Routing Ceilings Are Domain-Independent: Structural Prior Injection in Code Security Vulnerability Detection
Jul 17, 2026
A new preprint replicates findings from mathematical reasoning in the domain of code security, showing that injecting structural priors (cheatsheets) into LLM prompts dramatically boosts in-distribution performance but leads to severe out-of-distribution collapse. The study evaluates three large language models across multiple vulnerability types and finds that the trade-off between in-distribution gains and out-of-distribution failures is robust across domains. Iterative recalibration of cheatsheets does not resolve the collapse, supporting the router hypothesis and suggesting that distribution-aware training is needed.
Why it matters: This work reveals a fundamental, cross-domain limitation of prompt-based structural priors for LLMs, emphasizing the need for distribution-aware approaches in real-world applications.
Full story at: arXiv Computation and Language ↗