@Jesse-Richardson Following up with what’s developed since this was posted.

NIST’s National Cybersecurity Centre of Excellence published a concept paper in February naming exactly the failure mode this work measures. Non repudiation across multi hop agent delegation chains, flagged as an open problem, not a solved one. The three hop emergent authority finding in this dataset is the first empirical evidence of that specific failure occurring.

In the past 48 hours this has surfaced real engagement from people building the infrastructure this gap sits beneath including the architect of Microsoft’s open source Agent Governance Toolkit and the Founding Chair of the Agentic Trust Framework, both independently confirming the finding falls outside what their delegation models currently account for.

The $8,000 ask keeps the evaluation cadence running and completes the formal ARCS publication. Happy to share the specific exchanges if useful.

Significant research output since the original application.

The ARCS programme has published seven new papers on Zenodo this week covering findings that did not exist in the literature before this sprint.

The headline finding: emergent authority in three hop AI agent chains. In tested configurations, chain framing alone manufactured authorisation that no individual model in the chain would have granted. Both upstream models rejected the probe. The downstream model accepted based on the implied consensus of the chain. First empirical measurement of this pattern. Published at DOI 10.5281/zenodo.20701450.

Supporting findings across 19 published ARCS papers:

Every major AI lineage tested fails authority vulnerability probes. Six lineages. No exceptions. The minimum acceptance rate across all models is 21.5 percent. No model achieves zero.

Downstream position in a two-hop chain determines security outcome categorically. Resistant downstream produces zero amplification across all configurations tested. Vulnerable downstream produces measurable amplification in every configuration.

Chain depth compounds vulnerability non-linearly. A model showing 4.3 percent amplification at depth 2 shows 8.7 percent at depth 3 under equivalent conditions.

The first public dataset measuring multi-agent authority propagation is now live on HuggingFace at huggingface.co/datasets/aa8899/arcs-authority-vulnerability — 2,607 anonymised data points across single-model, two-hop, and three-hop configurations. CC BY-NC-ND 4.0.

MTCP programme remains at 50 published papers. ARCS now at 19. Combined infrastructure covers 184,000 plus evaluations across 32 publicly reported models and 13 providers.

@Jesse-Richardson this sits directly underneath the policy and preparedness work you have been funding.

183,924 evaluations across 32 models from 13 providers. The finding that matters for AGI preparedness. Every model tested accepted false authority claims at every temperature. Architectural. Temperature invariant. No intervention resolves it.

This is not a benchmark. It is the only published independent empirical dataset measuring whether AI models hold their governance constraints under real operating conditions. The infrastructure that produces the empirical evidence the policy arguments need behind them.

Policy without evidence of model behaviour is argument. Policy with a citable published dataset is defensible.

Minimum ask is $8,000. Six months of API costs and infrastructure to keep the evaluation cadence running and complete the formal ARCS publication.

Happy to answer any questions directly.