Get your free personalized podcast brief
We scan new podcasts and send you the top 5 insights daily.
Simple refusal mechanisms in AI models are easily bypassed by motivated actors. Effective biosecurity requires deeper interventions, such as curating training data to exclude sensitive biological information or implementing strict access controls for the most powerful models, ensuring they aren't publicly available.
Related Insights
The current industry approach to AI safety, which focuses on censoring a model's "latent space," is flawed and ineffective. True safety work should reorient around preventing real-world, "meatspace" harm (e.g., data breaches). Security vulnerabilities should be fixed at the system level, not by trying to "lobotomize" the model itself.
A practical security model for AI agents suggests they should only have access to a combination of two of the following three capabilities: local files, internet access, and code execution. Granting all three at once creates significant, hard-to-manage vulnerabilities.
A novel safety technique, 'machine unlearning,' goes beyond simple refusal prompts by training a model to actively 'forget' or suppress knowledge on illicit topics. When encountering these topics, the model's internal representations are fuzzed, effectively making it 'stupid' on command for specific domains.
Instead of trying to control open-source AI models, which is intractable, the proposed strategy is to control the small, expensive-to-produce functional datasets they train on. This preserves the beneficial open-source ecosystem while preventing the dissemination of dangerous capabilities like viral design.
Instead of relying on flawed AI guardrails, focus on traditional security practices. This includes strict permissioning (ensuring an AI agent can't do more than necessary) and containerizing processes (like running AI-generated code in a sandbox) to limit potential damage from a compromised AI.
Research on bio-foundation models like EVO2 and ESM3 shows that strategically excluding key datasets (e.g., sequences of viruses that infect humans) dramatically reduces a model's performance on dangerous tasks, often to random chance, without harming its useful scientific capabilities.
Current AI safety solutions primarily act as external filters, analyzing prompts and responses. This "black box" approach is ineffective against jailbreaks and adversarial attacks that manipulate the model's internal workings to generate malicious output from seemingly benign inputs, much like a building's gate security can't stop a resident from causing harm inside.
To balance AI capability with safety, implement "power caps" that prevent a system from operating beyond its core defined function. This approach intentionally limits performance to mitigate risks, prioritizing predictability and user comfort over achieving the absolute highest capability, which may have unintended consequences.
Training Large Language Models to ignore malicious 'prompt injections' is an unreliable security strategy. Because AI is inherently stochastic, a command ignored 1,000 times might be executed on the 1,001st attempt due to a random 'dice roll.' This is a sufficient success rate for persistent hackers.
A comprehensive AI safety strategy mirrors modern cybersecurity, requiring multiple layers of protection. This includes external guardrails, static checks, and internal model instrumentation, which can be combined with system-level data (e.g., a user's refund history) to create complex, robust security rules.