Researchers say AI safety labs have been solving the wrong problem.
A paper published on arXiv reviewed 80 benchmarks used to evaluate AI agent security and found that 85% of them do not state verifiable requirements — 61% offer none at all, and 24% give only vague high-level goals. The researchers then tested symbolic guardrails — deterministic, rule-based checks borrowed from standard software engineering — against three existing benchmarks: τ²-Bench, CAR-bench, and MedAgentBench. They found that 74% of security and safety requirements could be enforced symbolically, and 95% of those needed only simple, low-cost checks. In every case, adding symbolic guardrails improved safety without hurting utility.
This matters because the dominant approach to AI agent safety is training-based: fine-tune the model, add a neural filter, hope it generalizes. But probabilistic methods reduce the likelihood of a bad action — they cannot rule it out. In high-stakes domains like medical software or industrial automation, "less likely to cause harm" is a different promise than "cannot cause harm." Symbolic guardrails can make the stronger guarantee, at least for a well-defined subset of requirements.
The field has spent years building increasingly elaborate benchmarks that, by this analysis, mostly measure vibes rather than verifiable constraints. If 61% of safety benchmarks specify no concrete requirements, they are not benchmarks — they are marketing materials dressed up in academic formatting.