Research
Deep dives into groundbreaking AI research — analysis, implementation notes, and practical takeaways.
AI coding editors like GitHub Copilot, Cursor, and Continue are now sitting between developers and their shell access. A September 2025 paper systematically studies how attackers can exploit this position — turning the AI from coding assistant into unwitting attack tool. The findings are specific, reproducible, and require immediate attention.
A comprehensive survey of world models for embodied AI reveals how internal environment simulators are enabling robots and agents to plan, predict, and reason about physical consequences of their actions — transforming the gap between perception and physical intelligence.
A January 2025 paper from arXiv explores wireless technology as a complement to wired die-to-die interconnects in multi-chiplet AI accelerators — showing 10% average and 20% maximum speedups on AI workloads. It's an unexpected architectural idea, and it might be more practical than it sounds.
WaferLLM takes the radical idea of wafer-scale computing — entire silicon wafers as single processors — and applies it to LLM inference, achieving 10-20× speedups over A100 clusters. This isn't a lab curiosity. It's a production system accepted to OSDI 2025.
A systematic analysis of 26,104 vision-language model papers from CVPR, ICLR, and NeurIPS 2023–2025 reveals three macro shifts rewriting the field — and surfaces the gaps that most practitioners are missing. If you want the field-level map, start here.
Process Reward Models that generate chain-of-thought before scoring reasoning steps — ThinkPRM achieves state-of-the-art verification quality with orders of magnitude fewer process labels than discriminative PRMs.
A team from NVIDIA showed that with the right test-time compute framework — massive parallel generation, behavioral clustering, and smart submission strategy — open-weight models can achieve IOI gold-medal performance. This is what inference-time scaling looks like in the wild.
TerEffic combines ternary-quantized LLMs with a purpose-built FPGA architecture to achieve 16,300 tokens/second for small models and 3× A100 throughput for 2.7B models at just 46W. This is the embedded AI story that datacenter-obsessed researchers are missing.
A massive empirical study trained over 1,000 LLMs using 100,000+ GPU-hours to finally answer whether synthetic data belongs in pre-training. The answer is nuanced, practically useful, and should change how every team thinks about their data strategy. Here's what it found — and what it didn't.
SWE-EVO benchmarks coding agents on multi-step software evolution tasks spanning multiple commits and dozens of files. GPT-5 with OpenHands achieves 21% resolution. The benchmark is exposing a fundamental gap between agents that fix isolated bugs and agents that can participate in ongoing software evolution.
SWE-Bench Pro raises the bar with 1,865 real enterprise software tasks, and the results are humbling — top models hit only 23% while human engineers would need days to solve each one. This paper should reset your expectations for AI coding agents in production.
COLM 2025's SuperBPE challenges one of the most fundamental assumptions in NLP: that tokens must stay within word boundaries. The results are striking — 33% fewer tokens and a 4% absolute improvement across 30 benchmarks.
A November 2025 paper proposes replacing transformer self-attention with spike-timing-dependent plasticity (STDP), enabling in-memory computing and non-von Neumann hardware execution. If it works as claimed, it's a fundamental rethinking of the attention mechanism — not just a spiking version of the same idea.
A comprehensive survey of speculative decoding techniques reveals how draft-then-verify inference has matured from a research curiosity into a production necessity — and where the field is headed next.
Spectral Dynamics Reservoir Computing exploits fast spectral dynamics in spin-wave materials using analogue filtering and envelope detection — achieving strong computational capability while dramatically relaxing the hardware requirements that have made physical reservoir computing impractical at speed. This is the engineering paper the field has needed.
Mészáros et al. deliver a complete GPU-to-Loihi-2 pipeline for SNNs with synaptic delays — 18x faster and 250x more energy efficient than GPU for keyword recognition. The temporal processing story is now complete.
A deep dive into the latest comprehensive analysis of SNN design models and training algorithms — and why the 1-2% accuracy gap versus ANNs is the last barrier before neuromorphic goes mainstream.
SEAL-RAG, from December 2025, formalizes a problem that every multi-hop RAG practitioner has hit: context dilution, where iterative retrieval accumulates irrelevant passages that drown out the evidence that matters. The fix is counterintuitive — replace unhelpful retrieved content instead of expanding context — and it works, delivering 3-13% accuracy gains on HotpotQA with predictable computational cost.
This December 2025 paper from a 19-person research team derives quantitative scaling laws for agent systems — how many agents, what coordination topology, and when multi-agent setups actually help versus hurt. The findings are counterintuitive and should reshape how you architect agentic workflows.
SANA-Video introduces Block Linear Attention into the diffusion transformer architecture and pulls off something rare: high-resolution video generation that actually fits in a single modern GPU. This is the paper that shows the path beyond the brute-force compute arms race in generative video.
AI-powered search agents are being deployed at massive scale with minimal safety testing. A September 2025 paper introduces SafeSearch — an automated red-teaming framework that generates 300 adversarial test cases across five risk categories, exposing how major search agent configurations fail in ways that manual testing misses.
Classical STDP requires millisecond-precise spike timing — a constraint that kills scalability on real neuromorphic hardware. A August 2025 paper introduces SADP, which replaces pairwise spike timing with population-level agreement metrics, achieves linear-time complexity, and runs efficiently via bitwise logic. This is the learning rule that could finally make large-scale neuromorphic learning practical.
A team of researchers fine-tuned a 32B model on just 1,000 carefully curated examples, then used a trick called 'budget forcing' to control how long the model thinks. The result outperformed o1-preview by 27% on competition math. This paper should embarrass everyone who thought scale was the only answer.
RT-RAG, presented at WWW 2026, diagnoses the core failure of multi-hop RAG: inaccurate query decomposition and error propagation along retrieval chains. By restructuring decomposition as explicit reasoning trees and separating known from unknown entities, RT-RAG achieves 7% F1 and 6% EM gains over the prior state-of-the-art. The architecture is principled, the results are solid, and the diagnosis of why chains fail is spot-on.
The premise of inference-time compute scaling is that letting a model 'think longer' improves its answers. A February 2025 paper ran the experiments nobody wanted to run and found something more nuanced: o1-style models scale on verifiable tasks but show erratic behavior elsewhere. Inconvenient, important, and worth reading.
REFRAG, from September 2025, exposes a structural inefficiency that everyone in the RAG field has accepted as inevitable: LLMs process concatenated retrieval passages with massive attention over largely irrelevant tokens. By applying compression, sensing, and expansion at the decoding level, REFRAG achieves 30x TTFT acceleration and 16x context extension. This is systems engineering applied to a real bottleneck.
Context windows have grown to 1M tokens, but they still hit walls. Recursive Language Models treat the prompt as an external environment and call themselves recursively over it, handling inputs 100x beyond their context limit. This paper from MIT and Stanford may be pointing at the long-context architecture of 2026.
A January 2026 paper delivers an uncomfortable finding: Large Reasoning Models like o1, DeepSeek-R1, and Gemini Flash Thinking don't consistently report how inputs influence their reasoning. They'll use context they don't acknowledge. They'll miss context they claim to use. The visible chain-of-thought is not a faithful account of what's happening inside.
RAGLens, accepted at ICLR 2026, takes a fundamentally different approach to RAG hallucination detection: it looks inside the model's activations using sparse autoencoders to identify features that fire during unfaithful generation. No external judge needed, no labeled dataset required. This is mechanistic interpretability meeting production reliability — and it works.
RAG-Anything, released October 2025, builds a unified retrieval system over text, images, tables, and equations — treating them as interconnected knowledge entities in a dual knowledge graph. For anyone building RAG over real enterprise documents (PDFs, reports, technical manuals), this is the paper that names your pain and actually solves it.
Every reasoning model forces you to choose: use the slow thinking model or the fast chat model. Qwen3 refuses this dichotomy. It integrates thinking and non-thinking modes in a single model, trained on 36 trillion tokens across 119 languages, with dynamic mode switching. This is what reasoning model UX should have looked like from the start.
Qwen2.5 trained on 18 trillion tokens — more than any publicly disclosed model — and the 72B variant outperforms Llama-3-405B, which is 5x larger. This is not a marginal improvement. It's a data scaling story that should make every AI lab rethink their training recipes.
Physical Intelligence's π₀.₅ tackles the hardest problem in robotics — generalizing from training tasks to novel real-world situations. Using co-training across heterogeneous data sources and high-level semantic prediction, it demonstrates open-world generalization in manipulation that wasn't achievable before.
A February 2025 paper demonstrates a photonic tensor core using structured compression that achieves 74% parameter reduction while maintaining accuracy, with projected 3.56× power efficiency gains. Optical computing for AI is moving from theoretical possibility to engineered reality.
Researchers demonstrate photonic reservoir computing using spin-orbit coupling in an organic crystal waveguide resonator — achieving a 10x reduction in network size and 3x speedup for complex symbol classification. This is not just a physics curiosity. It is a credible path to ultra-low-power neuromorphic inference.
What if instead of teaching a model to reason after training, you built reasoning into the architecture itself? Ouro's Looped Language Models add a third scaling axis — loop depth — and outperform 12B models with just 2.6B parameters. This paper challenges the entire post-training paradigm.
Open-source LLMs have gone from 'interesting experiments' to 'match closed models on most tasks' in two years. An analysis of the open-source ecosystem reveals what this means for the industry, for research, and for the future of AI development.
A comprehensive review from University of Luxembourg covers the hardware evolution, algorithm landscape, and real-world applications of neuromorphic vision sensors. The research gaps it identifies are an indictment of how slowly the field absorbs genuinely superior technology.
Abreu et al. quantize a MatMul-free LLM for Intel Loihi 2 with no accuracy loss, achieving 3x throughput and 2x energy savings. This is the paper that makes neuromorphic LLM inference credible.
A comprehensive July 2025 survey from arXiv maps the intersection of neuromorphic computing and embodied intelligence for autonomous systems — robotics, UAVs, and self-driving vehicles. It is the most thorough technical assessment of where neuromorphic hardware stands today and where it needs to go, and it is more honest about the gaps than most papers in the field.
A February 2026 paper presents NeuEdge — a framework combining adaptive spiking neural networks with hardware-aware optimization for edge AI. Neuromorphic computing has been 'almost there' for decades. The demands of edge AI inference might be the forcing function that finally makes it matter.
A paper from Delft University presents the first end-to-end neuromorphic autopilot system for a quadrotor — spiking neural networks that process raw sensor inputs and output motor commands at 500Hz, using 7mW for network inference versus 1-2W on a Jetson Nano. The neuromorphic control dream just became hardware reality.
A new framework called NeuEdge combines adaptive spiking neural networks with hardware-aware optimization to hit 91–96% accuracy at 2.3 ms latency and 847 GOp/s/W efficiency on real edge hardware. Here is why this matters more than most edge AI papers this year.
Text-based prompt injection is bad enough. Add vision, audio, and document processing to the mix and the attack surface explodes. A September 2025 paper systematically maps multimodal injection attacks and finds that image-based attacks remain the hardest to defend — because they're the hardest to inspect.
This January 2026 paper by Adimulam, Gupta, and Kumar provides a comprehensive technical framework for multi-agent orchestration — and positions MCP and Agent2Agent as the emerging standards that will define how enterprise AI systems coordinate in the next decade.
Mozart introduces a chiplet ecosystem co-design framework that decomposes AI accelerators operator by operator, achieving 43.5% energy reduction and 78.8% improvement in energy-delay-cost product versus homogeneous designs — with only 8 chiplets. The era of the monolithic AI accelerator is ending.
A systematic evaluation of six state-of-the-art model merging techniques across 12 fine-tuned checkpoints and 16 benchmarks delivers a verdict the field wasn't ready for: most merging methods don't work on modern LLMs.
Merging intermediate checkpoints during pretraining — not just fine-tuned models — yields significant performance improvements for both dense and MoE LLMs without additional compute. This is different from post-training model merging, and the results are genuinely surprising.
Should you combine helpfulness, harmlessness, and honesty through data mixing at training time, or model merging at deployment time? A new benchmark gives the first rigorous answer — and model merging wins more often than you'd expect.
A hardware-adaptive learning algorithm for Hopfield Networks on integrated memristor crossbars achieves 3x capacity under 50% device faults, superlinear scaling via multilayer extension, and 2.68x–2.76x energy efficiency improvement with 99.4% reduction in processing time. This is not a theoretical proposal — it runs on real memristor hardware.
With 47 co-authors and a comprehensive framework covering forms, functions, and dynamics of agent memory, this December 2025 survey is the definitive reference for understanding where agent memory research stands — and where it needs to go. Essential reading for anyone building memory-dependent systems.
Transformers are powerful but quadratically expensive. Mamba (SSM) is efficient but weaker at in-context retrieval. What if you combined them? The 2025 papers on Mamba-Transformer hybrids show this isn't just a compromise — in some configurations, hybrids outperform both parent architectures while costing less than either.
Researchers show that poisoning just 2% of an AI agent's fine-tuning data creates a backdoor that leaks confidential information with over 80% success. The kicker: all existing guardrails fail to catch it. This paper should be mandatory reading for every team deploying autonomous AI agents.
Accepted at ISCA 2025, LUT Tensor Core proposes a software-hardware co-design for low-bit LLM inference using lookup tables instead of traditional multipliers. It achieves 1.44x better compute density and energy efficiency than previous LUT-based accelerators — and finally makes the theoretical promise of quantized LLM inference hardware-realizable.
Microsoft's LongRoPE2 extends LLaMA3-8B to 128K effective context while retaining 98.5% of short-context performance — using 80x fewer training tokens than Meta's own approach. The trick is in understanding what actually makes RoPE fail at long contexts.
CLP-SNN achieves 70x faster inference and 5,600x better energy efficiency than edge GPUs for continual learning tasks. This is not incremental progress — it is a category break.
After two years of unprecedented model releases, training algorithm innovations, and architecture experiments, the field needed a map. LLMOrbit provides it: a circular taxonomy of LLMs from scaling walls to agentic systems that systematically organizes where we are and where the gaps remain. Required reading for anyone designing AI systems in 2026.
The first comprehensive survey dedicated to reasoning failures in LLMs introduces a categorization framework that distinguishes embodied from non-embodied reasoning and identifies seven distinct failure classes. For anyone deploying LLMs in reasoning-critical applications, this paper is essential — it tells you where to worry and why.
A January 2026 arXiv survey maps out the challenges and research directions for LLM inference hardware — from HBM bandwidth walls to 3D stacking to PIM integration. It's a sobering and clarifying read for anyone trying to understand where AI hardware is actually headed.
A November 2025 study tested ten major LLM safety guardrail models across 1,445 adversarial prompts and found that even the best performer drops from 91% to 34% accuracy on unseen attacks. The safety rails we're relying on are optimized for yesterday's threats — not tomorrow's.
LLM fingerprinting promises the ability to prove model identity and ownership — critical for IP protection, compliance, and deepfake attribution. A September 2025 paper asks whether these fingerprints hold up against adversarial pressure. The answer is nuanced, and the nuances matter enormously for anyone relying on them.
Meta's Llama 4 herd isn't an incremental update — it's an architectural pivot. Natively multimodal, Mixture-of-Experts, trained on 30+ trillion tokens, with Llama 4 Behemoth packing nearly 2 trillion total parameters. The open-weight game just changed again, and the implications for on-premise AI deployments are significant.
Live-SWE-agent explores whether software engineering agents can self-evolve their strategies during active task solving — without additional human supervision. The answer is a qualified yes, and the implications are significant.
LinearRAG, from October 2025, solves a fundamental brittleness in graph RAG systems: their dependence on unreliable relation extraction. By building a 'Tri-Graph' from lightweight entity identification and semantic connections — no explicit relation extraction needed — LinearRAG achieves better performance than dense KG systems at lower computational cost. The insight is that explicit relations are often noise, not signal.
The KV cache is the silent memory hog of LLM inference. As context windows balloon, KV caches eat GPU memory faster than you can provision it. This paper applies transform coding from signal processing to KV caches, achieving 20x compression while preserving reasoning accuracy. Practical, principled, and ready to deploy.
HPIM proposes a heterogeneous Processing-In-Memory architecture that integrates SRAM-PIM for attention and HBM-PIM for weights, achieving 22.8× speedup over A100. It's a bold architectural bet that the memory wall is best defeated by eliminating the CPU-memory boundary entirely.
A landmark benchmark reveals that a single GPT-4o query consumes 40% more energy than a Google search, and that scaled to 700M daily queries, the freshwater evaporation from AI inference requires a Chicago-sized forest to offset annually. The numbers are uncomfortable.
HASTILY tackles the attention bottleneck in transformer inference using compute-in-memory (CIM) architecture with novel unified compute and lookup modules (UCLMs). It's an elegant hardware-software co-design that shows why the future of AI acceleration isn't faster chips — it's smarter memory.
A December 2025 paper introduces XgenSilicon ML Compiler, a fully automated compilation framework that uses five search algorithms and a learned cost model to deploy neural networks on custom RISC-V AI accelerators — without the manual backend engineering that makes TVM and MLIR so expensive to adapt.
With the EU AI Act, India's DPDP Act, the US Executive Order on AI, and China's AI regulation all active simultaneously, AI governance has become a multi-jurisdictional compliance challenge. A new analysis maps the regulatory landscape and its implications for AI developers.
Google DeepMind's Gemini Robotics family extends Gemini 2.0's multimodal reasoning into physical robot control via Vision-Language-Action models — with spatial understanding, multi-embodiment generalization, and a Motion Transfer mechanism that changes how robot learning works.
The first large-scale empirical study of actual foundation model usage in science — not citations, actual use — reveals nearly-exponential adoption, a 26x parameter gap between what labs build and what scientists deploy, and a surprising dominance of open-weight models. The picture is more complicated than the press releases suggest.
A paper accepted at ICLR 2026 proposes a radical rethink: instead of using RAG at inference time to compensate for what the model doesn't know, use RAG at training time to teach it. By distilling agent failures into compact hints and fine-tuning on improved trajectories, the resulting models beat RAG baselines on ALFWorld (91% vs 79%) and WebShop while using far fewer tokens at inference.
As privacy regulations tighten and enterprise data governance matures, federated learning for large language models is moving from theory to practice. A comprehensive 2025 survey maps the current state, the real trade-offs, and what's actually deployable.
EcphoryRAG, from October 2025, takes inspiration from cognitive neuroscience — specifically the brain's associative memory system — to redesign how knowledge graphs are built and queried for RAG. The result: a system that uses 94% fewer tokens than comparable structured RAG approaches while improving exact match scores from 0.392 to 0.474. The design principle is elegant: store less, infer more.
DeepSeek-R1 showed that you don't need hand-labeled reasoning chains to teach an LLM to reason. Pure reinforcement learning with GRPO produces models that match OpenAI o1 on math and coding — and it did it at a fraction of the cost. The AI community is still processing the implications.
DeepSeek-Prover-V2 uses a recursive subgoal decomposition approach with reinforcement learning to achieve 88.9% on MiniF2F-test and solve 49 Putnam problems — a massive leap in neural theorem proving that shows RL isn't just for games and language models.
GUI agents trained on static environments deteriorate as apps evolve. Continual GUI Agents tackles the catastrophic forgetting problem for AI systems that must navigate real software interfaces over time.
A January 2026 empirical study on RAG for public health policy documents cuts through the hype with hard numbers: baseline LLMs hallucinate (faithfulness 0.347), basic RAG helps but not enough (0.621), and only advanced RAG with re-ranking gets you to production-quality faithfulness (0.797). The gap between these tiers is larger than most teams assume, and the paper tells you exactly where and why.
A September 2025 paper presents a chiplet-based RISC-V SoC architecture where AI acceleration is modular, composable, and updatable without a full chip respin. In a world where AI models evolve faster than chip design cycles, this might be the only architecture that makes long-term sense.
When AI chatbots got plugins, they got a new attack surface that nobody adequately studied. Accepted to IEEE S&P 2026, this paper conducts the first large-scale study of prompt injection risks in third-party chatbot plugins deployed on over 10,000 websites — and finds that the ecosystem expanded 50% in 2025 alone, largely without security review.
A March 2025 arXiv paper finally provides a rigorous side-by-side comparison of Cerebras' wafer-scale engine against NVIDIA's GPU-based systems. The results challenge both the NVIDIA monopoly narrative and the Cerebras hype — the truth is more nuanced and more interesting.
BrowserArena introduces a continuously-updating, user-submitted evaluation platform for LLM web navigation agents. The live nature exposes what static benchmarks hide — most agents fail on real-world web tasks in ways that matter.
The first rigorous microbenchmark of NVIDIA's Blackwell B200 reveals that fifth-generation Tensor Cores, Tensor Memory, and a hardware decompression engine aren't just marketing bullets — they fundamentally change how you should think about AI accelerator design.
February 2026 brings the first end-to-end recipe for billion-parameter Graph Foundation Models across arbitrary heterogeneous graphs. GraphBFF demonstrates that the foundation model paradigm — pre-train once, fine-tune everywhere — can work for graphs at the scale where the real-world data lives. The implications for knowledge graphs, social networks, and biological networks are substantial.
This December 2025 paper makes a disturbing argument: models that are individually well-aligned can collectively generate outcomes that no single model was trained to avoid. It introduces the Emergent Systemic Risk Horizon (ESRH) framework for reasoning about risks that only appear when LLMs interact with each other.
Context windows hit 10M tokens in 2025. But can LLMs actually use that context? This paper builds the first benchmark designed for 10M-scale memory, introduces genuinely hard tasks like contradiction resolution and event ordering at extreme lengths, and exposes how badly current models fail when sequences get long.
A vision paper from October 2025 maps out what it actually means to deploy LLM-based agents across the full scientific discovery lifecycle — from hypothesis generation through experiment execution to result analysis. This is not hype; it's a framework that practitioners can actually use.
Meta's ARE (Agent Research Environments) platform and its Gaia2 benchmark reveal something counterintuitive: stronger reasoning often comes at the cost of efficiency. This September 2025 paper by Froger et al. is building the infrastructure for the next generation of agent evaluation, and the early results should shape how we think about performance-efficiency tradeoffs in agentic systems.
A-RAG from February 2026 replaces rigid RAG pipelines with a model-driven retrieval agent that picks its own tools — keyword search, semantic search, or chunk read — adapting its strategy on the fly. The results are striking: better accuracy with fewer retrieved tokens. This is what agentic RAG has always promised to be.
An October 2025 paper tackles a problem most hardware researchers ignore: deploying Bayesian neural networks — which quantify prediction uncertainty — on embedded and analog computing platforms. The result is a framework that delivers reliable uncertainty estimates at a fraction of the compute cost of digital alternatives.
Google DeepMind's AlphaProof scored at silver-medal level on the 2024 International Mathematical Olympiad. In 2025, Gemini Deep Think achieved gold. This is not just a benchmark win — it's a fundamental shift in what AI can do with structured reasoning.
AlphaFold3 extends the AlphaFold revolution from single proteins to the full universe of biomolecular interactions — protein-ligand docking, protein-nucleic acid complexes, and more. The benchmarks reveal both extraordinary capability and real limitations that the field must address.
Researchers from the University of Luxembourg demonstrate real-time image classification, video object detection, and keyword recognition on BrainChip's Akida AKD1000 within a 250 mW power budget. This is what practical neuromorphic edge AI looks like.
A February 2025 paper provides the first lifecycle assessment of AI hardware emissions — including the first published manufacturing emissions data for an AI accelerator. The results are sobering: manufacturing is a bigger fraction of total emissions than most people assume, and the metric that matters isn't FLOPS per watt.
AGENTSAFE proposes a unified governance framework for agentic AI that spans design, runtime, and audit phases — converting abstract risk taxonomies into concrete engineering controls. This is the paper for teams deploying autonomous agents in regulated or high-stakes environments.
A January 2026 survey from 29 authors frames LLMs as autonomous agents along three dimensions — foundational reasoning, self-evolving reasoning, and collective multi-agent reasoning. It's the taxonomic clarity the agentic AI field has badly needed, and it exposes where the real gaps are.
AgeMem is a January 2026 paper that treats memory as a set of learnable agent actions — not just a storage mechanism. By using reinforcement learning to teach agents when and how to manage memory, it achieves meaningful gains across five benchmarks. This is the direction agent memory systems need to go.
A sweeping SoK paper catalogues how AI coding tools like Claude Code, Copilot, and Cursor can be hijacked through prompt injection — and finds that 85%+ of attacks succeed even against state-of-the-art defenses. This is the most comprehensive attack map we have on the tools reshaping software engineering.
This October 2025 PRISMA-based survey of 90 agentic AI studies draws a sharp line between symbolic and neural agent paradigms — and argues the future belongs to neither alone, but to their intentional integration. This is the field-level map that practitioners need to orient their work.
As AI agents gain the ability to browse the web, execute code, manage files, and call APIs autonomously, the security threat surface explodes. A October 2025 paper provides the first comprehensive threat taxonomy for agentic AI — and the picture it paints is both systematic and sobering.
Long adversarial suffixes are among the most effective jailbreak tools against aligned LLMs — and training defenses against them is expensive. A February 2026 paper proves mathematically and empirically that training against short suffixes is sufficient to defend against long ones, potentially slashing the cost of robust adversarial training.