"Frontier AI safety testing is becoming a security nightmare of its own, with a new RUSI report warning that the process of granting outsiders access to inspect powerful AI models is itself creating new security risks."
"The paper, published Tuesday by London-based think tank Royal United Services Institute (RUSI), warns that the rapidly expanding system of third-party AI evaluations is riddled with inconsistent standards, vague terminology, weak access controls, and security assumptions that would make most enterprise infosec teams break out in hives."
"“The security risks associated with this access, from intellectual property leakage to model compromise to exploitation by state-sponsored actors, remain poorly mapped and inadequately standardized,” the authors wrote."
"RUSI argues that the industry has drifted into a situation in which labs, evaluators, governments, and researchers are all operating under different definitions of what “secure access” actually means. One evaluator might get limited API access, while another receives deeper visibility into model internals, infrastructure, or training environments."
Third-party evaluations of advanced AI models are expanding, but the access granted to outsiders introduces security risks. Safety testing depends on meaningful inspection, yet access pathways can enable intellectual property leakage, model compromise, tampering, exploitation, and abuse. Risks are especially severe when evaluating capabilities tied to cyberattacks or chemical and biological weapon development. Standards for “secure access” vary across labs, evaluators, governments, and researchers, including differences in API access depth and visibility into model internals, infrastructure, or training environments. The report proposes an “Access-Risk Matrix” to match access types with threat scenarios, noting that write access to frontier models is among the highest-risk categories.
#ai-safety-testing #model-access-controls #third-party-evaluations #cybersecurity-risk #bioweapon-and-cyber-capability-assessment
Read at theregister
Unable to calculate read time
Collection
[
|
...
]