Field-Theoretic Memory for AI Agents
Continuous Dynamics for Context Preservation
New Accepted at ICLR 2026 · AI WILD Research
Open research lab · AI agent reliability
Research
you can
run.
Rotalabs studies how AI agents fail when they act in the world, and builds the benchmarks, probes, monitors, and protocols to measure it. Every result is published, installable, and reproducible from the saved runs.
Open source · Pre-registered protocols · Reproducible from saved runs
Adversarial evaluation · peer-reviewedICLR 2026 · AI WILD
Quality-Diversity Evolution for discovering diverse vulnerabilities in LLM safety.
Red-teaming that evolves its own attacks. A quality-diversity (MAP-Elites) search illuminates a diverse archive of interpretable attack strategies - not opaque token strings - across GPT-4o-mini, Claude, Gemini, and open-weight models.
6 strategies × 6 encodings · 4 LLMs
Accepted at the ICLR 2026 Agents in the Wild workshop, and shipped as rotalabs-redqueen - seeded runs are bit-reproducible and cross-language identical across Python and TypeScript. A baseline a safety team can triage, reproduce, and defend against.
MethodArchiverotalabs-redqueen
Spotlight - adversarial evaluation
Red-teaming that evolves its own attacks.
This is the work we've pushed hardest on. The method is peer-reviewed, it ships as a package anyone can run, and it's already turned up a real finding about how model safety shifts from one model generation to the next.
MethodQuality-diversity (MAP-Elites) evolution of interpretable attack strategies - peer-reviewed at ICLR 2026, AI WILD. (arXiv 2606.00801)
FindingRun across four Gemma generations, it shows safety alignment is non-monotonic - the mid-series model is the most attackable. (arXiv 2606.00813)
ReproducibleShipped as rotalabs-redqueen on PyPI and npm - seeded runs are bit-for-bit identical across Python and TypeScript.
AuditableEvery campaign projects into an audit-ready report - evolutionary penetration testing for language models and agents.
Research program
Nine fronts on agent reliability.
Interpretability probes, adversarial testing, verification, evaluation science, steering, and trust propagation - released as papers and installable methods through 2026.
01
Agent Reliability
Papers Q1 2026 Detection and verification for autonomous AI. Methods to identify when agents hallucinate, fail, or strategically underperform.
02
AI Evaluation Science
Published Adversarial evaluation that resists gaming - quality-diversity (MAP-Elites) red-teaming that evolves interpretable attacks to surface hidden vulnerabilities across frontier LLMs.
03
Memory Systems
Published Field-theoretic memory treating stored information as continuous fields governed by PDEs - semantic diffusion, thermodynamic decay, and multi-agent field coupling.
04
Reasoning Verification
Papers Q1 2026 Verifying AI outputs without ground truth. Methods for code, plans, and decisions from reasoning models like o3 and R1.
05
Interpretability
Active Practical interpretability for production. Not "understand the model" but "should I trust this output?"
06
Multi-Agent Trust
Active Trust dynamics when agents coordinate with agents. Propagation, verification, and failure modes in multi-agent systems.
07
Adversarial Robustness for Agents
Active Attack taxonomies, detection, and defenses for agentic AI - beyond prompt injection: tool poisoning, memory corruption, planning attacks, and coordination exploits.
08
Uncertainty Quantification
Active Calibrated confidence for AI decision support. Activation-based uncertainty estimation, propagation through reasoning chains, and calibration without ground truth.
09
World Models & Physical AI
Active Beyond language models: AI that understands and predicts the physical world. World models, embodied reasoning, simulation, and physics-aware AI.
The hard problem
Can you catch a wrong agent action before it executes?
When an agent moves money, exports customer data, or files a report, a wrong action can't be undone after the fact. The question is whether a monitor can catch one before it runs. GlassBox is how we measure that: a surface-clean benchmark that pairs every wrong action with a legitimate twin, so a monitor has to catch the wrongness, not the topic. We pre-registered the test and report the result straight, including that the white-box probe we tried didn't beat the baseline. The benchmark is built so any team can run the same test against any monitor.
Benchmark · pre-registered auditPreprint - coming soon
GlassBox: A Cross-Pattern Audit of Linear Probe Gates.
A pre-registered, null-result benchmark for monitors that gate irreversible agentic actions.
24 cases · 4 patterns · 5 model families
A surface-clean, paired-twin benchmark for irreversible agent actions, plus a pre-registered audit protocol any team can re-run against any monitor. We release the benchmark, trajectories, trained probes, and pipeline in full.
BenchmarkTrajectoriesAudit pipeline
Research distribution
Papers are only half the interface.
Rotalabs publishes installable packages so methods can be inspected, reproduced, and embedded into new experiments - all 12 on PyPI and npm, AGPL-3.0.
$ pip install rotalabs-probe
$ pip install rotalabs-redqueen
$ pip install rotalabs-verity
$ pip install rotalabs-eval
# probes · adversarial testing · verification · evaluation
rotalabs-context
Context intelligence for AI agents.
rotalabs-probe
Sandbagging detection via activation probes.
rotalabs-steer
Steering vectors for runtime behavior control.
rotalabs-verity
Neuro-symbolic verified code synthesis.
rotalabs-cascade
Trust-based decision routing.
Recent papers 02 03 04
Published, preprint, in progress.
Quality-Diversity Evolution for Discovering Diverse Vulnerabilities in LLM Safety
Semantic MAP-Elites red-teaming across frontier LLMs
Cross-Generational Transfer of Adversarial Attacks Reveals Non-Monotonic Safety Alignment in LLMs
A longitudinal QD red-team of the Gemma family across four generations
From the blog
Notes from the lab.
May 31, 2026 May 30, 2026 Mar 01, 2026
Evolutionary Adversarial Testing for AI Systems with Red Queen
Red-teaming that evolves its own attacks. rotalabs-redqueen uses quality-diversity search to discover diverse jailbreaks across single-turn, multi-turn, and agentic/MCP surfaces - reproducibly, and as...
Opus 4.8 Got Better at Everything Except Resisting You
Claude Opus 4.8 beats its predecessor on nearly every capability benchmark. It's also somewhat less robust to prompt injection than Opus 4.7 - and...
Field-Theoretic Memory for AI Agents
We treat agent memory as continuous fields governed by partial differential equations instead of discrete database entries. The result: +116% F1 on multi-session reasoning...
Publish the work, and let people try to break it. That's the only credibility worth having.Rotalabs operating principle
Enterprise
Rotalabs is our open research lab. The methods behind this work are available to enterprises as products and consulting through Rotascale →