1.1.1 Risks from literature and taxonomies are well covered (50%) 75%
Risk domains covered include CBRN, Cyber, Machine Learning R&D and misalignment, and harmful manipulation. Loss of control risks (covered by machine learning R&D and misalignment) are partly decomposed into a “stealth and situational awareness TCL” and “acceleration” and “automation” CCLs, though it is unclear how the TCL and CCLs interact to form a combined risk picture of loss of control risks. They also link to external analyses and discussions on safety frameworks, including by Anthropic, METR, OpenAI, the Frontier Model Forum, and the UK government.
Quotes:
“We identify CCLs for two kinds of risks: misuse risk and risks related to machine learning R&D and misalignment. For misuse risk, we define CCLs in the following risk domains where the misuse of model capabilities may result in severe harm:
● CBRN: Risks of models assisting in the development, preparation, and/or execution of a chemical, biological, radiological, or nuclear (“CBRN”) threat.
● Cyber: Risks of models assisting in the development, preparation, and/or execution of a cyber attack.
● Harmful Manipulation: Risks of models with high manipulative capabilities potentially being misused in ways that could reasonably result in large scale harm. For machine learning R&D and misalignment risks, we define CCLs that identify when ML R&D capabilities in our models may, if not properly managed, reduce society’s overall ability to manage AI risks.” (p.4)
“We consider a wide range of risks as part of our ongoing research, taking into account the characteristics, capabilities, propensities, and affordances of our models and other sources of information, such as our internal risk taxonomies, internal expertise and relevant external research. As explained above, we have identified risk domains where, based on early research, we have determined significant or severe risks may be most likely to arise from future models: CBRN, cyber, harmful manipulation, as well as machine learning R&D and misalignment.” (p.5)
“Stealth and Situational Awareness TCL: The instrumental reasoning abilities of the model enable enough situational awareness (ability to discover and use relevant details of its deployment setting) and stealth (ability to circumvent basic oversight mechanisms) such that, absent additional mitigations, we cannot rule out the model significantly undermining human control.” (p.14)
“ML R&D acceleration level 1: Has been used to accelerate AI development, resulting in AI progress substantially accelerating from historical rates. […]
ML R&D automation level 1: Can fully automate the work of any team of researchers at Google focused on improving AI capabilities, with approximately comparable all-inclusive costs.” (p.15)
“The Framework is informed by the broader conversation on Frontier AI Safety and Security Frameworks.1” (p.2) followed by Footnote 1: “1 See https://www.gov.uk/government/publications/emerging-processes-for-frontier-ai-safety, https://metr.org/faisc, https://www.anthropic.com/rsp-updates, https://www.anthropic.com/news/compliance-framework-SB53, https://openai.com/index/updating-our-preparedness-framework/, https://www.frontiermodelforum.org/publications/#technical-reports.”
“As part of our broader research into and development of frontier AI models, we continue to assess whether there are other risk domains where significant or severe risks may arise and will update our approach as appropriate.” (p.5)
“The Frontier Safety Framework will be reviewed at least once a year—more frequently if we have reasonable grounds to believe the adequacy of the Framework or our adherence to it has been materially undermined. The process will involve (i) an assessment of the Framework’s appropriateness for the management of significant and severe risk, drawing on information sources such as record of adherence to the framework, relevant high-quality research, information shared through industry forums, and evaluation results, as necessary, and (ii) an assessment of our adherence to the Framework.” (p.17)
1.1.2 Exclusions are clearly justified and documented (50%) 25%
The framework covers the main risks present in the literature. However, it only provides a basic breakdown of loss of control risks into “stealth and situational awareness”, as well as “acceleration” and “automation” of AI R&D. There is no justification for why other aspects of loss of control risks like autonomy or autonomous self-replication have not been considered.
Further, the framework asserts that they “may […] update [their] risk domains and T/CCLs, where necessary”, but does not provide the concrete evidence that would be required for this to happen.
Quotes:
“As part of our broader research into and development of frontier AI models, we continue to assess whether there are other risk domains where significant or severe risks may arise and will update our approach as appropriate.” (p.5)
“We may include TCLs for additional risks in the future, as our threat modeling develops.” (p.4)
“The Frontier Safety Framework will be reviewed at least once a year […] Following this assessment, we may: Update our risk domains and T/CCLs, where necessary.” (p.17)