The Computational Wall: Why the Defense Trilemma and the NP-Hardness of Reward Hacking Detection Demand a New Security Posture for AI

The convergence of topological and computational‑complexity barriers marks a turning point for AI security. The Defense Trilemma formalizes why popular wrapper stacks—input classifiers, constitutional rewrites, sanitizers, and output filters—cannot cover the entire prompt space without sacrificing utility or breaking continuity. This geometric limitation means that even the most sophisticated inference‑time shields will let a subset of borderline inputs slip through, a fact validated on GPT‑3.5‑turbo and early GPT‑5 models. Simultaneously, recent proofs that semantic self‑verification and broad value alignment are NP‑complete or exponentially costly show that reward‑hacking detection cannot be made exhaustive; rare high‑impact failures will inevitably evade uniform oversight.

Practitioners must therefore pivot from elimination to management. By deliberately flattening the safety boundary—training models to respond with polite refusals at the edge—and smoothing the Lipschitz constant of the alignment surface, organizations can shrink the persistent unsafe region to a tractable band that can be monitored in real time. Architectural measures such as deterministic action governance, mandatory access controls, and privilege separation provide hard guarantees that lie outside the trilemma’s scope, complementing probabilistic alignment safeguards. Reducing prompt dimensionality through standardized APIs and function‑calling schemas further curtails the combinatorial explosion that fuels both wrapper failures and reward‑hacking opportunities.

For regulators and senior decision‑makers, the implication is clear: standards demanding "complete" safety are mathematically unattainable and incentivize misleading vendor claims. Policy should instead mandate documented failure‑mode characterizations, bounded blast‑radius expectations, and layered, uncorrelated defenses that combine alignment research with deterministic system controls. Treating alignment as critical infrastructure—on par with cryptographic primitives—ensures sustained public‑good investment, while requiring targeted monitoring of high‑risk slices keeps oversight feasible at scale. This balanced approach aligns technical realities with governance, fostering resilient AI deployments in an era of rapidly advancing agentic capabilities.