A model that passes your safety evaluation has been tested against a generic threat surface. Your institution does not have a generic threat surface. Stanford HELM and MITRE ATLAS both document adversarial robustness degrading significantly outside benchmark distributions. No published safety benchmark tests against institution-specific data, internal terminology, or proprietary workflow triggers. Your security team ran the evaluation, reviewed the results, and cleared the model for deployment. The evaluation was real. The threat surface it tested was not yours. Your production environment has specific characteristics: internal document naming conventions, employee workflow patterns, system identifiers that appear nowhere in any benchmark dataset. An adversary who maps that structure can craft inputs the model has never encountered in testing. The model behaves safely in the lab. It encounters your institution's specific attack surface in production. Safety evaluation covers the general case. Production exposure is always the specific case. #AI #AIAgent