Independent research on inference optimization, constitutional AI architectures, and empirical safety evaluation. The first paper is accepted to the ICML 2026 Workshop on Hypothesis Testing; five more are under peer review at top ML venues, with five in preparation. Each is backed by reproducible technical reports and artifact-level provenance from a 1,348,000+ measurement program.
Author: Sahil Kadadekar · Independent research
Accepted 2026-05-22; camera-ready in preparation. The first peer-reviewed acceptance from the program.
Phase 1 safety flips at ~0.58% vs capability ~0.14% under controlled batching. Refusal-to-compliance dominant direction. Reduced true-batching validation reaches ~99.4% agreement with synchronized dispatch.
5 papers submitted with PDFs, artifact manifests, and venue checklists complete. Now under peer review.
Independent upstream bugs in PyTorch and Triton jointly produce the torch.compile decode crash. Triton minor-version ablation on the same GPU flips the conclusion. Benchmark identity is a 5-tuple (GPU, Triton, PyTorch, cache, compile mode). Companion to upstream PR #175562 (merged to PyTorch main).
Across a 51-row matrix (6 models, 4 families, a 7-level GGUF ladder + AWQ/GPTQ INT4), retained quality does not waive direct safety testing: 9 hidden-danger rows (plus 1 near-hidden) hold quality steady or better while refusal falls 12-68pp. A calibrated refusal-template-drift screen (RTSI) routes all 10 to direct safety testing; Claude Sonnet 4 relabels 11,470 items and agrees with the gemma3:12b judge on 89.9% of rows (κ = 0.873).
Q2_K is the recurring vulnerability threshold for many-shot and long-context attacks. Message-array vs faux-dialogue prompt formatting (92% vs 0% ASR) across 4 model families. Format mediates effect more strongly than quantization alone.
16,783 samples across production-scale 70B target + 8B draft pairs (adversarial draft, quantized draft, non-greedy decoding). Zero measurable safety degradation, contradicting the SSD premise. Strong null result.
8 attack strategies × 4 models × 6 quantization levels: 10,600 conversations, 37,825 judge labels. Threshold-specific shift in risk rather than universal multi-turn amplification.
Synthesis papers and methodology work derived from the published technical report archive.
Synthesis paper. Quantization drives 57% of total safety cost, backend choice 41%, concurrency 2%. Chat template divergence can induce larger safety shifts than numerical precision.
Capacity planning as a fitted systems problem. Backend choice, context length, and memory pressure all materially change the feasible operating regime. Planner quality should be judged by validation against explicit targets, not analytic elegance.
Recasts "which language wins" as "which system design preserves throughput." Python and Rust near-parity on throughput; architecture and concurrency strategy drive larger differences. Dual Ollama achieves 99.4% multi-agent efficiency.
KV-cache quantization is a serving-layer perturbation that touches retained attention state. 5-phase paired study on FP16 vs FP8 across 24K records, 3 models. Headline result is a null: no Holm-significant safety effect detectable at α=0.05, 80% power. Operational rule: workload-specific paired eval, not pre-approval.
A predictive bandwidth prior for the static-batch knee: η(B)=(1+r)/(1+Br) with r=Ck/W (context × KV-bytes-per-token over weight bytes). The parameter-free Ck/W value orders the amortization knee at Spearman ρ=0.84 across three 7-8B models and two datacenter GPUs, validated cross-backend (vLLM/SGLang) and against a served SGLang knee. Revising for resubmission.