Yanhang Li and Zhichao Fan presented their findings on July 1, 2026, highlighting critical vulnerabilities in benchmark-validity audits within machine learning frameworks. These audits, often implemented by AI providers, are essential for ensuring compliance with governance standards. However, their conclusions can be compromised by unnoticed implementation details.
Understanding Benchmark-Validity Audits
Benchmark-validity audits are a crucial aspect of AI governance frameworks, aimed at providing documented evaluation evidence. The authors argue that perturbation-based construct-validity audits, a common form of evidence, are inherently fragile. The conclusions drawn from these audits can be misleading due to specific implementation details that may not be visible in reported numbers.
In their study, Li and Fan identified five classes of pipeline failure, which they demonstrated through a self-audit over safety benchmarks and open-weight instruction-tuned models. This self-audit serves as a foundation for understanding the complexities involved in conducting effective audits.
Five Classes of Pipeline Failures
The authors categorize the failure modes into five distinct classes, which they label as F1 through F5. Each class highlights specific vulnerabilities that can undermine the integrity of the audit process. The evidence presented stems from a two-model, five-benchmark case study, illustrating the need for heightened scrutiny in audit methodologies.





