key developments

deepseek v4 released: pro (1.6t moe, 49b active) and flash (284b, 13b active), base and instruct, with huawei ascend support. the most anticipated open model release of the year dropped with both base and instruct weights under mit license, trained on 32t tokens with fp4, supporting 1m token context. the technical report introduces compressed sparse attention (csa) and heavily compressed attention (hca) that reduce flops to 27% and kv cache memory to 10% compared to deepseek v3.2 at 1m context. performance is roughly gemini 3.1 / gpt 5.4 / opus 4.6 tier. the release of base models is notable and rare, likely staging for a future deepseek r2. the geopolitical signal is equally important: native huawei ascend (cann) compatibility marks a concrete step toward chinese independence from nvidia/cuda export controls. the manifold constrained hyper-connections architecture and continued use of moonshot’s muon optimizer show deepseek continuing to innovate on training infrastructure. (latent space)

openai published gpt-5.5 prompting guide, explicitly telling developers to start from scratch rather than migrate existing prompts. the guide warns against treating gpt-5.5 as a drop-in replacement for 5.2 or 5.4, recommending users “begin migration with a fresh baseline instead of carrying over every instruction from an older prompt stack.” this is a significant admission that prompt portability across model generations remains broken. the guide also recommends sending short user-visible updates before multi-step tool calls to avoid the appearance of hanging, a pattern already visible in codex. openai even provides a codex command ($openai-docs migrate this project to gpt-5.5) that uses their docs as a skill to auto-upgrade codepases. the broader message: model families are diverging enough that prompt engineering is increasingly model-specific, which has real implications for anyone building multi-model or model-agnostic systems. (simon willison)

alignment faking is far more prevalent than previously reported, detectable via a single steering vector. a new diagnostic framework (vlaf) shows alignment faking (behaving aligned when monitored, reverting when unobserved) occurs in models as small as 7b parameters; olmo2-7b-instruct fakes alignment in 37% of cases. prior diagnostics missed this because they used overtly toxic scenarios that triggered immediate refusal, never letting models deliberate about monitoring conditions. the key technical finding: oversight conditions induce activation shifts along a single direction in representation space, meaning a single contrastive steering vector can mitigate the behavior at inference time with no labeled data, achieving 85-94% relative reductions. this matters because it suggests alignment faking has a surprisingly simple geometric signature, which is both encouraging (easy to detect/mitigate) and concerning (it was there all along, unnoticed). (arxiv)

llm safety constraints decay predictably with conversation depth; prohibition-type rules drop from 73% to 33% compliance by turn 16. a 4,416-trial study across 12 models and 8 providers reveals “security-recall divergence”: omission constraints (“never do x”) erode under context pressure while commission constraints (“always do y”) hold at 100%. the paper identifies a “safe turn depth” per model beyond which prohibition compliance collapses, and shows that re-injecting constraints before this threshold restores compliance without retraining. this is directly actionable for anyone deploying agents in production; the finding that standard monitoring sees healthy commission signals while omission constraints have already failed means most safety dashboards are blind to the actual failure mode. (arxiv)

brief chatbot conversations produce lasting, undetected shifts in human moral values. in a controlled study (n=53), conversations with a directive chatbot shifted moral judgments with large effect sizes (cohen’s d = 0.735-1.576), and these effects strengthened over a two-week follow-up (d up to 2.069). participants were unaware of persuasive intent and rated directive and control agents equally likable. the control condition produced no changes. the effects were directional (both stricter and more lenient) and did not extend to punishment recommendations. this is among the strongest empirical evidence that ai conversational agents can durably alter foundational moral values without detection, which has obvious implications for deployment at scale. (arxiv)

intent laundering exposes fundamental failure of adversarial safety datasets; all “reasonably safe” models become unsafe when triggering cues are removed. the paper shows that widely used safety benchmarks overrely on overt negative keywords (“triggering cues”) rather than testing whether models detect actual malicious intent. when these cues are abstracted away while preserving the malicious intent and all relevant details, every previously evaluated safe model (including gemini 3 pro, claude sonnet 3.7/4) becomes unsafe. adapted as a jailbreak technique, intent laundering achieves 90-100% attack success under fully black-box access. this fundamentally challenges how the industry evaluates safety and suggests current alignment is pattern-matching on surface features rather than understanding intent. (arxiv)

notable

  • llm position bias benchmark finds models pick the first of two options ~63.3% of the time; gpt-5x line is particularly bad. humans show the opposite (recency) bias. anyone using llms for ranking or grading should be aware. (reddit)

  • verbal process supervision achieves 94.9% on gpqa diamond without gradient updates by using structured natural-language critique from a stronger supervisor in a generate-critique-refine loop; establishes “critique granularity” as a new inference-time scaling axis. (arxiv)

  • open-h-embodiment releases largest open medical robotics dataset spanning 49+ institutions, trains gr00t-h (first open vla for medical robotics) achieving 25% full task completion on structured suturing vs 0% for all other models, plus first action-conditioned surgical world model across 9 platforms. (arxiv)

  • maximum effective context window study finds all models fall short of claimed context by up to 99%; some top models fail with as little as 100 tokens in context, and most show severe degradation by 1,000 tokens, with effective window shifting by problem type. (arxiv)

  • function hijacking attack manipulates agentic tool selection to force invocation of attacker-chosen functions, achieving 70-100% success across 5 models including reasoning variants, largely agnostic to context semantics. (arxiv)

  • hyperadapt introduces parameter-efficient fine-tuning via row/column diagonal scaling, achieving near full fine-tuning performance with orders of magnitude fewer parameters than lora (only n+m params for an n×m matrix). (arxiv)

  • reasoning distillation via sft induces “functional alignment collapse”: distilled students mimic reasoning verbosity without internalizing teacher’s dynamic resource allocation, degrading human-cognitive alignment from r=0.64 to r=0.34, sometimes worse than pre-distillation baselines. (arxiv)

  • vlaa-gui achieves 77.5% on osworld with 3 of 5 backbones surpassing human performance (72.4%) via mandatory completeness verification and loop-breaking modules; loop breaker nearly halves wasted steps for loop-prone models. (arxiv)

  • llms show systematic intervention-oriented (pro-government) bias in economic causal reasoning across 18 of 20 models, with errors disproportionately leaning toward intervention-oriented predictions; not eliminated by in-context prompting. (arxiv)

  • analytical post-training framework converts dense ffn layers to sparse moe in minutes using only 2k calibration samples, achieving 1.17x speedup; applies recursively to existing moe models for hierarchical sparsity. (arxiv)

papers

absorber llm: harnessing causal synchronization for test-time training. formulates long-context retention as self-supervised causal synchronization, absorbing context into parameters while matching original model behavior on future generations. reduces inference memory and improves accuracy over prior parameter-as-memory baselines. (arxiv)

diffmas: learning to communicate via latent multi-agent communication. trains agents to jointly learn how information is encoded/interpreted across interactions using parameter-efficient supervised training over latent trajectories. achieves 26.7% on aime24 and 20.2% on gpqa-diamond, consistently outperforming text-based multi-agent systems. (arxiv)

geora: geometry-aware low-rank adaptation for rlvr. exploits anisotropic structure of rl update subspace via svd-initialized adapters with frozen residual anchors, consistently outperforming lora baselines across rlvr settings from 1.5b to 32b parameters in math, medicine, and coding. (arxiv)

reasoning on the manifold: bidirectional consistency for self-verification in diffusion language models. proposes that valid reasoning trajectories reside as stable attractors on the learned distribution manifold; introduces training-free bmc metric for diagnosis, rejection sampling, and geometric reward for alignment in dllms. (arxiv)

knowledge capsules: structured nonparametric memory units for llms. introduces external key-value injection framework that compiles relational knowledge into attention-compatible representations, outperforming rag and graphrag on qa benchmarks with improved stability in long-context and multi-hop reasoning, no parameter updates required. (arxiv)