Trust-Raw Override (TRO)

Updated 23 November 2025

Trust-Raw Override (TRO) is a framework that bypasses conventional preprocessing by directly leveraging raw data inputs when confidence thresholds are met.
It improves system performance across computer vision, adversarial malware defense, and human–AI collaboration through threshold-based uncertainty gating and direct inference.
Empirical results show TRO can enhance accuracy and speed while raising critical questions about trust calibration and the ethical design of AI interfaces.

Trust-Raw Override (TRO) refers to a family of paradigms and system-level strategies in machine learning and human–AI collaboration where a system or user deliberately bypasses an intermediary stage, engineered transform, or human-centric judgment in favor of direct “raw” model trust or raw feature input. TRO has emerged independently in three domains: computer vision with RAW imaging, human–AI decision workflows involving trust calibration, and adversarial defense pipelines leveraging uncertainty gating. Although the functional mechanisms are context-specific, the unifying logic is that, under certain conditions, it is optimal to “override” conventional preprocessing, feature engineering, or user input in favor of raw information—provided trust or confidence thresholds are met.

1. Mathematical and Methodological Foundations

Trust-Raw Override originated in different mathematical settings. Its canonical image-sensor interpretation rests on the physical image formation model:

Let $S(x,y,\lambda)$ denote scene radiance at pixel $(x,y)$ and wavelength $\lambda$ , with $Q_c(\lambda)$ the spectral sensitivity for filter $c \in \{R,G,B\}$ . The RAW output is

$R_c(i,j) = \int_0^\infty S(x_i, y_j, \lambda) Q_c(\lambda) \, d\lambda + \eta(i,j)$

where $\eta(i,j)$ is sensor noise. Post analog-to-digital conversion yields quantized values:

$M_\text{raw}(i,j) = QN (R_c(i,j)), \quad QN(\cdot) \in \{0,\ldots,2^N-1\}$

The classical pipeline for visual models includes demosaicking, white balancing, color correction, and gamma mapping:

Demosaic: $M_c(i,j) = \sum_{u,v} w_{u,v} M_\text{raw}(i+u,j+v)$ ,
White balance: $[R',G',B']^T = \mathrm{diag}(g_R, g_G, g_B)[M_R,M_G,M_B]^T$ ,
Color correction: $[R'',G'',B'']^T = C [R',G',B']^T$ ,
Gamma: $I_c = (R''_c)^{1/\gamma}$ .

The TRO thesis in this context is that all human-centric ISP stages are information-preserving up to clipping; thus, a deep CNN can directly process $M_\text{raw}$ , learning its own optimal "ISP" front-end, rendering the classical transform sequence computationally superfluous (Kantas et al., 2024).

Formally in adversarial malware detection, TRO is defined through trust/uncertainty metrics. Model trust is operationalized by estimating predictive uncertainty via MC-dropout inference:

$U(x) = \frac{1}{T} \sum_{t=1}^T \operatorname{Var}[f_\theta^{(t)}(x)]$

Raw override is triggered for samples with $U(x) > \tau$ , where $\tau$ is a dynamically-adapted uncertainty threshold (Chaudhary et al., 16 Nov 2025).

In human–AI collaboration, TRO is defined behaviorally. For participant $i$ over $N$ trials, the raw trust score is

$T_i = \frac{\#\{\text{final decisions}_i = \text{AI recommendation}\}}{N}$

Override rate is

$O_i = \frac{1}{N}\sum_{t=1}^N \mathbb{I}\bigl(\text{init}_{i,t}\neq\text{AI}_t \wedge \text{final}_{i,t}=\text{AI}_t\bigr)$

TRO’s primary metric is

$\mathrm{TRO} = O_\text{reasoning} - O_\text{no~reasoning}$

which quantifies the extent to which exposing model reasoning inflates override of user's initial (unique) knowledge (Chen et al., 6 Nov 2025).

2. System Architectures and Implementation

Computer Vision (RAW Imaging)

The TRO imaging pipeline consists of replacing RAW→RGB conversion with direct CNN inference on unprocessed sensor output. Empirical evaluations used:

ResNet-34: 34 layers, residual blocks, 5-way softmax; inputs as (a) original RAW (1 channel, $40\times 40\times 1$ ), (b) packed RAW (4 channels, $20\times 20\times 4$ ), and (c) BCA-RAW (bidirectional cross-modal attention fusion of both representations).
VGG-13: 13 convolutional layers, max-pooling, ReLU, 5-way softmax.

Training is performed with cross-entropy, SGD (momentum = 0.9, weight decay = $1e-4$), learning rate 1e-3, batch size 256, and stratified data splits (70% train, 20% validation, 10% test) (Kantas et al., 2024).

Adversarial Malware Defense

The pipeline, built for malware classification, operates by sequentially:

Running engineered-feature classifier $f_\theta$ with uncertainty estimation using $T$ MC-dropout runs,
Triggering raw override (extraction of byte-level features and classification by $f_\text{raw}$ ) where $U(x) > \tau$ ,
Combining predictions via fixed or uncertainty-weighted mixing,
Integrating with Confidence-Adaptive Bit-Depth Reduction (CABDR), where engineered features are quantized to 8, 6, or 4 bits based on $U(x)$ (Chaudhary et al., 16 Nov 2025).

Human–AI Trust and Decision-Making

Experimental design involves:

3×2 factorial setup: reasoning displayed (none, brief, extensive) × UHK present/absent,
Logging initial and final decisions to compute trust/override metrics,
Incentive-compatible payoffs for accuracy,
Explicit user warnings regarding LLM's knowledge gaps (Chen et al., 6 Nov 2025).

3. Empirical Results Across Domains

Computer Vision

Mean top-1 accuracies over 10 runs (ResNet-34) on rice grain classification:

Original RAW: $96.11\% \pm 0.37$
Packed RAW: $95.93\% \pm 0.21$
BCA-RAW: $96.81\% \pm 0.24$
8-bit/16-bit RGB: $96.17\% \pm 0.35$

Throughput (ResNet-34 on 457 samples):

Orig. RAW: $1.31\text{ s} \pm 0.05$
Packed RAW: $0.97\text{ s} \pm 0.16$
BCA-RAW: $4.89\text{ s} \pm 0.16$
8-/16-bit RGB: $1.34\text{ s} \pm 0.11$

Including RAW→RGB conversion ( $\sim$ 3.30 s per frame), the effective speedup for TRO (Orig. RAW) is $\sim$ 3.5×; for Packed RAW in VGG-13, speedup reaches 8.46× relative to the RGB pipeline (Kantas et al., 2024).

Malware Defense

In EMBER v2:

Clean accuracy (TRO+CABDR): $91.0\%\pm 0.3$ ; Malware TPR: $93.0\%\pm 0.4$
Attack Success Rate (ASR): reduced from $72.3\%\pm 2.4$ (baseline) to $34.4\%\pm 1.6$
Throughput: 1.26 million samples/second for batch size 256
Runtime overhead: 1.76× baseline

Ablations: TRO alone yields $42.1\%$ ASR at $1.40\times$ cost; CABDR alone $44.5\%$ at $1.30\times$ ; together, $34.4\%$ at $1.76\times$ (Chaudhary et al., 16 Nov 2025).

Human–AI Trust Calibration

TRO, as measured in override rate difference, is:

Phase I (no unique knowledge): $+0.013$ (brief), $+0.020$ (extensive) over no reasoning
Phase II (with UHK): $+0.040$ (brief), $+0.044$ (extensive), both $p<0.001$

Performance gain from UHK (potential $\Delta_\text{no}=0.182$ ) is crowded out by 2–3 percentage points when reasoning is shown, indicating erosion of user knowledge utilization (Chen et al., 6 Nov 2025).

4. Mechanisms, Thresholds, and Theoretical Implications

TRO mechanisms are domain-adaptive but unified by threshold-based gating:

In imaging, the invertibility of ISP stages allows task-specific models to learn custom front-ends, rendering manual ISP unnecessary for classification.
In malware, adversarial samples exhibit elevated predictive variance $U(x)$ under dropout; threshold $\tau$ is dynamically set to maximize robustness–overhead tradeoff, triggering raw override only on the top 7–10% most-uncertain samples (Chaudhary et al., 16 Nov 2025).
In human override, detailed AI explanations act as a persuasive authority-cue, directly increasing raw trust ( $T$ ) and override rates ( $O$ ), thereby crowding out Unique Human Knowledge. Linear regression confirms the statistical relationship, with coefficients $\hat\beta_1=+0.040$ (brief) and $\hat\beta_2=+0.044$ (extensive), SE = $0.010$, $p<0.001$ (Chen et al., 6 Nov 2025).

Theoretical implications suggest that exposing intermediate transforms or reasoning chains can inflate trust and calibrate system response, but can also systematically undermine human judgment or efficiency if not carefully gated.

5. Practical Guidelines and Design Recommendations

For imaging pipelines, the TRO approach is as follows:

Acquire sensor RAW, crop, normalize.
Optionally spatially pack the mosaic.
Forward through classifier; no ISP-preprocessing required (Kantas et al., 2024).

For adversarial malware defense:

Use MC-dropout to estimate uncertainty; override to raw feature extraction/classification as triggered by thresholded uncertainty.
Utilize background caching and dynamic adaptation of $\tau$ to maintain sub-2× overhead.
Combine with CABDR for feature quantization, using uncertainty to adjust bit depth (Chaudhary et al., 16 Nov 2025).

For human–AI interfaces:

Selectively justify recommendations only when AI is known to outperform user knowledge.
Deploy just-in-time alerts to remind users of critical information the AI lacks.
Implement override confirmation prompts and dynamically tune reasoning granularity to maintain accurate trust calibration (Chen et al., 6 Nov 2025).

6. Limitations and Future Directions

Documented limitations of current TRO implementations include:

RAW imaging results are demonstrated on a constrained, 5-class rice grain dataset; scaling to complex real-world scenes or tasks would require larger, more diverse RAW corpora and transfer learning from RGB-trained weights (Kantas et al., 2024).
The best accuracy (e.g., BCA-RAW) in vision incurs higher computational cost, reflecting a trade-off between speed and marginal gains.
In adversarial defense, the efficiency–robustness knee is empirically located at $\sim$ 1.76× overhead; further reduction may require fundamentally new architectures (Chaudhary et al., 16 Nov 2025).
In decision-making, revealing reasoning reliably increases override even when users have privileged knowledge, raising unresolved questions about transparency, calibration, and the ethical design of AI explanation interfaces (Chen et al., 6 Nov 2025).

Plausible future work includes end-to-end learnable ISP modules, mixed-precision RAW processing, real-time video TRO, larger human–AI override studies, and unified thresholds for mixed-modality trust gating.

7. Cross-Domain Synthesis and Significance

TRO defines a broad principle: leveraging direct trust in low-level information or model output, overriding intermediary steps, can accelerate pipelines, enhance adversarial robustness, and affect user behavior. In all domains, the success of such overrides depends fundamentally on threshold calibration: in imaging, on the invertibility of the ISP; in malware, on the reliability of uncertainty gating; and in human–AI teamwork, on the fidelity of trust calibration. Effective deployment of TRO paradigms thus requires explicit cost–benefit optimization, empirical validation, and design safeguards to prevent unwanted erosion of information or operational performance (Kantas et al., 2024, Chen et al., 6 Nov 2025, Chaudhary et al., 16 Nov 2025).

Markdown Report Issue Upgrade to Chat

References (3)

Raw Instinct: Trust Your Classifiers and Skip the Conversion (2024)

Efficient Adversarial Malware Defense via Trust-Based Raw Override and Confidence-Adaptive Bit-Depth Reduction (2025)

Revealing AI Reasoning Increases Trust but Crowds Out Unique Human Knowledge (2025)

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Trust-Raw Override (TRO).