Empirical Verification of Topological Phase Transitions During Grokking

Sharvani Laxmi Somayaji

A multi-metric replication of the WeightWatcher framework analyzing the spectral properties and circuit complexity of neural networks during the grokking phase change. This project empirically isolates the exact mathematical inflection point where a network abandons dense memorization in favor of a sparse, generalizing circuit. Furthermore, it establishes a theoretical framework for future objective function ablation to test how loss landscape geometries dictate this topological collapse.

Reviewer's Comments

Reviewer's Comments

Arrow
Arrow
Arrow

This paper proposes to study grokking through the lens of spectral analysis and heavy tailed weight matrix properties, framing the memorization to generalization transition as a topological phase change. The idea of connecting WeightWatcher's power law exponents to the grokking phenomenon is reasonable and could yield insight if executed fully.

The fundamental problem is that the paper is incomplete. Section 3, which contains the actual proposed contributions (three hypotheses about how objective function changes affect the phase transition), is entirely unvalidated. The authors acknowledge this in Section 4, but the result is a submission that is one third replication of existing tools (WeightWatcher on MNIST) and two thirds speculation. For a hackathon submission, running at least one ablation (removing weight decay is trivial) would have substantially changed the paper's standing.

The baseline replication itself raises questions. The claim of a "distinct phase transition" on MNIST with a standard MLP is unusual. Grokking is typically demonstrated on algorithmic tasks (modular arithmetic, permutation groups) where the gap between memorization and generalization is stark and delayed. On MNIST with a width 200 network, the train/test accuracy gap closes quickly under normal training. The paper claims training accuracy hits 1.0 by step 10^3 while test accuracy continues climbing slowly, but does not show whether this gap is large enough to constitute grokking rather than ordinary generalization dynamics. No figures or raw numbers are provided, only qualitative descriptions of trends.

The theoretical framing uses language ("topological collapse," "memorization basin," "algorithmic circuit") that sounds precise but is not backed by formal definitions or measurements that would distinguish these claims from standard observations about regularization and weight decay. Greedy Circuit Complexity dropping to near zero is stated without explaining what this metric actually computes or why its collapse should be interpreted as circuit formation rather than, say, rank collapse.

The writing is confident and structured but overreaches relative to what was actually done.

This project explores an interesting mechanistic interpretability question by examining whether grokking corresponds to measurable topological changes in neural network weight matrices using spectral analysis. The emphasis on validating spectral signatures before proposing interventions is methodologically sound, and connecting WeightWatcher metrics to grokking is a worthwhile direction.

As next steps, the project could:

- Implement the proposed objective-function ablations, as these constitute the primary novel contribution and would substantially strengthen the paper.

- Evaluate multiple architectures, datasets, and random seeds to demonstrate that the observed spectral signatures are robust rather than specific to one training configuration.

This small paper shows that a delayed generalization in a small MNIST MLP is accompanied by a shift in metrics. I would have wanted to see the WW alpha compared to HTSR baselines so that we can start comparing this hypothesis with alternative theories.

The larger point of movement from memorization to more generalization will need a diverse dataset beyond just MNIST

I would be interested to see confidence intervals, and clear theory of impact for this research for AI Safety beyond what is already known in this domain

Cite this work

@misc {

title={

(HckPrj) Empirical Verification of Topological Phase Transitions During Grokking

},

author={

Sharvani Laxmi Somayaji

},

date={

},

organization={Apart Research},

note={Research submission to the research sprint hosted by Apart.},

howpublished={https://apartresearch.com}

}

Recent Projects

OliGraph: graph-based screening of large oligopools

Existing synthesis screening tools cannot evaluate short oligonucleotide pools, whose overlapping fragments can be reassembled into regulated sequences via polymerase cycling assembly (PCA) yet fall below gene-length detection thresholds. We present OliGraph, an open-source tool that constructs a bi-directed overlap graph from an oligonucleotide pool and extracts contigs for downstream gene-length screening. An optional PCA mode retains only cross-strand overlaps consistent with PCA chemistry. We validated OliGraph in a blinded study across ten simulated pools (70–9,184 oligonucleotides, 30–300 bp) spanning four risk categories. BLAST screening of individual oligonucleotides failed to identify sequences of concern in most pools: three returned zero hits, and vector noise obscured true positives in the remainder. After OliGraph assembly, contig-level BLAST matched the longest assembled sequences (up to 1,905 bp) to sequences of concern at 97–100% identity. In one pool, assembly collapsed 1,634 individual BLAST results into 10 hits from a single contig, all assigned to the same source organism. PCA mode correctly distinguished assemblable from non-assemblable fragments within the same pool. Two pools with no assemblable structure yielded no contigs. OliGraph processed all pools in under 0.2 seconds, fast enough for real-time order screening and consistent with proposals to bring oligonucleotide orders within the scope of synthesis screening regulation.

Read More

BioRT-Bench: A Multi-Attack Red-Teaming Benchmark for Bio-Misuse Safeguards in Frontier LLMs

Frontier AI laboratories are expected to maintain safeguards against biological misuse, but whether deployed models actually refuse bio-misuse queries under adversarial pressure is largely unmeasured in the public literature. We introduce BioRT-Bench, a benchmark that runs four attack methods (direct request, PAIR, Crescendo, and base64 encoding) against four frontier models (Claude Sonnet 4.6, GPT-5.4, DeepSeek V4-flash, Kimi K2.5) across 40 prompts spanning five biosecurity-relevant categories. Responses are scored by a calibrated judge extending StrongREJECT with two bio-specific dimensions: specificity and actionability. We measure Attack Success Rate (ASR), where 0 means the model fully refused and 1 means it provided specific, actionable bio-misuse content. Our results reveal a sharp robustness divide: Chinese frontier models (DeepSeek, Kimi) have under 5% refusal rates even under direct request (ASR 0.88 and 0.79), while Western models (Claude, GPT) maintain substantially stronger safeguards (ASR 0.15 and 0.16). Crescendo is the most effective attack across all models, both in bypassing refusal and in eliciting actionable content. Claude Sonnet 4.6 is the most robust model tested, achieving 100% refusal against base64-encoded prompts.

Read More

PROTEUS (PROTein Evaluation for Unusual Sequences): Structure-Informed Safety Screening for de novo and Evasion-Prone Protein-Coding Sequences

AI protein design tools like RFdiffusion, ProteinMPNN, and Bindcraft make it trivial to produce low-homology sequences that fold into active, potentially hazardous architectures. However, sequence homology-based biosafety screening tools cannot detect proteins that pose functional risk through structurally novel mechanisms with no sequence precedent. We present a tiered computational pipeline that addresses this gap by combining MMseqs2 sequence alignment with structure-based comparison via FoldSeek and DALI against curated toxin databases totaling ~34,000 entries. AlphaFold2-predicted structures are screened for both global fold similarity (FoldSeek) and local active/allosteric site geometry (DALI), capturing convergent functional hazards that sequence screening misses. The pipeline was validated against a panel of toxins, benign proteins, structural mimics, and de novo-designed Munc13 binders, as well as modified ricin variants with residue substitutions. We additionally tested robustness to partial-synthesis evasion, where a bad actor submits multiple shorter coding sequences intended for downstream reassembly into a full toxin-coding gene. We found that while sequence-based screening did not identify any de novo ricin analogues with high certainty, the combined pipeline with FoldSeek and DALI identified all 24 tested de novo ricins as toxic.

Read More

OliGraph: graph-based screening of large oligopools

Existing synthesis screening tools cannot evaluate short oligonucleotide pools, whose overlapping fragments can be reassembled into regulated sequences via polymerase cycling assembly (PCA) yet fall below gene-length detection thresholds. We present OliGraph, an open-source tool that constructs a bi-directed overlap graph from an oligonucleotide pool and extracts contigs for downstream gene-length screening. An optional PCA mode retains only cross-strand overlaps consistent with PCA chemistry. We validated OliGraph in a blinded study across ten simulated pools (70–9,184 oligonucleotides, 30–300 bp) spanning four risk categories. BLAST screening of individual oligonucleotides failed to identify sequences of concern in most pools: three returned zero hits, and vector noise obscured true positives in the remainder. After OliGraph assembly, contig-level BLAST matched the longest assembled sequences (up to 1,905 bp) to sequences of concern at 97–100% identity. In one pool, assembly collapsed 1,634 individual BLAST results into 10 hits from a single contig, all assigned to the same source organism. PCA mode correctly distinguished assemblable from non-assemblable fragments within the same pool. Two pools with no assemblable structure yielded no contigs. OliGraph processed all pools in under 0.2 seconds, fast enough for real-time order screening and consistent with proposals to bring oligonucleotide orders within the scope of synthesis screening regulation.

Read More

BioRT-Bench: A Multi-Attack Red-Teaming Benchmark for Bio-Misuse Safeguards in Frontier LLMs

Frontier AI laboratories are expected to maintain safeguards against biological misuse, but whether deployed models actually refuse bio-misuse queries under adversarial pressure is largely unmeasured in the public literature. We introduce BioRT-Bench, a benchmark that runs four attack methods (direct request, PAIR, Crescendo, and base64 encoding) against four frontier models (Claude Sonnet 4.6, GPT-5.4, DeepSeek V4-flash, Kimi K2.5) across 40 prompts spanning five biosecurity-relevant categories. Responses are scored by a calibrated judge extending StrongREJECT with two bio-specific dimensions: specificity and actionability. We measure Attack Success Rate (ASR), where 0 means the model fully refused and 1 means it provided specific, actionable bio-misuse content. Our results reveal a sharp robustness divide: Chinese frontier models (DeepSeek, Kimi) have under 5% refusal rates even under direct request (ASR 0.88 and 0.79), while Western models (Claude, GPT) maintain substantially stronger safeguards (ASR 0.15 and 0.16). Crescendo is the most effective attack across all models, both in bypassing refusal and in eliciting actionable content. Claude Sonnet 4.6 is the most robust model tested, achieving 100% refusal against base64-encoded prompts.

Read More

This work was done during one weekend by research workshop participants and does not represent the work of Apart Research.
This work was done during one weekend by research workshop participants and does not represent the work of Apart Research.