Sign up to save your podcasts
Or
Share “AI companies should publish security assessments” by Ryan Greenblatt
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
“AI companies should publish security assessments” by Ryan Greenblatt
Subtitle: Third-party experts should assess defenses against tampering and theft — and publish high-level findings.
AI companies should get third-party security experts to assess (and possibly also red-team/pen-test) their security against key threat models and then publish the high-level findings of this assessment: the extent to which they can defend against different threat actors for each threat model. They should also publish who did this assessment. The assessment could be commissioned by AI companies, or performed by a third-party institution that AI companies provide with relevant information/access.
There are presumably lots of important details in doing this well, and I’m not a computer security expert, so I may be getting some of the details wrong. This is a relatively low-effort post in which I’m mostly trying to raise the salience of an idea. (I don’t make a detailed case or spell out all the details here.) Thanks to Fabien Roger and Buck Shlegeris for comments and discussion.
I suspect the controversial part of this claim is that they should make the high-level findings public. Publishing a summary of which threat actors you’re robust to (for each relevant threat model) shouldn’t meaningfully degrade security against the threat actors we [...]
The original text contained 4 footnotes which were omitted from this narration.
---
First published:
April 27th, 2026
Source:
https://blog.redwoodresearch.org/p/ai-companies-should-publish-security
---
Narrated by TYPE III AUDIO.
View all episodes
By Redwood ResearchSubtitle: Third-party experts should assess defenses against tampering and theft — and publish high-level findings.
AI companies should get third-party security experts to assess (and possibly also red-team/pen-test) their security against key threat models and then publish the high-level findings of this assessment: the extent to which they can defend against different threat actors for each threat model. They should also publish who did this assessment. The assessment could be commissioned by AI companies, or performed by a third-party institution that AI companies provide with relevant information/access.
There are presumably lots of important details in doing this well, and I’m not a computer security expert, so I may be getting some of the details wrong. This is a relatively low-effort post in which I’m mostly trying to raise the salience of an idea. (I don’t make a detailed case or spell out all the details here.) Thanks to Fabien Roger and Buck Shlegeris for comments and discussion.
I suspect the controversial part of this claim is that they should make the high-level findings public. Publishing a summary of which threat actors you’re robust to (for each relevant threat model) shouldn’t meaningfully degrade security against the threat actors we [...]
The original text contained 4 footnotes which were omitted from this narration.
---
First published:
April 27th, 2026
Source:
https://blog.redwoodresearch.org/p/ai-companies-should-publish-security
---
Narrated by TYPE III AUDIO.