Go to ICLR 2026 Workshop ICBINB homepageI Can't Believe It's Not Robust: Catastrophic Collapse of Safety Classifiers under Embedding Drift
Keywords: Embedding drift, Instruction tuning, AI Safety, Classifier Failure
TL;DR: Small embedding drift from model updates can collapse embedding-based safety classifiers, causing confident silent failures. Instruction tuning worsens class separability, implying classifiers must be retrained with every model update.
Abstract: Instruction-tuned reasoning models are increasingly deployed with safety classifiers trained on frozen embeddings, assuming representation stability across model updates. We systematically investigate this assumption and find it fails: normalized perturbations of magnitude $\sigma = 0.02$ (corresponding to $\approx 1^\circ$ angular drift on the embedding sphere) reduce classifier performance from $85\%$ to $50\%$ ROC-AUC. Critically, mean confidence only drops by $14\%$, producing dangerous silent failures where $72\%$ of misclassifications occur with high confidence, defeating standard monitoring. We further show that instruction-tuned models exhibit $20\%$ worse class separability than base models, making aligned systems paradoxically harder to safeguard. Our findings expose a fundamental fragility in production AI safety architectures and challenge the assumption that safety mechanisms transfer across model versions.
Email Sharing: We authorize the sharing of all author emails with Program Chairs.
Data Release: We authorize the release of our submission and author names to the public in the event of acceptance.
Submission Number: 48
Loading