Proud to share I'll be a co-mentor at @MATSprogram for the Autumn 2026 cohort, working alongside @LisaThiergart on the @SL5TaskForce . MATS is one of the strongest talent pipelines in AI safety. Three months, real research with a mentor, on a problem that ships. Many scholars join their mentor's org afterward or spin out their own. Our stream is building SL5: security against priority nation-state attacks for frontier AI infrastructure. This year we're prototyping a real datacenter with frontier labs. The work needs people who can lead. Who we want: 3 years security or infrastructure engineering Previously led a project with 2 people on novel technical ground Comfortable in highly automated workflows (Claude Code, etc.) Strong Python or Rust, or excellent technical communication Bonus: TEMPEST, SCIF construction, or datacenter physical security experience. Apply by June 7. matsprogram.org/apply

I‘m mentoring again this Fall! Come work with me on Mock SL5 Datacenters!

These are great steps! Here's 8 other things we could do: 1. Congress should fund CAISI at ~$80 million instead of $10 mn, which is our internal analysis of what it'd take for CAISI to actually fulfill the purposes laid out in the AI Action Plan and other Trump admin directives. 2. The NSA, CAISI others should plan for the moment when >Mythos-class models are distilled or trained in China, and make a real effort in preemptive cyberdefense. We called this last year, and have some ideas on what to do (ifp.org/operation-patchlight…, ifp.org/the-great-refactor/, ifp.org/preventing-ai-sleepe…) 3. OSTP and NSC should coordinate building RAND-style SL-4/SL-5 security for frontier model weights. Distillation is one way to get somewhat capable models, but stealing model weights gets you the best model, and it's completely doable for well-resourced state-backed actors. The weights themselves are the crown jewels, and most labs aren't close to being able to defend them! Once we train a 10x Mythos soon, we'll wish we had a secure environment to run it in. (More implementation details here: ifp.org/a-sprint-toward-secu…) 4. Relatedly, fund help staff an insider-threat / counter-intel program for frontier labs. It is much harder to protect model weights if adversarial people have privileged access. 5. The White House should direct Commerce/BIS to strengthen AI chip and SME export controls to adversarial countries, so that even if cyber-capable models are distilled or stolen, they can't be deployed at scale on American chips. China has huge domestic production bottlenecks (ifp.org/the-b30a-decision/), so exporting fewer chips makes a difference, pound for pound. 6. And because smuggling is still a problem, we should also be deploying chip security measures like privacy-preserving country-level location verification, which will allow us to export more chips to semi-trusted countries while verifying that they're not being smuggled to adversarial ones (more: rebuilding.tech/posts/condit…), and there is more AI verification work to be done to enable more mutually beneficial trade without national security downsides (ifp.org/faster-ai-diffusion-…). 7. On top of funding CAISI, we should direct it to run pre-deployment evals for CBRN and cyber uplift on a classified track. You can't hold adversaries accountable for abusing US models if we don't systematically measure what those models can do in the first place. 8. The NSC, NSA and CAISI should write the emergency-response playbook for the day a Mythos-class weight leak is confirmed, or distillation is successful. Who does what, in what order? To be in a good place, we should've started years ago. But it'll only be more urgent each passing month. Compute stock is growing 3.4x/year; LLM inference prices declining at -40x/year for a fixed level of capability; software progress is improving so quickly that the pre-trainig compute we need to reach a capability is 3 times lower each passing year (epoch.ai/)... These are just some ideas for government, related to distillation and model weight theft. Philanthropy and the private sector have big roles to play as well. We have so much work to do!

🛡️ Introducing the Security Level 5 (SL5) Standard. This is the first revision of our SL5 Standard, focused on long lead time requirements: interventions that must be planned years in advance, such as facility construction, hardware procurement, and organizational capability development. Some requirements represent significant departures from standard industry practice. We believe these measures are necessary at this security level, while recognizing the need to address real operational constraints. sl5.org/projects/security-le… Future revisions will further optimize the intersection of SL5 security and practical deployment, expand mappings from DoD IL6 and related frameworks, and refine areas where government involvement may ultimately be required. We welcome collaboration. This concludes SL5 Shipmas. We’re excited to share this work and continue building toward robust, scalable security for frontier AI systems.

🔎Introducing the Sensitivity Levels Framework (SenL) - an Insider Risk Management Framework for the AI industry: SenL proposes industry-adapted clearance levels for AI labs, designed to proportionally reduce insider and personnel risk while remaining feasible under private-sector legal, operational, and cultural constraints. It translates government-style continuous evaluation across seven domains into a tiered model that labs can deploy today, with optional pathways to integrate government information sharing as policy allows. Speed, cost effectiveness, and scalability are prioritized. sl5.org/projects/sensitivity…

📘 All the SL5 Novel Recommendations are now live. Today we’re releasing the remaining reports on Network Security, Physical Security, and Supply Chain Security, completing the set of novel recommendations for Security Level 5 🚀 Hope you enjoy & looking forward to your comments! sl5.org/reports/network-secu… sl5.org/reports/physical-sec… sl5.org/reports/supply-chain…

📘 Today we’re releasing two focused reports with novel recommendations for Machine Security and Personnel Security, addressing critical gaps between current industry practices and Security Level 5 requirements. sl5.org/reports/machine-secu… sl5.org/reports/personnel-se… Bonus release: a local, privacy-first speech to text toolkit for sensitive meetings. sl5.org/projects/secure-spee… More coming tomorrow.