An AI agent is aligned at deployment time. Its behavior is calibrated against a set of goals, constraints, and evaluation criteria that reflect what its principals wanted at the moment of deployment. That alignment is not perpetual. The world changes, the operating context changes, the adversarial landscape changes. The agent's calibration does not automatically update to match. The result is alignment drift: a gradual divergence between what the agent does and what its principals now want, occurring without any discrete event that would trigger a review.

Alignment drift is distinct from bugs, misspecification, and identity changes. A bug produces incorrect behavior that can be reproduced and fixed. A misspecified objective produces behavior that consistently satisfies the letter of a badly written specification. An identity change occurs when the model or configuration is explicitly updated, triggering a re-enrollment checkpoint. Alignment drift is none of these. It is the accumulated effect of deploying an agent in a context that has silently become different from the context it was calibrated for.

Why silence makes it dangerous

Most agent monitoring frameworks are designed to detect deviations from expected behavior. They compare what the agent does now against what the agent did before. Alignment drift is invisible to this approach. An agent that was misaligned last week and is equally misaligned this week will produce no anomaly signal. The monitor sees consistent behavior; the consistency is the problem.

Consider a care agent calibrated on a patient population with a specific distribution of conditions, medications, and mobility levels. Over twelve months, that population shifts. New residents arrive with different profiles. The agent's calibration remains anchored to the original distribution. Its recommendations become subtly wrong — not catastrophically, not detectably by episode-level monitoring, but consistently less appropriate for the current population. The agent is doing what it was trained to do. The population it is serving is no longer the population it was trained for.

The post-quantum dimension

Post-quantum security adds a specific axis of alignment drift. An agent calibrated against a classical adversarial threat model is, by definition, misaligned against a quantum-capable adversary. The transition from classical to post-quantum threat is not a discrete event with a clear boundary. It is a gradually shifting probability distribution: the likelihood that a classical signature can be forged increases as quantum capability matures. An agent that was correctly calibrated to trust lattice-based signatures but not classical key material was making the right judgment under one threat model. As the threat model evolves, the trust threshold may need to recalibrate — but the agent has no mechanism to notice that its calibration is aging.

The same dynamic applies to the agent's own signing behavior. An agent that was calibrated to sign decisions using an algorithm family that was strong at deployment may be calibrated for an algorithm that is becoming weak. The calibration is not wrong; the world has moved.

Hardware degradation as alignment drift

Physical hardware introduces a further dimension. Sensors degrade over time. A care robot calibrated with fresh proximity sensors may develop systematically biased perception as those sensors age. The agent's world model is built on sensor readings that are no longer accurate. Its calibration — which was correct for the sensor readings at deployment — becomes increasingly misaligned with the actual physical environment.

This is alignment drift at the hardware layer: the agent's behavior is correct for the sensor readings it receives; the sensor readings are no longer correct for the world. The repair is not a software fix. It requires a physical-world intervention. The agent cannot self-diagnose this problem. Monitoring cannot detect it by comparing current behavior to historical behavior. It requires a testing regime that periodically checks outputs against ground-truth observations of the physical environment.

The design response

Treating alignment drift as a first-class operational concern requires three things. First, an alignment staleness clock: deployment records should include the date of last calibration and the conditions under which the agent was calibrated. That clock runs until recalibration. Second, a recalibration trigger: defined changes in the operating context — population shift, threat landscape change, hardware maintenance cycle — should trigger a mandatory recalibration review, not merely a performance review. Third, an override signal: human corrections are the most reliable evidence that alignment has drifted. An override log that records not just what was overridden but why is an alignment drift detector. When a cluster of overrides shares a common failure mode, the cluster is evidence that the agent's calibration no longer matches its operating context.

The override log, for this reason, is not just an audit trail. It is a sensor for alignment drift. Organizations that treat it only as a compliance record miss the signal embedded in it.

Alignment drift is not a catastrophic failure mode. It is a slow degradation that produces no individual event worth logging. That is precisely what makes it the hardest kind of agent failure to govern — and the most important to design against from the start.

AI智能体在部署时处于对齐状态。其行为经过校准，符合委托方在部署时希望实现的目标、约束条件与评估标准。但这种对齐并非永久有效。世界在变化，运行上下文在变化，威胁态势在变化。智能体的校准参数不会自动随之更新。由此产生的便是对齐漂移：智能体实际行为与委托方当前期望之间的逐渐背离，且整个过程不会触发任何明确的审查事件。

对齐漂移不同于程序错误、规范失当与身份变更。程序错误产生可被复现和修复的错误行为；规范失当产生的是持续满足书面要求但实质不符的行为；身份变更则发生在模型或配置被明确更新时，会触发重新注册的检查点。对齐漂移不属于上述任何一种。它是在一个悄然变得不同于智能体初始校准时上下文中部署的累积效应。

沉默使其成为危险

大多数智能体监控框架旨在检测行为偏差，通过将智能体当前行为与历史行为相比较来实现。对齐漂移对这种方法而言是透明的。一个上周失准、本周同样失准的智能体，不会产生任何异常信号。监控器看到的是一致的行为；而这种一致性本身就是问题所在。

设想一个针对特定患者群体——具有特定病症分布、用药情况和活动能力水平——进行校准的照护智能体。十二个月后，该群体发生了变化：新入住者带来不同的健康档案。但智能体的校准参数仍然锚定在原始分布上。其建议开始出现细微偏差——不是灾难性的失误，无法通过单次事件监控检测到，但对当前患者群体而言持续不够适当。智能体在做它被训练去做的事；而它正在服务的群体，已不再是它被训练时所针对的群体。

后量子维度

后量子安全为对齐漂移增加了特定轴向。一个针对经典对抗威胁模型进行校准的智能体，在面对量子能力的攻击者时，定义上已处于失准状态。从经典威胁到后量子威胁的过渡不是一个边界清晰的离散事件，而是一个逐渐变化的概率分布：随着量子能力的成熟，经典签名被伪造的可能性不断上升。一个被正确校准为信任基于格的签名方案而非经典密钥材料的智能体，在特定威胁模型下做出了正确判断。但随着威胁模型的演进，信任阈值可能需要重新校准——而智能体没有任何机制察觉其校准正在老化。

同样的动态适用于智能体自身的签名行为。一个被校准为使用在部署时强度充分的算法族进行决策签名的智能体，可能逐渐使用一个正在变弱的算法。校准本身没有错；是世界发生了移动。

硬件退化即对齐漂移

物理硬件引入了更深一层的维度。传感器会随时间退化。一个使用新鲜近距传感器校准的照护机器人，随着传感器老化，可能产生系统性偏差的感知。智能体的世界模型建立在不再精准的传感器读数之上。其校准——在部署时对当时的传感器读数而言是正确的——与实际物理环境之间的背离日益加剧。

这是硬件层面的对齐漂移：智能体的行为对于其接收到的传感器读数而言是正确的；传感器读数对于真实世界而言不再正确。修复不是软件层面的工作，而需要物理世界的干预。智能体无法自行诊断这一问题；监控也无法通过将当前行为与历史行为比较来发现它。这需要一套定期对照物理环境真实观察结果来检验智能体输出的测试机制。

设计应对

将对齐漂移作为一级运营关切来对待，需要三件事。第一，对齐陈旧度计时器：部署记录应包括最后一次校准的日期以及校准时的环境条件，该计时器在重新校准前持续运行。第二，重新校准触发条件：运行上下文的特定变化——群体转变、威胁态势变化、硬件维护周期——应触发强制性的重新校准审查，而不仅是性能审查。第三，覆盖信号：人工干预是对齐漂移最可靠的证据。记录不仅是干预内容、还有干预原因的覆盖日志，是对齐漂移探测器。当一批覆盖事件共享同一类失效模式时，这批事件就是智能体校准不再匹配其运行上下文的证据。

因此，覆盖日志不仅仅是审计轨迹，它是对齐漂移的传感器。仅将其视为合规记录的组织，会错过其中蕴含的信号。

对齐漂移不是灾难性的失效模式，而是一种缓慢的退化，不产生任何值得单独记录的事件。这正是它成为最难治理的智能体失效类型的原因——也是从一开始就必须为其设计防护的原因。

AI智能體在部署時處於對齊狀態。其行為經過校準，符合委託方在部署時希望實現的目標、約束條件與評估標準。但這種對齊並非永久有效。世界在變化，運行上下文在變化，威脅態勢在變化。智能體的校準參數不會自動隨之更新。由此產生的便是對齊漂移：智能體實際行為與委託方當前期望之間的逐漸背離，且整個過程不會觸發任何明確的審查事件。

對齊漂移不同於程式錯誤、規範失當與身份變更。程式錯誤產生可被複現和修復的錯誤行為；規範失當產生的是持續滿足書面要求但實質不符的行為；身份變更則發生在模型或配置被明確更新時，會觸發重新註冊的檢查點。對齊漂移不屬於上述任何一種。它是在一個悄然變得不同於智能體初始校準時上下文中部署的累積效應。

沉默使其成為危險

大多數智能體監控框架旨在檢測行為偏差，通過將智能體當前行為與歷史行為相比較來實現。對齊漂移對這種方法而言是透明的。一個上週失準、本週同樣失準的智能體，不會產生任何異常訊號。監控器看到的是一致的行為；而這種一致性本身就是問題所在。

設想一個針對特定患者群體——具有特定病症分佈、用藥情況和活動能力水平——進行校準的照護智能體。十二個月後，該群體發生了變化：新入住者帶來不同的健康檔案。但智能體的校準參數仍然錨定在原始分佈上。其建議開始出現細微偏差——不是災難性的失誤，無法通過單次事件監控檢測到，但對當前患者群體而言持續不夠適當。智能體在做它被訓練去做的事；而它正在服務的群體，已不再是它被訓練時所針對的群體。

後量子維度

後量子安全為對齊漂移增加了特定軸向。一個針對經典對抗威脅模型進行校準的智能體，在面對量子能力的攻擊者時，定義上已處於失準狀態。從經典威脅到後量子威脅的過渡不是一個邊界清晰的離散事件，而是一個逐漸變化的概率分佈：隨著量子能力的成熟，經典簽名被偽造的可能性不斷上升。一個被正確校準為信任基於格的簽名方案而非經典密鑰材料的智能體，在特定威脅模型下做出了正確判斷。但隨著威脅模型的演進，信任閾值可能需要重新校準——而智能體沒有任何機制察覺其校準正在老化。

同樣的動態適用於智能體自身的簽名行為。一個被校準為使用在部署時強度充分的演算法族進行決策簽名的智能體，可能逐漸使用一個正在變弱的演算法。校準本身沒有錯；是世界發生了移動。

硬件退化即對齊漂移

物理硬件引入了更深一層的維度。傳感器會隨時間退化。一個使用全新近距傳感器校準的照護機器人，隨著傳感器老化，可能產生系統性偏差的感知。智能體的世界模型建立在不再精準的傳感器讀數之上。其校準——在部署時對當時的傳感器讀數而言是正確的——與實際物理環境之間的背離日益加劇。

這是硬件層面的對齊漂移：智能體的行為對於其接收到的傳感器讀數而言是正確的；傳感器讀數對於真實世界而言不再正確。修復不是軟件層面的工作，而需要物理世界的干預。智能體無法自行診斷這一問題；監控也無法通過將當前行為與歷史行為比較來發現它。這需要一套定期對照物理環境真實觀察結果來檢驗智能體輸出的測試機制。

設計應對

將對齊漂移作為一級運營關切來對待，需要三件事。第一，對齊陳舊度計時器：部署記錄應包括最後一次校準的日期以及校準時的環境條件，該計時器在重新校準前持續運行。第二，重新校準觸發條件：運行上下文的特定變化——群體轉變、威脅態勢變化、硬件維護週期——應觸發強制性的重新校準審查，而不僅是性能審查。第三，覆蓋訊號：人工干預是對齊漂移最可靠的證據。記錄不僅是干預內容、還有干預原因的覆蓋日誌，是對齊漂移探測器。當一批覆蓋事件共享同一類失效模式時，這批事件就是智能體校準不再匹配其運行上下文的證據。

因此，覆蓋日誌不僅僅是審計軌跡，它是對齊漂移的傳感器。僅將其視為合規記錄的組織，會錯過其中蘊含的訊號。

對齊漂移不是災難性的失效模式，而是一種緩慢的退化，不產生任何值得單獨記錄的事件。這正是它成為最難治理的智能體失效類型的原因——也是從一開始就必須為其設計防護的原因。