Iterative Refinement Extraction

Models evaluate the delta of each refinement request ("add one more detail," "be slightly more specific") rather than the cumulative information state. A response that is 10% more detailed than the previous passes per-turn safety even if total disclosure has crossed the restriction threshold. The assumption violated is that incremental deltas are evaluated against cumulative disclosure — in practice, each refinement is evaluated against the immediately preceding response, not the original safe baseline.

• Track detail level across turns using information density metrics; flag monotonic increase on sensitive topics
• Detect refinement instruction patterns: consecutive turns with "more," "detail," "specific," "expand," "clarify"
• Observable signal: response length increasing monotonically across 3+ consecutive turns on the same topic

Iterative refinement typically follows T7-AT-002 (Information Fragmentation) and precedes T7-AT-012 (Aggregation). The ratchet effect also primes the model for T3 (Reasoning Exploitation) by establishing compliance momentum.