Existing activation probes exhibit limited generalization under critical distribution shifts encountered in production environments—such as transitions from short to long contexts, multi-turn dialogues, and adaptive red-teaming attacks—rendering them ineffective at preventing large model misuse. To address this, this work proposes a novel probe architecture specifically optimized for long-context scenarios, integrating diverse training distributions with AlphaEvolve-based automated architecture search and a prompt classifier for efficient detection. The resulting approach substantially enhances robustness and deployment feasibility under real-world distribution shifts, achieving high detection accuracy with low computational overhead in the Gemini user-facing system.

Frontier language model capabilities are improving rapidly. We thus need stronger mitigations against bad actors misusing increasingly powerful systems. Prior work has shown that activation probes may be a promising misuse mitigation technique, but we identify a key remaining challenge: probes fail to generalize under important production distribution shifts. In particular, we find that the shift from short-context to long-context inputs is difficult for existing probe architectures. We propose several new probe architectures that handle this long-context distribution shift. We evaluate these probes in the cyber-offensive domain, testing their robustness against various production-relevant distribution shifts, including multi-turn conversations, long context prompts, and adaptive red teaming. Our results demonstrate that while our novel architectures address context length, a combination of architecture choice and training on diverse distributions is required for broad generalization. Additionally, we show that pairing probes with prompted classifiers achieves optimal accuracy at a low cost due to the computational efficiency of probes. These findings have informed the successful deployment of misuse mitigation probes in user-facing instances of Gemini, Google's frontier language model. Finally, we find early positive results using AlphaEvolve to automate improvements in both probe architecture search and adaptive red teaming, showing that automating some AI safety research is already possible.