Life update: I’ve joined the UK @AISafetyInst on the Safeguards Analysis team! We’re working on how to conceptually and empirically assess whether a set of safeguards used to reduce risk is sufficient.

Huge kudos to @StephenLCasper and Kyle O'Brien for leading this work. See the @AISecurityInst thread, and the paper and website below:.

Generate videos in just a few seconds. Try Grok Imagine, free for a limited time.

Very excited for this work to be out. We do large-scale empirical experiments on data filtering for harmful knowledge, and find that it improves tamper resistance >10x compared with existing methods, while being cheap (<1% pretraining compute) and not degrading capabilities!.

RT @alxndrdavies: We at @AISecurityInst worked with @OpenAI to test & improve Agent’s safeguards prior to release. A few notes on our exper….

New work out: We demonstrate a new attack against stacked safeguards and analyse defence in depth strategies. Excited for this joint collab between @farairesearch and @AISecurityInst to be out!.

RT @RylanSchaeffer: A bit late to the party, but our paper on predictable inference-time / test-time scaling was accepted to #icml2025 🎉🎉🎉….

RT @A_v_i__S: Ever tried to tell if someone really forgot your birthday?. evaluating forgetting is tricky. Now imagine doing that… bu….

RT @sahar_abdelnabi: Hawthorne effect describes how study participants modify their behavior if they know they are being observed. In our p….

RT @_robertkirk: New paper! With @joshua_clymer, Jonah Weinbaum and others, we’ve written a safety case for safeguards against misuse. We l….

RT @geoffreyirving: Now all three of AISI's Safeguards, Control, and Alignment Teams have a paper sketching safety cases for technical miti….

Full paper:.Blog post:. This was joint work with @joshua_clymer, Jonah Weinbaum, @kimberlytmai, @selenazhxng and @alxndrdavies.

We're excited to see work in this space, especially on improving safeguard evaluation techniques. Apply to our Challenge Fund if you're interested in pursuing this line of research: .

This safety case represents just one path for justifying AI misuse risk is maintained below a threshold, but one could also argue model capabilities are insufficient to produce risk (quote tweet), or that models improve societal resilience to AI misuse (..

Finally, we combine all of the previous components into an overall safety case, which enables making a clear, structured and compelling end-to-end argument that connects technical evaluations with real-world deployment decisions.

We suggest 3 procedural policies developers could adopt to enable management of risk during deployment. Our case uses a continuous signal of risk during deployment (e.g. through a jailbreak bounty) to enable developers to respond through improving safeguards or adjusting access.

This estimate of risk could then be used to make deployment or access decisions. However, risk can change during deployment, e.g. as new methods for subverting safeguards (jailbreaking) are discovered.

Next we describe our "uplift model": a method for combining safeguard evals with threat modelling and capability evals to estimate the risk posed from the deployment of the hypothetical safeguarded AI system. Play with an interactive version here:

For safeguard evaluation, we build on our previous Principles for Safeguard Evaluation (.. This involves tasking a red team with trying to fulfil harmful requests to an AI assistant necessary for a pathway to harm identified by threat modelling.

The paper lays out an example safety case for how developers could justify that safeguards lower the risk of misuse below some pre-specified threshold. This involves three key components:.1. Safeguard evaluation.2. Uplift modelling.3. Managing risk in deployment.

We've done a lot of safeguard evaluations @AISecurityInst, but a key question has always been how best to make these evaluations actionable-and decision-relevant. This paper is a first step towards addressing that issue:

New paper! With @joshua_clymer, Jonah Weinbaum and others, we’ve written a safety case for safeguards against misuse. We lay out how developers can connect safeguard evaluation results to real-world decisions about how to deploy models. 🧵