Klaerenn
⌘K
Klaerenn
Research

On the Fundamental Limits of Security Detection: A Theory of Distinguishability Collapse

A formal framework explaining why security detection becomes fundamentally impossible as attacks evolve toward higher levels of abstraction.

Preprint — January 2026

We present a formal framework explaining why security detection becomes fundamentally impossible as attacks evolve toward higher levels of abstraction, and why the gap between AI-augmented attack and defense will continue to widen.

Building on four decades of research—from Denning's foundational work on intrusion detection (1987), through Forrest et al.'s behavioral detection (1996), to Wagner & Soto's mimicry attacks (2002)—we identify and formalize the implicit distinguishability hypothesis underlying all detection-based security.

Our framework synthesizes three intellectual traditions: Wiener's cybernetic insight (1948) that detection is signal extraction from noise, the OSI model's (1984) recognition of layer-specific vulnerabilities, and Burgess's Promise Theory (2005) showing that impositions fail against autonomous agents.

We prove that Denning's hypothesis collapses when adversaries achieve polynomial-cost mimicry—a condition now realized by generative AI.

Main contributions

Seven formal results:

  • Distinguishability Collapse Theorem (Theorem 4.6) — Detection becomes computationally impossible when mimicry cost is polynomial.
  • Arms Race Convergence Theorem (Theorem 4.10) — The defender-adversary dynamic converges to collapse equilibrium.
  • Irreversibility Theorem (Theorem 4.13) — This collapse is permanent: detection lacks symmetric defensive technology.
  • Kill Chain Composition Theorem (Theorem 4.16) — AI improvement across attack stages compounds exponentially, while defensive improvement remains additive.
  • Promise-Theoretic Impossibility Theorem (Theorem 5.6) — Detection as an imposition fails when adversaries make no promise to reveal intent.
  • Semantic Indistinguishability Theorem (Theorem 6.3) — At the semantic layer, intent cannot be inferred from observables. This is information-theoretically impossible, not merely computationally difficult.

We characterize a four-layer model (syntactic, architectural, behavioral, semantic) showing progressive degradation of distinguishability.

Implications

Our theorems apply to content-based detection. Metadata, contextual signals, and architectural controls operate outside this scope and represent the viable path forward.

Security architectures must shift from detect and respond to constrain and verify.

Read the full preprint on Zenodo →

License: CC BY-NC 4.0