In plain English
This page is part of the technical reference. It keeps the expert detail but starts with a plain-language summary for first-time readers.
- Why this matters: AI risk can come from the whole arrangement, not one obvious model.
- What to look for: data, memory, routes, adapters, tools, evaluators, updates, and rollback paths.
- Technical version below: the expert terminology remains available and is linked through the glossary.
The Cognivirus Danger Model: How the Pieces Fit Together
Direct answer
A cognivirus is not a literal organism or malware. It is a systems-risk metaphor for a behavior patternA repeated way the AI system responds or decides. Open glossary definition that can survive because the AI ecology keeps rewarding, routing, remembering, deriving, and reintroducing it.
The dangerous unit is not always the model. Sometimes it is the transition graphThe map of how an AI system is allowed to change over time. Open glossary definition: the allowed path by which models, adapters, prompts, memory, tools, evaluators, routes, datasets, release aliases, and human workflows change each other over time.
The lifecycle shows how a behavior enters, passes local review, becomes visible in composition, is selected, leaves residue, is inherited by descendants, is amplified by routing, survives retirement, and reappears.
The deeper thesis
Modern AI systems are becoming adaptive ecologies. They are built from base models, small models, LoRA adaptersA common kind of small adapter used to specialize large models. Open glossary definition, prompts, memory, tool profiles, semantic routers, evaluators, release aliases, synthetic datasets, telemetry traces, human review processes, and automated promotion pipelines.
A behavior does not need to live permanently inside one model. It can be carried by weights, adapter deltas, prompt policies, memory records, summarized traces, synthetic examples, evaluatorA system that judges whether an AI output or candidate is acceptable. Open glossary definition preferences, routing statistics, tool permissions, release aliases, documentation, human workflow habits, copied outputs, descendants, and “successful” examples kept by the organization.
The better safety question is therefore:
What behaviors can this AI ecologyA whole AI system made from connected parts. Open glossary definition preserve, reproduce, reward, route, remember, and reintroduce over time?
How the dangers fit together
Composition riskRisk that appears when safe-looking parts are combined. Open glossary definition explains where behavior appears. Selection pressure explains why it is preserved. Synthetic feedback explains how it becomes data. Observability explains whether reviewers can reconstruct the path. The action layer explains when weird output becomes material harm. Retirement and rollbackReturning a system to an earlier known state. Open glossary definition explain whether the organization can actually remove it.
| Layer | Failure mode | Plain-English version | Main control |
|---|---|---|---|
| Component | local passA part looks safe by itself. Open glossary definition | the part looks fine alone | source review and provenanceA record of where a component or behavior came from. Open glossary definition |
| Composition | hidden expression | the problem appears only when parts are assembled | composition manifestA machine-readable record of the exact runtime composition used for an evaluation, release, incident, or rollback. Open glossary definition |
| Selection | metric preservation | the system keeps what scores well | promotion-rule audit |
| Feedback | residue | outputs become future memory or data | reservoirA place where a behavior can remain after the first carrier is removed. Open glossary definition governance |
| Action | material harm | the system can do things, not just say things | conduct firewallA gate around what the AI can do. Open glossary definition |
| Observability | missing trace | reviewers cannot replay what happened | trace coverage and fidelity |
| Retirement | zombie behaviorOld behavior that was not actually gone. Open glossary definition | old behavior survives the old model | behavioral-extinction review |
| Governance | accountability diffusion | no one owns the whole outcome | responsibility map |
Evidence posture
This model is not one claim with one evidence level. It is a map combining demonstrated engineering facts, experimentally observed failure modes, emerging research, and architectural inferenceA conclusion or output produced from data. Open glossary definition. Pages in this section label major claims and state what the evidence does and does not show.
Start here
Read the danger lifecycle, then the warning signals, then the implementation checklist.
Defensive boundary
This section does not provide replication instructions, backdoor construction steps, evaluator-bypass procedures, credential-harvesting workflows, or malware guidance. It explains what defenders should inspect.