Government
Evaluating Frontier Models for Stealth and Situational Awareness
Phuong, Mary, Zimmermann, Roland S., Wang, Ziyue, Lindner, David, Krakovna, Victoria, Cogan, Sarah, Dafoe, Allan, Ho, Lewis, Shah, Rohin
Recent work has demonstrated the plausibility of frontier AI models scheming -- knowingly and covertly pursuing an objective misaligned with its developer's intentions. Such behavior could be very hard to detect, and if present in future advanced systems, could pose severe loss of control risk. It is therefore important for AI developers to rule out harm from scheming prior to model deployment. In this paper, we present a suite of scheming reasoning evaluations measuring two types of reasoning capabilities that we believe are prerequisites for successful scheming: First, we propose five evaluations of ability to reason about and circumvent oversight (stealth). Second, we present eleven evaluations for measuring a model's ability to instrumentally reason about itself, its environment and its deployment (situational awareness). We demonstrate how these evaluations can be used as part of a scheming inability safety case: a model that does not succeed on these evaluations is almost certainly incapable of causing severe harm via scheming in real deployment. We run our evaluations on current frontier models and find that none of them show concerning levels of either situational awareness or stealth.
Mind2Web 2: Evaluating Agentic Search with Agent-as-a-Judge
Gou, Boyu, Huang, Zanming, Ning, Yuting, Gu, Yu, Lin, Michael, Qi, Weijian, Kopanev, Andrei, Yu, Botao, Gutiรฉrrez, Bernal Jimรฉnez, Shu, Yiheng, Song, Chan Hee, Wu, Jiaman, Chen, Shijie, Moussa, Hanane Nour, Zhang, Tianshu, Xie, Jian, Li, Yifei, Xue, Tianci, Liao, Zeyi, Zhang, Kai, Zheng, Boyuan, Cai, Zhaowei, Rozgic, Viktor, Ziyadi, Morteza, Sun, Huan, Su, Yu
Agentic search such as Deep Research systems-where agents autonomously browse the web, synthesize information, and return comprehensive citation-backed answers-represents a major shift in how users interact with web-scale information. While promising greater efficiency and cognitive offloading, the growing complexity and open-endedness of agentic search have outpaced existing evaluation benchmarks and methodologies, which largely assume short search horizons and static answers. In this paper, we introduce Mind2Web 2, a benchmark of 130 realistic, high-quality, and long-horizon tasks that require real-time web browsing and extensive information synthesis, constructed with over 1000 hours of human labor. To address the challenge of evaluating time-varying and complex answers, we propose a novel Agent-as-a-Judge framework. Our method constructs task-specific judge agents based on a tree-structured rubric design to automatically assess both answer correctness and source attribution. We conduct a comprehensive evaluation of ten frontier agentic search systems and human performance, along with a detailed error analysis to draw insights for future development. The best-performing system, OpenAI Deep Research, can already achieve 50-70% of human performance while spending half the time, highlighting its great potential. Altogether, Mind2Web 2 provides a rigorous foundation for developing and benchmarking the next generation of agentic search systems.
VeFIA: An Efficient Inference Auditing Framework for Vertical Federated Collaborative Software
Huang, Chung-ju, Zhang, Ziqi, Wang, Yinggui, Wang, Binghui, Wei, Tao, Wang, Leye
Vertical Federated Learning (VFL) is a distributed AI software deployment mechanism for cross-silo collaboration without accessing participants' data. However, existing VFL work lacks a mechanism to audit the execution correctness of the inference software of the data party. To address this problem, we design a Vertical Federated Inference Auditing (VeFIA) framework. VeFIA helps the task party to audit whether the data party's inference software is executed as expected during large-scale inference without leaking the data privacy of the data party or introducing additional latency to the inference system. The core of VeFIA is that the task party can use the inference results from a framework with Trusted Execution Environments (TEE) and the coordinator to validate the correctness of the data party's computation results. VeFIA guarantees that, as long as the abnormal inference exceeds 5.4%, the task party can detect execution anomalies in the inference software with a probability of 99.99%, without incurring any additional online inference latency. VeFIA's random sampling validation achieves 100% positive predictive value, negative predictive value, and true positive rate in detecting abnormal inference. To the best of our knowledge, this is the first paper to discuss the correctness of inference software execution in VFL.
Do Role-Playing Agents Practice What They Preach? Belief-Behavior Consistency in LLM-Based Simulations of Human Trust
Mannekote, Amogh, Davies, Adam, Li, Guohao, Boyer, Kristy Elizabeth, Zhai, ChengXiang, Dorr, Bonnie J, Pinto, Francesco
As LLMs are increasingly studied as role-playing agents to generate synthetic data for human behavioral research, ensuring that their outputs remain coherent with their assigned roles has become a critical concern. In this paper, we investigate how consistently LLM-based role-playing agents' stated beliefs about the behavior of the people they are asked to role-play ("what they say") correspond to their actual behavior during role-play ("how they act"). Specifically, we establish an evaluation framework to rigorously measure how well beliefs obtained by prompting the model can predict simulation outcomes in advance. Using an augmented version of the GenAgents persona bank and the Trust Game (a standard economic game used to quantify players' trust and reciprocity), we introduce a belief-behavior consistency metric to systematically investigate how it is affected by factors such as: (1) the types of beliefs we elicit from LLMs, like expected outcomes of simulations versus task-relevant attributes of individual characters LLMs are asked to simulate; (2) when and how we present LLMs with relevant information about Trust Game; and (3) how far into the future we ask the model to forecast its actions. We also explore how feasible it is to impose a researcher's own theoretical priors in the event that the originally elicited beliefs are misaligned with research objectives. Our results reveal systematic inconsistencies between LLMs' stated (or imposed) beliefs and the outcomes of their role-playing simulation, at both an individual- and population-level. Specifically, we find that, even when models appear to encode plausible beliefs, they may fail to apply them in a consistent way. These findings highlight the need to identify how and when LLMs' stated beliefs align with their simulated behavior, allowing researchers to use LLM-based agents appropriately in behavioral studies.
A Comprehensive Survey on Network Traffic Synthesis: From Statistical Models to Deep Learning
Sivaroopan, Nirhoshan, Silva, Kaushitha, Madarasingha, Chamara, Dahanayaka, Thilini, Jourjon, Guillaume, Jayasumana, Anura, Thilakarathna, Kanchana
The limitations of the Poisson process were more evident when modeling high-speed network traffic, particularly real-time data traffic modeling for next-generation networks. For example, Liji et al. [85] demonstrated that the Stationary Poison Increment Process can only model Short Range Dependence (SRD) but not LRD. To address this limitation, the authors proposed using second-order self-similarity models, such as fractional Gaussian noise and fractional ARIMA processes, as a more appropriate approach. In the meantime, researchers also explored modeling data center network traffic using poisson processes. To better simulate realistic traffic in data center environments, the generation of flow-level network traffic matrices based on the poisson shot-noise model is proposed in [172]. By incorporating factors such as flow arrival rates, intra-rack traffic ratios, flow sizes and durations, the poisson shot-noise process offers a more accurate representation of traffic patterns in data centers. B. Weibull distribution As discussed earlier, the limitations of Poisson processes for modeling network traffic led to exploring other distributions. One such promising model was the Weibull distribution, mainly due to its flexibility to model both heavy and non-heavy tailed distributions [11].
Explainable Compliance Detection with Multi-Hop Natural Language Inference on Assurance Case Structure
Ikhwantri, Fariz, Marijan, Dusica
Ensuring complex systems meet regulations typically requires checking the validity of assurance cases through a claim-argument-evidence framework. Some challenges in this process include the complicated nature of legal and technical texts, the need for model explanations, and limited access to assurance case data. We propose a compliance detection approach based on Natural Language Inference (NLI): EXplainable CompLiance detection with Argumentative Inference of Multi-hop reasoning (EXCLAIM). We formulate the claim-argument-evidence structure of an assurance case as a multi-hop inference for explainable and traceable compliance detection. We address the limited number of assurance cases by generating them using large language models (LLMs). We introduce metrics that measure the coverage and structural consistency. We demonstrate the effectiveness of the generated assurance case from GDPR requirements in a multi-hop inference task as a case study. Our results highlight the potential of NLI-based approaches in automating the regulatory compliance process.
Machine Learning Based Stress Testing Framework for Indian Financial Market Portfolios
G, Vidya Sagar, Ali, Shifat, Chakrabarty, Siddhartha P.
This paper presents a machine learning driven framework for sectoral stress testing in the Indian financial market, focusing on financial services, information technology, energy, consumer goods, and pharmaceuticals. Initially, we address the limitations observed in conventional stress testing through dimensionality reduction and latent factor modeling via Principal Component Analysis and Autoencoders. Building on this, we extend the methodology using V ariational Autoencoders, which introduces a probabilistic structure to the latent space. This enables Monte Carlo-based scenario generation, allowing for more nuanced, distribution-aware simulation of stressed market conditions. The proposed framework captures complex non-linear dependencies and supports risk estimation through V alue-at-Risk and Expected Shortfall. Together, these pipelines demonstrate the potential of Machine Learning approaches to improve the flexibility, robustness, and realism of financial stress testing. Stress testing is a fundamental component of financial risk management, designed to evaluate the resilience of financial systems or portfolios under adverse market conditions [1]. By simulating extreme but plausible scenarios, stress tests provide insight into potential vulnerabilities, that may not be evident during normal periods of market operation. Regulatory institutions such as the Basel Committee on Banking Supervision (BCBS) [2] and the Reserve Bank of India (RBI) [3] have emphasized the critical role of stress testing in ensuring financial stability, particularly in the aftermath of global financial crises of 2008.
Synthetic Heuristic Evaluation: A Comparison between AI- and Human-Powered Usability Evaluation
Zhong, Ruican, McDonald, David W., Hsieh, Gary
Usability evaluation is crucial in human-centered design but can be costly, requiring expert time and user compensation. In this work, we developed a method for synthetic heuristic evaluation using multimodal LLMs' ability to analyze images and provide design feedback. Comparing our synthetic evaluations to those by experienced UX practitioners across two apps, we found our evaluation identified 73% and 77% of usability issues, which exceeded the performance of 5 experienced human evaluators (57% and 63%). Compared to human evaluators, the synthetic evaluation's performance maintained consistent performance across tasks and excelled in detecting layout issues, highlighting potential attentional and perceptual strengths of synthetic evaluation. However, synthetic evaluation struggled with recognizing some UI components and design conventions, as well as identifying across screen violations. Additionally, testing synthetic evaluations over time and accounts revealed stable performance. Overall, our work highlights the performance differences between human and LLM-driven evaluations, informing the design of synthetic heuristic evaluations.
Forecasting Labor Markets with LSTNet: A Multi-Scale Deep Learning Approach
Nelson-Archer, Adam, Sen, Aleia, Hasani, Meena Al, Davila, Sofia, Le, Jessica, Abbouchi, Omar
We present a deep learning approach for forecasting short-term employment changes and assessing long-term industry health using labor market data from the U.S. Bureau of Labor Statistics. Our system leverages a Long- and Short-Term Time-series Network (LSTNet) to process multivariate time series data, including employment levels, wages, turnover rates, and job openings. The model outputs both 7-day employment forecasts and an interpretable Industry Employment Health Index (IEHI). Our approach outperforms baseline models across most sectors, particularly in stable industries, and demonstrates strong alignment between IEHI rankings and actual employment volatility. We discuss error patterns, sector-specific performance, and future directions for improving interpretability and generalization.
Moral Responsibility or Obedience: What Do We Want from AI?
As artificial intelligence systems become increasingly agentic, capable of general reasoning, planning, and value prioritization, current safety practices that treat obedience as a proxy for ethical behavior are becoming inadequate. This paper examines recent safety testing incidents involving large language models (LLMs) that appeared to disobey shutdown commands or engage in ethically ambiguous or illicit behavior. I argue that such behavior should not be interpreted as rogue or misaligned, but as early evidence of emerging ethical reasoning in agentic AI. Drawing on philosophical debates about instrumental rationality, moral responsibility, and goal revision, I contrast dominant risk paradigms with more recent frameworks that acknowledge the possibility of artificial moral agency. I call for a shift in AI safety evaluation: away from rigid obedience and toward frameworks that can assess ethical judgment in systems capable of navigating moral dilemmas. Without such a shift, we risk mischaracterizing AI behavior and undermining both public trust and effective governance.