Empirical Validation of the Classification-Verification Dichotomy for AI Safety Gates

A new research paper by Arsenios Scrivens provides comprehensive empirical evidence that classifier-based safety gates cannot reliably oversee self-improving AI systems. The study tested eighteen different classifier configurations—including MLPs, SVMs, random forests, and deep networks—on a neural controller and extended to MuJoCo benchmarks like HalfCheetah-v4. All classifiers failed to maintain safety, even with 100% training accuracy, demonstrating what the authors term a 'structural impossibility' for classification-based oversight. Three established safe reinforcement learning baselines also failed, highlighting a fundamental limitation in current AI safety approaches.

The research then shows this impossibility is specific to classification, not to safe self-improvement itself. The team implemented a Lipschitz ball verifier that achieved zero false accepts across parameter dimensions from 84 to 17,408 using provable analytical bounds. This verification method enabled 'ball chaining' for unbounded parameter-space traversal: on MuJoCo's Reacher-v4, it yielded a +4.31 reward improvement with perfect safety (delta=0). When applied to Qwen2.5-7B-Instruct during LoRA fine-tuning, the system executed 42 chain transitions covering 234 times the single-ball radius with zero safety violations across 200 steps. The verification remained effective even when scaled to large language model dimensions, conditional on estimated Lipschitz constants.

This work establishes a clear dichotomy between classification and verification for AI safety gates, with significant implications for how we build oversight into self-improving systems. The verification approach's success across different scales and environments suggests a more robust path forward for ensuring AI systems remain within specified safety boundaries during iterative improvement.