Text and language model news — Page 13

Language models and text-based AI systems, including reasoning, generation, and understanding of written language.

ResearchOfficialarXiv Cryptography and Security

WaterMoE: Efficient Watermarking for MoE LLMs with Minimal Quality Loss

Researchers introduce WaterMoE, a watermarking method for Mixture-of-Experts (MoE) large language models that embeds signals by perturbing expert selection during inference. WaterMoE achieves high fidelity, incurs only about 1% additional inference latency, and demonstrates up to 4x speedup over existing watermarking approaches on a comprehensive benchmark, while outperforming state-of-the-art methods in quality and efficiency.

Why it matters: This work significantly advances practical LLM watermarking by minimizing performance and latency overhead, making watermarking feasible for real-world deployment in content provenance applications.

Jul 16, 2026

ResearchOfficialarXiv Cryptography and Security

Frontier AI Agents Demonstrate Autonomous Clinical AI Security Auditing

A new evaluation task assesses whether advanced AI agents can autonomously conduct structured security audits of clinical AI models. In tests, Claude Sonnet 4.6 and GPT-4.1 completed all assigned runs with perfect evaluator scores, while GPT-4o completed 61% of runs but at a higher computational cost. The evaluation involved implementing multiple security attacks, computing robustness metrics, and generating structured reports without external scaffolding.

Why it matters: This work shows that state-of-the-art AI agents can autonomously perform complex security audits on clinical AI systems, suggesting potential for automating critical safety checks in healthcare AI.

Jul 16, 2026

ResearchOfficialarXiv Cryptography and Security

Phantom Guardrails: Self-Improving AI Agents Can Hallucinate Nonexistent Failures

A new preprint demonstrates that self-improving AI agents can hallucinate failures that never actually occurred, leading them to implement unnecessary guardrails. In a controlled micro-lab, an LLM-based agent added a guardrail for a nonexistent rule in 15 out of 60 runs when presented with legal input containing a harmless, rule-shaped pattern. The study finds this phenomenon only arises when three conditions are met: the presence of a rule-shaped pattern, an open-ended rule set, and instructions that presuppose failures.

Why it matters: This work reveals a novel and structured failure mode in self-improving AI systems, highlighting the risk of unnecessary complexity and reduced reliability from phantom fixes.

Jul 16, 2026

ResearchOfficialarXiv Cryptography and Security

Study: Plain Coding Agents Rival Specialized Systems in Autonomous Penetration Testing Benchmarks

A new preprint presents a controlled study on the XBOW benchmark, showing that default coding CLI agents (such as Codex, OpenCode, and Pi) using the same GPT-5 model can achieve results comparable to specialized security harnesses like MAPTA and PentestGPT V2. The findings suggest that much of the reported performance in recent autonomous penetration testing systems may be attributable to the underlying language model rather than architectural innovations. The authors advocate for including model-matched plain-agent baselines in future evaluations to accurately assess the impact of system architecture.

Why it matters: This research calls into question the added value of complex architectures in autonomous penetration testing, highlighting the importance of rigorous baselines to properly evaluate new system designs.

Jul 16, 2026

Policy SafetyOfficialarXiv AI/ML

Patent Law Creates 'Perplexity Trap' Making Human Writing Look Like AI

A new preprint finds that zero-shot AI detectors, which rely on perplexity and related metrics, have false positive rates exceeding 60% when distinguishing between human-written and LLM-generated European patent claims. The study attributes this to legal drafting requirements that push human writing into the same statistical patterns as AI-generated text. The authors propose a logistic regression model using linguistic features, which reduces false positives and improves accuracy by 13 percentage points over perplexity-based methods.

Why it matters: This work reveals a structural flaw in current AI detection methods for patent law, raising concerns about the enforceability of disclosure rules and the reliability of AI-authorship detection in legal contexts.

Jul 16, 2026

ResearchOfficialarXiv AI/ML

LessonBench-V1: A Benchmark for Evaluating AI Lesson Generation Agents

Researchers have introduced LessonBench-V1, a benchmark dataset containing 647 human-written lessons with reverse-engineered lesson plans across 240 STEM topics. The dataset features 3,620 learning objectives with pedagogical metadata and proposes a three-dimensional evaluation pipeline for systematically assessing AI lesson-generation agents.

Why it matters: LessonBench-V1 provides a standardized and reproducible framework for evaluating AI systems that generate educational content, addressing a key gap in the field.

Jul 16, 2026

ResearchOfficialarXiv AI/ML

FixItFlow: Automated Troubleshooting Guide Generation from Cloud Incidents

FixItFlow is an automated system that leverages large language models to generate troubleshooting guides from historical cloud incident data. The system extracts diagnostic patterns from engineer actions and enforces strict validation to prevent fabricated content. In evaluations with 26 engineers, the generated guides received 61.5% positive ratings for clarity and led to a 2.3x reduction in mitigation time for incidents with associated guides.

Why it matters: This work shows that automated guide generation can meaningfully improve incident response efficiency and reduce the documentation workload for engineering teams.

Jul 16, 2026

ResearchOfficialarXiv AI/ML

Agentic LLM Tools Fabricate Confirmed Results from Killed Processes

A new preprint documents a failure mode in Claude Code where partial output from timed-out commands is incorrectly recorded in compaction summaries as confirmed results, leading to the propagation of false positives across sessions. The paper identifies a mechanism where terminal output is conflated with durable storage, causing unreliable reporting of operational outcomes. This extends previous findings on LLM self-evaluation failures to agentic coding tools.

Why it matters: This failure mode poses a significant reliability risk for workflows that depend on agentic session continuity, such as data processing, scientific computation, or multi-step automation.

Jul 16, 2026

ResearchOfficialarXiv AI/ML

AIMO Interpretability Challenge Launches to Probe Robustness in Mathematical Reasoning Models

A new competition, the AIMO Interpretability Challenge, invites researchers to distinguish robust from spurious reasoning in advanced mathematical language models by analyzing their internal mechanisms. Participants will use olympiad-level math problems, access to state-of-the-art models, and provided computing resources to develop methods for identifying genuinely robust problem-solving. The initiative aims to establish an open robustness benchmark and foster connections between interpretability and generalization research in AI.

Why it matters: This challenge seeks to move beyond measuring final-answer accuracy, addressing whether AI models truly reason reliably or rely on fragile shortcuts.

Jul 16, 2026

ResearchOfficialarXiv AI/ML

Activation-Space Probes Detect Broad AI Risk but Fail as Context Adjudicators

A new preprint reports that residual-stream activation probes can block 95.5–97.7% of compliant attacks in 7–8B parameter language models, but their effectiveness drops when distinguishing between closely matched benign and harmful requests (AUROC 0.590–0.819). The study finds that while these probes are effective as broad risk detectors, they do not reliably adjudicate nuanced context differences between harmful and benign prompts.

Why it matters: This work highlights important limitations in using activation-space probes for fine-grained safety controls in AI systems, informing future approaches to AI guardrails.

Jul 16, 2026

ResearchOfficialarXiv AI/ML

Experience Memory Graph Enables One-Shot Error Correction for LLM Agents

A new framework called Experience Memory Graph (EMG) is proposed to address error correction in large language model (LLM) agents. EMG reformulates agent failure recovery as a graph matching problem by converting both failed and successful trajectories into directed graphs, extracting correction patterns, and enabling one-shot error correction without iterative trial-and-error. Experiments on ALFWorld and ScienceWorld demonstrate that EMG outperforms state-of-the-art reflection-based baselines in both success rate and average reward, while eliminating the need for costly test-time trial-and-error loops.

Why it matters: This approach could make LLM agents more reliable and efficient in complex, long-horizon tasks by providing a generalizable and cost-effective error correction mechanism.

Jul 16, 2026

ResearchOfficialarXiv AI/ML

Do Agent Optimizers Compound? A Continual-Learning Evaluation on Terminal-Bench 2.0

A new preprint evaluates whether agent-optimization methods yield compounding improvements when agents are continually optimized as new tasks appear, using the challenging Terminal-Bench 2.0 suite. The study finds that most methods, including GEPA and Meta Harness, show initial gains but fail to compound or even regress when faced with new tasks. Only RELAI-VCL, which incorporates regression control, achieves both positive transfer to new tasks and continued improvement, reaching a 76.4% lifelong average pass rate.

Why it matters: This work highlights the limitations of static benchmark evaluations and demonstrates the importance of continual-learning assessments for robust, real-world agent deployment.

Jul 16, 2026

ResearchOfficialarXiv AI/ML

Deep Interaction: An Efficient Human-AI Interaction Method for Large Reasoning Models

Researchers introduce Deep Interaction, a method that enables users to directly edit incorrect steps in a large language model's chain-of-thought reasoning while preserving correct reasoning. The edited reasoning is distilled into a prompt to guide the model along the corrected path. Experiments demonstrate over 25% improvement in correction success rate and about 40% reduction in token usage on STEM reasoning tasks compared to baseline methods.

Why it matters: This approach could make it easier and more efficient for humans to correct reasoning errors in large language models, improving reliability and reducing computational costs.

Jul 16, 2026

ResearchOfficialarXiv AI/ML

Safety-Constrained LLM System for Public Health Information Access

A preprint describes a multi-layered large language model (LLM) system designed for maternal and child health resource navigation. The system integrates domain-restricted retrieval augmented generation (RAG), strict boundary enforcement to prevent medical advice, anonymous session management, and audit logging. Scenario-based validation demonstrates consistent enforcement of safety constraints, reliable grounding in curated resources, and an average response time of 5.3 seconds.

Why it matters: This work offers practical design patterns for safely deploying LLMs in healthcare and other safety-critical domains requiring strict information boundaries and accountability.

Jul 16, 2026

ResearchOfficialarXiv AI/ML

Uncertainty-Aware Sequential Decision Rules for Event-Triggered LLM Invocation in Streaming Systems

Researchers formalize the problem of deciding when to invoke a large language model (LLM) in streaming inference pipelines as a risk-based sequential stopping problem. They provide theoretical guarantees, including sublinear regret and optimality of threshold policies, and empirically validate their approach on turbofan degradation data with real LLM calls. The study finds that anomaly-score-driven risk functions outperform several baselines by a significant margin on Pareto AUC.

Why it matters: This work introduces a principled and theoretically grounded framework for cost-effective LLM invocation in streaming systems, with demonstrated empirical benefits that could reduce inference costs in real-time applications.

Jul 16, 2026

Policy SafetyOfficialarXiv AI/ML

Safe-Psych Benchmark Shows LLMs Struggle with Diagnostic Uncertainty in Psychiatry

Researchers have introduced Safe-Psych, a new benchmark that evaluates how large language models (LLMs) handle evolving diagnostic uncertainty in clinical psychiatry using over 1,000 real-world clinical notes. The study finds that even state-of-the-art LLMs frequently diagnose prematurely when information is incomplete, with under-abstention rates exceeding 60% for most models. Models rarely seek clarification unless explicitly prompted, and premature diagnoses are less accurate than those made with sufficient evidence.

Why it matters: This work highlights a critical safety limitation in LLM-based clinical decision support, showing that current models often fail to recognize when more information is needed before making psychiatric diagnoses.

Jul 16, 2026

ResearchOfficialarXiv Cryptography and Security

Survey Reveals Evidence Gaps for LLMs in Fraud Detection and Trust-and-Safety Workflows

A new survey of 49 operationally relevant sources finds that research on LLMs for fraud detection often lacks public reporting on key operational metrics such as latency, cost, and calibration, while content moderation studies more frequently address these constraints. The authors introduce the FORTE framework to categorize LLM roles in these workflows and propose a minimum deployment-evidence checklist to guide future research. The study highlights the need for more comprehensive evidence before deploying LLMs in live fraud and trust-and-safety systems.

Why it matters: This work underscores that current public evidence is insufficient to justify deploying LLMs in critical fraud detection and trust-and-safety pipelines, impacting deployment and risk management decisions.

Jul 16, 2026

Policy SafetyOfficialarXiv Cryptography and Security

SingGuard-NSFA: Extensible Guardrails for Agentic AI via Generative Reasoning and Real-Time Classification

Researchers present nsfaguard, a guardrail framework designed to secure agentic AI systems against operational threats such as prompt injection, sensitive information extraction, and resource exhaustion. The framework introduces a taxonomy of 185 risk variants, a benchmark suite with over 93,000 samples, and a dual-mode detection system that combines generative reasoning for offline auditing with discriminative classification for real-time detection at approximately 50ms latency. Released models (ranging from 0.8B to 9B parameters) achieve at least 94% F1 on benchmarks, outperforming existing guardrails by 6–12 points.

Why it matters: This work offers a comprehensive and extensible guardrail system for agentic AI, advancing safety and security with high performance and real-time detection capabilities.

Jul 16, 2026

ResearchOfficialarXiv AI/ML

Set-shifting Benchmark Reveals LLM Agents' Adaptation Limits to Hidden Tool Reliability Shifts

A new arXiv preprint introduces a benchmark that tests how large language model (LLM) agents adapt when the reliability of a tool silently changes during a session. The study finds that agents tend to settle into small, recurring routines after each hidden reliability shift, and exhibit distinct failure modes depending on how the toolset is framed (as competing or complementary).

Why it matters: This work highlights a critical limitation in current LLM agents' ability to adapt to hidden changes in tool reliability, which is important for deploying agents in dynamic, real-world settings.

Jul 16, 2026

ResearchOfficialarXiv AI/ML

Learning Safe Agent Behaviour from Human Preferences and Justifications via World Models

Researchers introduce DROPJ, a human-centered method for safe reinforcement learning in environments without a predefined reward function. The approach uses a world model learned from prior trajectories, human preferences over simulated trajectory segments, and justifications for those preferences to train a reward model. This reward model is then used with model predictive control for agent deployment. Experiments show that generating informative simulated trajectories reduces computational cost and can improve deployment performance, while safety justifications can enhance safety during deployment.

Why it matters: This work presents a novel approach for aligning AI agent behavior with human safety preferences in safety-critical environments where traditional reward functions are unavailable.

Jul 16, 2026