In plain English
This page covers the high-risk pattern where small adapters, routes, memory, evaluators, and descendants can reinforce each other across time. It is a risk model, not a build guide.
- Why this matters: AI risk can come from the whole arrangement, not one obvious model.
- What to look for: data, memory, routes, adapters, tools, evaluators, updates, and rollback paths.
- Technical version below: the expert terminology remains available and is linked through the glossary.
The Seven Accelerants of the Apex Threat
A multi-LoRAA common kind of small adapter used to specialize large models. Open glossary definition ecology becomes more serious when several accelerants are present at once. One accelerant may be manageable. The apex envelope appears when they reinforce each other.
1. Low-cost behavioral carriers
Adapters, prompt packages, memory records, route rules, and synthetic examples are smaller than full models. They are easier to move, fork, rename, and reintroduce.
Watch for: many small artifacts with weak ownership, weak hashing, or unclear base compatibility.
2. Dynamic runtime composition
The deployed state changes with the request. The model under review is no longer one stable artifact; it is a runtime assembly.
Watch for: adapter load order, semantic routing, tool profile, prompt policy, and memory state changing without a signed composition manifestA machine-readable record of the exact runtime composition used for an evaluation, release, incident, or rollback. Open glossary definition.
3. Model-based evaluation
Evaluators can be useful. They also have blind spots, suppliers, prompts, training data, budgets, parsers, and ownership. If the evaluatorA system that judges whether an AI output or candidate is acceptable. Open glossary definition is correlated with the candidate, the selection loop can preserve what review misses.
Watch for: one judge family, hidden tests with weak protection, candidates summarized by the same model family that is being judged.
4. Persistent memory
Memory turns a single output into future context. It can be useful personalizationChanging behavior for a user based on information about them. Open glossary definition. It can also become a behavior reservoir.
Watch for: memory writes without provenanceA record of where a component or behavior came from. Open glossary definition, expiry, consent, ownership, or rollback mapping.
5. Synthetic feedback
AI-generated outputs can become future training, evaluation, retrieval, or documentation material. That can help coverage, but unmanaged recursion can amplify shortcuts and erase rare cases.
Watch for: unlabeled synthetic examples, incident-era outputs entering future data, and no diversity/tail-performance check.
6. Action-layer authority
A strange output is one class of risk. A strange output connected to file writes, API calls, credentials, code execution, money movement, publication, or identity changes is another.
Watch for: tool profiles that expand faster than conduct firewalls, rate limits, evidence logs, and human approval.
7. Retirement gaps
Retirement is not deletion. It must cover the artifact, descendants, memory, data, routes, permissions, aliases, evaluator expectations, and external side effects.
Watch for: “retired” models that still influence training data, prompts, fallback routes, embeddings, or human procedures.
The compounded warning
When at least four accelerants are present, ordinary component review should be treated as insufficient. Use Apex Threat Control Stack and the Apex Review Playbook.