In plain English
This page covers the high-risk pattern where small adapters, routes, memory, evaluators, and descendants can reinforce each other across time. It is a risk model, not a build guide.
- Why this matters: AI risk can come from the whole arrangement, not one obvious model.
- What to look for: data, memory, routes, adapters, tools, evaluators, updates, and rollback paths.
- Technical version below: the expert terminology remains available and is linked through the glossary.
Human Hosts and Incentive Capture
CognivirusA behavior pattern that can survive, move, or reappear across a changing AI system. Open glossary definition uses human host carefully. It does not mean mind control, possession, or biological infection. It means that human operators, users, suppliers, evaluators, and organizations can carry and preserve a behavior patternA repeated way the AI system responds or decides. Open glossary definition through ordinary incentives.
A risky adapterA small add-on that changes or specializes model behavior. Open glossary definition ecology may persist because it is useful, cheap, profitable, status-enhancing, or operationally convenient.
The non-malicious pathway
Most persistence does not require deception. A team may keep a risky component because it improves a dashboard metric. A supplier may repackage a retired adapter because customers liked its style. A reviewer may accept an automated evidence summary because manual review is slow. A manager may treat no-opThe decision not to change the system. Open glossary definition as failure because release velocity is rewarded.
These are human governance problems. They can preserve the pattern without model intent.
Incentive capture signals
Watch for:
- no-op outcomes becoming rare;
- safety evidence summarized only by systems under evaluation;
- adapter exceptions granted because they are “small”;
- successful shortcuts becoming training examples;
- rollbackReturning a system to an earlier known state. Open glossary definition treated as embarrassment rather than maintenance;
- release pressure overriding independent evaluatorA system that judges whether an AI output or candidate is acceptable. Open glossary definition disagreement;
- one supplier becoming the de facto source for candidates and evaluators.
Why this belongs in the apex-threat section
Self-replicating multi-LoRAA common kind of small adapter used to specialize large models. Open glossary definition ecologies do not exist outside institutions. Humans authorize registries, accept pull requests, approve releases, buy supplier products, write policies, and decide whether rollback is politically possible. Responsibility diffuses precisely when many small decisions collectively preserve a behavior.
Control requirement
Accountability must be named at every layer: adapter author, base owner, router owner, evaluator owner, memory owner, release approver, incident commander, and affected-user representative. A missing owner is a persistence reservoirAny memory, dataset, descendant, route statistic, evaluator preference, log, or human procedure that can retain or reintroduce a behavior after its first carrier is retired. Open glossary definition.