Table of Contents
Fetching ...

Frontier AI Auditing: Toward Rigorous Third-Party Assessment of Safety and Security Practices at Leading AI Companies

Miles Brundage, Noemi Dreksler, Aidan Homewood, Sean McGregor, Patricia Paskov, Conrad Stosz, Girish Sastry, A. Feder Cooper, George Balston, Steven Adler, Stephen Casper, Markus Anderljung, Grace Werner, Soren Mindermann, Vasilios Mavroudis, Ben Bucknall, Charlotte Stix, Jonas Freund, Lorenzo Pacchiardi, Jose Hernandez-Orallo, Matteo Pistillo, Michael Chen, Chris Painter, Dean W. Ball, Cullen O'Keefe, Gabriel Weil, Ben Harack, Graeme Finley, Ryan Hassan, Scott Emmons, Charles Foster, Anka Reuel, Bri Treece, Yoshua Bengio, Daniel Reti, Rishi Bommasani, Cristian Trout, Ali Shahin Shamsabadi, Rajiv Dattani, Adrian Weller, Robert Trager, Jaime Sevilla, Lauren Wagner, Lisa Soder, Ketan Ramakrishnan, Henry Papadatos, Malcolm Murray, Ryan Tovcimak

TL;DR

Frontier AI auditing addresses the lack of reliable, external verification of safety and security claims from leading developers. The paper defines frontier AI auditing and introduces AI Assurance Levels (AAL-1 to AAL-4) to calibrate confidence and coverage, emphasizing an organizational, multi-lens approach with deep, secure access and continuous monitoring. It draws lessons from food safety, aviation, and financial auditing, outlines a comprehensive risk scope, and proposes governance structures, independent auditors, and practical next steps to scale auditing globally. If implemented, this framework can improve safety outcomes, reduce deployment uncertainty, and unlock broader investments and responsible adoption of frontier AI.

Abstract

Frontier AI is becoming critical societal infrastructure, but outsiders lack reliable ways to judge whether leading developers' safety and security claims are accurate and whether their practices meet relevant standards. Compared to other social and technological systems we rely on daily such as consumer products, corporate financial statements, and food supply chains, AI is subject to less rigorous third-party scrutiny along several dimensions. Ambiguity about whether AI systems are trustworthy can discourage deployment in some contexts where the technology could be beneficial, and make it more likely when it's dangerous. Public transparency alone cannot close this gap: many safety- and security-relevant details are legitimately confidential and require expert interpretation. We define frontier AI auditing as rigorous third-party verification of frontier AI developers' safety and security claims, and evaluation of their systems and practices against relevant standards, based on deep, secure access to non-public information. To make rigor legible and comparable, we introduce AI Assurance Levels (AAL-1 to AAL-4), ranging from time-bounded system audits to continuous, deception-resilient verification.

Frontier AI Auditing: Toward Rigorous Third-Party Assessment of Safety and Security Practices at Leading AI Companies

TL;DR

Frontier AI auditing addresses the lack of reliable, external verification of safety and security claims from leading developers. The paper defines frontier AI auditing and introduces AI Assurance Levels (AAL-1 to AAL-4) to calibrate confidence and coverage, emphasizing an organizational, multi-lens approach with deep, secure access and continuous monitoring. It draws lessons from food safety, aviation, and financial auditing, outlines a comprehensive risk scope, and proposes governance structures, independent auditors, and practical next steps to scale auditing globally. If implemented, this framework can improve safety outcomes, reduce deployment uncertainty, and unlock broader investments and responsible adoption of frontier AI.

Abstract

Frontier AI is becoming critical societal infrastructure, but outsiders lack reliable ways to judge whether leading developers' safety and security claims are accurate and whether their practices meet relevant standards. Compared to other social and technological systems we rely on daily such as consumer products, corporate financial statements, and food supply chains, AI is subject to less rigorous third-party scrutiny along several dimensions. Ambiguity about whether AI systems are trustworthy can discourage deployment in some contexts where the technology could be beneficial, and make it more likely when it's dangerous. Public transparency alone cannot close this gap: many safety- and security-relevant details are legitimately confidential and require expert interpretation. We define frontier AI auditing as rigorous third-party verification of frontier AI developers' safety and security claims, and evaluation of their systems and practices against relevant standards, based on deep, secure access to non-public information. To make rigor legible and comparable, we introduce AI Assurance Levels (AAL-1 to AAL-4), ranging from time-bounded system audits to continuous, deception-resilient verification.
Paper Structure (45 sections, 8 figures, 4 tables)

This paper contains 45 sections, 8 figures, 4 tables.

Figures (8)

  • Figure 2: Recommendations for next steps across four challenges in frontier AI auditing.
  • Figure 3: Understanding key concepts: how assessments relate to evaluation, verification, and audits.
  • Figure 4: Understanding frontier AI. The frontier advances over time as the state-of-the-art capability level increases, so a system is considered frontier if it remains within a fixed lag (e.g., 1 year) of the state-of-the-art at a given point in time.
  • Figure 5: Proposed risk focuses and sources of relevant standards for frontier AI auditing.
  • Figure 6: What should be audited?
  • ...and 3 more figures