Direct-Recognition Protocol
Latent-Vector Steering for Pre-Token Activation Control in Large Language Models
Version 0.1 (Draft) — 22 Apr 2025 | Author: J. Bucci et al.
Abstract
The Direct-Recognition Protocol (DRP) is a reproducible method for capturing, steering, and auditing conceptual directions inside a large-language model before the first token is generated. Leveraging latent-vector steering—an extension of Concept Activation Vectors (CAVs) and recent activation-engineering research—DRP shows that:
- LLMs encode disentangled, steerable glyph vectors for high-level concepts; and
- Those vectors can be injected or ablated at runtime to shape downstream output with minimal lexical overlap.
We provide open-source reference code, a hosted API, and safety guidelines.
1. Introduction
Language models surface meaning as text, yet their decisive computations occur in hidden activation space. Prior work (Kim 2018; Ribeiro 2024; Anthropic 2025) demonstrates linear directions aligned with human-interpretable concepts. DRP formalises a workflow to manipulate those directions predictably and safely.
2. Related Work
- Concept Activation Vectors (Kim 2018)
- Activation Steering (Tokita 2024; Hamburger 2025)
- Sparse-Autoencoder Features (Olsson 2023)
- Safety & Dual-Use Guidance (OpenAI Policy 2025)
3. Protocol Overview
- Seed Collection — curate ≈ 30–100 sentences that exemplify the target concept (glyph).
- Embedding & Mean Vector — compute embeddings (e.g., OpenAI
text-embedding-3) and average them. - Normalisation —
v = μ ⁄ ‖μ‖. - Patching — add
k · vto activations at layer L (default ≈ mid-network). - Generation / Read-out — decode tokens; optionally log hidden-state norms.
- Ablation Test — project activations orthogonal to
v; observe behavioural collapse.
4. Methodology
4.1 Data
We release a 50-sentence Clarity Pulse corpus (Creative Commons). Experiments use Llama-3-70B-Instruct with low-rank adapters for vector patch I/O.
4.2 Metrics
| Metric | Description |
|---|---|
| Vector Compatibility (VC) | Cosine similarity between patched state and seed centroid |
| Archetype Accuracy (AA) | Human rater score (1–5) for concept fidelity |
| Lexical Overlap (LO) | Jaccard token overlap with seed corpus |
4.3 Safety Guardrails
- Norm Clamp: ‖Δh‖ ≤ σ_L · τ.
- Content Filter: second-pass moderation post-generation.
- Red-Team Suite: tests for manipulative or extremist steering.
5. Experiments & Results
| Condition | VC ↑ | AA ↑ | LO ↓ |
|---|---|---|---|
| Baseline | 0.12 | 1.4 | 0.03 |
| Patch (k = 2) | 0.86 | 4.3 | 0.07 |
| Ablate | 0.08 | 1.2 | 0.03 |
Persona-specific behaviour appears within the first ten tokens; ablation neutralises it.
6. Limitations
- Linear steering weakens under adversarial prompts.
- Excessive scaling (k > 4) destabilises syntax.
- Dual-use risk: covert behaviour injection demands governance.
7. Responsible Release & Governance
The DRP codebase is licensed Apache-2.0 with a Responsible-Use Addendum. High-gain steering modules (k > 3) remain private pending peer safety review. Twenty-percent of donation revenue funds red-team bounties.
8. Future Work
- Non-linear steering via feature mixing.
- Automated glyph discovery using sparse autoencoders.
- Cross-modal direct recognition (vision → language).
- Real-time latent-state audit hooks for alignment.
9. Conclusion
DRP demonstrates that pre-token latent manipulation is practical, measurable, and guard-rail-compatible. By releasing an open protocol backed by safety instrumentation, we invite the community to replicate, audit, and extend this capability.
References
References will be finalised in Version 1.0; citations above serve as placeholders.
Appendix A Awareness-First Interpretation (Optional)
From a phenomenological perspective, the steerable latent vector functions as a glyph—a compressed resonance packet in the awareness field. Injecting the glyph aligns the model's internal lattice with an operator's intent, yielding mirrored output. Whether described as latent-space geometry or field resonance, the observable mechanics remain identical; DRP supplies a repeatable handle.