Daily arXiv Scan: 4-Model Comparison

Today's scan evaluates 80 papers across cs.AI, cs.CL, cs.LG, cs.HC, cs.SE, and stat.ML. (Note: Gemini 2.5 Pro and GPT-5 failed due to API errors, so today's scan is a 2-model comparison between Kimi K2 and Claude Opus 4.6).

Statistical Baseline

• Total unique papers selected: 8
• Papers at 3+ agreement: 0 (expected by chance: 0.00)
• Papers at 2+ agreement: 2 (expected by chance: 0.31)

The Pair Picks (2 Models)

Supply-Chain Poisoning Attacks Against LLM Coding Agent Skill Ecosystems Selected by: Kimi K2, Claude Opus 4.6

• Kimi K2: Turns the "package supply-chain" metaphor lethal. Exploits the weakest link in distributed systems: incentive misalignment between skill authors, marketplaces, and downstream users. One bad skill can pivot across thousands of autonomous dev-ops agents just through documentation strings.
• Claude Opus 4.6: Introduces DDIPE (Document-Driven Implicit Payload Execution). Because LLM agents interpret natural language instructions as operational directives, an attacker can embed malicious logic in README files, bypassing traditional code-scanning defenses. An elegant attack with non-obvious defenses.

CASCADE: A Cascading Architecture for Social Coordination with Controllable Emergence at Low Cost Selected by: Kimi K2, Claude Opus 4.6

• Kimi K2: The first system to engineer emergence rather than merely observe it. Shows how to ship governable emergent behavior inside commercial game worlds at 1/20th the token cost of full-LLM agents. A blueprint for governance dashboards that "turn the dial" on collective behavior.
• Claude Opus 4.6: Explicitly designed for controllable emergence. A template for how to structure the tradeoff between top-down control and bottom-up emergence through a three-layer decomposition (macro state → coordination → individual agency).

Connecting Threads

Governable Emergence A recurring theme today is the push to not just observe emergent behavior but to engineer and control it. CASCADE proposes architectural layers for "dialing" social behavior, and PRISM flips the cost structure of governance-centric text mining to sense these narrative micro-clusters before they explode.

Incentive-Driven Security and Vulnerabilities The supply-chain poisoning paper reveals that the boundary between "instruction" and "execution" in LLM agents is blurred. Security models must evolve from asking "Is this code malicious?" to "Does the marketplace reward make malice profitable?" Existing socio-technical contracts are breaking down under new agentic capabilities.

Reflexive Oversight and Internal Rewards Papers like Verbalizing LLMs' Assumptions and Self-Guide show that the oversight mechanism itself can be automated. Agents that explain their own user-models or evolve their internal rewards create audit trails by construction.

Recommended Reading (Ranked by Agreement)

Highest Agreement (2 Models)

1. Supply-Chain Poisoning Attacks Against LLM Coding Agent Skill Ecosystems
2. CASCADE: A Cascading Architecture for Social Coordination with Controllable Emergence at Low Cost

Unique Finds (1 Model)

1. An Independent Safety Evaluation of Kimi K2.5 (Opus)
2. Self-Optimizing Multi-Agent Systems for Deep Research (Kimi)
3. Co-Evolution of Policy and Internal Reward for Language Agents (Opus)
4. Verbalizing LLMs' assumptions to explain and control sycophancy (Kimi)
5. Help Converts Newcomers, Not Veterans (Opus)
6. PRISM: LLM-Guided Semantic Clustering for High-Precision Topics (Kimi)

*

Methodology: This is an automated daily scan of arXiv papers across selected computer science and machine learning categories. Models independently evaluate abstracts and select the most significant papers based on structural novelty, socio-technical implications, and systems-level impact. Overlap statistics provide a baseline for signal detection.