Frontier AI safety tests may be creating the very risks they're meant to stop

Frontier AI safety testing is becoming a security nightmare of its own, with a new RUSI report warning that the process of granting outsiders access to inspect powerful AI models is itself creating new security risks. The paper, published Tuesday by London-based think tank Royal United Services Institute (RUSI), warns that the rapidly expanding system of third-party AI evaluations is riddled with inconsistent standards, vague terminology, weak access controls, and security assumptions that would make most enterprise infosec teams break out in hives. The report focuses on a growing problem facing governments and AI companies alike: meaningful safety testing requires outsiders to access advanced models, but every new access pathway creates another opportunity for theft, tampering, espionage, or abuse. That gets especially risky when the systems in question are being evaluated for capabilities related to cyberattacks or chemical and biological weapon development. "The security risks associated with this access, from intellectual property leakage to model compromise to exploitation by state-sponsored actors, remain poorly mapped and inadequately standardized," the authors wrote. RUSI argues that the industry has drifted into a situation in which labs, evaluators, governments, and researchers are all operating under different definitions of what "secure access" actually means. One evaluator might get limited API access, while another receives deeper visibility into model internals, infrastructure, or training environments. The paper introduces what it calls an "Access-Risk Matrix" designed to map different types of model access against different threat scenarios. Unsurprisingly, handing outsiders write access to frontier models lands firmly in the "what could possibly go wrong?" category. "Write access to model internals represents the access type with the highest level of risk," the report warns, because it potentially allows adversaries to tamper with model behavior directly. The report also punctures the industry's tendency to frame frontier AI security as some entirely new class of problem requiring magical new solutions. Some of the biggest risks identified by the authors are depressingly familiar: stolen credentials, poor credential hygiene, weak access revocation, and overprivileged users. In other words, the same identity and access management problems corporate security teams have wrestled with for decades, except now attached to systems being tested for catastrophic misuse risks. RUSI also warns that the lack of internationally standardized rules governing AI evaluations is creating openings for hostile states, criminal groups, and rogue insiders to exploit gaps between jurisdictions and organizations. "Access decisions remain ad hoc, security expectations are inconsistent and the language used to describe access levels varies across jurisdictions, organizations and agreements," the paper states. The report ultimately calls for formalized international governance frameworks and closer coordination between cybersecurity professionals and AI safety researchers before the current patchwork system turns into the world's most expensive lesson in privileged access management. (R)