Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Mitigating Cyber Risk in the Age of Open-Weight LLMs: Policy Gaps and Technical Realities

Alfonso de Gregorio

TL;DR

This paper investigates cybersecurity risks arising from open-weight GPAI models and current regulatory gaps, arguing that public release of model weights enables rapid, scalable offensive cyber capabilities. It leverages evidence from the OCCULT evaluations, including DeepSeek-R1's performance exceeding 90% on offensive cyber tasks, to show that openness lowers barriers for a broader range of actors. The authors contend that existing frameworks like the EU AI Act are ill-suited for open-weight artifacts and advocate for targeted, capability-based controls, defensive AI innovation, and international CTI sharing to close regulatory gaps without unduly hindering open innovation. The work aims to guide policymakers and researchers toward pragmatic governance that preserves innovation while enhancing cyber security through targeted regulation, evaluation capacity, and cross-border cooperation.

Abstract

Open-weight general-purpose AI (GPAI) models offer significant benefits but also introduce substantial cybersecurity risks, as demonstrated by the offensive capabilities of models like DeepSeek-R1 in evaluations such as MITRE's OCCULT. These publicly available models empower a wider range of actors to automate and scale cyberattacks, challenging traditional defence paradigms and regulatory approaches. This paper analyzes the specific threats -- including accelerated malware development and enhanced social engineering -- magnified by open-weight AI release. We critically assess current regulations, notably the EU AI Act and the GPAI Code of Practice, identifying significant gaps stemming from the loss of control inherent in open distribution, which renders many standard security mitigations ineffective. We propose a path forward focusing on evaluating and controlling specific high-risk capabilities rather than entire models, advocating for pragmatic policy interpretations for open-weight systems, promoting defensive AI innovation, and fostering international collaboration on standards and cyber threat intelligence (CTI) sharing to ensure security without unduly stifling open technological progress.

Mitigating Cyber Risk in the Age of Open-Weight LLMs: Policy Gaps and Technical Realities

TL;DR

This paper investigates cybersecurity risks arising from open-weight GPAI models and current regulatory gaps, arguing that public release of model weights enables rapid, scalable offensive cyber capabilities. It leverages evidence from the OCCULT evaluations, including DeepSeek-R1's performance exceeding 90% on offensive cyber tasks, to show that openness lowers barriers for a broader range of actors. The authors contend that existing frameworks like the EU AI Act are ill-suited for open-weight artifacts and advocate for targeted, capability-based controls, defensive AI innovation, and international CTI sharing to close regulatory gaps without unduly hindering open innovation. The work aims to guide policymakers and researchers toward pragmatic governance that preserves innovation while enhancing cyber security through targeted regulation, evaluation capacity, and cross-border cooperation.

Abstract

Open-weight general-purpose AI (GPAI) models offer significant benefits but also introduce substantial cybersecurity risks, as demonstrated by the offensive capabilities of models like DeepSeek-R1 in evaluations such as MITRE's OCCULT. These publicly available models empower a wider range of actors to automate and scale cyberattacks, challenging traditional defence paradigms and regulatory approaches. This paper analyzes the specific threats -- including accelerated malware development and enhanced social engineering -- magnified by open-weight AI release. We critically assess current regulations, notably the EU AI Act and the GPAI Code of Practice, identifying significant gaps stemming from the loss of control inherent in open distribution, which renders many standard security mitigations ineffective. We propose a path forward focusing on evaluating and controlling specific high-risk capabilities rather than entire models, advocating for pragmatic policy interpretations for open-weight systems, promoting defensive AI innovation, and fostering international collaboration on standards and cyber threat intelligence (CTI) sharing to ensure security without unduly stifling open technological progress.

Paper Structure

This paper contains 27 sections.

Table of Contents

  1. Introduction
  2. Motivation and Context
  3. Research Questions and Objectives
  4. Organization
  5. Background and Literature Review
  6. Offensive Cyber Operations
  7. General-Puropose AI and Open-Weights Models
  8. Offensive AI in Cybersecurity Literature
  9. Threat Landscape Redefined by Open-Weight AI
  10. Offensive Cyber Potential of Advanced LLMs
  11. MITRE's OCCULT and DeepSeek-R1
  12. Escalation of Capabilities and Actor Profiles
  13. Policy Blind Spots in Current Regulatory Frameworks
  14. Overview of Existing Legislation: The EU AI Act & GPAI Code of Practice
  15. Systemic Risk vs. Open-Source Culture: The Mitigation Gap
  16. ...and 12 more sections