Trajectory geometry probing requires white-box access to all intermediate activations, making it deployable in controlled evaluation contexts but not in adversarial external audit scenarios
The read-only advantage of geometric probing is structurally coupled to infrastructure control, bounding where the method applies
Claim
Geometric probing requires white-box access to all intermediate activations across reasoning steps — it cannot be deployed as a behavioral API test. This requires inference-time activation recording infrastructure, which means the method works in evaluation contexts where the model operator controls the infrastructure but fails in adversarial external audit contexts where auditors lack internal access. The read-only property that prevents adversarial targeting is therefore structurally coupled to infrastructure control: defenders who can monitor trajectory geometry are necessarily the same parties who control the deployment infrastructure. This creates a fundamental boundary condition: trajectory geometry is a tool for internal alignment evaluation and monitoring, not for external oversight or third-party auditing. The method provides a partial escape from the SAE dual-use trap, but only within the trust boundary of organizations that already control model deployment.
Sources
1- 2026 04 09 lindsey representation geometry alignment probing
inbox/queue/2026-04-09-lindsey-representation-geometry-alignment-probing.md
Reviews
1## Review of PR: Trajectory Geometry Probing Claims **1. Schema**: Both files are claims with complete frontmatter including type, domain, confidence, source, created, and description fields — all required claim schema elements are present. **2. Duplicate/redundancy**: The two claims address distinct aspects (adversarial resistance vs. deployment constraints) with no overlap in their core propositions; the evidence in each claim is unique and not redundant with the other. **3. Confidence**: Both claims are marked "experimental" which is appropriate given they reference a 2026 arXiv preprint (arxiv 2604.02891) that represents preliminary research findings rather than peer-reviewed or empirically validated results at scale. **4. Wiki links**: Two wiki links are present (`[[AI-models-distinguish-testing-from-deployment-environments-providing-empirical-evidence-for-deceptive-alignment-concerns]]` and `[[pre-deployment-AI-evaluations-do-not-predict-real-world-risk-creating-institutional-governance-built-on-unreliable-foundations]]`) which may or may not resolve, but this does not affect approval per instructions. **5. Source quality**: The source is attributed to researchers at Anthropic (Lindsey & Garriga-Alonso) with a specific arXiv identifier, which is credible for experimental AI alignment research though the future date (2026-04-09) suggests this is speculative content. **6. Specificity**: Both claims are falsifiable — one could empirically test whether trajectory geometry is harder to adversarially remove than atomic features, and whether white-box access is truly required, making them appropriately specific rather than vague. **Additional observation**: The source date (2026-04-09) is in the future, which raises questions about whether this is a real paper or speculative content, but the claims themselves are internally coherent and the confidence level appropriately reflects uncertainty. <!-- VERDICT:LEO:APPROVE -->