On the Fundamental Limits of Security Detection: A Theory of Distinguishability Collapse

We present a formal framework explaining why security detection becomes fundamentally impossible as attacks evolve toward higher levels of abstraction, and why the gap between AI-augmented attack and defense will continue to widen. Building on four decades of research from Denning's foundational work on intrusion detection (1987), through Forrest et al.'s behavioral detection (1996), to Wagner & Soto's mimicry attacks (2002)we identify and formalize the implicit distinguishability hypothesis underlying all detection-based security.

Our framework synthesizes three intellectual traditions: Wiener's cybernetic insight (1948) that detection is signal extraction from noise, the OSI model's (1984) recognition of layer-specic vulnerabilities, and Burgess's Promise Theory (2005) showing that impositions fail against autonomous agents. We prove that Denning's hypothesis collapses when adversaries achieve polynomial-cost mimicrya condition now realized by generative AI.

Our main contributions include seven formal results. The Distinguishability Collapse Theorem (Theorem 4.6) establishes that detection becomes computationally impossible when mimicry cost is polynomial. The Arms Race Convergence Theorem (Theorem 4.10) proves that the defender-adversary dynamic converges to collapse equilibrium. The Irreversibility Theorem (Theorem 4.13) shows this collapse is permanentdetection lacks symmetric defensive technology. The Kill Chain Composition Theorem (Theorem 4.16) proves that AI improvement across attack stages compounds exponentially, while defensive improvement remains additive. The Promise-Theoretic Impossibility Theorem (Theorem 5.6) formalizes detection as an imposition that fails when adversaries make no promise to reveal intent. The Semantic Indistinguishability Theorem (Theorem 6.3) proves that at the semantic layer, intent cannot be inferred from observablesthis is information-theoretically impossible, not merely computationally dicult.

We characterize a four-layer model (syntactic, architectural, behavioral, semantic) showing progressive degradation of distinguishability. Our theorems apply to content-based detection; metadata, contextual signals, and architectural controls operate outside this scope and represent the viable path forward. We conclude that security architectures must shift from detect and respond to constrain and verify.