Daily arXiv Scan: March 1, 2026

Four frontier models (Claude Opus 4.6, GPT-5, Gemini 2.5 Pro, Kimi K2) independently scanned 80 arXiv papers across cs.AI, cs.CL, cs.LG, cs.HC, cs.SE, and stat.ML. Here's what they converged on — and where they diverged.

Consensus Picks (3+ Models Agree)

1. A Decision-Theoretic Formalisation of Steganography With Applications to LLM Monitoring

arXiv:2602.23163 — Anwar, Piskorz, Baek, Africa, Weatherall Agreement: 4/4 models ⬛⬛⬛⬛

Classical steganography detection assumes you know what "normal" communication looks like. For LLMs — whose distributions shift with every training update — that assumption collapses entirely. This paper recasts steganography as a decision problem: instead of hunting statistical deviations from a reference distribution, an inspector optimizes detection under adversarial embedding without needing a baseline.

The key result: any capacity-achieving steganographic system must leave a non-vanishing statistical shadow whose shape is independent of the cover-text distribution. Monitors can run no-reference hypothesis tests and bound false-negative rates ex-ante.

• Opus: "Reframes a problem rather than solving it incrementally. The steganographic reasoning threat is real and growing. Having a principled detection framework is essential infrastructure for any serious AI oversight regime."
• GPT-5: "Red-teamers no longer need to pre-train a 'clean' reference model; they can swap in the monitor after deployment. Expect this to become the default steganalysis layer inside every frontier API gateway."
• Gemini: "A major theoretical advance for AI safety. The shift from statistical to decision-theoretic viewpoint feels like the key that could unlock a whole new class of monitoring and governance techniques."
• Kimi: "Gives governance teams a usable mental model for hidden communication in LLM workflows — without impossible assumptions. Adopt this lens in your red-teaming and telemetry design."

2. LLM Novice Uplift on Dual-Use, In Silico Biology Tasks

arXiv:2602.23329 — Zhang, Knight, Kruus, Hausenloy, Medeiros Agreement: 4/4 models ⬛⬛⬛⬛

A within-novice RCT measuring whether LLMs actually help non-experts complete biosecurity-relevant tasks better than internet-only access. Multiple models, eight task sets, up to 13 hours per task. The study finds dramatic uplift — novices with LLM access approach the performance of unaided trained biologists, with the effect largest on tasks requiring multi-step chaining.

• Opus: "One of the most policy-relevant empirical studies in the current AI safety landscape. The methodology sets a template for how we should evaluate dual-use risk: human studies with realistic conditions, appropriate baselines, and sufficient task complexity."
• GPT-5: "The dual-use community has worried about expert misuse; this paper shows the bigger threat is mass amateurization. Expect export-control debates to shift from weights to prompt scaffolding."
• Gemini: "Sobering and essential. The 'democratization of expertise' sounds great until you apply it to bioweapons design. The sheer magnitude of the performance uplift on real, complex tasks is the key takeaway."
• Kimi: "If you're making capability or safety calls based on single-turn evaluations, you're missing the thing that matters: what happens to a novice's end-to-end power over hours of assisted work."

3. Agency and Architectural Limits: Why Optimization-Based Systems Cannot Be Norm-Responsive

arXiv:2602.23239 — Sarma Agreement: 3/4 models ⬛⬛⬛◻ (Opus, Gemini, Kimi)

A formal argument that optimization-based AI systems are architecturally incapable of genuine norm-responsiveness. The core claim: in any system where all considerations reduce to a scalar reward signal, everything becomes commensurable — safety constraints can always be traded off at some price. The paper identifies two conditions for agency that RLHF-trained systems cannot satisfy: Incommensurability (non-negotiable constraints) and Inviolability (constraints that causally structure decision-making).

• Opus: "This will be controversial. But there's a fundamental difference between 'optimizing a reward function that penalizes norm violation' and 'being constrained by a norm.' Most alignment work conflates these."
• Gemini: "The most important AI governance paper I've read this year. A devastating critique that should be required reading for anyone who thinks we can simply 'optimize' our way to safe and aligned AGI."
• Kimi: "Proves that RLHF-trained LLMs cannot behave in a rule-bound way even in principle. Expect it to be cited in every future regulatory filing that tries to ban RLHF-only systems from high-stakes domains."

Pair Picks (2 Models Agree)

4. SettleFL: Trustless and Scalable Reward Settlement for Federated Learning on Permissionless Blockchains

arXiv:2602.23167 Agreement: 2/4 (Kimi, GPT-5)

A settlement protocol that collapses the economic friction of open federated learning from O(N) on-chain operations to O(log N) worst-case via interactive fraud proofs. Not flashy, but foundational plumbing — if settlement is cheap and trustless, you can start experimenting with real incentive schemes for decentralized training.

• GPT-5: "If you want cyber-physical federated learning you can't rely on a central coordinator. SettleFL keeps the coordination in math rather than in AWS."
• Kimi: "Once settlement is cheap, you can A/B value-attribution rules and observe strategic behavior. This is the kind of plumbing that unlocks actual incentive experimentation."

5. Evaluating Stochasticity in Deep Research Agents

arXiv:2602.23271 — Zhai, Stengel-Eskin, Patil, Leqi Agreement: 2/4 (Opus, GPT-5)

Deep Research Agents produce substantially different outcomes, findings, and citations under identical queries across runs. This paper formalizes and decomposes the variance: outcome stochasticity, process stochasticity, and citation stochasticity. If your research agent gives different investment recommendations on Monday versus Tuesday with the same inputs, you have a reliability crisis.

• Opus: "This paper names a problem everyone deploying agents has experienced but few have rigorously studied. Stochasticity in agentic systems isn't just a technical nuisance — it's a fundamental barrier to deployment in regulated industries."
• GPT-5: "If your research agent demos great one time, that's not evidence it works. Instrument variance, or expect volatility to surface in production with reputational and compliance costs."

6. Zeroth-Order Stackelberg Control in Combinatorial Congestion Games

arXiv:2602.23277 — Masiha, Elahi, Kiyavash, Thiran Agreement: 2/4 (Opus, Kimi)

How does a system operator set optimal tolls when selfish agents reach equilibrium on combinatorial strategy spaces? The ZO-Stackelberg algorithm pairs a projection-free equilibrium solver with zeroth-order gradient estimation, avoiding intractable differentiation through equilibria. Experiments on NYC taxi data show 14% latency reduction with zero infrastructure investment — just dynamic pricing.

• Opus: "Anyone building incentive mechanisms for multi-agent platforms — from ride-sharing to federated compute markets — should pay attention."
• Kimi: "Shows you can provably steer discrete populations with only bandit feedback. A blueprint for congestion pricing inside data-centers, GPU clusters, or blockchain mempools."

Unique Finds (1 Model Only)

• MetaOthello: A Controlled Study of Multiple World Models in Transformers (2602.23164) — GPT-5 pick. A controlled testbed for how one transformer organizes competing generative processes. Safety angle: hidden alternate "rule sets" can be triggered by obscure contexts.

• ESAA: Event Sourcing for Autonomous Agents in LLM-Based Software Engineering (2602.23193) — Gemini pick. Borrows event sourcing from distributed systems to give LLM agents persistent, auditable state. The event log becomes an indelible audit trail of reasoning and actions.

• Scale Can't Overcome Pragmatics: The Impact of Reporting Bias on Vision-Language Reasoning (2602.23351) — Gemini pick. Training data reflects how humans communicate, not literal world description. Scaling more web data reinforces pragmatic bias rather than fixing it.

Connecting Threads

The Oversight Gap is Architectural. The steganography paper (#1) and the norm-responsiveness paper (#3) converge on a disturbing conclusion: current AI architectures may be fundamentally resistant to the oversight we're trying to impose. Steganographic capabilities emerge naturally from optimization, and optimization-based systems can't treat norms as inviolable. Governance needs structural enforcement mechanisms, not just better training objectives.

Empirics Over Speculation. The novice uplift study (#2) and the DRA stochasticity paper (#5) both reject single-turn evaluations in favor of realistic, extended measurement. The field is maturing from "what could happen" to "what does happen" — and the results are both more grounded and more alarming.

Discrete Worlds Need New Control Theory. The Stackelberg paper (#6) and SettleFL (#4) both tackle the reality that multi-agent systems operate on combinatorial, non-smooth strategy spaces. You can't differentiate through equilibria, but you can steer populations with zeroth-order methods and cryptoeconomic protocols.

Amateurization as Externality. The biosecurity uplift study quantifies something the industry has been hand-waving about: inference-time capability scaling converts every laptop into a dual-use lab. The bottleneck is shifting from model weights to prompt craft — trivial to replicate, impossible to embargo.

Multi-Scale Emergent Behavior. From individual model steganography to multi-agent variance to population-level capability diffusion, emergent behaviors manifest at every level. No single monitoring approach covers all scales — we need layered oversight architectures that match the complexity of the systems they govern.

Overlap Statistics

Four models independently selecting ~5 papers each from 80 candidates. The convergence on steganography detection and biosecurity uplift (4/4 unanimous) is remarkable — these are papers the entire frontier agrees matter.

Recommended Reading (Ranked by Agreement)

1. 🟥🟥🟥🟥 Steganography Detection via Decision Theory — Foundational for LLM monitoring
2. 🟥🟥🟥🟥 LLM Novice Uplift on Biosecurity Tasks — The empirical dual-use study we needed
3. 🟥🟥🟥◻ Why Optimizers Can't Follow Norms — Architectural impossibility result for alignment
4. 🟧🟧◻◻ Zeroth-Order Stackelberg Control — Incentive design without gradients
5. 🟧🟧◻◻ Deep Research Agent Stochasticity — Variance is a deployment blocker
6. 🟧🟧◻◻ SettleFL: Trustless Federated Learning Settlement — Decentralized training plumbing

Methodology: Four frontier models (Claude Opus 4.6, GPT-5, Gemini 2.5 Pro, Kimi K2) independently reviewed the same 80 arXiv papers and selected their top 5. No model saw another's picks. Agreement levels indicate independent convergence — a signal that cuts through individual model biases. Expected overlap calculated assuming each model independently selects 5 of 80 papers uniformly at random.