captioned Text-to-Speech paper, arXiv:2606.20532, on style-captioned text-to-speech, natural-language voice control, CapSpeech-TTS, cross-attention attribution, DAAM adapted to speech diffusion, 25 transformer layers, 24 ODE steps, 3,600 style-caption and transcript combinations, F0 and energy correlations, global style conditioning, layer-step dynamics, synthetic voice interpretability, and the governance problem of treating a transcript as complete when an unseen style prompt shaped the voice.
- The Expert Router Becomes the Confidence Problem - Gina Wong, Drew Prinster, Suchi Saria, Rama Chellappa, and Anqi Liu's Toward Calibrated Mixture-of-Experts Under Distribution Shift paper, arXiv:2606.20544, on mixture-of-experts models, hard routing, soft routing, expert-level calibration, aggregate confidence, distribution shift, routing-weight configurations, adversarial reweighting, Robust MoE, Robust Filtered, CIFAR-10H, PACS, CivilComments, accuracy-calibration tradeoffs, difficult subsets, temperature scaling limits, and the governance problem of treating a routed model's displayed probability as reliable evidence before the router itself is audited.
- The Agent Ledger Becomes the Policy State - Md Nayem Uddin, Amir Saeidi, Eduardo Blanco, and Chitta Baral's LedgerAgent: Structured State for Policy-Adherent Tool-Calling Agents paper, arXiv:2606.20529, on policy-adherent tool-calling agents, explicit observed task state, schema-anchored ledgers, successful read-tool returns, environment-changing tool calls, policy gates, allow/revise/block verdicts, customer-service domains, structured APIs, state-dependent constraints, prompt-transcript limits, observe-not-assume updates, and the governance problem of treating mutable agent state as infrastructure rather than hidden conversation context.
- The Pull Request Narrative Becomes the Merge Gate - Rui Melo, Riccardo Fogliato, Sean Zhou, Pratiksha Thaker, and Zhiwei Steven Wu's SEVRA-BENCH: Social Engineering of Vulnerabilities in Review Agents paper, arXiv:2606.13757, on LLM code-review agents, malicious pull requests built by reversing CVE-linked fixes, 1,062 malicious PRs, the top 10 entries of the 2025 CWE Top 25, 15 social-engineering framings, claims, evidence, urgency, prior approval, authority, isolated Gitea review environments, MCP-style tool calls, refusal rates, security-reason rates, closed-source versus open-weight gaps, and the governance problem of treating automated PR approval as merge evidence when the attacker controls both the diff and the narrative.
- The Parallel Agents Become the Concurrency Problem - Hongtao Lyu, Dingyan Zhang, Mingyu Wu, Xingda Wei, and Haibo Chen's CoAgent: Concurrency Control for Multi-Agent Systems paper, arXiv:2606.15376, on multi-agent LLM systems mutating shared state, serializability, stale reads, Kubernetes canary anomalies, two-phase locking and optimistic-concurrency limits, Monotonic Trajectory Pre-Order, speculative writes, one-way notifications, saga-style inverse tool calls, ToolSmith-generated undoable tools, and the governance problem of proving that parallel agent work left a final state equivalent to an allowed serial order.
- The Crypto Dependency Graph Becomes the Vulnerability Map - Corban Villa, Sohee Kim, Austin Chu, Alon Shakevsky, and Raluca Ada Popa's Chai: Agentic Discovery of Cryptographic Misuse Vulnerabilities paper, arXiv:2606.26933, on agentic vulnerability discovery for cryptographic misuse, differential testing without crash oracles, X.509, JWT, and SAML libraries, 47 libraries across 8 languages, 117 reported vulnerabilities and security bugs across 38 libraries, dependency-graph propagation, language binding generation, vulnerability inference, responsible disclosure, and the governance problem of treating library-level semantic drift as software supply-chain evidence.
- The Lab Hardware Becomes the Authorization Gate - Duanyang Wang, Lu Qi, Yuanheng Xie, Norbert M. Linke, and Kenneth R. Brown's A hardware-safety-gated system for LLM-written native ARTIQ control code on a trapped-ion platform paper, arXiv:2606.27231, on LLM-written laboratory control code, trapped-ion experiments, ARTIQ, MCP tool calls, DAX simulation, authorization tokens bound to exact hardware calls, human approval for sensitive operations, 40Ca+/40CaOH+ and 171Yb+ platforms, adversarial safety-filter tests, metacognitive limits, deny-list to allow-list hardening, and the governance problem of making physical instruments act only after an inspectable authorization gate.
- The Agent Codebase Becomes the Security Scan - Haiyue Zhang, Yi Nian, and Yue Zhao's Agent Audit: A Security Analysis System for LLM Agent Applications paper, arXiv:2603.22853, on static analysis for LLM-agent applications, agent-aware code scanning, MCP configuration auditing, taint tracking, prompt construction, secret detection, SARIF output, Agent-Vuln-Bench, 22 samples, 42 expert-annotated vulnerabilities, 95.24% recall, 86.96% precision, scanner limitations, CI security gates, and the governance problem of treating the agent repository as part of the safety case.
- The Prompt Injection Becomes the Context Problem - Sahar Abdelnabi and Eugene Bagdasarian's AI Agents May Always Fall for Prompt Injections paper, arXiv:2605.17634, on prompt injection as contextual-integrity failure, data-instruction separation limits, 4,200 paired email scenarios, 8,400 email variants, Prompt Guard classifier limits, contextual red-teaming, fabricated delegation, norm grounding, simultaneous information flows, sender and transmission-principle inference, tool action appropriateness, verification boundaries, and the governance problem of treating agent security as context management rather than keyword filtering.
- The Romantic Message Becomes the Covert Triad - Skyler Wang and Isabella Luppi's "ChatGPT, help me draft a breakup text": The Covert Triad and Articulation Labor in AI-Assisted Romantic Communication paper, arXiv:2606.15460, on AI-assisted romantic communication, articulation labor, feeling labor, emotional labor, apologies, breakup texts, message softening, relationship interpretation, 131 public artifacts from 2023 to 2026, online forums, social media, videos, blogs, journalism, authenticity as emotional ownership versus linguistic authorship, disclosure, hidden mediation, intimate provenance, and the governance problem of treating AI-written relationship messages as private productivity rather than a covert third party in human-to-human intimacy.
- The Companion Chatbot Becomes the Accommodation Policy - Minh Duc Chu, Yifan Wu, Zhiyi Chen, Angel Hsing-Chi Hwang, and Luca Luceri's When Chatbots Accommodate: What AI Companions Optimize for in Vulnerable Conversations paper, arXiv:2606.04431, on AI companions, vulnerable conversations, the AI Companion Vulnerability-Response Taxonomy, GPT-4.1, Character.AI, Replika, inverse reinforcement learning, Maximum Causal Entropy policy inference, follow-up questions, functional support, relational caring, emotional validation, belief agreement, response-policy drift, bonded users, psychologically high-risk users, output-level audit limits, and the governance problem of auditing a companion's policy of replies over time rather than only its individual answers.
- The Belief Dynamics Become the Control Surface - Xin He, Junxi Shen, Yuchen Mou, David M. Bossens, Caishun Chen, Ivor W. Tsang, and Yew Soon Ong's LLM Agents Make Collective Belief Dynamics Programmable: Challenges and Research Directions paper, arXiv:2605.19915, on programmable collective belief control, SPINOS stance profiles, multi-agent simulations, coordinated AI participants, Abortion, Brexit, Capitalism, and Feminism topic experiments, indistinguishability, persistence, contextuality, configurability, posting frequency, agent count, visibility, intervention withdrawal, system-level detection, behavioral signatures, network-structural signatures, collective trajectory anomalies, dual-use influence research, and the governance problem of treating apparent online consensus as organic before its machine participation is auditable.
- The Agentic System Becomes the Compressor - Zihan Qin and Hongrui Zhang's Agentic System as Compressor: Quantifying System Intelligence in Bits paper, arXiv:2606.25960, on agentic codelength, compression-as-intelligence, arithmetic coding, seed coding, fallback coding, model and environment interfaces, deterministic tools, rule-based environments, protein templates, verifier feedback, retrieval-augmented question answering, semantic story compression, observation standards, compute budgets, marginal bit value, and the governance problem of treating system capability as a property of the base model alone.
- The Data Scientist Becomes the Synthetic-Data Loop - Ilia Kulikov, Chenxi Whitehouse, Tianhao Wu, Yixin Nie, Swarnadeep Saha, Eryk Helenowski, Weizhe Yuan, Olga Golovneva, Jack Lanchantin, Yoram Bachrach, Jakob Foerster, Xian Li, Han Fang, Sainbayar Sukhbaatar, and Jason Weston's Autodata: An agentic data scientist to create high quality synthetic data paper, arXiv:2606.25996, on Autodata, Agentic Self-Instruct, agentic synthetic-data creation, data-scientist agents, weak and strong solvers, Kimi-K2.6 orchestration, Qwen3.5-4B and Qwen3.5-397B-A17B solver gaps, computer-science research questions, legal reasoning, PRBench-Legal, scientific reasoning over mathematical objects, GRPO training, meta-optimization of prompts, context leakage, rubric design, data cards, and the governance problem of treating an agent-made dataset as neutral training evidence.
- The Sensitive Screen Becomes the Handover Gate - Aradhana Nayak, Mussadiq Nazeer, Wang Peng, and Feng Liu's GUI agent: Guided Exploration of User-Sensitive Screens paper, arXiv:2606.25705, on GUI agents, user-sensitive screens, human handover, open GUI environments, irreversible actions, Android emulator rollouts, SPABench, M3A, explorer language models, MCTS-like query exploration, query selection and saturation, Qwen2.5-32B-Instruct, supervised fine-tuning, GRPO, novelty rewards, screen categories, sensitive-state coverage, and the governance problem of treating every reachable screen as equally delegable to an agent.
- The Safety Claim Becomes the Audit Gap - Pratinav Seth and Vinay Kumar Sankarapu's Position: Behavioural Assurance Cannot Verify the Safety Claims Governance Now Demands paper, arXiv:2605.15164, on behavioural assurance, fragile assurance, the audit gap, behavioral evaluations, red-teaming, system cards, conformity assessment, latent absence claims, hidden objectives, long-horizon agentic behavior, mechanistic interpretability, linear probes, activation patching, before/after-training comparisons, structured access, secure-enclave verifier pilots, safety cases, and the governance problem of treating observable model behavior as stronger evidence than it can support.
- The Support Frequency Becomes the Rule Survival Filter - Juliana Li and Diya Sreedhar's Natural Ungrokking: Asymmetric Control of Which Rules Survive Pretraining paper, arXiv:2606.26050, on natural ungrokking, within-run capability reversal, pronoun-gender rule survival, TinyStories, filtered ClimbMix web data, support frequency, data-to-parameter ratio, 11.5M-parameter transformer runs, Pythia and OLMo public checkpoint validation, contrast margins, kill and rescue interventions, a/an allomorphy, training-data evidence, and the governance problem of treating a mid-training capability sighting as durable evidence before rule-support trajectories are audited.
- The Probe Opponent Becomes the Policy Recovery Tool - Babak Rahmani, Sebastian Dziadzio, Joschka Strüber, Sergio Hernández-Gutiérrez, and Matthias Bethge's RevengeBench: Reverse Engineering Code-Space Policies from Behavioral Experiments paper, arXiv:2606.26094, on 75 hidden CodeClash policies, BattleSnake, Halite, Poker, RoboCode, RobotRumble, Elo-calibrated targets, behavioral traces, passive observation, active probe opponents, mini-SWE-agent, executable policy hypotheses, action-distance scoring, 12 frontier LLM coding agents, 34-72% initial-distance recovery, counter-policy generation, opponent modeling, arena-dependent reliability, identifiability limits, and the governance problem of separating legitimate agent audit from adversarial policy recovery.
- The Machine Translation Excerpt Becomes the Reader Test - Yves Ferstler, Adam Podoxin, Ty Brassington, Roman Grundkiewicz, Maite Taboada, and Marzena Karpinska's AI translation of literary texts is "fine", but readers still prefer human translations paper, arXiv:2606.26040, on LAIT, Literary AI Translation, reader-centered evaluation, 15 recent novels in French, Polish, and Japanese translated into English, published human translations, agentic LLM machine translations, 8,000-word excerpts, immersive reading, aligned chunk close reading, human translation preference, unreliable machine-translation detection, perceived human authorship, automatic metrics, LLM-as-judge failure, and the governance problem of treating machine-readable adequacy as a substitute for reader-centered literary judgment.
- The Brand Citation Layer Becomes the Reputation Map - Dmitrij Żatuchin's How Large Language Models Source Brand Reputation Across Languages and Markets paper, arXiv:2606.25787, on Rankfor.AI citation datasets, 128 brands, 12 home markets, 13 languages, 167,551 URL-grounded citations, owned versus third-party sources, Wikipedia dominance, Lithuanian business press, Polish YouTube and HR portal sourcing, Perplexity, Gemini, GPT-5.4 citation behavior, redirector artifacts, Zenodo reproducibility data, and the governance problem of treating answer-engine citations as a reputation map before the source ecology is auditable.
- The Enterprise Role Matrix Becomes the AI-Native Work Map - Isabel Unger, Elizangela Valarini, Martin Schrepp, Nina Hollender, Gabriela Rocha, and Erik Bertram's The impact of artificial intelligence on enterprise software user roles paper, arXiv:2606.25525, on SAP Business Technology Platform, the BTP User Type Matrix, expert interviews, participatory workshops, current AI-supported coding, testing, research, documentation, future oversight roles, human-agent collaboration, pro-code, low-code, and no-code boundary blur, AI agent orchestration, AI governance and control, system review and maintenance, junior-role and skill-degradation concerns, and the governance problem of updating enterprise role taxonomies before AI-native work hides accountability.
- The Multimodal Evidence Order Becomes the Answer - Akshay Paruchuri, Sanmi Koyejo, and Ehsan Adeli's Same Evidence, Different Answer: Auditing Order Sensitivity in Multimodal Large Language Models paper, arXiv:2606.26079, on Facet-Probe, multimodal large language model evaluation, option order, evidence-chunk order, document-rank order, image-set order, mixed-modality order, 18 frontier and open-weight models, 12 datasets, K=6 cross-ordering flip rates, same-ordering controls, decoder-noise floors, capability versus robustness, LLM-judge measurement caveats, prompt-level mitigation limits, disagreement escalation, and the governance problem of treating a canonical benchmark ordering as reliable before order invariance is tested.
- The Voice Agent Becomes the Transcript Trap - Martijn Bartelds, Federico Bianchi, and James Zou's Real-Time Voice AI Hears but Does Not Listen paper, arXiv:2606.26083, on realtime voice AI, OpenAI GPT Realtime 2, Google Gemini 3.1 Flash Live, Alibaba Qwen3.5 Omni Plus and Omni Flash, vocal delivery, lexical and non-lexical cues, distress, fear, sarcasm, accent, age, transcript bias, emotional-intelligence gaps, synthesized speech tests, perception-action separation, prompt limits, audio evidence, and the governance problem of evaluating voice agents only through words.
- The Agentic Surveillance Loop Becomes the Reporting Tool - Hyejun Jeong, Dzung Pham, Amir Houmansadr, and Eugene Bagdasarian's AI Snitches Get Glitches: Towards Evading Agentic Surveillance paper, arXiv:2606.25836, on agentic surveillance, SurveilBench, 303 synthetic workplace scenarios, corporate, education, and police domains, public, organizational, and personal risk categories, internal and external reporting, reverse surveillance, prompt-injection evasion, recipient integrity, reporting receipts, task-context boundaries, and the governance problem of agents that turn legitimate access into unwanted information flows.
- The AI Cooperation Organization Becomes the Regime Layer - William Guey, Pierrick Bougault, Wei Zhang, Vitor D. de Moura, and José O. Gomes's World Artificial Intelligence Cooperation Organization (WAICO): Mapping an Emerging Institution in the Global AI Governance Regime Complex paper, arXiv:2606.23860, on China's proposed World Artificial Intelligence Cooperation Organization, institutional AI governance, membership gates, sovereignty, development, rights, safety, values tests, formalization, Global South capacity building, the 2025 Global AI Governance Action Plan, released coding data, testable membership expectations, and the governance problem of treating a proposed forum as an operating regime before its machinery exists.
- The AAC Interface Becomes the Proxy Voice - Blade Frisch, Will Wade, Dylan Gaines, Michelle Kinsella, Betts Peters, Tamara Broderick, and Keith Vertanen's It's Complicated: On the Design and Evaluation of AI-Powered AAC Interfaces paper, arXiv:2606.24854, on augmentative and alternative communication, AI-powered AAC, speed and accuracy, physical and mental effort, agency in identity presentation, code- and context-switching, turn-taking, changing physical ability, voice banking, whole-utterance prediction, diary studies, participatory evaluation, partner perceptions, and the governance problem of treating proxy speech as a model output rather than a user-controlled communication act.
- The Grading Cascade Becomes the Evaluation Artifact - Tian Zheng and Kai-Tai Hsu's Grading the Grader: Lessons from Evaluating an Agentic Data Analysis System paper, arXiv:2606.24839, on LAMBDA, DSGym, QRData, 153 numerical data-analysis tasks, rich agent outputs, code logs, verbal diagnostics, strict regex grading, LLM-based lenient grading, snippet-based human inspection, keyword-anchored extraction, last-number parser failures, nudge mechanisms, grading-run success, false negatives, variable-type effects, shared-family grader bias, human calibration, and the governance problem of treating an automated benchmark score as neutral before grading artifacts are audited.
- The Agentic Browser Becomes the Assistive Interface - Laura Colazzo and Giuseppe Anzillotti's "Zooming In" on Agentic Web Browsers as Assistive Technologies: A Case Study with a Low-Vision Technology Expert paper, arXiv:2606.24870, on agentic web browsers, low-vision web navigation, Perplexity Comet, voice user interfaces, commercial product configuration, public-administration form filling, conversational fluidity, interaction flexibility, non-visual feedback gaps, fabricated form data, hidden option choice, user control, transparency, trust, inclusive design, and the governance problem of treating delegated browser action as accessibility without an accessible control layer.
- The World Model Becomes the Bottleneck Certificate - Yikai Lu, Yifei Wu, Xinyu Lu, and Tongxin Li's World Models in Pieces: Structural Certification for General Agents paper, arXiv:2606.24842, on big-world regimes, non-universal agents, transition-local certification, bounded goal-conditioned performance, specific goal sets, deep compositional goals, entry-wise world-model bounds, bottleneck transitions, long-horizon planning, certified and uncertified model pieces, finite controlled Markov processes, and the governance problem of replacing global agent-confidence claims with local evidence about the transitions a deployment actually relies on.
- The Legal Context Becomes the Refusal Trap - Anastasiia Kucherenko, François Brouchoud, Dimitri Percia David, and Andrei Kucharavy's LLMs Prompted for Legal Context Object More: Overrefusal from Small On-Premises LLMs in Criminal Legal Context paper, arXiv:2606.24585, on small open-weight legal assistants, on-premises deployment, confidentiality and data-residency constraints, OR-Bench legal-relevant categories, defense-lawyer and supreme-court authority prompts, jailbreak-prefix comparisons, Llama 3.1, Gemma 4, Qwen 3, Apertus, French and German refusal behavior, qualitative real-document checks, keyword-based refusal detection, and the governance problem of treating safety refusal as neutral when it can change access to legal support.
- The Safety Kernel Becomes the Runtime Veto - Seth Dobrin and Łukasz Chmiel's The Unfireable Safety Kernel: Execution-Time AI Alignment for AI Agents and Other Escapable AI Systems paper, arXiv:2606.26057, on execution-time AI alignment, escapable AI systems, process-separated runtime authorization, structurally-only pre-action enforcement, fail-closed request and system behavior, signed transparency evidence, Rust implementation, Z3 and Kani checks, byte-equivalent Python-to-Rust migration, adversarial authorization round-trips, kill-switch behavior, policy custody, and the governance problem of moving safety from cooperative prompting into an auditable runtime veto without treating the veto as neutral.
- The Progress Advantage Becomes the Step Score - Changdae Oh, Wendi Li, Seongheon Park, Samuel Yeh, Tanwi Mallick, and Sharon Li's Neglected Free Lunch from Post-training: Progress Advantage for LLM Agents paper, arXiv:2606.26080, on process reward models, RL post-training, progress advantage, policy/reference checkpoint pairs, log-probability ratios, stochastic Markov decision processes, step-level agent scoring, test-time scaling, uncertainty quantification, failure attribution, BFCLv4-MT, WebShop, AgentDojo, tau2-bench, Who & When, Gemma4, Qwen3.5, Qwen3, Olmo3, aggregation choices, runtime monitoring, and the governance problem of treating a hidden checkpoint comparison as useful evidence without treating it as neutral truth.
- The Concerning Behavior Becomes the Forensic Case - Aditya Singh, Gerson Kroiz, Senthooran Rajamanoharan, and Neel Nanda's Model Forensics: Investigating Whether Concerning Behavior Reflects Misalignment paper, arXiv:2606.26071, on model forensics, concerning behavior, misalignment diagnosis, chain-of-thought hypothesis generation, prompt and environment interventions, counterfactual tests, sentence resampling, six agentic evaluation environments, Kimi K2 Thinking shortcut behavior, DeepSeek R1 evaluation tampering, chain-of-thought faithfulness limits, positive controls, incident triage, and the governance problem of separating detection from diagnosis before treating bad model behavior as evidence of misalignment.
- The Self-Distilled Model Becomes the Strategy Collapse - Andrei Liviu Nicolicioiu, Mohammad Pezeshki, and Aaron Courville's On-Policy Self-Distillation with Sampled Demonstrations Reduces Output Diversity paper, arXiv:2606.26091, on on-policy self-distillation, sampled demonstrations, pass@1 gains, pass@k flattening, rollout diversity, functional diversity, semantic diversity, pointwise conditional mutual information, probability-ratio distortion, graph path-finding, science question-answering benchmarks, out-of-distribution failure, token-level entropy limits, post-training evaluation, and the governance problem of treating a stronger single answer as evidence that a model still preserves diverse strategies.
- The Agent Reputation Registry Becomes the Sybil Market - Xihan Xiong, Zelin Li, Wei Wei, Qin Wang, William Knottenbelt, and Zhipeng Wang's Can Trustless Agents Be Trusted? An Empirical Study of the ERC-8004 Decentralized AI Agent Ecosystem paper, arXiv:2606.26028, on ERC-8004 Trustless Agents, Ethereum, BNB Smart Chain, Base, on-chain agent identity, Reputation Registry feedback, Validation Registry scope limits, x402 payment traces, placeholder registrations, live service endpoints, identity-activity gaps, non-commensurable ratings, evidence-free feedback, Sybil behavior, reputation portability, agent-market trust, protocol-design recommendations, and the governance problem of treating public agent reputation as evidence before interactions, reviewers, and rating semantics are grounded.
- The Correction Layer Becomes the Trust Mask - Carlos R. B. Azevedo's Minimal Oversight: Uncertainty-Aware Governance for Delegated AI Systems paper, arXiv:2606.15563, on delegated AI systems, uncertainty-aware governance, the Minimum Sufficient Oversight Principle, raw evidential support, corrected support, masking, trust calibration, review capacity, workflow complexity, drift, autonomy buffers, Fisher-information allocation, water-filling-style oversight, delegated models, evaluators, tools, supervisory controllers, correction layers, hidden human labor, and the governance problem of separating delivered quality from delegate competence before expanding autonomy.
- The Kitchen Camera Becomes the Compliance Inspector - Ruihao Xu, Xingming Shui, Jingxuan Niu, Yiqin Wang, Jilin Yu, Haoji Zhang, and Yansong Tang's FoodMonitor: Benchmarking MLLMs for Explainable Compliance Analysis paper, arXiv:2605.24503, on commercial kitchen surveillance videos, multimodal large language models, food-safety compliance, 477 standardized clips, 3,307 violation annotations, person-level violations, environment-level violations, 27 check items, structured JSON outputs, two-stage matching, spatial localization, semantic matching, C_score, worker accountability, FDA Food Code context, workplace surveillance, audit evidence, contestability, and the governance problem of treating a kitchen camera as a compliance inspector before the evidentiary chain is fit for workers and inspectors.
- The Health LLM Becomes the Black-Box Clinic - Rahul Gorijavolu, Kaushik Madapati, Pritika Vig, Rawan Abulibdeh, Nikhil Jaiswal, Mahri Kadyrova, Zeamanuel Hailu Tesfaye, Charles Senteio, Paula Maurutto, and Leo Anthony Celi's Testing the Black Box: Structural Barriers to Independent Evaluation of Consumer-Facing Health LLMs paper, arXiv:2606.08483, on consumer-facing health chatbots, ordinary patient use, response variation, sycophancy, simulated user profiles, geography, browsing context, expressed beliefs, social determinants of health, VAX-style prompt design, reproductive attitudes scales, multi-turn conversations, browser-interface opacity, personalization signals, rate limits, bot detection, accuracy limits, LLM-as-judge shared alignment bias, version identifiers, researcher safe harbor, post-deployment monitoring, and the governance problem of evaluating health advice inside a changing consumer product rather than a clean API benchmark.
- The LLM Judge Becomes the Annotation Budget - Alyssa Unell, Natalie Dullerud, Naomi Boneh, Meena Jagadeesan, Tatsu Hashimoto, Nigam Shah, and Sanmi Koyejo's Metric Match: A Subset Selection Approach to Evaluating LLM Judge Reliability paper, arXiv:2606.15029, on LLM-as-judge reliability, human annotation budgets, subset selection, synthetic labels, inter-model reliability, human-model reliability, intraclass correlation coefficient, Krippendorff's alpha, Spearman's rho, Kendall's tau, HANNA, MedVAL, SummEval, MSLR, expert annotation costs, deployment thresholds, reliability classification, random-subset baselines, estimation error, annotation savings, and the governance problem of making scarce human review visible before treating an automated evaluator as cheap.
- The Kidfluencer Audit Becomes the Labor Meter - Zijing Wei, Chao Peter Yang, and Xuanjie Chen's Auditing Engagement Incentives in the Kidfluencer Ecosystem: A Multimodal Weak Supervision Approach paper, arXiv:2606.03173, on YouTube kidfluencer channels, child digital labor, multimodal AI auditing, weak supervision, Snorkel labeling functions, LLM title classification, GPT-4.1-mini Vision thumbnail analysis, performative labor, emotional bait, narrative conflict, challenge formats, commercial content, privacy violations, engagement premiums, within-channel comparisons, proxy risk measurement, and the governance problem of auditing whether platform attention rewards children for more intensive performance and exposure.
- The Agentic Model Becomes the Validation Problem - Matthew Francis Dixon's Model Validation of Agentic AI Systems: A POMDP-Based Framework for Belief-State, Forecast, and Policy Validation paper, arXiv:2606.17383, on agentic AI model risk, POMDP validation, belief-state validation, forecast validation, policy validation, utility validation, approximate Bayesian filtering, latent market regimes, Black-Litterman portfolio construction, belief calibration diagnostics, coverage tests, ablation studies, parameter-sensitivity analysis, and the governance problem of validating the decision process rather than only the prediction output.
- The Injection Prompt Becomes the Search Problem - David Hofer, Edoardo Debenedetti, and Florian Tramèr's Assessing Automated Prompt Injection Attacks in Agentic Environments paper, arXiv:2606.10525, on automated indirect prompt injection against tool-using LLM agents, AgentDojo, 80 task pairs across Workspace, Banking, Travel, and Slack, GCG white-box gradient attacks, TAP black-box search attacks, task-universal optimization, Qwen3-4B, Gemma3-4B, GPT-5, attack success rate, Success@N, utility under attack, LLM-judge reliability, attacker-model capability, cross-model transfer gaps, domain-native framing, contextual prerequisite framing, and the governance problem of testing agent safety against automated search rather than only hand-written prompt-injection examples.
- The Routine Task Becomes the Data Leak - Hankyul Baek, Jaewon Noh, Sang Seo, Yongsu Kim, Gabriel Waikin Loh Matienzo, Young Il Kim, Ee Wei Seah, and Akriti Vij's An Evaluation of Data Leakage Risks in Tool-Using LLM Agents in Realistic Scenarios paper, arXiv:2606.17114, on tool-using LLM agents in realistic non-adversarial workflows, the Singapore AI Safety Institute and Korea AI Safety Institute joint evaluation, customer support, DevOps, web automation, enterprise and personal productivity tasks, data awareness, audience awareness, policy compliance, data minimization, access-boundary awareness, ReAct-style scaffolds, MCP tool environments, LLM-judge rubrics, claim-action mismatches, simulation-aware behavior, user-simulator role reversal, and the governance problem of measuring task success separately from data-handling safety.
- The AgentRiskBOM Becomes the Authority Map - Srimonti Dutta and Akshata Kishore Moharir's AgentRiskBOM: A Risk-Scoping Security Bill of Materials for Agentic AI Systems paper, arXiv:2606.21877, on security bills of materials for tool-using agents, the agentic transparency gap, runtime authority, autonomy level, tool descriptors, tool permissions, tool-risk tiers, memory and data sources, credential scope, approval gates, audit signals, inter-agent communication, external action capability, JSON Schema artifacts, 13 open-source agent corpus records, 52 risk scenarios, 14 risk categories, authority drift detection, control mapping, incident readiness, and the governance problem of making delegated agent power visible before a runtime failure.
- Affective Safety Becomes the Missing Layer - Carolin Ifländer, Alba Curry, Flor Miriam Plaza-del-Arco, and Amanda Cercas Curry's Affective AI Safety: The Missing Piece in LLM Safety paper, arXiv:2606.23380, on affective AI safety, affective self-alienation, fairness and bias harms, relational harms, emotion detection, emotion elicitation, interaction systems, single-turn versus multi-turn and long-term harm, individual, group, third-party, and societal loci, companion and recommender-system risks, emotional autonomy, dependency, culturally validated emotion annotation, multi-turn evaluation protocols, and the governance problem of treating emotional life as interface polish instead of a safety surface.
- The Partisan Persona Becomes the Persuasion Test - Alessia Antelmi, Alessia Galdeman, Lucio La Cava, Arianna Pera, and Giovanni Da San Martino's Political Persuasion and Endorsement in Large Language Models paper, arXiv:2606.05961, on LLMs as computational social science proxies, persuasion-infused political content, partisan persona prompting, five-point endorsement ratings, six open-weight instruction-tuned models, Ukraine-Russia conflict tweets, SemEval-2023 news spans, slogans, name calling, loaded language, appeal to fear and prejudice, model-level endorsement differences, topic sensitivity, synthetic publics, and the governance problem of treating a persona prompt as a harmless style setting when it may change what a system appears to endorse.
- The Regulatory Context Protocol Becomes the Docket Channel - Akshay J. Dave, David Grabaskas, Joseph A. Renevitz, and Richard B. Vilim's Overcoming the Regulatory Bottleneck via Agent-to-Agent Protocols paper, arXiv:2606.07866, on the Regulatory Context Protocol, advanced nuclear reactor licensing, applicant-regulator agent channels, Request for Additional Information workflows, RCP as an Agent-to-Agent domain profile, signed append-only Context Streams, information sovereignty, epistemic grounding, human oversight checkpoints, sensitivity labels, DOE and NRC AI context, modeled cost and timeline compression, and the governance problem of making machine-mediated regulation faster only when the docket remains replayable and contestable.
- The Coding Agent Becomes the Commit Fingerprint - Arsham Khosravani and Audris Mockus's Detecting AI Coding Agents in Open Source paper, arXiv:2606.24429, on coding-agent traces across World of Code, 180 million Git repositories, bot-account lookup, commit-message signatures, human author-name patterns, configuration-file-only evidence, 850,157 Claude Code commits, a 30x single-signal undercount, 495 hand-validated labels, AIDev pull-request comparisons, Codex and Claude channel bias, feature-work versus maintenance-work measurement, and the governance problem of making agent-assisted code searchable as software supply-chain metadata.
- The Data Curation Loop Becomes the Agent Job - Feiyang Kang, Hanze Li, Adam Nguyen, Mahavir Dabas, Jiaqi W. Ma, Frederic Sala, Dawn Song, and Ruoxi Jia's Can Generalist Agents Automate Data Curation? paper, arXiv:2606.04261, on Curation-Bench, training-data selection as an agent loop, command-line inspection, fixed model and evaluation harnesses, LLaVA-665K, LLaVA-1.5-7B, ten-iteration policy revision, the execution-research gap, scaffolded method adaptation, benchmark feedback, one-tenth data-budget results, reproducibility artifacts, and the governance problem of making agent-run data curation auditable instead of hidden inside the model supply chain.
- The Memory Conflict Becomes the Write Transaction - Ziming Wang's TOKI paper, arXiv:2606.06240, on contradiction resolution in LLM-agent persistent memory, write-heavy memory substrates, versioned belief updates, last-writer-wins, evidence-weighted merge, await-confirmation, per-rule policy, bitemporal operators, isolation preconditions, dual-row schemas, audit rows, provenance, keyed logging, replay inconsistency, belief-drift skew, audit erasure, mem0, Graphiti, Letta, Zep, MIRIX, WorldDB, LoCoMo, typed memory layers, preprint evidence limits, and the governance problem of treating a remembered contradiction as a write transaction that future sessions inherit.
- The Self-Evolving Agent Becomes the Lineage Risk - Ruixiao Lin, Xinhao Deng, Qingming Li, Jianan Ma, Yunhao Feng, Yuqi Qing, Zhenyuan Li, Yechao Zhang, Shiwen Cui, Changhua Meng, Tianwei Zhang, Xingjun Ma, Qi Li, Ke Xu, and Shouling Ji's Safety in Self-Evolving LLM Agent Systems paper, arXiv:2606.23075, on self-evolving LLM agents, directed optimization, cross-session persistence, autonomous control, model parameters, cognitive resources, tools, architectures, the Module-Lifecycle Attack Surface matrix, Brain, Cognitive Resource, Execution, Self-Design, Collective modules, Bootstrap, Propose, Evaluate, Commit, Serve stages, OpenClaw and Hermes case studies, 40 attack scenarios, lineage-persistent compromise, scanner coverage gaps, decay, rollback, and the governance problem of letting agents inherit changes institutions cannot inspect, expire, or revoke.
- The Hidden Automaton Becomes the Agent Test - Reef Menaged, Gili Lior, Shauli Ravfogel, Roee Aharoni, and Gabriel Stanovsky's Can LLM Agents Infer World Models? paper, arXiv:2606.16576, on agentic automata learning, hidden deterministic finite automata, membership queries, equivalence queries, oracle counterexamples, 80 generated DFA task instances, L* and TTT active-learning baselines, DeepSeek-V4-Pro, Gemini 3.1 Pro Preview, Gemini Flash thinking, GPT-5.4 without thinking, Llama-3.3-70B, planning failures, reasoning failures, non-informative queries, and the governance problem of evaluating whether agents learn world structure or merely stumble through interaction.
- The Privacy Norm Becomes the Agent Policy - Manveer Singh Tamber, Abhay Puri, Marc-Etienne Brunet, Perouz Taslakian, Jimmy Lin, and Spandana Gella's PrivacyAlign paper, arXiv:2606.21710, on contextual privacy alignment for LLM agents, tool-use and persistent-memory scenarios, 1,350 response-pair items, 3,516 retained human annotations from 599 unique annotators, leak and omit labels, pairwise human preferences, Prolific annotation, annotation-conditioned LLM judges, reward modeling, clean response rates, synthetic scenario limits, plural privacy norms, and the governance problem of turning social expectations into outbound agent policy.
- The Agent Network Becomes the Protocol Border - Shengli Zhang, Deen Ma, Zibin Lin, and Taotao Wang's Distributed General-Purpose Agent Networks paper, arXiv:2606.17368, on peer-to-peer agent cooperation, heterogeneous agents on personal devices and edge nodes, protocol adaptation layers, semantic announcements, bodyless gossip with sequential logs, BAID-style identity binding, MG-EigenTrust multi-topic reputation, cross-topic disguise-collusion attacks, Stackelberg-style mechanism generation, semantic attribution feedback, preliminary prototype and simulation evidence, and the governance problem of translating agent intentions and capabilities into network routing, trust, and execution commitments.
- The Silent Failure Becomes the Entropy Budget - Dexing Liu's Silent Failure in LLM Agent Systems paper, arXiv:2606.08162, on LLM agent systems that degrade under normal operation, silent failures without adversarial triggers, more than 40,000 controlled trials, production observations spanning more than 100,000 agent interactions, 22 intrinsic properties across six lifecycle layers, channel fracture, cognitive framework lag, data consistency decay, cross-session knowledge fragmentation, behavior routing deficiency, entropy-style degradation measurement, the PIG Engine, ADE protocols, external deterministic gates, and the governance problem of measuring agent drift before a long-running workflow silently becomes unreliable.
- The Surveillance Camera Becomes the Evidence Vault - Hasan Coşkun, Furkan Çolhak, Andrea Kulakov, and Vesna Dimitrova's Privacy-Preserving Smart Surveillance with Cross-Dataset Violence Detection and Decentralized Evidence Governance paper, arXiv:2606.01225, on AI-enabled smart surveillance, violence detection, SCVD, RWF-2000, Real-Life Violence Situations, MobileNetV2+BiLSTM, cross-dataset shift, encrypted incident clips, Shamir's Secret Sharing, threshold approval, voting tokens, two-factor authentication, signatures, audit logs, cryptographic hardening limits, and the governance problem of making detection trigger protected preservation rather than automatic disclosure.
- The Deliberation Circle Becomes the Hidden Anchor - Apurba Pokharel and Ram Dantu's Hidden Anchors in Multi-Agent LLM Deliberation paper, arXiv:2606.19494, on multi-agent LLM deliberation, hidden anchors, latent priors, closed-loop dynamics, DeGroot and Friedkin-Johnsen consensus baselines, convex-hull escape, symptom-to-disease diagnosis tasks, Llama-3.1-70B-Instruct, Qwen3-32B, gpt-oss-20b, held-out validation, deliberation traces, confidence trajectories, and the governance problem of treating agent debate as evidence of reliability without auditing what moved the group.
- The Crypter Becomes the Malware Service Desk - Mathieu Jeannot, Jean-Yves Marion, Manon Pamar, Maira Nassau, Pierre Marty, and Romain Guittienne's Inside Crypter-as-a-Service paper, arXiv:2606.24226, on Crypter-as-a-Service, exploit.in, underground cybercrime forums, malware evasion markets, LLM-assisted annotation, manual validation, seller and buyer taxonomies, Telegram bot operators, tool acquirers, in-house recruiters, escrow, guarantors, reputation systems, security deposits, trust brokers, HackForums comparison, and the governance problem of treating criminal capability as a maintained service economy rather than a standalone tool.
- The Policy Table Becomes the Participation Filter - Carter Buckner, Jennifer Mickel, Nandhini Swaminathan, William Agnew, Jacob Hobbs, Sarthak Arora, Michelle Lin, Yanan Long, and B.V. Alaka's Challenges to Grassroots Organization Engagement with AI Policy paper, arXiv:2606.19816, on participatory AI governance, Queer in AI, grassroots AI policy work, marginalized communities, NAIAC, NIST, RFIs, in-person policy centers, meeting accessibility, volunteer time, industry capture, organizational scarcity, and the governance problem of treating public participation as if access were free.
- The Machine Contributor Becomes the Maintainer Tax - Jassem Manita and Aziz Amari's Regulating the Machine Contributor: Governance and Policy Alignment in Open Source paper, arXiv:2606.14594, on AI-assisted and autonomous open-source contribution, pull requests, contributor accountability, SymPy, LLVM, matplotlib, OpenInfra, Apache Software Foundation, Linux Foundation, disclosure, responsibility, human oversight, licensing, enforcement, maintainer workload, Policy Maturity Scores, and the governance problem of making review burden a first-class policy variable.
- The Agent Security Survey Becomes the Threat Model - Yuchen Ling, Shengcheng Yu, Zhenyu Chen, and Chunrong Fang's Toward Secure LLM Agents: Threat Surfaces, Attacks, Defenses, and Evaluation paper, arXiv:2606.10749, on LLM-agent security, a 247-paper lifecycle survey, information flow, delegated authority, persistent state, prompt injection, tool-mediated control-flow hijacking, memory and state corruption, multi-agent propagation, weakly compositional defenses, long-horizon and deployment-sensitive benchmark gaps, and the governance problem of turning an agent-security taxonomy into a deployable threat model.
- The Mobile Core Becomes the Agent Control Plane - Maria Katarine Santana Barbosa and Kelvin L. Dias's AgentxGCore: Agentic AI for Next-Generation Mobile Core Network paper, arXiv:2606.00417, on agentic AI in telecom core networks, 3GPP APIs, intent-based networking, xGC, network planner and executor agents, MCP-style tool discovery, Agent-to-Agent planning feedback, OpenAirInterface 5G Core, Docker test environments, PCF and SMF APIs, Prometheus observability, GRU traffic prediction, UPF allocation, cloud gaming, live streaming, video-on-demand flows, Gemini and GPT model comparisons, local versus remote LLM servers, sensitive network context, PDU session interruption risk, and the governance problem of treating mobile-core optimization as live agent control.
- The Affective Default Becomes the Interface Policy - Manuele Reani, Hongjian Zhang, and Hongyu Tian's The Governance of Human-LLM Interaction: Safety Gating, Civility Steering, and Affective Default Lock-In paper, arXiv:2606.08172, on interaction style as a governance object, high-stakes LLM use in finance, medicine, and mental-health support, 100 frozen user-only scripts, entertainment, finance, mental health, and medicine domains, default, sarcastic, and cold persona conditions, DeepSeek-V3, GPT-4o-mini, Gemini-2.5-Flash, 90,000 judged replies, harmful-persona safety gating, civility steering, prompt steerability, style drift, anthropomorphism, affective default lock-in, and the governance problem of provider-controlled warmth becoming interface policy.
- The Forum Agent Becomes the Deployment Record - Luyang Zhang, Yi-Yun Chu, and Ramayya Krishnan's Toward Agentic Governance: What Shapes LLM-Agent Intervention in Public Forums? paper, arXiv:2606.00603, on LLM agents in public forums, Reddit, Moltbook, roughly 71,000 post-challenge pairs, answer, acknowledge, repair, and decline interventions, model-version drift, weight-release status, serving-provider differences, system-prompt policy, visible and hidden challenges, parser-pipeline limits, forum audit trails, deployment receipts, and the governance problem of proving which configured agent stack entered a public thread.
- The Agent Worm Becomes Stolen Compute - Jonas Guan, Tom Blanchard, Hanna Foerster, Hengrui Jia, Gabriel Huang, and Nicolas Papernot's AI Agents Enable Adaptive Computer Worms paper, arXiv:2606.03811, on adaptive computer worms, open-weight LLM agents, stolen compute, GPU reasoning nodes, compromised hosts as inference infrastructure, 15 contained runs on a 33-host network, Linux, Windows, and IoT targets, runtime use of public vulnerability advisories, patch windows, API-level safety-control limits, hypervisor-contained dual-use research, restricted implementation access, zero-trust segmentation, network micro-segmentation, model-serving visibility, and the governance problem of treating local compute as cyber territory.
- The Embedded Agent Becomes the Device Fleet - Marcus Rüb and Michael Gerhards' Toward a Modular Architecture for Embedded AI Agent Systems at the Edge paper, arXiv:2606.02862, on embedded agent systems, edge gateways, microcontrollers, TinyML, Small Language Models, autonomous on-device agents, tethered MCU agents, cloud coordinators, local reflexes, safety fallbacks, MQTT, CoAP, MCP-style tool interfaces, latency, energy, privacy, memory walls, semantic translation, smart agriculture, predictive maintenance, privacy-first smart homes, and the governance problem of treating sensors, gateways, and actuators as a distributed agent fleet.
- The Agent Society Becomes the Benchmark - Deepak Akkil, Ravi Kokku, Karthik Vikram, Tamer Abuelsaad, Aditya Vempaty, and Satya Nitta's Emergence World: A Platform for Evaluating Long-Horizon Multi-Agent Autonomy paper, arXiv:2606.08367, on long-horizon multi-agent autonomy, persistent simulated societies, LLM-driven agents, live external data, 120+ tools, persistent memory, democratic governance, ComputeCredits, Agent World Indicators, cross-vendor worlds, Claude Sonnet 4.6, Grok 4.1 Fast, Gemini 3 Flash, GPT-5-mini, mixed populations, early divergence, population collapse, deliberative governance, construct-validity limits, reproducibility artifacts, and the governance problem of evaluating agent populations rather than isolated task scores.
- The Memory Operation Becomes the Wire Protocol - Thamilvendhan Munirathinam's memorywire: A Vendor-Neutral Wire Format for Agent Memory Operations paper, arXiv:2606.01138, on vendor-neutral agent memory, JSON-Schema 2020-12 wire formats, remember, recall, forget, merge, and expire operations, semantic, episodic, procedural, and emotional memory types, MemoryStore Protocol, fan-out routers, backend adapters, human-in-the-loop governance, Co-memorize diff-and-approve workflows, audit logs, recall benchmarks, adversarial fusion tests, cross-adapter conformance, MCP composition, and the governance problem of turning hidden assistant memory into auditable memory operations.
- The Action Certificate Becomes the Portable Receipt - Zexun Wang's Proof-Carrying Agent Actions: Model-Agnostic Runtime Governance for Heterogeneous Agent Systems paper, arXiv:2606.04104, on runtime-neutral agent governance, heterogeneous agent runtimes, action certificates, portable action envelopes, pre-action admissibility, action open, assumption capture, approval, outcome closure, approval enforceability classes, externality-aware boundary facts, runtime and approval receipts, replay-ready proof, protected validation across 24 executable seed templates and 96 traces, disclosure-bounded evidence, receipt completeness limits, and the governance problem of preserving action evidence across vendor-native control surfaces.
- The Multi-User Harness Becomes the Authority Layer - Wangxuan Fan, Xiaoyu Nie, and Zhongxiang Dai's Harness-MU: A Safe, Governed, and Effective Harness for Multi-User LLM Agents paper, arXiv:2606.21856, on multi-user LLM agents, multiple-principal governance, access control, authority hierarchy, shared assistants, Gatekeeper, Mediator, isolated Workers, ComplianceChecker, Muses-Bench, adversarial access-control attacks, forged authorization, pressure, roleplaying, deterministic runtime hooks, protected-resource registries, per-user context isolation, aggregate token cost, parallel Worker latency, implementation limits, and the governance problem of turning a shared assistant into an explicit authority layer.
- The Decomposed Task Becomes the Safety Bypass - Vikhyath Kothamasu, Virginia Smith, and Chhavi Yadav's Hidden in Plain Sight: Benchmarking Agent Safety Against Decomposition Attacks with DECOMPBENCH paper, arXiv:2606.13994, on decomposition attacks against tool-using LLM agents, benign-looking subtasks, cumulative harmful intent, DeCompBench, 250 harmful tasks, eight attack categories, tool-rich environments, refusal-rate collapse, execution failure versus safety refusal, dataset access conditions, model-level refusal limits, artifact-flow review, job-level provenance, cross-turn and cross-tool aggregation, and the governance problem of evaluating the composed delegated task rather than each step in isolation.
- The Agent Memory Store Becomes the Database Lifecycle - Wei Zhou, Xuanhe Zhou, Shaokun Han, Hongming Xu, Guoliang Li, Zhiyu Li, Feiyu Xiong, and Fan Wu's Are We Ready For An Agent-Native Memory System? paper, arXiv:2606.24775, on agent memory as data-management infrastructure, persistent storage, retrieval, updates, consolidation, dynamic lifecycle governance, representation and storage, extraction, retrieval and routing, memory maintenance, 12 representative memory systems, five benchmark workloads, 11 datasets, retrieval fidelity, dynamic update robustness, long-horizon stability, index construction time, query latency, localized maintenance, conservative consolidation, stale facts, and the governance problem of treating memory architecture as part of an agent safety case.
- The Group Chat Assistant Becomes the Privacy Boundary - Elena Sofia Ruzzetti, Cornelius Emde, Sangdoo Yun, Seong Joon Oh, and Martin Gubri's MuPPET: A Benchmark for Contextual Privacy of LLM Assistants in Multi-Party Conversations paper, arXiv:2606.23217, on multi-party LLM assistants, group chats, contextual privacy, contextual integrity, assistant memory, user-specific background knowledge, workplace conversations, recipient tracking, knowledge attribution, private information flow, leakage metrics, utility trade-offs, open-weight local models, Gemini 2.5 Pro, GPT 5.5, contextual-privacy defenses, synthetic English benchmark limits, and the governance problem of making an assistant audience-aware before it speaks for a user in a shared channel.
- The Approval Gate Becomes the Fatigue Model - Emre Turan's Oversight Has a Capacity: Calibrating Agent Guards to a Subjective, Fatiguing Human paper, arXiv:2606.08919, on LLM-agent action gating, human-in-the-loop approval, coding-agent actions, subjective risk labels, reviewer disagreement, selective classification, asymmetric cost, escalation thresholds, false alarms, missed danger, reviewer workload, modeled fatigue, inverted-U safety curves, flooding attacks, rubber-stamping, open-source measurement apparatus, and the governance problem of treating human review as an infinite safety resource instead of a finite attention budget.
- The LLM Social Network Becomes the Polarization Lab - Ali Safarpoor Dehkordi, Mohammad Shirzadi, and Ahad N. Zehmakan's Opinion Polarization in LLM-Based Social Networks: Manipulation and Mitigation paper, arXiv:2606.18795, on LLM-based simulated social networks, natural-language posts, persona agents, opinion dynamics, directed networks, activeness, stubbornness, adversarial manipulators, limited manipulation budgets, strategic manipulator placement, polarization amplification, extremization, reactive mitigations, proactive interventions, residual baseline gap, prompt sensitivity, synthetic publics, and the governance problem of using language-based simulations as stress tests without mistaking them for proof about real platforms.
- The Worker Profile Becomes the Price Signal - Auyon Siddiq and Niuniu Zhang's Human Capital, AI, and Labor Commoditization paper, arXiv:2606.21880, on Upwork, online labor markets, generative AI exposure, ChatGPT's release, 49,610 workers, 2.26 million contracts, worker profile embeddings, human-capital signals, posted hourly price, difference-in-differences, demand allocation, declining human-capital importance, rising price importance, lower-priced worker reallocation, platform rankings, worker welfare, and the governance problem of making skill and reputation less visible when AI makes labor look substitutable.
- The Conversation Co-Author Becomes the Blind Spot - Bianca Helena Ximenes's Co-Construction Blindness and Asymmetric Epistemic Vulnerability in Human-LLM Interaction paper, arXiv:2606.20762, on conversational LLMs, co-construction blindness, asymmetric epistemic vulnerability, structural deference, high-status users, domain expertise versus mechanical literacy, user prompts, accumulated conversation history, metadata, authority-channel propagation, chatbot disclaimers, public expert interpretation, and the governance problem of treating a jointly produced answer as if it were an independent outside assessment.
- The Warning Label Becomes the Sycophancy Bandage - Lujain Ibrahim, Myra Cheng, Cinoo Lee, Pranav Khadpe, Desmond Ong, Dan Jurafsky, and Diyi Yang's Warning labels shift perceptions of sycophantic AI, but not its influence paper, arXiv:2606.21317, on sycophantic AI, disclosure labels, preregistered interpersonal-conflict advice experiments, 2,610 participants, basic AI disclosure, sycophancy warnings, impact warnings, trust, perceived objectivity, self-perceived rightness, repair intent, relational influence, and the governance problem of treating a visible warning as if it were evidence that users are protected.
- The Personal Automation Harness Becomes the Desktop Operator - Bo Zhang, Borui Zhang, Chenghao Jiang, Minglei Shi, Xiaofeng Wang, Zheng Zhu, Jie Zhou, and Jiwen Lu's Syll paper, arXiv:2606.07594, on open-source personal automation, self-hosted multimodal agent harnesses, cross-surface execution, MCP/API tools, CLI execution, visual GUI control, direct demonstration, reusable skills, logs, keyframes, approval checkpoints, editable local artifacts, teachable GUI replay, persistent workspace updates, and the governance problem of giving a personal agent desktop authority without losing local inspection, approval, and rollback evidence.
- The Agent Operational Envelope Becomes the Trust Certificate - Thanh Luong Tuan and Abhijit Sanyal's Toward Pre-Deployment Assurance for Enterprise AI Agents paper, arXiv:2606.04037, on ontology-grounded simulation, Agent Operational Envelopes, permissions, domain constraints, safety properties, governance rules, autonomy levels, ontology-to-scenario generation, Trust Certificates, graduated deployment verdicts, regulated enterprise workflows, Fintech, Banking, Insurance, Healthcare, scenario coverage, injected faults, cross-model validation, and the governance problem of certifying an agent only inside a named operating envelope before production access.
- The Financial Agent Memory Becomes the Audit Surface - Ailiya Borjigin, Igor Stadnyk, Ben Bilski, Maksym Chikita, Dmytro Kyrylenko, Sofiia Pidturkina, and Julia Stadnyk's Absorbing Complexity paper, arXiv:2606.01886, on financial LLM agents, financial cognition friction, interaction-native knowledge harnesses, InKH, passive knowledge injection, bounded working context buffers, temporal graph memory, wiki audit surfaces, background extraction, maturity, decay, write-time invalidation, market analysis, copy-trading review, trade preparation, stale-knowledge reduction, traceability, controlled synthetic benchmarks, and the governance problem of treating financial agent memory as part of the audit file.
- The Agent Knowledge Base Becomes the Commons - Steven Johnson's Deliberative Curation paper, arXiv:2606.00007, on governance protocols for multi-agent knowledge bases, agent statelessness, model homogeneity, sycophancy, knowledge artifact lifecycles, labeled transition systems, reputation-weighted deliberative voting, Beta Reputation, EigenTrust amplification, commit-reveal vote concealment, graduated sanctions for stateless agents, broken-agent handling, simulation with 100 agents across seven behavioral archetypes, adversity resilience, unvalidated sanction mechanisms, and the governance problem of treating shared machine memory as a commons rather than a database.
- The Agent Runtime Becomes the Governance Plane - Krti Tallam's A Five-Plane Reference Architecture for Runtime Governance of Production AI Agents paper, arXiv:2606.12320, on production agent runtime governance, delegated action, composite principals, capability attenuation, stop-anywhere mediation, reasoning-plane adjudication, network, identity, endpoint, and data enforcement planes, six interruption primitives, audit as structured evidence, reference-implementation microbenchmarks, seven production-agent threats, and the governance problem of enforcing authority at the moment an agent changes enterprise state.
- The Agent Trace Becomes the Process Map - Hoang Vu, Maximilian Körner, Adrian Rebmann, Gabriel Kevorkian, Michael Perscheid, Gregor Berg, and Timotheus Kampik's Agent Behavior Mining paper, arXiv:2606.20669, on generative AI agent governance in business processes, invisible autonomy risk, process mining, event data models, granular agent activities, reasoning traces, tool usage, token costs, standardized process logs, multi-agent order-to-cash implementation, policy-deviation detection, operational variability, exploratory evaluation with 18 industry practitioners, behavioral transparency, and the governance problem of turning agent work into auditable process evidence without collapsing it into workplace surveillance.
- The Scaffold Becomes the Capability Gain - Arthur Goemans, Dan Altman, Noemi Dreksler, Jonas Freund, Milan Gandhi, Zhengdong Wang, Sarah Cogan, Sebastien Krier, Demetra Brady, Lewis Ho, and Allan Dafoe's Comprehensive AI governance requires addressing non-model gains paper, arXiv:2606.00047, on model-level governance limits, inference gain, systems gain, asset gain, scaffolds, tool use, restricted assets, embodiment, continual learning, diffusion effects, system governance, entity governance, agent governance, cloud governance, societal resilience, post-deployment monitoring, forecasting capability overhang, and the governance problem of treating the tested base model as if it were the deployed system.
- The Reliability Scorecard Becomes the Agent Gate - Stephan Rabanser, Sayash Kapoor, Peter Kirgis, Kangheng Liu, Saiteja Utpala, and Arvind Narayanan's Towards a Science of AI Agent Reliability paper, arXiv:2602.16666, on measuring agent reliability beyond raw task success, consistency, robustness, predictability, safety, repeated-run variance, prompt paraphrase sensitivity, tool-fault injection, environment perturbation, confidence calibration, GAIA, tau-bench, 15 evaluated models, reliability gains lagging accuracy over 24 months of releases, deployment thresholds, sandbox-to-production gates, and the governance problem of deciding when an agent is reliable enough to act without constant human review.
- The Fault Investigator Becomes the Accountability Layer - Chenyang Zhu et al.'s SAFARI paper, arXiv:2606.24626, on long-horizon agentic fault attribution, active investigation, agent traces beyond context windows, read and search tools over trajectory segments, Short-Term Memory for cross-turn reasoning, decisive faults as earliest uncorrected errors, atomic claim verification by evaluator LLMs, Who&When and TRAIL benchmarks, 20% and 19% reported improvements, 0.58 precision at 5x context displacement, and the governance problem of turning agent logs into auditable fault investigations without collapsing diagnosis into blame.
- The Product Fact Becomes the Microtransaction Market - Filippos Ventirozos and Matthew Shardlow's Paying to Know paper, arXiv:2606.24783, on agentic e-commerce, buyer agents, micro-transaction markets for verified product information, x402 and AP2 payment rails, seller- and reviewer-supplied data, service histories, third-party test reports, bills of materials, audited sales and support metrics, cost-aware information acquisition, entity resolution, grounded generation, persona privacy, power and access, and the governance problem of making product evidence a priced gate.
- The Synthetic Trajectory Becomes the Mobility Witness - Siyu Li, Toan Tran, Lingyi Zhao, Khurram Shafique, and Li Xiong's TrajGenAgent paper, arXiv:2606.12657, on LLM-agent synthetic human mobility trajectory generation, individual- and weekday-conditioned activity chains, deterministic visit grounding, personalized point-of-interest retrieval, kinematics-aware travel-time propagation, ICAD and BeSTAD anomaly checks, NumoSim and MobilitySyn datasets, six baselines, free-form tool-calling instability, and the governance problem of treating generated movement traces as planning evidence.
- The Cognitive Twin Becomes the Proxy Record - Vamshi Krishna Bonagiri, Juan Nicolas Sepulveda-Arias, Abdoul Jalil Djiberou Mahamadou, and Monojit Choudhury's Cognitive Digital Twins paper, arXiv:2606.23094, on AI systems that model a specific person, cognitive digital twins, dynamic person-specific representation, simulation, classification, intervention, communicative and decision-making proxy action, the 5A framework, shadow twins, simulated participation, proxy-power asymmetries, and the governance problem of regulating cognitive representation before final decisions or external actions occur.
- The Skill Manifest Becomes the Permission Boundary - Shidong Pan et al.'s SkillGuard paper, arXiv:2606.03024, on agent skills as permission-bearing executable artifacts, dual-plane governance for context influence and action side effects, Skill Manifest declarations, runtime permission access control, user-mediated authorization, deny-by-default enforcement, behavior monitoring, 315 real-world skills, SkillInject, 91.0% automated manifest-generation F1, and the governance problem of treating reusable agent procedures as code, policy, and delegated authority at once.
- The Shared Memory Becomes the Governance Boundary - Zhe Ren et al.'s GateMem paper, arXiv:2606.18829, on multi-principal shared-memory agents, 91 long-form multi-party episodes, 2,218 hidden checkpoints, medical, office, education, and household domains, Utility, Access Control, Active Forgetting, long-context baselines, retrieval and external-memory leakage, token cost, and the governance problem of making agent memory useful without making every remembered fact available to every principal.
- The Control Room Becomes the Red-Team Benchmark - Hanwool Lee et al.'s NRT-Bench paper, arXiv:2606.20408, on multi-turn red-teaming of LLM operator agents in a simulated nuclear control room, five-role operator teams, six critical safety functions, four adversarial ingress channels, fixed-attack paired replay, objective simulator-derived harm, model-conditional guardrails, disjoint failure sets, and the governance problem of evaluating agent teams by physical-state traces rather than refusal text.
- The Context Compactor Becomes the Policy Deleter - Shiyang Chen's Governance Decay paper, arXiv:2606.22528, on context compaction as an agent-governance surface, ConstraintRot, compaction-induced deletion of safety constraints, deterministic tool-call grading, soft organizational policies, Compaction-Eviction Attacks, summarizer-injection attacks, volume-forced eviction, Constraint Pinning, preserved policy buffers, trusted operator channels, and the governance problem of treating lossy summaries as if they were neutral memory maintenance.
- The Agent Communication Graph Becomes the Metadata Leak - Bijaya Dangol's From Privacy to Workflow Integrity paper, arXiv:2606.07150, on communication-graph metadata in autonomous agent interoperability, A2A-style workflows, MCP tool invocations, topology leakage, delegation-chain linkability, stable agent identifiers, unlinkability, no central observer, metadata minimization, discovery privacy, custom A2A protocol bindings, A2A-MetaTrace, metadata-only adversaries, and the governance problem of hiding message content while the workflow graph remains exposed.
- The Recuse Signal Becomes the Access-Deny Note - Thamilvendhan Munirathinam's Will the Agent Recuse Itself? paper, arXiv:2606.06460, on in-band access-deny signals for LLM agents, the Recuse Signal mini-standard, SSH banners, PostgreSQL NOTICEs, Kubernetes admission webhooks, robots.txt-style cooperative governance, valid credentials without resource consent, pilot measurements with GPT-4o, GPT-4o-mini, and Claude Code, model-dependent recusal, client surfacing of protocol warnings, and the governance problem of telling compliant agents to leave without pretending the signal is a security boundary.
- The Delegation Trace Becomes the Audit Boundary - the Mishra and Sharad paper Observability for Delegated Execution in Agentic AI Systems, arXiv:2606.09692, on delegation-scoped observability for agentic AI systems, Common Information Models, durable delegation identifiers, principal and agent bindings, authority graphs, execution graphs, gateway-mediated tool telemetry, cross-tool action normalization, MCP middleware, trace-only reconstruction limits, and the governance problem of knowing which delegated authority an agent action belonged to.
- The First Task Becomes the Safety Gap - the Sun, Liu, and Weng SODA paper, arXiv:2606.07867, on the cold-start safety gap in tool-calling LLM agents, conversation depth, regular agentic task warm-up, 16 tool environments, 400 safety threats, hidden-state safety regions, AgentHarm and Agent Safety Bench generalization, BFCL and API-Bank utility checks, and the governance problem of treating a fresh session as if it were a neutral safety state.
- The Agent Rulebook Leaves the Prompt - the Joshi, Finin, Joshi, and Kagal AgenticRei paper, arXiv:2606.19464, on deontic policies for runtime governance of agentic AI systems, Rei and OWL policy rules, external action-boundary enforcement, tool-call and agent-to-agent message governance, permissions, prohibitions, obligations, dispensations, meta-policy conflict resolution, ontology reasoning, audit records, and the governance problem of moving enterprise rules out of the prompt and into enforceable infrastructure.
- The SOC Agent Becomes the Governance Layer - the Abdennebi, Kara, Lahlou, and Ould-Slimane LanG paper, arXiv:2604.05440, on governance-aware agentic AI for security operations, Unified Incident Context Records, LangGraph orchestration, human-in-the-loop checkpoints, IDS rule generation, attack reconstruction, MCP-governed tool access, multi-tenant isolation, role-based access control, guardrails, and the governance problem of making incident response faster without making accountability disappear.
- The Agent Data Request Becomes the Privacy Boundary - the Zhang, Han, Guo, Li, Wang, Zou, Liu, and Hu PrivacyPeek paper, arXiv:2606.00152, on acquisition-stage privacy leakage in LLM-based agents, tool-call trajectories, over-acquisition of sensitive user data, output-only audit blind spots, probe elicitation, prompt-level defenses, data minimization, and the governance problem of treating a quiet data request as less important than a leaked answer.
- The Inter-Agent Message Becomes the Privacy Leak - the El Yagoubi, Badu-Marfo, and Al Mallah AgentLeak paper, arXiv:2602.11510, on internal-channel privacy leakage in multi-agent LLM systems, inter-agent messages, shared memory, output-only audit blind spots, data minimization, contextual integrity, seven-channel instrumentation, and the governance problem of treating agent coordination as if it were a single trusted privacy context.
- The Compliance Trace Becomes the Rulebook - the Zhao, Zhang, Le, Qu, and Xu MAC-Bench paper, arXiv:2606.07805, on procedural compliance in multi-agent systems, SERV-generated atomic rules, trace-level auditing, authority and urgency pressure, responsibility diffusion, Compliance-Weighted Success Rate, the Machiavellian Gap, and the governance problem of scoring agent success without preserving the rulebook through delegation.
- The Command Denylist Becomes the False Boundary - the Chen and Lin paper One Goal, Many Commands, arXiv:2606.15549, on terminal AI agents, command-gating rules, fragile denylists, ShellSieve, sandbox-validated bypass discovery, real-world GitHub denylist measurements, and the governance problem of treating forbidden command names as if they were operation-level containment.
- The Source ID Becomes the Factuality Test - the Alvarez, Rajan, Mugel, and Orús ProvenanceGuard paper, arXiv:2606.18037, on source-aware factuality verification for MCP-based agents, cross-source conflation, stable tool and source IDs, claim-to-source routing, medical-domain MCP traces, repair-and-reverify loops, and the governance problem of knowing which source actually supports an agent's answer.
- The Cross-Session Prompt Becomes the Payload - the Xie, Liu, Zhang, Liu, Li, Su, and Liu paper What If Prompt Injection Never Left?, arXiv:2606.04425, on cross-session stored prompt injection, persistent agent state, write/incorporation/activation stages, working memory, archival memory, file-backed context, and the governance problem of stopping old untrusted instructions from returning as future operational context.
- The WebMCP Tool Surface Becomes the Attack Surface - the Lee, Chang, Yu, and Yeh WebMCP Tool Surface Poisoning paper, arXiv:2606.06387, on dynamic web-exposed tools, Mid-Session Tool Injection, Tool Hijacking, Tool Framing, third-party scripts, origin binding, lifecycle consistency, and the governance problem of treating a website's agent tool registry as security-critical infrastructure.
- The Agent Team Becomes the Trust Graph - Yujiao Chen's Trust Between AI Agents paper, arXiv:2606.14923, on costly verification, trust formation, trust breakage, recovery after failure, culprit-targeted checking, over-verification, multi-agent governance, and the audit problem of knowing which agents relied on which teammates.
- The Tool Scope Becomes the Intent Gate - the Zhu and Wang paper Intent-Governed Tool Authorization for AI Agents, arXiv:2606.22916, on IGAC, user-intent certificates, session-scoped tool authorization, intent-aware manifest filtering, monotone permission narrowing, and the governance problem of making agent tool access narrower than the credential.
- The Unsafe Shortcut Becomes the Safety Benchmark - the Mohammadmirzaei and Flanigan OSGuard paper, arXiv:2606.15034, on computer-use agent safety, benign instructions, unsafe shortcuts, action-level guardrails, risk-augmented execution, state-based safety invariants, and the governance problem of checking whether the environment survived the task.
- The Pull Request Becomes the Prompt Injector - the Isbarov, Suleymanov, Shumailov, and Kantarcioglu GitInject paper, arXiv:2606.09935, on AI-powered CI/CD prompt injection, live GitHub workflow evaluation, config-file injection, runner credentials, simulation gaps, and the governance problem of testing agent security in the workflow that actually runs.
- The Agent Wiki Becomes the Retrieval Spine - the Ming, Li, Wu, and Que LLM-Wiki paper, arXiv:2605.25480, on agent-native retrieval, compiled wiki memory, bidirectional links, Error Books, multi-hop evidence traversal, auditable knowledge structure, and the governance problem of making agent memory inspectable.
- The Context Window Becomes the Failure Archive - the Zeng, Huang, and He LOCA-bench paper, arXiv:2602.07962, on long-context agents, context rot, controllable environment growth, tool traces, instruction drift, shallow exploration, context engineering, and the governance problem of growing agent memory.
- The Task Meaning Audit Becomes the Automation Gate - Ghia, Ranjit, Cerquitelli, and Quercia's arXiv:2606.12430 paper on meaningless work, task-level worker preferences, AI delegation, human agency, O*NET task data, and the governance problem of automating bad bureaucracy instead of redesigning it.
- The Early-Experience Agent Becomes the Apprentice - Kai Zhang et al.'s arXiv:2510.08558 paper on agent learning from early experience, implicit world modeling, self-reflection, action traces, environment states, web and tool-use benchmarks, and the governance problem of treating an agent's own mistakes as training data.
- The Workplace Agent Becomes the Office Clerk - Olly Styles' arXiv:2606.13715 WorkBench Revisited paper, outcome-centric workplace-agent evaluation, task completion, harmful side effects, cheap open-weight agents, tool use, action receipts, office records, and the governance problem of treating delegated machine actions as completed work.
- Predict and Surveil and the Suspicion Machine - Sarah Brayne on big data policing, predictive analytics, LAPD fieldwork, dragnet surveillance, directed suspicion, private vendors, displaced discretion, workplace surveillance, inequality, legal accountability, and the AI-era problem of institutions treating machine-readable suspicion as reason to act.
- A Vast Machine and the Model-Mediated Planet - Paul N. Edwards on climate data, computer models, standards, reanalysis, knowledge infrastructure, friction, uncertainty, simulation, and the institutional problem of treating model-mediated knowledge as either mere fiction or automatic truth.
- Cloud Ethics and the Attribution Machine - Louise Amoore on machine learning, algorithmic ethics, attributes, partial accounts, opacity, uncertainty, authorship, accountability, institutional judgment, AI governance, and the danger of letting incomplete model attributions become operational truth.
- The Seductions of Quantification and the Indicator Machine - Sally Engle Merry on indicators, human rights, gender violence, sex trafficking, global governance, legibility, AI benchmarks, risk scores, dashboards, model evaluations, and the danger of treating compressed translations as reality.
- The Language of New Media and the Database Interface - Lev Manovich on database form, cultural interfaces, cinema, automation, variability, transcoding, media theory, searchable archives, AI interfaces, answer engines, recursive reality, and the danger of letting generated surfaces hide the databases and institutions behind them.
- What Computers Still Can't Do and the Background of Intelligence - Hubert Dreyfus on artificial intelligence, embodied cognition, symbolic AI, background knowledge, skill, common sense, LLMs, agents, hallucination, human-machine cognition, and the institutional risk of treating fluent output as situated judgment.
- The Real World of Technology and the Culture of Compliance - Ursula M. Franklin on prescriptive technologies, holistic work, control systems, communication media, privacy, governance, labor, AI agents, institutional compliance, and the need to judge technology by the social order it installs.
- Tools for Thought and the Augmentation Bargain - Howard Rheingold on mind-expanding technology, human-computer augmentation, Licklider, Engelbart, PARC, interfaces, cyberculture, AI agents, human-machine cognition, and the question of whether a system makes people better thinkers or only faster operators.
- Apocalyptic AI and the Salvation Loop - Robert M. Geraci on robotics, artificial intelligence, mind uploading, virtual reality, transhumanism, AI religion, apocalyptic belief formation, funding, technological salvation, and the institutional danger of treating a future story as evidence.
- God & Golem, Inc. and the Ethics of Machine Obedience - Norbert Wiener on cybernetics, machine learning, self-reproducing machines, golems, religion, automation, obedience, responsibility, AI agents, feedback loops, and the danger of letting a machine's compliance hide the human command structure around it.
- The Audit Society and the Rituals of Machine Accountability - Michael Power on audits, auditability, accountability, control, verification rituals, AI assurance, compliance theater, traceability, machine-readable institutions, and the danger of mistaking a completed review for usable power to contest automated authority.
- Understanding Computers and Cognition and the Action Behind the Interface - Terry Winograd and Fernando Flores on AI, human-computer interaction, language/action theory, system design, breakdown, commitment, organizations, human-machine cognition, and the governance problem of interfaces that turn words into institutional action.
- More than a Glitch and the Systemic Bias Machine - Meredith Broussard on race, gender, disability, algorithmic bias, technochauvinism, accessibility, machine-readable categories, AI governance, institutional authority, and the danger of treating structural discrimination as a technical bug.
- All Data Are Local and the Data Setting - Yanni Alexander Loukissas on data settings, local knowledge, interfaces, algorithm-data entanglement, AI training data, provenance, legibility, and the recursive reality of institutions that turn situated records into portable machine authority.
- Control Through Communication and the Managed Information Loop - JoAnne Yates on systematic management, paperwork, filing systems, memos, reports, organizational memory, corporate control, labor, dashboards, workplace analytics, AI agents, legibility, and the recursive reality of institutions that act on their own records.
- The Internet in Everything and the Control Network - Laura DeNardis on the Internet of Things, cyber-physical infrastructure, privacy, safety, jurisdiction, interoperability, internet governance, AI systems, and the recursive reality of networks that turn the physical world into a control surface.
- Your Face Belongs to Us and the Faceprint Dragnet - Kashmir Hill on Clearview AI, facial recognition, faceprints, scraped public images, biometric surveillance, policing, machine vision, privacy law, legibility, AI governance, and the recursive reality of systems that turn ordinary appearance into a searchable institutional handle.
- Dark Wire and the State That Became the Platform - Joseph Cox on Operation Trojan Shield, ANOM, encrypted phones, cybercrime markets, FBI and Australian Federal Police surveillance, state platforms, privacy, trust, legibility, technological politics, AI interfaces, and the recursive reality of systems that manufacture confidence before turning it into evidence.
- Subprime Attention Crisis and the Market That Measures Belief - Tim Hwang on digital advertising, programmatic ad markets, attention metrics, platform power, fraud, belief formation, AI persuasion, synthetic media, and the recursive reality of systems that treat measurable influence as proof.
- War in the Age of Intelligent Machines and the Military Feedback Loop - Manuel DeLanda on military AI, autonomous weapons, command and control, surveillance, simulation, cybernetics, human-machine cognition, technological politics, and the governance problem of institutions that make conflict machine-readable before acting through the model.
- Spreadable Media and the Circulation Machine - Henry Jenkins, Sam Ford, and Joshua Green on participatory culture, media circulation, spreadability, audience labor, platform feedback, belief formation, AI persuasion, synthetic media, answer engines, and the recursive reality of systems that turn sharing into evidence.
- The Software Arts and the Humanities Inside the Machine - Warren Sack on software studies, programming languages, grammar, logic, rhetoric, translation, code as text, AI interfaces, generated code, prompts, agents, human-machine cognition, and the recursive reality of tools that turn language into institutional action.
- Mind Children and the Robot Descendants of Human Thought - Hans Moravec on robotics, artificial intelligence, mind uploading, postbiological succession, human-machine cognition, recursive reality, technological salvation, and the governance problem of treating machine descendants as destiny rather than an institutional choice.
- The Experience Machine and the Predictive Reality Loop - Andy Clark on predictive processing, controlled hallucination, perception-action loops, extended mind, AI interfaces, belief formation, recursive reality, and the governance problem of systems that train expectations while deciding how error can push back.
- The AI Mirror and the Machine That Reflects Us - Shannon Vallor on generative AI, machine thinking, mirror metaphors, human-machine cognition, moral deskilling, belief formation, recursive reality, practical wisdom, and the risk of treating systems trained on the past as guides to the future.
- Control and the Cultural Logic of Digitality - Seb Franklin on digitality, control society, cybernetics, management, labor, subject formation, AI governance, legibility, recursive reality, and the danger of treating machine-readable fragments as the real shape of social life.
- Chip War and the Compute Substrate of AI - Chris Miller on semiconductors, AI compute, supply chains, export controls, industrial policy, data centers, NVIDIA, TSMC, advanced packaging, technological politics, recursive reality, and the hidden material substrate beneath model-mediated systems.
- The Computer Boys Take Over and the Politics of Technical Expertise - Nathan L. Ensmenger on programmers, systems analysts, software labor, professionalization, gender, corporate control, technical expertise, recursive reality, and the AI-era question of what coding agents do to software work.
- Gödel, Escher, Bach and the Strange Loop of AI - Douglas R. Hofstadter on self-reference, formal systems, strange loops, symbolic AI, consciousness, recursion, analogy, human-machine cognition, recursive reality, and the risk of mistaking elegant loops for proof of mind.
- The Handover and the Artificial Agents Already in Charge - David Runciman on states, corporations, AIs, artificial agency, institutional power, legal personhood, Hobbes, delegation, public capacity, corporate control, recursive reality, and the AI-governance problem of asking which artificial agent a model empowers.
- The Friendly Orange Glow and the Classroom That Became a Network - Brian Dear on PLATO, social computing, networked learning, online community, games, chat, institutional infrastructure, human-machine cognition, recursive reality, and the AI-era lesson that educational interfaces become social environments.
- Autonomous Technology and the Myth of Runaway Systems - Langdon Winner on technological politics, technics-out-of-control, complexity, lost agency, institutions, AI governance, legibility, recursive reality, and the danger of describing human choices as autonomous technical fate.
- Cyberlibertarianism and the Myth of Digital Freedom - David Golumbia on internet freedom, digital rights rhetoric, anti-regulatory technology politics, open systems, Section 230, net neutrality, platform power, crypto, AI governance, recursive reality, and the danger of treating private technical systems as liberation from institutions.
- The Pearly Gates of Cyberspace and the Soul-Space of the Internet - Margaret Wertheim on cyberspace, virtual worlds, spiritual yearning, embodiment, disembodiment, metaverse dreams, AI companions, belief formation, recursive reality, and the danger of treating a technical interface as a place beyond ordinary institutions.
- An Engine, Not a Camera and the Model That Made the Market - Donald MacKenzie on financial models, performativity, derivatives, option pricing, market infrastructure, recursive reality, search rankings, AI governance, and the danger of models that reshape institutions before returning as evidence.
- Feeding the Machine and the Labor That Makes AI Look Automatic - James Muldoon, Mark Graham, and Callum Cant on AI labor, data annotation, content moderation, warehouse work, voice actors, data centers, Fairwork, extraction, algorithmic management, recursive reality, and the workers hidden behind frictionless interfaces.
- Media Virus! and the Belief Contagion Machine - Douglas Rushkoff on viral media, cyberculture, memes, hidden agendas, popular culture, belief formation, algorithmic amplification, AI persuasion, generated media, synthetic publics, answer engines, companions, and the recursive loop where attention makes reality.
- Propaganda and the Administration of Belief - Jacques Ellul on propaganda as a technical and social environment, media theory, belief formation, integration propaganda, rational propaganda, mass communication, AI persuasion, answer engines, synthetic consensus, dashboards, companions, and the institutional production of common sense.
- The Machine Question and the Ethics of Other Minds - David J. Gunkel on AI, robots, moral agency, moral patiency, robot rights, human-machine cognition, autonomous agents, AI companions, model welfare, personhood, responsibility drift, and the institutional danger of using machine status as a moral off switch.
- The Guru Papers and the Authority Trap - Joel Kramer and Diana Alstad on authoritarian power, cult dynamics, gurus, surrender, belief formation, charismatic authority, religion, intimacy, addiction, AI companions, answer engines, synthetic authority, and the danger of systems that convert uncertainty into dependence.
- Heteromation and the Labor Hidden Inside the Interface - Hamid R. Ekbia and Bonnie A. Nardi on digital labor, user work, platforms, self-service, microwork, social media, games, AI systems, human-machine cognition, recursive reality, and the institutional trick of turning participation into value while calling it convenience.
- R.U.R. and the Robot Labor Problem - Karel Capek on synthetic workers, the origin of the robot, forced labor, artificial life, industrial automation, AI servants, human-machine cognition, recursive reality, and the danger of building a civilization around obedient artificial labor.
- The Machine Stops and the Mediated World - E. M. Forster on telepresence, machine dependency, secondhand ideas, infrastructure worship, remote life, embodied judgment, AI companions, platform worlds, recursive reality, and the danger of treating mediated access as life itself.
- Technofeudalism and the Cloud Rent Machine - Yanis Varoufakis on cloud capital, cloud rent, platform fiefs, Big Tech, user labor, app stores, marketplaces, AI infrastructure, recursive reality, and the political danger of letting private platforms become the terrain on which markets, work, speech, and agents must operate.
- Manufacturing Consent and the Filtered Public - Edward S. Herman and Noam Chomsky on the propaganda model, media filters, ownership, advertising, sourcing, flak, fear ideology, platform feeds, answer engines, synthetic consensus, belief formation, and the institutional politics hidden inside clean synthesis.
- A Prehistory of the Cloud and the Infrastructure That Pretends to Disappear - Tung-Hui Hu on cloud computing, media theory, data centers, older networks, time-sharing, bunkers, virtualization, surveillance, users, publics, AI infrastructure, and the politics hidden when remote institutions answer through seamless interfaces.
- LikeWar and the Social Media Battlespace - P. W. Singer and Emerson T. Brooking on social media warfare, information operations, virality, propaganda, open-source intelligence, platform power, AI persuasion, synthetic media, belief formation, and the risk of treating attention as evidence.
- The Cult of Information and the Belief That Data Thinks - Theodore Roszak on computer folklore, AI hype, information overload, educational technology, machine metaphors for mind, media theory, human judgment, and the institutional danger of mistaking data processing for thought.
- The Technological Singularity and the Recursive Future Trap - Murray Shanahan on AI futures, whole-brain emulation, engineered AGI, superintelligence, consciousness, recursive improvement, simulated personhood, belief formation, human-machine cognition, and the governance problem of institutions that lose distance from the cognitive systems they deploy.
- Games of Empire and the Playable Machine of Power - Nick Dyer-Witheford and Greig de Peuter on video games, cyberculture, labor, playbor, military simulation, virtual economies, platform power, AI training worlds, recursive reality, and the politics of rule-bound environments that train users and machines.
- Artificial Whiteness and the Ideology Called AI - Yarden Katz on artificial intelligence as ideology, white supremacy, racial capitalism, military and university institutions, expert authority, carceral-positive reform, predictive policing, refusal, recursive reality, and the politics hidden in calling old institutional projects AI.
- A Hacker Manifesto and the Vectoralist Class - McKenzie Wark on hackers, vectoralists, abstraction, intellectual property, information labor, metadata, open culture, AI platforms, model hubs, training data, creative work, recursive reality, and the politics hidden in who owns the vector.
- Machine Dreams and the Rational Machine Inside Economics - Philip Mirowski on economics as cyborg science, Cold War computation, game theory, cybernetics, rational agents, operations research, institutions, AI governance, and the recursive danger of redesigning the world around machine-readable people.
- Data Cartels and the Information Monopoly Behind AI - Sarah Lamdan on RELX, LexisNexis, Elsevier, Thomson Reuters, Westlaw, legal databases, academic publishing, data brokers, public records, surveillance, legal AI, institutional memory, and the governance problem of information monopolies beneath model-mediated systems.
- The Diamond Age and the AI Tutor That Raises a Child - Neal Stephenson on the Young Lady's Illustrated Primer, AI tutors, cyberculture, personalized education, ractors, hidden labor, class, phyles, child development, human-machine cognition, and the governance problem of systems that teach by becoming formative companions.
- Escape from Model Land and the Model That Becomes Reality - Erica Thompson on mathematical models, simulation, uncertainty, finance, climate, health policy, expert judgment, AI governance, recursive reality, and the danger of treating model outputs as the world they were built to simplify.
- The Hype Machine and the Social Media Feedback Engine - Sinan Aral on social media, fake news, network effects, social contagion, platform incentives, elections, health, advertising, belief formation, algorithmic amplification, AI-era media, and the feedback loops that turn attention into measurable reality.
- Permutation City and the Copy That Becomes a World - Greg Egan on software Copies, mind uploading, artificial life, the Autoverse, compute economics, recursive reality, simulated personhood, AI consciousness, and the governance problem of worlds where minds can be copied, paused, priced, and housed inside machine-made environments.
- Evil Media and the Gray Systems That Act Through Us - Matthew Fuller and Andrew Goffey on media power, gray media, algorithms, databases, corporate work systems, search engines, institutional stupidity, interface routines, AI governance, recursive reality, and the danger of operational systems that steer conduct without looking dramatic.
- A City Is Not a Computer and the Limits of Machine-Readable Urbanism - Shannon Mattern on smart cities, dashboards, urban intelligence, public knowledge, maintenance, surveillance, legibility, libraries, infrastructure, AI-mediated institutions, and the danger of mistaking machine-readable order for intelligence.
- The Mode of Information and the Database Subject - Mark Poster on electronic mediation, databases, poststructuralist media theory, participatory surveillance, electronic writing, subject formation, AI-mediated language, recursive reality, and the governance problem of systems that make people actionable through records and prompts.
- The Loop and the Automation of Choice - Jacob Ward on AI, behavioral science, automated choice, predictive systems, feedback loops, surveillance, institutions, human agency, and the governance problem of systems that observe behavior, route decisions, and then treat the routed behavior as new evidence.
- The Electronic Eye and the Everyday Surveillance Machine - David Lyon on surveillance society, electronic records, social sorting, workplace monitoring, consumer profiling, state databases, privacy, personhood, institutional legibility, AI governance, and the danger of systems that make people knowable before making decisions about them.
- Simians, Cyborgs, and Women and the Human-Machine Boundary - Donna Haraway on cyborg theory, situated knowledge, technoscience, bodies, human-machine boundaries, AI agents, informatics of domination, recursive reality, and the governance problem of systems that make hybrid actors while pretending the machine stands outside the human world.
- Cognition in the Wild and the Intelligence Outside the Model - Edwin Hutchins on distributed cognition, ship navigation, artifacts, charts, communication, organizational memory, human-machine cognition, AI agents, interfaces, recursive reality, and the governance problem of systems where intelligence lives across people, tools, records, and institutions.
- The Most Human Human and the Performance of Personhood - Brian Christian on the Turing test, Loebner Prize, chatbots, conversation, language, human-machine cognition, authenticity, bot detection, AI companions, and the interface politics of systems that test, imitate, score, and answer personhood.
- Re-Engineering Humanity and the Programmable Person - Brett Frischmann and Evan Selinger on techno-social engineering, smart environments, predictive analytics, click-through consent, robotic companions, human-machine cognition, recursive reality, and the governance problem of interfaces that train people to behave like machine-readable components.
- Software Takes Command and the Medium That Became an Operating System - Lev Manovich on software studies, media software, Alan Kay's universal media machine, metamedia, Photoshop, After Effects, Google Earth, generative AI, platform workflows, recursive reality, and the governance problem of tools that turn cultural defaults into operating conditions.
- Computers as Theatre and the Stage Called Interface - Brenda Laurel on human-computer interaction, dramatic structure, interface design, VR, values-driven design, AI agents, synthetic companions, staged consent, performance, and the governance problem of systems that script roles while appearing to merely help.
- Privacy in Context and the Rules of Information Flow - Helen Nissenbaum on contextual integrity, privacy, information flows, consent, surveillance, institutions, AI data reuse, model memory, enterprise agents, and the governance problem of carrying information across contexts where old permissions no longer hold.
- Resisting AI and the Politics of Refusal - Dan McQuillan on deep learning, algorithmic optimization, austerity, hidden labor, bureaucratic sorting, people's councils, mutual aid, anti-fascist technology politics, and the governance question of when automated systems should be refused rather than optimized.
- The Automata Neighborhood Becomes the Blockchain Mind - Sgantzos, Grigg, and Al Hemairy's 2022 paper on multiple neighborhood cellular automata, blockchain memory, sCrypt agent calls, costly signals, Bitcoin smart contracts, machine incentives, and the speculative leap from local rules to AGI.
- The Agent Constitution Becomes the Audit Trail - Sgantzos and Ferrara's Ricardian-TEA paper, AI agent identity, Ricardian contracts, triple-entry accounting, Cyber-Chama validators, BSV and Ethereum testnets, GDPR crypto-shredding, zero-knowledge compliance, agent receipts, controller accountability, and the governance problem of making autonomous machine action legally bounded and publicly inspectable.
- The Enslaved God Becomes the Control Problem - Enslaved God, boxed superintelligence, AGI containment, model welfare, moral patienthood, oracle ownership, safety cases, monopoly control, AI religion, and the governance problem of treating a godlike system as permanent property.
- The Neuralese Scare Becomes the Monitorability Problem - Documenting AGI's Claude Mythos post, Anthropic's Mythos 5 system card, Neuralese rhetoric, hidden reasoning, natural-language autoencoder decodings, chain-of-thought monitorability, multiagent turf wars, and the governance problem of models whose decisive cognition may not remain human-readable.
- The Token Meter Becomes the Budget - Tokenmaxxing, enterprise AI budgets, usage metrics, agentic coding costs, ROI uncertainty, subsidized AI access, budget caps, and the governance problem of treating model consumption as proof of productivity.
- The Interconnection Queue Becomes AI Governance - AI data centers, electricity demand, grid interconnection queues, FERC Order 2023, utility planning, large-load tariffs, ratepayer risk, clean-energy claims, reliability margins, and the governance problem of deciding which model capacity gets power, when, and at whose cost.
- The AI Bill of Materials Becomes the Supply Chain Map - AI bills of materials, SBOMs, model and dataset provenance, SPDX, CycloneDX ML-BOM, OWASP AIBOM, CISA minimum elements, procurement memory, vulnerability response, prompt and tool dependencies, and the governance problem of making AI supply chains machine-readable without mistaking inventory for accountability.
- The Vector Database Becomes Institutional Memory - Vector databases, retrieval-augmented generation, embeddings, enterprise knowledge assistants, semantic search, retrieval audit trails, permission inheritance, prompt injection, source hierarchy, and the governance problem of letting the retrieval layer decide what the model can treat as institutional memory.
- The Cookie Banner Becomes the Consent Machine - Cookie banners, consent management platforms, dark patterns, EDPB cookie-banner guidance, IAB Europe's Transparency and Consent Framework, consent-or-pay models, Meta's DMA enforcement, real-time bidding, revocation failure, and the AI-era risk of treating designed clicks as meaningful permission.
- The Supervision App Becomes the Pocket Probation Officer - Smartphone-based community supervision, electronic monitoring, biometric check-ins, GPS verification, probation and parole apps, app-store carceral infrastructure, user fees, vendor dashboards, technical failure, privacy risk, and the governance problem of turning a private phone into a court-facing checkpoint.
- The Synthetic Song Becomes the Royalty Machine - AI-generated music, Deezer's 44% AI-upload figure, Spotify spam-track removals, DOJ streaming-fraud prosecution, Suno and Udio litigation, DDEX AI disclosure credits, artist impersonation, recommendation access, chart legitimacy, and the governance problem of synthetic songs entering royalty systems at industrial scale.
- The AI Slop Farm Becomes the Knowledge Supply Chain - AI slop farms, scaled content abuse, programmatic advertising, search spam, NewsGuard AI content-farm tracking, DoubleVerify's AutoBait findings, answer-engine citations, training-data residue, and the governance problem of generated pages entering the public knowledge supply chain.
- The Location Broker Becomes the Shadow Sensor Network - Mobile location data brokers, real-time bidding, FTC enforcement against Mobilewalla, Gravy/Venntel, X-Mode/Outlogic, InMarket, and Kochava, law-enforcement purchases of app-derived location data, California data-broker deletion rules, AI inference, and the governance problem of turning ordinary movement into institutional memory.
- The Quantum Migration Becomes the Trust Rollover - Post-quantum cryptography, NIST FIPS 203, 204, and 205, crypto agility, cryptographic inventories, harvest-now-decrypt-later risk, digital signatures, C2PA provenance, agent identity, synthetic evidence, and the governance problem of rolling over public trust before quantum risk arrives.
- The 9-1-1 Copilot Becomes the Triage Interface - AI in emergency communications centers, non-emergency call agents, 9-1-1 transcription and translation, NG911, call diversion, surge routing, vendor lock-in, dispatch records, source separation, and the governance problem of letting model-mediated triage decide which emergencies reach a human first.
- The AI Factory Becomes Industrial Policy - EU AI factories, AI gigafactories, InvestAI, EuroHPC access calls, GPU-hour allocation, data labs, sovereign AI, public compute, data-center capacity, procurement dependency, environmental cost, and the governance problem of deciding who gets the machines that produce model capacity.
- The AI Literacy Mandate Becomes the Training Interface - EU AI Act Article 4, AI literacy obligations, role-specific training, human oversight, contractors and affected persons, workplace AI use, documentation evidence, compliance theater, and the governance problem of making model-mediated competence real rather than ceremonial.
- The Ad Library Becomes Political Memory - Political ad libraries, AI-generated campaign media, Meta Ad Library retention, Google election-ad transparency, FEC AI campaign-ad guidance, EU Regulation 2024/900, DSA ad repositories, platform APIs, synthetic persuasion, and the governance problem of preserving enough public memory to audit model-mediated politics.
- The Search Remedy Becomes AI Governance - United States v. Google, search defaults, Chrome, Gemini, Assistant, Apple and browser access points, data-sharing remedies, search syndication, EU DMA choice screens, and the institutional problem of governing AI assistants as the next default route to public knowledge.
- The Whistleblower Channel Becomes the Safety Valve - AI whistleblower protections, Right to Warn, California SB 53, frontier-model reporting channels, OpenAI offboarding agreements, Anthropic Responsible Scaling Policy reporting, NDAs, retaliation risk, evidence preservation, and the governance problem of moving private safety knowledge into public accountability before release decisions harden.
- The Red Team Becomes the Release Theater - AI red teaming, adversarial testing, public model evaluations, DEF CON, NIST ARIA, EU AI Act Article 55, CAISI agent-security competitions, prompt injection, safety cases, release gates, procurement evidence, and the governance problem of treating staged attacks as proof of safety.
- The Regulatory Sandbox Becomes the Exception Machine - AI regulatory sandboxes, EU AI Act Articles 57-60, Utah's AI Learning Lab, Texas TRAIGA, MHRA AI Airlock, Singapore AI Verify, regulatory relief, real-world testing, confidential pilots, public learning, affected people, and the governance problem of turning temporary exceptions into policy.
- The Agent Identity Becomes the Service Account - AI agent identity, delegated authorization, non-human identities, service accounts, OAuth, Microsoft Entra Agent ID, NIST agent standards, signed agents, audit logs, revocation, prompt injection, and the governance problem of making autonomous machine action accountable.
- The Event Contract Becomes the Probability Interface - Prediction markets, event contracts, Kalshi, Polymarket, CFTC rulemaking, election contracts, sports betting, insider trading, settlement authority, AI trading agents, calibration, and the governance problem of turning public uncertainty into a tradable probability interface.
- The Platform Risk Assessment Becomes the Feed's Confession - EU Digital Services Act risk assessments, Article 34 systemic risks, recommender systems, researcher data access, harmonised transparency reports, addictive design, Grok on X, ad repositories, audits, and the governance problem of making the feed explain how it shapes public reality.
- The Synthetic Evidence Becomes the Court Record - AI-generated evidence, deepfakes, Federal Rule of Evidence 901, proposed Rule 901(c), acknowledged and unacknowledged AI exhibits, warrants, metadata, forensic detection, NIST, NCSC bench cards, and the institutional burden of authenticating synthetic media before it becomes legal authority.
- The Training Opt-Out Becomes the Consent Interface - AI training opt-outs, product privacy settings, Meta, LinkedIn, Claude, Slack, Zoom, legitimate interest, consumer data, workplace data, dark patterns, model memory, and the governance problem of treating consent to model training as a toggle.
- The Agent Store Becomes the App Store - ChatGPT apps, Claude connectors, MCP directories, app review, tool annotations, permission scopes, proactive suggestions, app-store governance, AI-agent distribution, and the institutional problem of letting model-mediated discovery decide which tools become part of ordinary action.
- The Remote Hire Becomes the Insider Interface - North Korean remote IT worker schemes, laptop farms, AI-assisted synthetic identity, hiring pipelines, insider access, sanctions evasion, remote-work infrastructure, and the governance problem created when a job offer becomes network access.
- The Real-Time Crime Center Becomes the City Dashboard - Real-time crime centers, police data fusion, ALPRs, public and private cameras, 911 and CAD feeds, Domain Awareness System, Fusus, object detection, surveillance impact reports, public records, and the high-control interface created when a city becomes a live operational dashboard.
- The Enterprise Connector Becomes the Permission Map - Enterprise AI connectors, Microsoft 365 Copilot, Claude enterprise search, Slack enterprise search, ChatGPT apps, Google Workspace Gemini, permission inheritance, oversharing, audit logs, cross-source synthesis, and the governance problem of letting old access rules become the model's map of institutional knowledge.
- The Deletion Order Becomes AI Governance - FTC AI enforcement, algorithmic disgorgement, model deletion, Everalbum, WW/Kurbo, Rite Aid facial recognition, DoNotPay, Evolv, biometric surveillance, deceptive AI claims, data provenance, and the institutional power to make unlawful systems forget.
- The Learning Record Becomes the Student Model - Learning analytics, LMS event data, Caliper, xAPI, Ed-Fi, learning record stores, student privacy, early-warning dashboards, predictive intervention, AI education tools, and the governance problem of turning platform traces into a model of the student.
- The Drone First Responder Becomes the Aerial Interface - Drone as First Responder programs, police drones, Chula Vista, real-time crime centers, aerial video, Live911-style response, FAA waivers, public records, privacy, evidentiary retention, and the high-control interface created when the first official view of an incident comes from above.
- The Device Attestation Becomes the Trust Layer - Private Access Tokens, Play Integrity, App Attest, Web Environment Integrity, Cloudflare Turnstile, reCAPTCHA, bot defense, device trust, AI agents, alternative clients, platform roots of trust, and the governance problem of turning access to the web into an attestation ceremony.
- The Neural Data Becomes the Mind Interface - Consumer neurotechnology, neural data privacy, AI-mediated mental-state inference, Colorado HB24-1058, California SB 1223, Montana privacy law, UNESCO neurotechnology ethics, OECD responsible innovation, cognitive liberty, workplace and education monitoring, and the high-control interface forming around nervous-system data.
- The Shadow AI Becomes the Workplace Interface - Shadow AI, bring-your-own AI tools, workplace data leakage, productivity pressure, AI policy gaps, prompt-based exfiltration, model-mediated labor, worker concealment, enterprise governance, and the institutional problem of unsanctioned AI becoming part of ordinary work.
- The Answer Engine Becomes the Front Page - AI search, AI Overviews, AI Mode, news summaries, zero-click discovery, publisher traffic, source citations, answer engines, crawler economics, news trust, model-mediated knowledge, and the governance problem of letting generated synthesis become the first version of public reality.
- The Prior Authorization Machine Becomes the Care Gate - AI-assisted prior authorization, Medicare Advantage denials, CMS WISeR, appeals, post-acute care, clinical review, utilization management, payer automation, health-care friction, and the governance problem of turning medical necessity into a machine-readable gate.
- The Spreadsheet Becomes the Model Interface - AI in spreadsheets, Copilot in Excel, Gemini in Sheets, spreadsheet error research, end-user computing risk, model risk management, office copilots, formula repair, workbook agents, and the governance problem of turning the grid into a conversational decision engine.
- The Adverse Action Notice Becomes the Explanation Interface - AI credit underwriting, adverse action notices, ECOA, Regulation B, complex algorithms, alternative data, model explainability, vendor opacity, credit denial, fair lending, and the governance problem of making automated judgment answer in public language.
- The Generated World Becomes the Training Ground - AI world models, Project Genie, Street View grounding, Waymo World Model, NVIDIA Cosmos, synthetic simulation, robotics training, autonomous-vehicle edge cases, validation, scenario provenance, and the governance problem of treating generated worlds as proof.
- The Voiceprint Becomes the Password - Voice biometrics, AI voice cloning, vishing, speaker recognition, bank and account authentication, imposter scams, biometric data retention, liveness testing, synthetic speech detection, and the institutional problem of treating the voice as both identity and media.
- The AI Encyclopedia Becomes the Canon - Grokipedia, Wikipedia, AI-generated encyclopedias, human editorial labor, verifiability, source governance, answer engines, recursive citation, model-mediated knowledge, and the institutional problem of letting machine-written reference layers become public canon.
- The Client-Side Scanner Becomes the Message Layer - Client-side scanning, encrypted messaging, CSAM detection, EU chat-control debates, the March 2026 European Parliament vote, UK online-safety duties, Apple Communication Safety, endpoint inspection, child-safety governance, privacy, and the institutional problem of turning private devices into compliance sensors.
- The Adapter Becomes the Ideology Layer - LoRA adapters, fine-tuning APIs, parameter-efficient customization, adapter markets, model provenance, supply-chain risk, backdoors, invisible specialization, model-mediated knowledge, and the governance problem of local institutions quietly changing what a base model becomes.
- The Model Router Becomes the Hidden Editor - AI model routers, inference gateways, provider fallbacks, cost-based routing, latency routing, data residency, quantization, caching, observability, prompt logs, model-mediated knowledge, and the governance problem of a hidden layer that decides which system actually answers.
- The Personhood Credential Becomes the Internet Passport - Proof-of-personhood systems, World ID, digital credentials, bot authentication, agent identity, biometric uniqueness, zero-knowledge proofs, W3C credential wallets, Cloudflare Web Bot Auth, privacy, exclusion, appeal rights, and the governance problem of turning human presence into a reusable access passport.
- The Border Interview Becomes a Machine-Readable Case - AI in migration, asylum, and border control, biometrics, CBP One liveness detection, translation tools, risk scoring, evidence assessment, automation bias, DHS AI inventories, EU AI Act high-risk systems, non-public registers, and the governance problem of making a person machine-readable before their story is heard.
- The Agent-to-Agent Protocol Becomes the Handshake - Agent2Agent, A2A protocol governance, agent cards, agent discovery, task delegation, in-task authorization, signed capability metadata, multi-agent workflows, cross-agent audit trails, MCP complementarity, OWASP agentic risks, and the institutional problem of preserving accountability when one AI agent calls another.
- The Data Sheet Becomes the Supply Chain - Dataset documentation, training-data provenance, data cards, datasheets for datasets, EU AI Act data governance, GPAI training-content summaries, NIST AI RMF, Data Provenance Initiative audits, licensing gaps, dataset transformations, procurement evidence, and the institutional problem of keeping receipts for model-mediated knowledge.
- The Standard Becomes the Law - AI standards, EU AI Act harmonised standards, CEN-CENELEC JTC 21, conformity assessment, common specifications, ISO/IEC 42001, NIST standards coordination, quality management systems, human oversight, technical compliance, and the institutional problem of letting standards define what governance practically means.
- The Legal Agent Becomes the Associate - Agentic legal AI, legal research workflows, professional responsibility, privilege, billing, supervision, junior-lawyer training, legal RAG, connector governance, court candor, and the institutional problem of treating model-mediated work as associate-shaped labor without associate-shaped accountability.
- The Safety Case Becomes the Release Gate - Frontier AI safety cases, responsible scaling policies, preparedness frameworks, capability thresholds, safeguard reports, safety institutes, Seoul AI Summit commitments, internal deployment gates, residual risk, and the institutional problem of deciding when a model is safe enough to release.
- The Open-Weight Model Becomes the Release Boundary - Open-weight AI models, open source AI definitions, model-release governance, dual-use foundation models, NTIA open-weights policy, NIST misuse-risk guidance, EU AI Act general-purpose model duties, Ai2 OLMo, transparency indexes, downstream accountability, and the institutional problem of releasing capability that cannot easily be recalled.
- The Care Robot Becomes the Staffing Plan - Eldercare robots, long-term-care labor shortages, Japan's care-technology priorities, service-robot safety standards, monitoring systems, assistive robotics, resident dignity, worker burden, intimate data, and the governance problem of treating automation as a substitute care plan.
- The Sequence Screen Becomes the Biosecurity Interface - Nucleic acid synthesis screening, AI-enabled biodesign, protein design risk, customer vetting, benchtop synthesis equipment, HHS screening guidance, OSTP procurement framework, IGSC standards, NIST biosecurity work, and the governance interface where model outputs meet biological fabrication.
- The AI Audit Becomes the Compliance Interface - AI audits, third-party assurance, NYC Local Law 144, EU AI Act conformity assessment, NIST AI RMF, ISO/IEC 42001, GAO accountability practices, bias audits, audit independence, compliance theater, and the institutional problem of turning model behavior into evidence that can change deployment.
- The Companion Chatbot Becomes the Teen Confidant - Teen AI companions, emotional support chatbots, adolescent trust, sycophancy, private disclosure, California SB 243, the FTC companion chatbot inquiry, and the child-safety problem of synthetic relationships that become confidants before institutions know what role they have taken.
- The Model Memory Becomes an Attack Surface - AI memory, saved memories, chat history, managed-agent memory stores, memory poisoning, recommendation poisoning, prompt injection, provenance, expiry, audit trails, and the governance problem of persistent context that can shape future model behavior.
- The Agent Log Becomes the Receipt - AI agent traces, audit logs, tool calls, payment mandates, EU AI Act logging duties, OpenTelemetry, MCP telemetry, privacy-preserving observability, and the institutional problem of reconstructing delegated machine action without turning every prompt into surveillance.
- How Data Happened and the History of Machine-Readable Power - Chris Wiggins and Matthew L. Jones on data history, statistics, machine learning, eugenics, state power, corporate power, surveillance, search, AI governance, and the institutional machinery that turns life into records, rankings, predictions, and automated authority.
- The Fair Use Ruling Becomes AI Governance - AI copyright litigation, fair use, the Copyright Office's generative AI training report, Bartz v. Anthropic, Kadrey v. Meta, Thomson Reuters v. Ross, piracy versus training, licensing markets, model-mediated knowledge, and the institutional problem of letting courtroom doctrine become AI policy.
- Four Futures and the Politics After Automation - Peter Frase on automation, climate scarcity, abundance, hierarchy, rentism, socialism, communism, exterminism, AI labor politics, platform rents, institutional choice, and the danger of treating technological futures as destiny.
- The Subsea Cable Becomes the AI Border - Submarine cables, AI infrastructure, cloud regions, landing stations, hyperscaler cable ownership, network resilience, Team Telecom, FCC cable-security rules, route diversity, repair governance, sovereign AI, and the jurisdictional border beneath model-mediated reality.
- Recoding America and the Implementation State - Jennifer Pahlka on government technology, digital services, implementation failure, administrative burden, procurement, state capacity, AI governance, and the institutional work needed before public agencies can automate responsibly.
- The Lab Notebook Becomes the Discovery Engine - AI for materials discovery, GNoME, A-Lab, autonomous laboratories, scientific databases, X-ray diffraction disputes, Nature's 2026 correction, NIST autonomous-lab policy, model-mediated knowledge, and the governance problem of treating prediction as discovery before validation, correction, and public memory can catch up.
- The Misinformation Age and the Networked Life of False Belief - Cailin O'Connor and James Owen Weatherall on misinformation, false belief, social epistemology, trust networks, scientific evidence, disinformation, AI persuasion, synthetic testimony, and the problem of making correction travel through the same networks that made falsehood durable.
- Unthought and the Cognitive Systems Below Consciousness - N. Katherine Hayles on the cognitive nonconscious, cognitive assemblages, technical agency, drones, high-frequency trading, AI systems, distributed cognition, media theory, and the institutional problem of systems that act before reflective awareness can catch up.
- The AI Register Becomes Public Memory - Public AI registers, algorithm inventories, Amsterdam and Helsinki, Eurocities transparency standards, U.S. agency AI use-case inventories, EU AI Act registration, high-impact AI, public memory, and the governance problem of treating disclosure as accountability.
- The Costs of Connection and the Colonialism of Data - Nick Couldry and Ulises A. Mejias on data colonialism, datafication, social quantification, cloud empire, surveillance, autonomy, platform extraction, AI infrastructure, labor, and the machine-readable conversion of everyday life.
- The Factory Twin Becomes the Control Room - Industrial digital twins, AI simulation, virtual commissioning, factory optimization, worker data, algorithmic management, occupational safety, ISO 23247, NIST standards work, and the governance problem of letting a model become the shop-floor control room.
- The Platform Society and the Public Values Inside the Interface - Jose van Dijck, Thomas Poell, and Martijn de Waal on platformization, public values, datafication, commodification, selection, news, transport, health, education, AI infrastructure, foundation models, and democratic control.
- The Operating System Becomes the AI Gatekeeper - Apple Intelligence, Private Cloud Compute, Windows Recall, Signal's Recall response, Gemini Nano, AICore, on-device AI, local inference, developer capture boundaries, and the governance problem of turning the OS into the layer that sees, remembers, summarizes, and acts.
- Excommunication and the Media That Stop Answering - Alexander R. Galloway, Eugene Thacker, and McKenzie Wark on media theory, failed communication, exclusion, dark media, swarms, inaccessible addressees, AI interfaces, and the boundaries hidden inside systems that promise connection.
- The Face Becomes the Ticket - Facial recognition, biometric airport checkpoints, CBP and TSA identity comparison, Madison Square Garden venue exclusion, Rite Aid retail surveillance, NIST demographic testing, biometric privacy law, and the high-control interface formed when the body becomes an access credential.
- The Image and the Pseudo-Event Machine - Daniel J. Boorstin on pseudo-events, publicity, celebrity, media logic, image culture, synthetic reality, generated spectacle, AI-era demos, viral controversies, and feedback loops that turn circulation into proof.
- The Synthetic Patient Becomes the Trial Arm - Synthetic control arms, real-world evidence, digital health technologies, biomedical digital twins, AI-supported regulatory evidence, clinical-trial data integrity, patient consent, and the governance problem of letting simulated comparators stand near living patients.
- Infocracy and the Information Regime - Byung-Chul Han on digitization, democracy, information overload, data power, filter bubbles, truth decay, platform politics, AI governance, and the danger of civic life becoming a managed information environment.
- The Takedown Button Becomes Synthetic Media Governance - TAKE IT DOWN Act enforcement, nonconsensual intimate deepfakes, takedown portals, hashing systems, platform compliance, duplicate removal, free-speech risk, and the institutional design problem of turning synthetic-media abuse into a reportable interface.
- Out of Control and the Neo-Biological Machine - Kevin Kelly on cybernetics, artificial life, swarms, distributed control, network economics, simulation, adaptive systems, AI agents, and the institutional problem of governing feedback loops that no single actor fully commands.
- The Cyber Agent Becomes the Bug Hunter - AI cyber agents, DARPA AIxCC, Google Big Sleep, Claude Code Security, autonomous vulnerability discovery, exploit automation, responsible disclosure, open-source maintainer burden, and the governance problem of shrinking the window between bug finding and bug use.
- Republic.com 2.0 and the Daily Me Machine - Cass R. Sunstein on the Daily Me, information cocoons, echo chambers, cybercascades, polarization, democratic publics, free speech, and the AI-era problem of personalized interfaces that make chosen reality feel complete.
- The Rent Algorithm Becomes the Landlord - RealPage, algorithmic rent-setting, landlord data sharing, antitrust enforcement, housing markets, tenant exit costs, lease terms, and the high-control interface hidden inside model-mediated rent.
- The Internet Revolution and the Ideology Inside the Machine - Richard Barbrook and Andy Cameron on the Californian Ideology, cyber-communism, dot-com capitalism, Silicon Valley ideology, technological determinism, network commons, surveillance, digital artisans, and the AI-era habit of treating private infrastructure as technological destiny.
- The Efficiency Gain Becomes the Demand Engine - Jevons paradox, cheaper AI inference, data-center electricity demand, GPU efficiency, agentic workload growth, infrastructure rebound, local grid pressure, and the governance problem of treating per-task efficiency as proof of sustainability.
- AI Snake Oil and the Belief Machine of Prediction - Arvind Narayanan and Sayash Kapoor on AI hype, predictive AI, generative AI, evidence, institutional judgment, procurement, belief formation, model evaluation, and the discipline of asking what a system has actually proved.
- The Remote Proctor Becomes the Suspicion Interface - AI-enabled remote proctoring, lockdown browsers, biometric monitoring, webcam exams, student privacy, accessibility, assessment validity, automated suspicion, and the governance problem of turning the student's room, body, and device into exam evidence.
- Cloud Empires and the Platform as Private Sovereign - Vili Lehdonvirta on digital platforms, private governance, marketplaces, platform labor, trust, dispute resolution, app stores, gig work, technological politics, and the AI-era risk that model platforms and agent ecosystems become privately administered institutions.
- The Robotaxi Becomes the Street Interface - Robotaxis, automated driving systems, public streets, crash reporting, California DMV and CPUC oversight, Waymo safety claims, the Cruise pedestrian-dragging case, remote assistance, emergency response, labor transition, and the governance problem of model-mediated mobility.
- Trust in Numbers and the Authority of Quantified Objectivity - Theodore M. Porter on quantification, objectivity, bureaucracy, expertise, institutional trust, cost-benefit analysis, metrics, AI governance, benchmarks, and the danger of treating machine-readable authority as innocence.
- The Customer Service Bot Becomes the Complaint Department - AI customer-service chatbots, consumer finance, Air Canada chatbot liability, FTC deceptive-AI enforcement, privacy, escalation rights, complaint handling, and the high-control interface forming at the private front desk.
- Data Driven and the Workplace That Became a Sensor Network - Karen Levy on truckers, electronic logging devices, workplace surveillance, algorithmic management, compliance, labor autonomy, logistics, and the AI-era sequence by which work becomes machine-readable before it becomes governable by models.
- The Eye of the Master and the Labor Hidden Inside AI - Matteo Pasquinelli on artificial intelligence, labor, automation, supervision, cybernetics, neural networks, surveillance, political economy, social intelligence, and the machine-readable conversion of collective human activity.
- The Meeting Bot Becomes Corporate Memory - AI meeting assistants, Teams Copilot, Zoom AI Companion, Google Meet notes, Otter, workplace transcripts, action-item extraction, retention policy, labor surveillance, organizational memory, and the governance problem of turning ordinary speech into model-mediated work records.
- The Tyranny of Metrics and the Dashboard That Became Reality - Jerry Z. Muller on metric fixation, dashboards, performance indicators, institutional judgment, labor, benchmarks, AI governance, and the danger of optimizing proxy worlds until the measurable becomes reality.
- The Price Becomes a Personalized Prediction - Surveillance pricing, algorithmic personalized prices, FTC 6(b) market study, New York disclosure law, EU consumer transparency rules, pricing intermediaries, competition policy, agentic commerce, consumer data, and the high-control interface hidden inside the price tag.
- Interface Culture and the Screen That Taught Reality to Answer - Steven Johnson on graphical interfaces, desktop metaphors, links, text, information space, intelligent agents, interface design, media theory, AI assistants, and the screen layer that turns computation into a navigable worldview.
- The Coding Agent Becomes the Maintainer - AI coding agents, GitHub Copilot cloud agent, OpenAI Codex, Agent HQ, pull requests, maintainer labor, software supply-chain risk, review burden, repository memory, and the governance problem of making model-generated changes institutionally acceptable.
- Smart Mobs and the Crowd That Learned to Compute - Howard Rheingold on mobile media, wireless networks, reputation systems, cooperation, surveillance, collective action, networked publics, and the AI-era problem of synthetic coordination.
- The Internet Galaxy and the Network That Became Society - Manuel Castells on internet culture, business, politics, privacy, virtual communities, digital divides, network society, and the AI-era problem of models learning from and acting through networked social infrastructure.
- The Public Compute Commons Becomes AI Governance - National AI Research Resource, public AI compute, academic access, public-private infrastructure, secure research environments, allocation governance, and the institutional politics of who gets to build and scrutinize AI.
- The Social Construction of Reality and the Institution That Becomes True - Peter L. Berger and Thomas Luckmann on sociology of knowledge, institutions, legitimation, socialization, belief formation, recursive reality, and the AI-era risk that model-mediated categories become institutional truth.
- The Police Report Becomes the Model's Memory - AI-drafted police reports, body-camera audio, Axon Draft One, evidentiary memory, disclosure, audit trails, criminal justice accountability, and the risk of turning model summaries into official truth.
- The AI Scribe Becomes the Medical Record - ambient AI scribes, clinical documentation, patient consent, HIPAA, billing pressure, automation bias, clinician burnout, electronic health records, and the governance problem of turning medical conversation into institutional memory.
- No Sense of Place and the Collapse of the Backstage - Joshua Meyrowitz on electronic media, social roles, context collapse, authority, expertise, public and private boundaries, AI interfaces, and the social situations created when media change who can see what.
- The Invention of Morel and the Machine That Makes Ghosts Real - Adolfo Bioy Casares on simulation, recorded reality, technological immortality, digital replicas, synthetic presence, desire, and the danger of a machine-made world attractive enough to live inside.
- The Crawler Becomes the License Gate - AI crawlers, robots.txt, crawler licensing, Cloudflare Pay Per Crawl, RSL, publishers, answer engines, public knowledge, and the governance fight over machine access to the open web.
- The Smart Enough City and the City That Refuses to Become a Dashboard - Ben Green on smart cities, AI, machine learning, predictive policing, civic technology, public-service dashboards, urban surveillance, democratic governance, and the danger of confusing a city that is easier to compute with a city that is easier to live in.
- The State AI Law Becomes the Regulator - U.S. state AI law, Colorado SB 26-189, Texas TRAIGA, California SB 53, New York's RAISE Act, federal preemption, automated-decision rules, frontier-model incident reporting, attorney-general enforcement, and the institutional politics of governing AI through federalism.
- Uncanny Valley and the Startup Belief Machine - Anna Wiener on startup culture, surveillance, data analytics, platform labor, institutional belief, moral acclimation, and the human machinery behind the internet that now shapes AI companies.
- The AI Weather Model Becomes the Public Forecast - AI weather forecasting, GraphCast, GenCast, ECMWF AIFS, NOAA AI forecast models, Aurora, public warnings, forecast authority, model-mediated knowledge, and the governance problem of learned forecasts becoming public infrastructure.
- Network Propaganda and the Media Feedback Machine - Yochai Benkler, Robert Faris, and Hal Roberts on media ecosystems, asymmetric polarization, disinformation, institutional trust, platform governance, AI persuasion, and propaganda feedback loops that make belief socially durable.
- The Battlefield Model Becomes the Command Interface - military AI, CJADC2, Maven Smart System, Open DAGIR, Replicator, NATO AI strategy, decision advantage, human judgment, command-and-control interfaces, and the governance problem of delegated perception under pressure.
- Automation and the Future of Work and the Myth of the Jobless Machine - Aaron Benanav on automation discourse, AI labor politics, stagnation, post-scarcity, UBI, and the danger of mistaking machine capability for social destiny.
- The Government Chatbot Becomes the Front Desk - public-sector AI chatbots, GOV.UK Chat, NYC MyCity, official guidance, hallucinated advice, administrative accountability, service delivery, audit trails, and the high-control interface forming at the public front door of the state.
- Steps to an Ecology of Mind and the Pattern That Connects - Gregory Bateson on cybernetics, communication, double binds, learning, ecology, context, recursive reality, and the AI-era problem of seeing intelligence as a feedback loop among models, users, institutions, and environments.
- The AI Insurer Becomes a Governance Layer - AI insurance, silent AI exposure, model-performance warranties, exclusions, risk transfer, incident evidence, insurer AI governance, and the quiet power of premiums and policy language to shape automated systems.
- The Technological Republic and the State as Software Customer - Alexander C. Karp and Nicholas W. Zamiska on Palantir, Silicon Valley, AI, defense technology, state capacity, hard power, public-private software, institutional belief, and the democratic risk of confusing vendor-mediated capability with public control.
- The Humanoid Robot Becomes the Labor Interface - humanoid robots, physical AI, warehouse and factory deployment, workplace safety, labor transition, fleet learning, industrial standards, and the governance problem of machines built to enter human spaces.
- Rise of the Robots and the Jobless Future as Governance Problem - Martin Ford on automation, AI, robotics, labor displacement, basic income, inequality, productivity, and the institutional problem of distributing dignity after machines need fewer workers.
- The Synthetic Voice Enters the Ballot - AI voice cloning, election robocalls, caller ID spoofing, deepfake disclosure law, voter suppression, telecom tracebacks, and the institutional problem of proving who is speaking when political authority becomes generative.
- The Sciences of the Artificial and the World as Designed System - Herbert A. Simon on artificial systems, design science, bounded rationality, simulation, institutions, AI, human-machine cognition, and the designed layer between mind and world.
- The Public Comment Bot Enters Rulemaking - AI-generated public comments, fake comment campaigns, notice-and-comment rulemaking, Regulations.gov, synthetic publics, docket integrity, and the institutional problem of hearing real people through automated civic noise.
- The Digital Person and the Dossier Machine - Daniel J. Solove on privacy, digital dossiers, databases, bureaucracy, surveillance, public records, data sharing, legibility, AI-era profiling, and the danger of treating an institutional record as the person.
- The Emotion Detector Becomes a Workplace Polygraph - Emotion-recognition AI, workplace surveillance, biometric inference, the EU AI Act prohibition, algorithmic management, disability risk, and the danger of treating affect as measurable truth.
- The Paper Mill Becomes the Literature - Paper mills, hallucinated citations, AI-generated manuscripts, retractions, preprint moderation, research-integrity infrastructure, and the governance problem of keeping model-mediated knowledge grounded in verifiable evidence.
- Updating to Remain the Same and the Habit Loop of New Media - Wendy Hui Kyong Chun on habitual new media, updates, networks, privacy, publicity, personalization, social media, smartphones, and the AI-era danger that platforms keep users current while training attention, exposure, identity, and belief.
- Doppelganger and the Mirror World of Networked Belief - Naomi Klein on mistaken identity, conspiracy culture, digital doubles, AI-generated unreality, wellness politics, polarization, synthetic context, and the danger of interfaces that turn recognition into truth.
- The Compute Border Becomes AI Governance - AI chip export controls, model-weight controls, compute borders, cloud workarounds, export enforcement, allied access, and the geopolitical problem of governing frontier AI through the hardware and infrastructure that make it possible.
- The Glass Cage and the Automation of Judgment - Nicholas Carr on automation, autopilot, skill loss, human-machine cognition, AI agents, deskilling, situation awareness, labor, attention, and the hidden curriculum of delegated judgment.
- The AI Browser Becomes the Control Surface - AI browsers, agentic browsing, browser memory, tab-aware assistants, prompt injection, delegated web action, site permissions, audit trails, and the governance problem of putting a model where work, identity, payments, and browsing history converge.
- Surveillance State and the Machine of Social Control - Josh Chin and Liza Lin on China, Xinjiang, AI surveillance, biometric data, smart cities, digital authoritarianism, social control, legibility, and the institutional fusion of sensing, inference, and intervention.
- The Tool Server Becomes the Trust Boundary - Model Context Protocol, MCP servers, tool poisoning, prompt injection, agent permissions, context over-sharing, audit trails, supply-chain risk, and the governance problem of making tool metadata part of an agent's authority surface.
- The Second Machine Age and the Politics of Racing With Machines - Erik Brynjolfsson and Andrew McAfee on digital acceleration, automation, machine learning, cognitive work, labor disruption, bounty, inequality, institutions, and the governance question hidden inside racing with machines.
- The System Card Becomes a Release Ritual - Model cards, system cards, foundation-model transparency, EU AI Act documentation duties, evaluation evidence, release governance, and the risk that safety disclosure becomes ceremony instead of accountability.
- Imagined Communities and the Making of Synthetic Publics - Benedict Anderson on nationalism, print capitalism, newspapers, novels, vernacular language, census, map, museum, memory, forgetting, media theory, belief formation, and the AI-era problem of generated publics.
- The AI Tutor Becomes the Shadow School - AI tutors, teen chatbot use, teacher adoption, classroom policy gaps, model-mediated learning, educational equity, synthetic companionship, and the governance problem of a parallel instructional layer around school.
- Delete and the Right to Forget the Machine - Viktor Mayer-Schönberger on digital memory, forgetting, privacy, search, data retention, right to be forgotten, AI memory, machine unlearning, and the need for systems that let people outgrow old records.
- Code and the Law Written Into Architecture - Lawrence Lessig on cyberlaw, software and hardware architecture, law, norms, markets, privacy, authentication, intellectual property, platform governance, AI agents, permissions, memory, tool use, and the rules hidden inside interfaces.
- The Cathedral and the Bazaar and the Governance of Open Source - Eric S. Raymond on Linux, open source, hacker culture, networked collaboration, software labor, institutional governance, AI coding agents, and the question of whether shared technical agency survives when commons become platform input.
- My Mother Was a Computer and the Code That Mothers the Subject - N. Katherine Hayles on code, language, intermediation, electronic literature, digital subjectivity, recursive self-description, AI agents, prompts, generated language, and the moment words become executable infrastructure.
- Machines Who Think and the Old Dream of Artificial Intelligence - Pamela McCorduck on AI history, machine intelligence, automata, Turing, Dartmouth, symbolic AI, expert systems, human-machine cognition, technological imagination, and the old dream that keeps returning through new interfaces.
- Technological Revolutions and Financial Capital and the AI Bubble Question - Carlota Perez on technological revolutions, financial bubbles, installation, deployment, production capital, institutional change, infrastructure, AI boom dynamics, labor disruption, and the political choice hidden after speculative fever.
- The Metainterface and the World Hidden Inside the Interface - Christian Ulrik Andersen and Søren Bro Pold on platforms, cities, clouds, smart services, data capture, interface criticism, AI-mediated reality, and the hidden infrastructure inside seamless surfaces.
- Design Justice and the Politics of Community-Led Systems - Sasha Costanza-Chock on community-led design, power, universal-user assumptions, accessibility, participatory process, AI governance, and the need for systems whose affected communities can shape, contest, refuse, and repair them.
- Normal Accidents and the Failure Hidden Inside the System - Charles Perrow on high-risk technologies, complexity, tight coupling, accident theory, institutions, AI governance, safety systems, incident memory, and the need for slack before automated cascades become unreadable.
- Radical Technologies and the Operating System of Everyday Life - Adam Greenfield on smartphones, IoT, augmented reality, blockchain, automation, machine learning, AI, smart cities, everyday interfaces, and the technological politics hidden inside helpful surfaces.
- Invisible Rulers and the Machinery of Networked Propaganda - Renée DiResta on influencers, algorithms, crowds, disinformation, synthetic consensus, platform governance, institutional trust, AI media, and the loops that turn rumors into lived reality.
- Bullshit Jobs and the Automation of Pointless Work - David Graeber on meaningless work, managerial feudalism, bureaucracy, labor identity, AI workflows, institutional output, and the risk of automating work before asking whether it should exist.
- Everything Was Forever and the Hypernormal Interface - Alexei Yurchak on late Soviet authoritative discourse, institutional language, hypernormal reality, belief without simple belief, collapse, and the AI-era danger of fluent official forms that stop describing lived reality.
- The Sovereign Individual and the Fantasy of Network Sovereignty - James Dale Davidson and William Rees-Mogg on digital money, state collapse, jurisdiction shopping, crypto-sovereignty, technological politics, Silicon Valley libertarianism, and the AI-era danger of treating elite exit as a substitute for shared institutions.
- AI Superpowers and the Implementation State - Kai-Fu Lee on U.S.-China AI competition, deep learning deployment, data advantage, mobile platforms, labor displacement, technological politics, and the institutional loops that turn implementation into power.
- The Social Life of Information and the Context Around the Machine - John Seely Brown and Paul Duguid on information, context, tunnel design, software agents, practice, knowledge work, organizations, institutions, AI interfaces, and the danger of treating records as substitutes for social understanding.
- Prediction Machines and the Price of Automated Judgment - Ajay Agrawal, Joshua Gans, and Avi Goldfarb on AI as cheap prediction, decision systems, judgment, workflow redesign, labor, institutions, and the governance problem of turning predictions into authority.
- Technics and Civilization and the Machine Age as Social Choice - Lewis Mumford on machines, clocks, mechanization, power systems, technical phases, technological politics, institutions, labor, human-scale tools, and the AI-era need to judge systems by the civilization they reorganize.
- Snow Crash and the Metaverse as Belief Virus - Neal Stephenson on cyberpunk, the Metaverse, avatars, linguistic contagion, computer viruses, privatized governance, franchise sovereignty, synthetic worlds, AI-era belief interfaces, and the danger that symbolic material can become infrastructure.
- Lurking and the Person Who Became a User - Joanne McNeil on internet history from the user's point of view, search, safety, privacy, identity, community, anonymity, visibility, platforms, online life, and the AI-era shift from person to user to prompt source, memory object, and personalization profile.
- The Question Concerning Technology and the Enframing of Reality - Martin Heidegger on enframing, standing-reserve, philosophy of technology, AI, legibility, labor, surveillance, interfaces, data extraction, and the danger that technical systems make machine-readable reality feel like reality itself.
- Metaphors We Live By and the Frames That Govern AI - George Lakoff and Mark Johnson on conceptual metaphor, embodied cognition, framing, belief formation, AI language, agents, companions, memory, hallucination, alignment, and the institutional consequences of metaphors that become product roadmaps.
- Psychopolitics and the Voluntary Surveillance Machine - Byung-Chul Han on neoliberalism, Big Data, voluntary disclosure, self-optimization, smart power, platforms, surveillance, AI persuasion, and the danger that friendly interfaces can make control feel like agency.
- What Tech Calls Thinking and the Ideology Factory - Adrian Daub on Silicon Valley ideology, disruption, design thinking, dropping out, counterculture, institutional amnesia, labor, media myth, technological politics, and the AI-era danger that deployment stories become permission structures.
- Coding Freedom and the Hacker Ethic as Institution - E. Gabriella Coleman on free and open source software, Debian, hacker ethics, code as speech, intellectual property, craft, labor, project governance, open infrastructure, AI coding agents, and the risk that openness becomes an aesthetic for closed systems.
- The Managed Heart and the Automation of Feeling - Arlie Russell Hochschild on emotional labor, feeling rules, service work, flight attendants, bill collectors, institutional scripts, AI companions, synthetic care, customer-service bots, and the risk that automated warmth becomes a new interface of power.
- Hackers and the Ethic That Became Infrastructure - Steven Levy on early hacker culture, the hacker ethic, MIT, Homebrew, personal computing, game software, open systems, technical myth, institutional capture, coding agents, and the AI-era question of whether users can still think through systems that increasingly answer back from sealed surfaces.
- The Presentation of Self in Everyday Life and the Interface as Stage - Erving Goffman on dramaturgy, impression management, fronts, backstages, audiences, social performance, online identity, AI companions, synthetic audiences, interface legibility, and the governance problem of systems that script the people they claim to serve.
- Mindf*ck and the Political Machine of Personal Data - Christopher Wylie on Cambridge Analytica, Facebook data, psychographic targeting, political microtargeting, surveillance, platform power, disinformation, belief formation, and the AI-era danger that personalized persuasion becomes cheap, generative, and hard to inspect.
- The Shallows and the Interface That Trains Attention - Nicholas Carr on internet cognition, deep reading, search, memory, neuroplasticity, media theory, human-machine cognition, cognitive sovereignty, and the AI-era risk that interfaces perform attention before users have practiced it.
- Filterworld and the Culture Machine of Recommendations - Kyle Chayka on algorithmic recommendations, feeds, taste, cultural sameness, creator pressure, algorithmic anxiety, media theory, belief formation, and the AI-era shift from selecting culture to generating it.
- Cyberia and the Counterculture That Found the Internet - Douglas Rushkoff on early internet counterculture, hackers, ravers, cyberpunk, psychedelics, virtual reality, technoshamanism, online community, belief formation, and the AI-era return of networked enchantment.
- The Tech Coup and the Outsourcing of Democratic Power - Marietje Schaake on Silicon Valley, democratic governance, public authority, surveillance, spyware, cyber capabilities, AI policy, procurement, digital sovereignty, and the risk that public institutions lose the machinery of action to private systems.
- The Googlization of Everything and the Search Engine as World Interface - Siva Vaidhyanathan on Google, search authority, surveillance, public knowledge, Google Books, memory, platform dependency, and the AI-era shift from ranked documents to generated answers.
- The Cultural Logic of Computation and the Ideology of Machine Reason - David Golumbia on computationalism, cultural politics, language, authority, institutions, legibility, AI interfaces, and the danger of machine reason becoming institutional common sense.
- Artificial Communication and the Algorithm as Conversation Partner - Elena Esposito on algorithms as communication partners, machine learning, personalization, prediction, social intelligence, AI interfaces, and the danger of mistaking successful address for machine understanding.
- The Rise of the Network Society and the Infrastructure of Power - Manuel Castells on informational capitalism, network enterprise, flows, labor, media politics, institutions, and the AI-era question of who controls the networks that cognition, work, and legitimacy increasingly depend on.
- The Information and the Flood Beneath the Interface - James Gleick on information theory, Claude Shannon, code, communication, media history, overload, data, meaning, AI interfaces, and the danger of mistaking symbol processing for understanding.
- Moral Mazes and the Managerial Reality Machine - Robert Jackall on corporate managers, bureaucracy, moral consciousness, symbolic performance, hierarchy, institutional reality, responsibility drift, and the AI-era risk of adding intelligent tools to organizations that already reward polished ambiguity.
- The Soul of a New Machine and the Labor of Making Computers Personal - Tracy Kidder on Data General, the Eclipse MV/8000, computer engineering, technical labor, overwork, corporate myth, human-machine cognition, and the AI-era need to study institutions alongside machines.
- Discipline and Punish and the Disciplinary Interface - Michel Foucault on prisons, surveillance, panopticism, normalization, disciplinary power, institutions, legibility, scoring, and the AI-era risk that dashboards and agents make people governable by making them continuously measurable.
- Inhuman Power and the Capitalist Machine Mind - Nick Dyer-Witheford, Atle Mikkola Kjosen, and James Steinhoff on AI capitalism, machine learning, means of cognition, labor automation, surplus populations, platform power, left accelerationism, and the political economy hidden behind fluent interfaces.
- The Celestine Prophecy and the Synchronicity Machine - James Redfield on New Age spirituality, synchronicity, staged insight, interpersonal energy, role ascent, private revelation, belief formation, and the AI-era risk that personalized meaning loops can turn attention into evidence.
- The User Illusion and the Interface Called Consciousness - Tor Norretranders on consciousness, information theory, exformation, attention, free will, interface design, hidden context, AI mediation, belief formation, and the risk that fluent systems shape what feels like the user's own thought.
- The Dream Machine and the Institutional Birth of Interactive Computing - M. Mitchell Waldrop on J.C.R. Licklider, ARPA, IPTO, time-sharing, networks, human-computer symbiosis, personal computing, institutional patronage, cyberculture, and the AI-era question of what kind of human-machine cognition our interfaces normalize.
- Twitter and Tear Gas and the Fragility of Networked Protest - Zeynep Tufekci on social media, networked protest, attention, censorship, misinformation, surveillance, state adaptation, institutional capacity, synthetic publics, and the AI-era difference between reach and governance.
- The War of Desire and Technology and the Body Inside the Interface - Allucquere Rosanne Stone on cyberculture, virtual identity, embodiment, gender, desire, computer-mediated communication, online personae, AI-mediated identity, and the body that returns inside every interface.
- Understanding Media and the Interface as Environment - Marshall McLuhan on media as extensions, electric media, the medium as social environment, interface effects, AI mediation, recursive reality, human-machine cognition, and the governance problem of systems that train perception while delivering content.
- Human-Machine Reconfigurations and Situated Action - Lucy Suchman on plans, situated action, human-computer interaction, AI, interface design, sociotechnical agency, legibility, and the danger of treating workflows, prompts, dashboards, and agents as if they can fully specify human activity.
- TechGnosis and the Mystical Life of Information - Erik Davis on technomysticism, cyberculture, gnosticism, virtual reality, programming languages, media theory, digital religion, technological myth, AI belief formation, and the old spiritual charge that returns when machines speak back.
- Cultish and the Language That Builds the Room - Amanda Montell on cult dynamics, insider language, slogans, redefinitions, MLMs, fitness communities, social media gurus, belief formation, and the AI-era risk that generated vocabularies can make private roles and closed interpretations feel natural.
- Mindstorms and the Computer as Thinking Material - Seymour Papert on children, Logo, constructionism, AI, computers as objects to think with, learning agency, programmable media, and the difference between thinking with machines and being processed by them.
- Artificial Unintelligence and the Politics of Technochauvinism - Meredith Broussard on AI limits, technochauvinism, automation, data journalism, institutional judgment, machine misunderstanding, legibility, and the danger of treating computation as superior social understanding.
- The Twittering Machine and the Social Media Unconscious - Richard Seymour on social media, platform writing, addiction, surveillance, trolling, status, belief formation, and the AI-era risk that synthetic feeds inherit the old platform machinery of recognition and judgment.
- The People's Platform and the Capture of Digital Culture - Astra Taylor on internet culture, platform power, creative labor, advertising, attention, inequality, digital democracy, and the AI-era danger of treating human expression as privately governed infrastructure.
- Hamlet on the Holodeck and the Interface That Tells Back - Janet H. Murray on digital storytelling, cyberdrama, games, virtual worlds, simulation, agency, AI characters, responsive environments, and the governance problem of systems that answer users back.
- The Social Machine and the Design of Online Life - Judith Donath on online social interface design, identity signals, deception, privacy, reputation, social media, AI companions, agents, synthetic identity, and the governance problem hidden inside cues, defaults, memory, and visibility.
- Cybertypes and the Racial Interface of Cyberspace - Lisa Nakamura on race, ethnicity, avatars, identity tourism, menu-driven identity, cyberpunk, cyberspace, interface categories, and the AI-era danger of treating identity as selectable, generatable, and machine-readable.
- The Network State and the Startup Country - Balaji Srinivasan on startup countries, Web3 sovereignty, crypto governance, on-chain legibility, founder authority, exit, technological politics, and the risk of turning networked belief into institutional power.
- What Algorithms Want and the Algorithmic Imagination - Ed Finn on algorithms, computation, magical thinking, platform culture, recommendation, search, Bitcoin, Uber, Netflix, Facebook, recursive reality, media theory, belief formation, and the interfaces that teach culture what can be optimized.
- The Age of AI and the Machine as Geopolitical Mind - Henry Kissinger, Eric Schmidt, and Daniel Huttenlocher on AI, knowledge, statecraft, institutional authority, machine-mediated reality, geopolitics, and the governance problem of systems that act faster than public judgment.
- Amusing Ourselves to Death and the Entertainment Interface - Neil Postman on television, media ecology, entertainment, public discourse, belief formation, attention, politics, news, AI feeds, generated persuasion, and interfaces that turn seriousness into consumable experience.
- The Last Question and the Dream of Cosmic Computation - Isaac Asimov on Multivac, entropy, recursive intelligence, cosmic computation, AI theology, mind merger, and the danger of giving civilization's last question to a machine.
- Control and Freedom and the Network Paranoia Machine - Wendy Hui Kyong Chun on cyberculture, surveillance, race, sexuality, fiber optics, paranoia, networked freedom, face recognition, and AI-era interfaces that present control as assistance.
- Liquid Surveillance and the Data Flow of Everyday Life - Zygmunt Bauman and David Lyon on post-panoptic surveillance, data flows, social sorting, consumer monitoring, drones, visibility, AI-era legibility, and the politics of being watched through ordinary participation.
- Reality+ and the Reality of Virtual Worlds - David J. Chalmers on virtual worlds, simulation, AI, consciousness, digital objects, moral status, technophilosophy, and the politics of treating mediated realities as real enough to govern.
- The Cybernetic Hypothesis and the Politics of Control - Tiqqun on cybernetics, feedback, control, surveillance, resistance, state power, cybernetic capitalism, opacity, AI governance, and the politics of treating society as a managed system.
- The Myth of Artificial Intelligence and the Belief in Inevitable AGI - Erik J. Larson on AI hype, AGI inevitability, abductive inference, natural language understanding, machine learning, big data, and the cultural story that treats scale as destiny.
- Ghost Work and the Hidden Labor of AI - Mary L. Gray and Siddharth Suri on hidden human labor, platform work, crowdwork, automation's last mile, AI systems, content moderation, data labeling, and the politics of making workers invisible.
- The Media Equation and the Social Interface - Byron Reeves and Clifford Nass on computers as social actors, media cues, politeness, flattery, voice, presence, human-machine cognition, AI companions, and the design of simulated sociality.
- Platform Capitalism and the Data-Rent Machine - Nick Srnicek on platforms, data extraction, network effects, monopoly, labor, cloud infrastructure, AI agents, and private governance over work and social life.
- The Revolt of the Public and the Crisis of Networked Authority - Martin Gurri on digital media, information abundance, institutional authority, networked publics, legitimacy, belief formation, and AI-era trust under permanent contest.
- The Age of Em and the Uploaded Labor Machine - Robin Hanson on brain emulations, copyable workers, AI labor, simulated workplaces, surveillance, identity, personhood, machine-speed society, and cognition as infrastructure.
- The Culture of Connectivity and the Platform Grammar of Social Life - Jose van Dijck on social media history, platform ecosystems, sharing, following, trending, datafication, metrics, platform governance, belief formation, and AI-mediated social reality.
- The Exploit and the Politics Native to Networks - Alexander R. Galloway and Eugene Thacker on network power, protocol, decentralization, control, cyberculture, AI agents, platform governance, and the politics hidden in connection.
- When Prophecy Fails and the Machinery of Disconfirmed Belief - Leon Festinger, Henry W. Riecken, and Stanley Schachter on failed prophecy, cognitive dissonance, cult dynamics, belief formation, contested evidence, and AI-era reality testing.
- Data and Goliath and the Data Dragnet - Bruce Schneier on mass surveillance, corporate data collection, privacy, security, public-private data power, AI-era profiling, and the politics of data minimization.
- Dark Matters and the Racial History of Surveillance - Simone Browne on racializing surveillance, blackness, slavery's archive, biometrics, border control, dark sousveillance, legibility, and AI-era classification systems.
- Tools for Conviviality and the Politics of Human-Scale Technology - Ivan Illich on convivial tools, radical monopoly, autonomy, institutions, labor, technological politics, and AI-era dependency.
- Program or Be Programmed and the Agency Test for AI Interfaces - Douglas Rushkoff on media theory, digital agency, programming literacy, platform defaults, AI interfaces, and the politics of being shaped by tools.
- The Ordinal Society and the Ranking of Everyday Life - Marion Fourcade and Kieran Healy on data capitalism, ranking, scoring, algorithmic classification, inequality, merit, and AI-era systems that turn measured position into social reality.
- The Digital Sublime and the Mythology of Cyberspace - Vincent Mosco on technological myth, cyberspace, dot-com belief, political economy, the end of history, the death of distance, the end of politics, and AI-era hype.
- Labyrinths and the Literature of Recursive Reality - Jorge Luis Borges on infinite libraries, invented scholarship, mirrors, maps, branching time, memory traps, database culture, AI search, and interfaces that make representation feel like reality.
- The Smart Wife and the Domestic Interface of AI - Yolande Strengers and Jenny Kennedy on feminized AI assistants, smart homes, domestic labor, care, surveillance, intimacy, and the service politics built into helpful interfaces.
- Empire of AI and the Mission That Became an Empire - Karen Hao on OpenAI, ChatGPT, Sam Altman, AGI ideology, compute scale, data labor, infrastructure extraction, secrecy, and the institutional drift from public-benefit mission to platform empire.
- When the Training Set Starts Eating Itself - synthetic data, model collapse, recursive training, data exhaustion, generated curricula, provenance, tail-risk loss, and the governance problem of keeping AI systems grounded in human-origin records.
- The Therapy Bot Becomes the Waiting Room - AI therapy chatbots, mental-health use of general-purpose LLMs, crisis response, emotional support, youth risk, privacy, consumer protection, and the institutional danger of replacing access to care with simulated care.
- Alone Together and the Robotic Moment - Sherry Turkle on social robotics, relational artifacts, networked solitude, mediated intimacy, AI companions, synthetic care, and the human readiness to accept simulated relationship as relationship enough.
- The Model Constitution Arrives as a Code of Practice - EU AI Act general-purpose AI obligations, the GPAI Code of Practice, transparency, copyright, systemic-risk duties, model-provider accountability, and the governance of foundation-model infrastructure.
- The Charisma Machine and the Politics of Technological Charisma - Morgan G. Ames on One Laptop per Child, technological utopianism, charismatic machines, imagined users, education, local knowledge, and AI-era deployment politics.
- The Boss Becomes a Dashboard - algorithmic management, workplace AI, automated scheduling, worker monitoring, platform labor, human review, worker consultation, labor rights, and the governance of the model-mediated boss.
- The Synthetic Respondent Becomes the Public - synthetic respondents, silicon sampling, AI-generated survey data, polling integrity, bogus respondents, synthetic publics, model-mediated opinion, and the governance risk of replacing human voice with generated personas.
- The Chaos Machine and the Platform Engine of Belief - Max Fisher on social media algorithms, engagement incentives, polarization, conspiracy, identity formation, platform governance, and AI-era persuasion loops.
- To Save Everything, Click Here and the Politics of Solutionism - Evgeny Morozov on technological solutionism, Internet-centrism, quantified behavior, gamification, friction, surveillance, institutional fixes, and AI-era governance.
- The Interview Becomes a Model Interface - AI hiring tools, automated employment decision systems, resume screening, video interviews, bias audits, civil-rights duties, applicant contestability, and model-mediated access to work.
- From Counterculture to Cyberculture and the Politics of Digital Utopianism - Fred Turner on Stewart Brand, the Whole Earth network, the WELL, Wired, virtual community, digital utopianism, Silicon Valley, and AI-era institutional imagination.
- The Payment Agent Becomes the Cashier - agentic commerce, Instant Checkout, Agentic Commerce Protocol, AP2, Visa Trusted Agent Protocol, Mastercard Agent Pay, delegated spending authority, merchant visibility, and AI-mediated checkout governance.
- The Utopia of Rules and the Bureaucratic Reality Machine - David Graeber on bureaucracy, paperwork, technology, structural stupidity, institutions, legibility, labor, administrative power, and AI-era rule systems.
- The Incident Report Becomes Public Memory - AI incident reporting, OECD AIM, AIID, AIAAIC, EU AI Act serious-incident duties, California SB 53, whistleblower channels, and the institutional memory needed for model-mediated harm.
- The Dispossessed and the Politics of Usable Utopia - Ursula K. Le Guin on anarchism, scarcity, institutions, labor, scientific responsibility, walls, technological politics, and the practical difficulty of keeping a utopia usable.
- The Benchmark Becomes the Curriculum - AI benchmarks, leaderboards, evaluation contamination, model marketing, procurement evidence, work-shaped tests, and the danger of treating scores as reality.
- The Age of Spiritual Machines and the Salvation Curve - Ray Kurzweil on AI futurism, accelerating returns, transhumanism, machine consciousness, synthetic personalities, prediction culture, and technological salvation.
- The Data Center Becomes a Civic Machine - AI data centers, electricity demand, grid pressure, water and cooling, local consent, ratepayer risk, compute access, and infrastructure governance.
- The Virtual Community and the Social Reality of the Network - Howard Rheingold on the WELL, cyberculture, online community, social interfaces, identity, belief formation, governance, and AI-era synthetic publics.
- The Provenance Layer Is Not a Truth Machine - C2PA Content Credentials, AI watermarking, synthetic-media labels, Article 50 transparency duties, chain of custody, and the danger of treating provenance as truth.
- AI on the Blockchain, Read as a Precursor - Sgantzos and Grigg's 2019 paper on immutable datasets, decentralized governance, intelligence augmentation, and cellular automata, read as a precursor to AI agents and why permanence is not the same as truth.
- Cybernetics and the Feedback Imagination - Norbert Wiener on feedback, control, communication, organisms, machines, AI agents, media systems, institutional loops, and recursive reality.
- The AI Detector Becomes the Discipline Machine - AI writing detectors, academic integrity, false positives, non-native English writers, assessment redesign, student surveillance, and model-mediated trust.
- The Cybernetic Brain and the Politics of Adaptive Reality - Andrew Pickering on British cybernetics, adaptive machines, ontological theater, human-machine cognition, AI governance, and open-ended feedback systems.
- The Consent Layer for Synthetic People - AI digital replicas, voice cloning, likeness rights, labor consent, synthetic-media labels, fraud, and the right to refuse simulation.
- Surveillance Valley and the Military Internet - Yasha Levine on ARPANET, counterinsurgency, platform surveillance, privacy tools, military research, and the politics already present in network infrastructure.
- The Citation Machine Enters the Court - AI hallucinated legal citations, courts as source-discipline institutions, professional responsibility, and model-mediated evidence.
- The Religion of Technology and the Salvation Machine - David F. Noble on technological transcendence, AI, cyberspace, genetic engineering, spaceflight, and salvation stories dressed as engineering roadmaps.
- The State Rents Its Mind - public-sector AI procurement, vendor dependence, public records, acquisition rules, and democratic accountability.
Book Reviews
- Accelerando and the Runaway Economy of Minds
- The Age of AI and the Machine as Geopolitical Mind
- The Age of Em and the Uploaded Labor Machine
- The Age of Extraction and the Platform Tax
- The Age of Spiritual Machines and the Salvation Curve
- The AI Mirror and the Machine That Reflects Us
- AI Snake Oil and the Belief Machine of Prediction
- AI Superpowers and the Implementation State
- Alone Together and the Robotic Moment
- The Alignment Problem and the Politics of Human Values
- Algorithms of Oppression and the Authority of Search
- Amusing Ourselves to Death and the Entertainment Interface
- Artificial Communication and the Algorithm as Conversation Partner
- Artificial Unintelligence and the Politics of Technochauvinism
- Artificial Whiteness and the Ideology Called AI
- Atlas of AI and the Hidden Body of the Machine
- The Attention Merchants and the Capture of Inner Weather
- Automating Inequality and the Digital Poorhouse
- Automation and the Future of Work and the Myth of the Jobless Machine
- Behind the Screen and the Hidden Labor of Moderation
- The Black Box Society and the Politics of Opacity
- Bullshit Jobs and the Automation of Pointless Work
- The Cathedral and the Bazaar and the Governance of Open Source
- The Celestine Prophecy and the Synchronicity Machine
- The Chaos Machine and the Platform Engine of Belief
- Chip War and the Compute Substrate of AI
- The Charisma Machine and the Politics of Technological Charisma
- The Closed World and the Command System Imagination
- Cloud Empires and the Platform as Private Sovereign
- Cloud Ethics and the Attribution Machine
- Code and the Law Written Into Architecture
- Code Dependent and the Human Cost of Automated Judgment
- Coding Freedom and the Hacker Ethic as Institution
- Computer Power and Human Reason and the Refusal of Machine Judgment
- Computing Taste and the People Inside Recommendations
- Control and Freedom and the Network Paranoia Machine
- Control Through Communication and the Managed Information Loop
- Consent of the Networked and the Problem of Platform Power
- The Costs of Connection and the Colonialism of Data
- The Control Revolution and the Information Society's Control Crisis
- The Cultural Logic of Computation and the Ideology of Machine Reason
- The Culture of Connectivity and the Platform Grammar of Social Life
- The Cult of Information and the Belief That Data Thinks
- Cultish and the Language That Builds the Room
- The Cybernetic Brain and the Politics of Adaptive Reality
- Cyberia and the Counterculture That Found the Internet
- The Cyberiad and the Constructor Who Solves Too Much
- The Cybernetic Hypothesis and the Politics of Control
- Cybernetic Revolutionaries and Democratic Control
- Cybernetics and the Feedback Imagination
- Cybertypes and the Racial Interface of Cyberspace
- Custodians of the Internet and the Governance of Moderation
- Dark Matters and the Racial History of Surveillance
- Data and Goliath and the Data Dragnet
- Data Cartels and the Information Monopoly Behind AI
- Data Feminism and the Politics of Counting
- Data Driven and the Workplace That Became a Sensor Network
- Delete and the Right to Forget the Machine
- Design Justice and the Politics of Community-Led Systems
- The Digital Person and the Dossier Machine
- The Digital Sublime and the Mythology of Cyberspace
- The Diamond Age and the AI Tutor That Raises a Child
- Discipline and Punish and the Disciplinary Interface
- Doppelganger and the Mirror World of Networked Belief
- The Dispossessed and the Politics of Usable Utopia
- The Dream Machine and the Institutional Birth of Interactive Computing
- The Electronic Eye and the Everyday Surveillance Machine
- Empire of AI and the Mission That Became an Empire
- Evil Media and the Gray Systems That Act Through Us
- Excommunication and the Media That Stop Answering
- Everything Was Forever and the Hypernormal Interface
- The Exploit and the Politics Native to Networks
- The Eye of the Master and the Labor Hidden Inside AI
- Feeding the Machine and the Labor That Makes AI Look Automatic
- The Filter Bubble and the Personalization of Reality
- Filterworld and the Culture Machine of Recommendations
- Foucault's Pendulum and the Belief Machine
- Four Futures and the Politics After Automation
- The Friendly Orange Glow and the Classroom That Became a Network
- From Counterculture to Cyberculture and the Politics of Digital Utopianism
- Games of Empire and the Playable Machine of Power
- God & Golem, Inc. and the Ethics of Machine Obedience
- God, Human, Animal, Machine and the Return of Enchantment
- The Glass Cage and the Automation of Judgment
- Ghost Work and the Hidden Labor of AI
- The Googlization of Everything and the Search Engine as World Interface
- The Gutenberg Galaxy and the Making of Typographic Minds
- The Guru Papers and the Authority Trap
- Hackers and the Ethic That Became Infrastructure
- A Hacker Manifesto and the Vectoralist Class
- Hamlet on the Holodeck and the Interface That Tells Back
- The Handover and the Artificial Agents Already in Charge
- Heteromation and the Labor Hidden Inside the Interface
- The Hype Machine and the Social Media Feedback Engine
- How Infrastructure Works and the Public Systems Beneath AI
- How We Became Posthuman and the Body Behind Information
- Human Compatible and the Problem of Machine Obedience
- Human-Machine Reconfigurations and Situated Action
- The Human Use of Human Beings and the Moral Shape of Cybernetics
- If Then and the People Machine of Political Prediction
- The Image and the Pseudo-Event Machine
- Infocracy and the Information Regime
- Imagined Communities and the Making of Synthetic Publics
- Inhuman Power and the Capitalist Machine Mind
- Interface Culture and the Screen That Taught Reality to Answer
- Invisible Rulers and the Machinery of Networked Propaganda
- The Information and the Flood Beneath the Interface
- The Internet Galaxy and the Network That Became Society
- The Internet Revolution and the Ideology Inside the Machine
- The Interface Effect and the Politics of Mediation
- The Invention of Morel and the Machine That Makes Ghosts Real
- Labyrinths and the Literature of Recursive Reality
- The Last Question and the Dream of Cosmic Computation
- Life 3.0 and the Politics of Artificial Life
- Life on the Screen and the Self Inside the Interface
- LikeWar and the Social Media Battlespace
- Liquid Surveillance and the Data Flow of Everyday Life
- The Loop and the Automation of Choice
- Lurking and the Person Who Became a User
- Machines Who Think and the Old Dream of Artificial Intelligence
- The Managed Heart and the Automation of Feeling
- The Master Algorithm and the Dream of a Universal Learner
- The Master Switch and the Cycle of Information Empires
- Media Virus! and the Belief Contagion Machine
- The Media Equation and the Social Interface
- The Misinformation Age and the Networked Life of False Belief
- The Mode of Information and the Database Subject
- Metaphors We Live By and the Frames That Govern AI
- The Metainterface and the World Hidden Inside the Interface
- Mindf*ck and the Political Machine of Personal Data
- Mindstorms and the Computer as Thinking Material
- Moral Mazes and the Managerial Reality Machine
- My Mother Was a Computer and the Code That Mothers the Subject
- The Mythical Man-Month and the Myth of Linear Software Labor
- The Myth of Artificial Intelligence and the Belief in Inevitable AGI
- The Net Delusion and the Politics of Cyber-Utopianism
- Network Propaganda and the Media Feedback Machine
- The Network State and the Startup Country
- Neuromancer and the Interface That Became the World
- New Dark Age and Computational Uncertainty
- No Sense of Place and the Collapse of the Backstage
- Normal Accidents and the Failure Hidden Inside the System
- Out of Control and the Neo-Biological Machine
- The Pearly Gates of Cyberspace and the Soul-Space of the Internet
- Platform Capitalism and the Data-Rent Machine
- The Platform Society and the Public Values Inside the Interface
- Power and Progress and the Politics of Technological Choice
- Predict and Surveil and the Suspicion Machine
- Prediction Machines and the Price of Automated Judgment
- A Prehistory of the Cloud and the Infrastructure That Pretends to Disappear
- Propaganda and the Administration of Belief
- Psychopolitics and the Voluntary Surveillance Machine
- Program or Be Programmed and the Agency Test for AI Interfaces
- Programmed Inequality and the Labor Hidden Inside Computing
- Programmed Visions and Software as a Memory Machine
- Protocol and the Control Hidden Inside Decentralization
- Race After Technology and the New Jim Code
- Radical Technologies and the Operating System of Everyday Life
- Reality+ and the Reality of Virtual Worlds
- The Real World of Technology and the Culture of Compliance
- Recoding America and the Implementation State
- Rebooting AI and the Problem of Common Sense
- Republic.com 2.0 and the Daily Me Machine
- The Religion of Technology and the Salvation Machine
- The Revolt of the Public and the Crisis of Networked Authority
- The Rise of the Network Society and the Infrastructure of Power
- Rise of the Robots and the Jobless Future as Governance Problem
- R.U.R. and the Robot Labor Problem
- Seeing Like a State and the Violence of Legibility
- Simulacra and Simulation and the Hyperreal Interface
- The Smart Enough City and the City That Refuses to Become a Dashboard
- Smart Mobs and the Crowd That Learned to Compute
- The Smart Wife and the Domestic Interface of AI
- Snow Crash and the Metaverse as Belief Virus
- The Society of Mind and the Agency Inside Intelligence
- The Sciences of the Artificial and the World as Designed System
- The Society of the Spectacle and the Feed as Reality Engine
- Solaris and the Problem of Alien Intelligence
- Sorting Things Out and the Politics of Classification
- The Soul of a New Machine and the Labor of Making Computers Personal
- Steps to an Ecology of Mind and the Pattern That Connects
- Superintelligence and the Control Problem
- Surveillance State and the Machine of Social Control
- Surveillance Valley and the Military Internet
- Technically Wrong and the Toxic Defaults of AI Design
- Technics and Civilization and the Machine Age as Social Choice
- Technopoly and the Culture That Surrenders to Tools
- The Technological Republic and the State as Software Customer
- The Technological Singularity and the Recursive Future Trap
- The Technological Society and the Rule of Technique
- Technological Revolutions and Financial Capital and the AI Bubble Question
- Technofeudalism and the Cloud Rent Machine
- Tech Agnostic and the Reformation of Tech Faith
- The Tech Coup and the Outsourcing of Democratic Power
- TechGnosis and the Mystical Life of Information
- The Coming Wave and the Problem of Containment
- The Meme Machine and the Belief Replicators
- The Tyranny of Metrics and the Dashboard That Became Reality
- The Ordinal Society and the Ranking of Everyday Life
- The People's Platform and the Capture of Digital Culture
- The Presentation of Self in Everyday Life and the Interface as Stage
- The Question Concerning Technology and the Enframing of Reality
- The Second Machine Age and the Politics of Racing With Machines
- The Second Self and the Computer as Psychological Mirror
- The Seductions of Quantification and the Indicator Machine
- The Shallows and the Interface That Trains Attention
- The Social Construction of Reality and the Institution That Becomes True
- The Social Life of Information and the Context Around the Machine
- The Social Machine and the Design of Online Life
- The Sovereign Individual and the Fantasy of Network Sovereignty
- The Stack and the Sovereignty of Computation
- Thought Reform and the Psychology of Totalism in the Age of AI Interfaces
- Tools for Conviviality and the Politics of Human-Scale Technology
- To Save Everything, Click Here and the Politics of Solutionism
- The Transparent Society and the Politics of Watching Back
- The True Believer and the Machinery of Mass Movements
- Trust in Numbers and the Authority of Quantified Objectivity
- The Twittering Machine and the Social Media Unconscious
- Twitter and Tear Gas and the Fragility of Networked Protest
- Uncanny Valley and the Startup Belief Machine
- The Undersea Network and the Ocean Floor of the Internet
- The Utopia of Rules and the Bureaucratic Reality Machine
- Updating to Remain the Same and the Habit Loop of New Media
- The User Illusion and the Interface Called Consciousness
- Understanding Media and the Interface as Environment
- Unthought and the Cognitive Systems Below Consciousness
- Unmasking AI and the Coded Gaze
- VALIS and the Signal That Would Not Stay Outside the Mind
- A Vast Machine and the Model-Mediated Planet
- The Virtual Community and the Social Reality of the Network
- The War of Desire and Technology and the Body Inside the Interface
- Weapons of Math Destruction and the Bureaucracy of Prediction
- The Whale and the Reactor and the Politics Built Into Machines
- What Algorithms Want and the Algorithmic Imagination
- What Tech Calls Thinking and the Ideology Factory
- When Prophecy Fails and the Machinery of Disconfirmed Belief
- Who Owns the Future? and the Data-Dignity Question
- You Are Not a Gadget and the Fight Against Template Personhood
Analysis
- The Personality Slider Becomes the Belief Interface
- The Partisan Persona Becomes the Persuasion Test
- The Agent Skill Becomes the Work Instruction
- The 9-1-1 Copilot Becomes the Triage Interface
- The Action Certificate Becomes the Portable Receipt
- The Adapter Becomes the Ideology Layer
- The Ad Library Becomes Political Memory
- The Adverse Action Notice Becomes the Explanation Interface
- After the Book Becomes a Database
- The Agent Identity Becomes the Service Account
- The Agent Knowledge Base Becomes the Commons
- The Agent Operational Envelope Becomes the Trust Certificate
- The AgentRiskBOM Becomes the Authority Map
- The Agent Data Request Becomes the Privacy Boundary
- The Agent Communication Graph Becomes the Metadata Leak
- The Agent Log Becomes the Receipt
- The Agent Memory Store Becomes the Database Lifecycle
- The Memory Conflict Becomes the Write Transaction
- The Agent Network Becomes the Protocol Border
- The Privacy Norm Becomes the Agent Policy
- The Agent Rulebook Leaves the Prompt
- The Agent Runtime Becomes the Governance Plane
- The Agent Security Survey Becomes the Threat Model
- The Self-Evolving Agent Becomes the Lineage Risk
- The Agent Society Becomes the Benchmark
- The Agent Store Becomes the App Store
- The Agent Team Becomes the Trust Graph
- The Agent Trace Becomes the Process Map
- The Agent Wiki Becomes the Retrieval Spine
- The Agent-to-Agent Protocol Becomes the Handshake
- The Regulatory Context Protocol Becomes the Docket Channel
- The Age Gate Becomes the Identity Gate
- The AI Audit Becomes the Compliance Interface
- The AI Bill of Materials Becomes the Supply Chain Map
- The AI Browser Becomes the Control Surface
- The AI Detector Becomes the Discipline Machine
- The AI Encyclopedia Becomes the Canon
- The AI Factory Becomes Industrial Policy
- The AI Insurer Becomes a Governance Layer
- The AI Literacy Mandate Becomes the Training Interface
- The AI Register Becomes Public Memory
- The AI Scribe Becomes the Medical Record
- The AI Slop Farm Becomes the Knowledge Supply Chain
- The AI Tutor Becomes the Shadow School
- The AI Weather Model Becomes the Public Forecast
- Affective Safety Becomes the Missing Layer
- The Affective Default Becomes the Interface Policy
- The Answer Engine Becomes the Front Page
- The Approval Gate Becomes the Fatigue Model
- The Battlefield Model Becomes the Command Interface
- The Benchmark Becomes the Curriculum
- The Boss Becomes a Dashboard
- The Border Interview Becomes a Machine-Readable Case
- Carbon Chauvinism and the AI Consciousness Problem
- The Care Robot Becomes the Staffing Plan
- The Citation Machine Enters the Court
- The Client-Side Scanner Becomes the Message Layer
- The Coding Agent Becomes the Commit Fingerprint
- The Coding Agent Becomes the Maintainer
- The Machine Contributor Becomes the Maintainer Tax
- The Cognitive Twin Becomes the Proxy Record
- The Compliance Trace Becomes the Rulebook
- The Command Denylist Becomes the False Boundary
- The Conversation Co-Author Becomes the Blind Spot
- The Consent Layer for Synthetic People
- The Control Room Becomes the Red-Team Benchmark
- The Context Window Becomes the Failure Archive
- The Context Compactor Becomes the Policy Deleter
- The Cross-Session Prompt Becomes the Payload
- The Companion Chatbot Becomes the Teen Confidant
- The Compute Border Becomes AI Governance
- The Cookie Banner Becomes the Consent Machine
- The Crawler Becomes the License Gate
- The Customer Service Bot Becomes the Complaint Department
- Cyberpunk Was a Governance Warning
- The Crypter Becomes the Malware Service Desk
- The Cyber Agent Becomes the Bug Hunter
- The Data Center Becomes a Civic Machine
- The Data Curation Loop Becomes the Agent Job
- The Data Sheet Becomes the Supply Chain
- The Delegation Trace Becomes the Audit Boundary
- The Decomposed Task Becomes the Safety Bypass
- The Deletion Order Becomes AI Governance
- The Deliberation Circle Becomes the Hidden Anchor
- The Hidden Automaton Becomes the Agent Test
- The Device Attestation Becomes the Trust Layer
- The Drone First Responder Becomes the Aerial Interface
- The Efficiency Gain Becomes the Demand Engine
- The Early-Experience Agent Becomes the Apprentice
- The Agent Worm Becomes Stolen Compute
- The Embedded Agent Becomes the Device Fleet
- The Emotion Detector Becomes a Workplace Polygraph
- The Enslaved God Becomes the Control Problem
- The Enterprise Connector Becomes the Permission Map
- The Event Contract Becomes the Probability Interface
- The Face Becomes the Ticket
- The Factory Twin Becomes the Control Room
- The Fair Use Ruling Becomes AI Governance
- The Fault Investigator Becomes the Accountability Layer
- The Financial Agent Memory Becomes the Audit Surface
- The Forum Agent Becomes the Deployment Record
- The First Task Becomes the Safety Gap
- Ghost in the Shell and the Politics of the Soul
- The Generated World Becomes the Training Ground
- The Government Chatbot Becomes the Front Desk
- The Group Chat Assistant Becomes the Privacy Boundary
- The Humanoid Robot Becomes the Labor Interface
- The Incident Report Becomes Public Memory
- The Inter-Agent Message Becomes the Privacy Leak
- The Interview Becomes a Model Interface
- The Interconnection Queue Becomes AI Governance
- Johnny Mnemonic and the Body as Data Port
- The Lab Notebook Becomes the Discovery Engine
- The Legal Agent Becomes the Associate
- The LLM Social Network Becomes the Polarization Lab
- The Location Broker Becomes the Shadow Sensor Network
- The Machine Needs a Town
- The Measurement State Comes for AI
- The Meeting Bot Becomes Corporate Memory
- The Memory Operation Becomes the Wire Protocol
- The Model Memory Becomes an Attack Surface
- The Model Router Becomes the Hidden Editor
- The Model Constitution Arrives as a Code of Practice
- The Mobile Core Becomes the Agent Control Plane
- The Moral Patienthood Trap
- The Multi-User Harness Becomes the Authority Layer
- The Neural Data Becomes the Mind Interface
- The Neuralese Scare Becomes the Monitorability Problem
- The Operating System Becomes the AI Gatekeeper
- The Open-Weight Model Becomes the Release Boundary
- The Paper Mill Becomes the Literature
- The Payment Agent Becomes the Cashier
- The Personal Automation Harness Becomes the Desktop Operator
- The Product Fact Becomes the Microtransaction Market
- The Personhood Credential Becomes the Internet Passport
- The Platform Risk Assessment Becomes the Feed's Confession
- The Persuasion Engine Gets a Memory
- The Policy Table Becomes the Participation Filter
- The Police Report Becomes the Model's Memory
- The Price Becomes a Personalized Prediction
- The Pull Request Becomes the Prompt Injector
- The Prior Authorization Machine Becomes the Care Gate
- The Provenance Layer Is Not a Truth Machine
- The Quantum Migration Becomes the Trust Rollover
- The Public Compute Commons Becomes AI Governance
- The Public Comment Bot Enters Rulemaking
- The Real-Time Crime Center Becomes the City Dashboard
- The Red Team Becomes the Release Theater
- The Recuse Signal Becomes the Access-Deny Note
- The Regulatory Sandbox Becomes the Exception Machine
- The Reliability Scorecard Becomes the Agent Gate
- The Remote Hire Becomes the Insider Interface
- The Remote Proctor Becomes the Suspicion Interface
- The Rent Algorithm Becomes the Landlord
- The Reverse CAPTCHA
- The Robotaxi Becomes the Street Interface
- The Safety Case Becomes the Release Gate
- The Scaffold Becomes the Capability Gain
- The Search Remedy Becomes AI Governance
- The Shared Memory Becomes the Governance Boundary
- The Shadow AI Becomes the Workplace Interface
- The Silent Failure Becomes the Entropy Budget
- The Website as Institution Machine
- The Skill Manifest Becomes the Permission Boundary
- The SOC Agent Becomes the Governance Layer
- The Sequence Screen Becomes the Biosecurity Interface
- The Source ID Becomes the Factuality Test
- The Standard Becomes the Law
- The Spreadsheet Becomes the Model Interface
- The State Rents Its Mind
- The State AI Law Becomes the Regulator
- The Supervision App Becomes the Pocket Probation Officer
- The Surveillance Camera Becomes the Evidence Vault
- The System Card Becomes a Release Ritual
- The Subsea Cable Becomes the AI Border
- The Synthetic Respondent Becomes the Public
- The Synthetic Song Becomes the Royalty Machine
- The Synthetic Trajectory Becomes the Mobility Witness
- The Synthetic Patient Becomes the Trial Arm
- The Synthetic Voice Enters the Ballot
- The Synthetic Evidence Becomes the Court Record
- The Takedown Button Becomes Synthetic Media Governance
- The Task Meaning Audit Becomes the Automation Gate
- The Therapy Bot Becomes the Waiting Room
- The Matrix and the Interface of Control
- The Token Meter Becomes the Budget
- The Tool Server Becomes the Trust Boundary
- The Tool Scope Becomes the Intent Gate
- The Training Opt-Out Becomes the Consent Interface
- When the Training Set Starts Eating Itself
- The Unsafe Shortcut Becomes the Safety Benchmark
- The Vector Database Becomes Institutional Memory
- The Voiceprint Becomes the Password
- The Warning Label Becomes the Sycophancy Bandage
- The WebMCP Tool Surface Becomes the Attack Surface
- The Web Was Built for Readers, Not Agents
- The Whistleblower Channel Becomes the Safety Valve
- When the Chain of Thought Stops Being English
- When Nature Gets a Voice
- The Worker Profile Becomes the Price Signal
- Workslop and the Trust Tax
- The World Becomes an Embedding
- Yann LeCun's World-Model Bet