Security Level 5 Task Force

These are great steps! Here's 8 other things we could do: 1. Congress should fund CAISI at ~$80 million instead of $10 mn, which is our internal analysis of what it'd take for CAISI to actually fulfill the purposes laid out in the AI Action Plan and other Trump admin directives. 2. The NSA, CAISI + others should plan for the moment when >Mythos-class models are distilled or trained in China, and make a real effort in preemptive cyberdefense. We called this last year, and have some ideas on what to do (https://t.co/d4hUMQQZ8p, https://t.co/Vj8gHkBLo8, https://t.co/P3jOcSdFRa) 3. OSTP and NSC should coordinate building RAND-style SL-4/SL-5 security for frontier model weights. Distillation is one way to get somewhat capable models, but stealing model weights gets you the best model, and it's completely doable for well-resourced state-backed actors. The weights themselves are the crown jewels, and most labs aren't close to being able to defend them! Once we train a 10x Mythos soon, we'll wish we had a secure environment to run it in. (More implementation details here: https://t.co/QKESFX7HE5) 4. Relatedly, fund + help staff an insider-threat / counter-intel program for frontier labs. It is much harder to protect model weights if adversarial people have privileged access. 5. The White House should direct Commerce/BIS to strengthen AI chip and SME export controls to adversarial countries, so that even if cyber-capable models are distilled or stolen, they can't be deployed at scale on American chips. China has huge domestic production bottlenecks (https://t.co/LwGx5fvran), so exporting fewer chips makes a difference, pound for pound. 6. And because smuggling is still a problem, we should also be deploying chip security measures like privacy-preserving country-level location verification, which will allow us to export more chips to semi-trusted countries while verifying that they're not being smuggled to adversarial ones (more: https://t.co/iUpSueHCKt), and there is more AI verification work to be done to enable more mutually beneficial trade without national security downsides (https://t.co/Kvx9oKF0vP). 7. On top of funding CAISI, we should direct it to run pre-deployment evals for CBRN and cyber uplift on a classified track. You can't hold adversaries accountable for abusing US models if we don't systematically measure what those models can do in the first place. 8. The NSC, NSA and CAISI should write the emergency-response playbook for the day a Mythos-class weight leak is confirmed, or distillation is successful. Who does what, in what order? To be in a good place, we should've started years ago. But it'll only be more urgent each passing month. Compute stock is growing 3.4x/year; LLM inference prices declining at -40x/year for a fixed level of capability; software progress is improving so quickly that the pre-trainig compute we need to reach a capability is 3 times lower each passing year (https://t.co/QGrPUQ3mng)... These are just some ideas for government, related to distillation and model weight theft. Philanthropy and the private sector have big roles to play as well. We have so much work to do!

1/n Today we're releasing the first public draft of the Security Level 5 (SL5) standard, designed to protect frontier AI models against nation-state adversaries. This v0.1 focuses on long lead time interventions: the things that need to start now, before SL5 is urgently needed. https://t.co/a2vDRon9Kx

🛡️ Introducing the Security Level 5 (SL5) Standard. This is the first revision of our SL5 Standard, focused on long lead time requirements: interventions that must be planned years in advance, such as facility construction, hardware procurement, and organizational capability development. Some requirements represent significant departures from standard industry practice. We believe these measures are necessary at this security level, while recognizing the need to address real operational constraints. https://t.co/MgiEnfGLQN Future revisions will further optimize the intersection of SL5 security and practical deployment, expand mappings from DoD IL6 and related frameworks, and refine areas where government involvement may ultimately be required. We welcome collaboration. This concludes SL5 Shipmas. We’re excited to share this work and continue building toward robust, scalable security for frontier AI systems.

🔎Introducing the Sensitivity Levels Framework (SenL) - an Insider Risk Management Framework for the AI industry: SenL proposes industry-adapted clearance levels for AI labs, designed to proportionally reduce insider and personnel risk while remaining feasible under private-sector legal, operational, and cultural constraints. It translates government-style continuous evaluation across seven domains into a tiered model that labs can deploy today, with optional pathways to integrate government information sharing as policy allows. Speed, cost effectiveness, and scalability are prioritized. https://t.co/n9AlnO9D1b

📘 All the SL5 Novel Recommendations are now live. Today we’re releasing the remaining reports on Network Security, Physical Security, and Supply Chain Security, completing the set of novel recommendations for Security Level 5 🚀 Hope you enjoy & looking forward to your comments! https://t.co/mdwd5p4KR4 https://t.co/XjpLJHOLKf https://t.co/QYIQYMDqsD

📘 Today we’re releasing two focused reports with novel recommendations for Machine Security and Personnel Security, addressing critical gaps between current industry practices and Security Level 5 requirements. https://t.co/jy6L3AmF7w https://t.co/FJkEGbhcC1 Bonus release: a local, privacy-first speech to text toolkit for sensitive meetings. https://t.co/8caJk7Kawu More coming tomorrow.