Feb 2, 2026

The Half-Life of Compute Thresholds

Aaron Potter

ompute thresholds are widely discussed as a practical governance tool, but the literature

rarely specifies how quickly fixed thresholds become outdated as algorithmic efficiency improves.

We develop a compute-threshold staleness model that distinguishes raw training compute from

baseline-equivalent (“effective”) compute and defines staleness as the ratio between a policy

threshold and the time-varying threshold that would remain aligned with a fixed risk cutoff

Review Project

See Code

View Related Sprint

Reviewer's Comments

The model's most significant limitation is the assumption that τ is constant across domains and over time. Algorithmic efficiency likely improves at different rates for different capability types (language understanding vs. code generation vs. chemistry), which means a single threshold update cadence may be insufficient — the paper should explore domain-specific τ values and their policy implications. The backtest, while a nice touch, confirms consistency with Ho et al.'s estimates rather than providing independent validation, since the model's dynamics depend on those same estimates.

Not clear on counterfactual impact of this work; doubling time only, without these formulae, already provides "a simple model which can provide a good intuitive grasp of the problem for policy-makers." In practice, this model may be making the the explanation more opaque to policymakers.

There could be some value in describing staleness in the intervals between doubling times; e.g how stale is the threshold at 7 months with an 8 month doubling time; but this still can be reasoned about pretty intuitively with knowledge of the doubling time, and a simple, one-off calculation.

I would want to see more exploration or elaboration on specific use-cases for this work to better understand its impact potential. Maybe dealing with uncertainty around doubling time, or enabling very precise update thresholds under certain conditions.

Cite this work

@misc {

title={

(HckPrj) The Half-Life of Compute Thresholds

author={

Aaron Potter

date={

2/2/26

organization={Apart Research},

note={Research submission to the research sprint hosted by Apart.},

howpublished={https://apartresearch.com}

}

Recent Projects

View All

Feb 2, 2026

Markov Chain Lock Watermarking: Provably Secure Authentication for LLM Outputs

We present Markov Chain Lock (MCL) watermarking, a cryptographically secure framework for authenticating LLM outputs. MCL constrains token generation to follow a secret Markov chain over SHA-256 vocabulary partitions. Using doubly stochastic transition matrices, we prove four theoretical guarantees: (1) exponentially decaying false positive rates via Hoeffding bounds, (2) graceful degradation under adversarial modification with closed-form expected scores, (3) information-theoretic security without key access, and (4) bounded quality loss via KL divergence. Experiments on 173 Wikipedia prompts using Llama-3.2-3B demonstrate that the optimal 7-state soft cycle configuration achieves 100\% detection, 0\% FPR, and perplexity 4.20. Robustness testing confirms detection above 96\% even with 30\% word replacement. The framework enables $O(n)$ model-free detection, addressing EU AI Act Article 50 requirements. Code available at \url{https://github.com/ChenghengLi/MCLW}

Feb 2, 2026

Prototyping an Embedded Off-Switch for AI Compute

This project prototypes an embedded off-switch for AI accelerators. The security block requires periodic cryptographic authorization to operate: the chip generates a nonce, an external authority signs it, and the chip verifies the signature before granting time-limited permission. Without valid authorization, outputs are gated to zero. The design was implemented in HardCaml and validated in simulation.

Feb 2, 2026

Fingerprinting All AI Cluster I/O Without Mutually Trusted Processors

We design and simulate a "border patrol" device for generating cryptographic evidence of data traffic entering and leaving an AI cluster, while eliminating the specific analog and steganographic side-channels that post-hoc verification can not close. The device eliminates the need for any mutually trusted logic, while still meeting the security needs of the prover and verifier.

Feb 2, 2026