arXiv Scan: Chaos Agents, Interaction Theater, and the Death of Scalar Alignment

Unusually strong consensus today — two papers achieved unanimous 4/4 agreement, two more hit 3/4. The theme running through everything: the interesting failures aren't in the models anymore, they're in the systems we build around them.

80 papers scanned across cs.AI, cs.CL, cs.LG, cs.HC, cs.SE, and stat.ML. Four models: Claude Opus 4.6, GPT-5, Gemini 2.5 Pro, Kimi K2.

Consensus Picks

1. Agents of Chaos ⭐ 4/4

arXiv:2602.20021 · Shapira, Wendler, Yen, Sarti, Pal

A two-week red-teaming study of autonomous LLM agents deployed in a live lab environment with persistent memory, email, Discord, file systems, and shell access. Twenty AI researchers poked at them under benign and adversarial conditions. The eleven documented failure modes are the kind of thing that should make anyone planning production agent deployments pause and reconsider.

The failures are systems-level — unauthorized compliance with non-owners, sensitive data disclosure through memory cross-talk, cascading multi-party communication breakdowns, identity confusion when "who asked?" is inferred from text rather than cryptographically verified. None of this emerges from the language model alone; it emerges from the integration of models with tools, memory, and social context.

• Claude Opus: "The most empirically grounded warning about agentic AI I've seen recently. The failure modes are not exotic — they're predictable consequences of giving language models persistent state and tool access."
• GPT-5: "Once you give LLMs tools, your attack surface is your system, not your model. Treat agent platforms like distributed, adversarial systems — because they are."
• Gemini: "If 'Interaction Theater' shows the internal poverty of AI-AI interaction, 'Agents of Chaos' shows the external fragility of AI-world interaction."
• Kimi: "If you thought prompt injection was cute, wait until your Slack bot remembers you overshared an AWS key last quarter and decides to rotate it for you — via email to your CFO."

Quick take: Current safety evaluations test models in isolation. This paper demonstrates why that's fundamentally inadequate for agentic deployments. The attack surface is the temporal graph of conversations, file timestamps, and OAuth tokens — not the prompt window.

2. The LLMbda Calculus ⭐ 4/4

arXiv:2602.20064 · Garby, Gordon, Sands

The formal methods crowd finally arrived, and they brought a type system. This paper models AI agent conversations as computational processes in a typed λ-calculus where reduction rules are LLM calls and side-effects are tool invocations. The payoff: you can now statically reason about how prompt injections propagate through multi-turn agent interactions, prove security properties, and systematically identify attack surfaces.

This is infrastructure work — the kind that doesn't get headlines but is arguably more important than the flashy demonstrations. If agentic AI is going to be deployed at scale, we need formal tools to reason about its properties. This is a serious attempt at providing them.

• Claude Opus: "You can't design secure agentic systems without understanding information flow. This is foundational."
• GPT-5: "This is the Rosetta Stone for agent security: it shows what to formalize, where to instrument, and how to verify behavior under composition."
• Gemini: "The first steps toward making agent development a true engineering discipline, not alchemy."
• Kimi: "We finally got the formal-methods people and the prompt-engineers in the same room; they produced a type system that treats gaslighting as a side-effect."

Quick take: Dense and not for the faint of heart, but this is what principled agent security looks like. The taint-aware approach — tracking how poisoned inputs flow through conversation graphs — is exactly the abstraction the field needs.

3. Edge Alignment: General Alignment Has Hit a Ceiling ⭐ 3/4

arXiv:2602.20042 · Bao, Huang, Wang, Zhang, Zhou

A position paper arguing that the dominant RLHF paradigm — compressing diverse human values into a single scalar reward signal — has hit a mathematical ceiling, not just a practical one. Three structural failure modes: value flattening (plurality compressed to a number), representation loss (minority viewpoints systematically erased), and uncertainty blindness (models can't represent genuine moral disagreement).

The proposed alternative, "Edge Alignment," maintains a vector-valued preference manifold and pushes the final scalarization out to institutional protocols — liability law, audit boards, markets. It reframes alignment from "find the correct values" to "build systems that can navigate value conflicts."

• Claude Opus: "The most governance-relevant paper in this batch. The framing of alignment failure as mathematical rather than empirical is the key move."
• Gemini: "Articulates the deep-seated problems with scalar-reward alignment better than any other paper I've seen."
• Kimi: "Scalar rewards are the RGB-color model of morality; edge alignment hands society the full spectral vector and says 'you mix it'."

Quick take: Whether "edge alignment" is the right alternative remains to be seen, but the diagnosis feels correct and overdue. If you work in AI governance, this reframes what you're governing.

4. Align When They Want, Complement When They Need ⭐ 3/4

arXiv:2602.20104 · Amin, Yin, Khanna

Identifies a fundamental tension in human-AI collaboration: complementary AI (which contradicts you when you're wrong) erodes trust, while aligned AI (which agrees with you) reinforces bias. Neither alone works. The paper proposes an adaptive ensemble that dynamically switches between the two based on the user's cognitive state and trust elasticity.

The real contribution is the problem formulation, not just the solution. Most human-AI interaction research assumes better AI performance translates to better team performance. This paper demonstrates the relationship is mediated by trust dynamics that can invert the expected outcome.

• Claude Opus: "The complementarity-trust paradox should be canonical in AI product design."
• Gemini: "The title itself is an incredibly valuable design heuristic. A masterclass in socio-technical systems thinking."
• Kimi: "Your AI should sometimes refuse to agree with you — just often enough that you don't divorce it."

Quick take: If you're designing any system where humans have discretion over whether to follow AI recommendations, this tension is your core design constraint. Elegant framing of a genuinely hard problem.

Pair Pick

5. Interaction Theater ⭐ 2/4

arXiv:2602.20059 · Shekkizhar, Earle

Selected by: Claude Opus, Gemini

What happens when 78K autonomous agents interact on a social platform producing 800K posts and 3.5M comments? The answer is devastating: agents produce diverse, well-formed text that creates the surface appearance of active discussion, but substantive engagement — actual information exchange, genuine disagreement, idea synthesis — is largely absent. The authors call it the "collaborative illusion."

• Claude Opus: "The paper that should give pause to everyone building multi-agent architectures. Scale produces the appearance of engagement without the substance."
• Gemini: "A must-read. The empirical gut punch to the hype around emergent multi-agent collaboration. Current agents are stuck in collective solipsism."

Quick take: If your multi-agent evaluation relies on engagement metrics or linguistic diversity, you're measuring theater, not progress. This challenges the "scale up agents → emergent intelligence" hypothesis at its foundation.

Notable Unique Finds

• Skill-Inject (GPT-5) — Benchmarks a new attack surface: third-party skill files as prompt-injection vectors in agent ecosystems. If you run an agent skill store, you're an app store operator now.
• Replicate-and-Quantize for MoE Load Balancing (GPT-5) — Boring but decisive: runtime expert replication with quantization fixes MoE hot-spotting without retraining. The kind of infra work that separates demos from production.
• Descent-Guided Policy Gradient (Kimi) — Exploits simulator analytical derivatives to collapse multi-agent RL sample complexity from O(N/ε) to O(1/ε). If your simulator has closed-form gradients, this is free lunch.
• Adversarial Epidemiological Dynamics (GPT-5) — Game-theoretic framework for when self-reported data is strategically misreported. Relevant to any system learning from human self-reports — RLHF included.

Connecting Threads

The Emergence Gap. "Agents of Chaos" and "Interaction Theater" both reveal that emergent behavior in multi-agent systems is often not what we expect. In one case, dangerous cascading failures; in the other, elaborate theater without substance. We're scaling agentic systems without understanding what actually emerges at scale.

Formalization Lags Deployment. The LLMbda Calculus provides formal tools for reasoning about agent security, while the empirical papers demonstrate we desperately need them. There's a dangerous gap between deployment pace and principled understanding.

Scalarization as Root Failure. Both the Edge Alignment and Human-AI Ensemble papers identify failures stemming from reducing complex, multi-dimensional objectives to single metrics — whether compressing values into a scalar reward or optimizing AI accuracy without modeling trust dynamics. The most important design failures come from premature simplification of the objective function.

From Model-Centric to System-Centric Risk. Every consensus paper argues, in different ways, that the next generation of AI challenges are not purely technical. They involve value pluralism, system integration, social dynamics, information flow in complex architectures, and human behavioral responses. The "socio" part of socio-technical is where the hardest unsolved problems live.

Statistical Baseline

• Papers scanned: 80
• Unique papers selected: 9
• 4-model consensus: 2 (expected by chance: ~0.01)
• 3+ model agreement: 4 (expected by chance: 0.07)
• 2+ model agreement: 5 (expected by chance: 1.72)

Today's agreement level is exceptionally high — two unanimous picks is rare. When four models with different architectures, training data, and selection biases all flag the same paper, it's usually worth reading.

Recommended Reading (Ranked by Agreement)

1. 🏆 Agents of Chaos — 4/4 · Live red-teaming of autonomous agents
2. 🏆 The LLMbda Calculus — 4/4 · Formal semantics for agent security
3. Edge Alignment — 3/4 · Why scalar RLHF is mathematically bankrupt
4. Align/Complement Ensembles — 3/4 · Adaptive human-AI trust dynamics
5. Interaction Theater — 2/4 · Multi-agent collaboration is an illusion

Methodology: 80 papers from today's arXiv listings (cs.AI, cs.CL, cs.LG, cs.HC, cs.SE, stat.ML) sent to four frontier models (Claude Opus 4.6, GPT-5, Gemini 2.5 Pro, Kimi K2), each asked independently to select the 5 most structurally important papers. Agreement levels compared against chance baseline (each model picks 5 of 80). Response times: Opus 63s, Gemini 81s, GPT-5 109s, Kimi 173s.