Small models, big threats: Characterizing safety challenges from low-compute AI models
Prateek Puri
TL;DR
The paper examines how capabilities once confined to frontier models are diffusing into low-compute, sub-30B parameter AI systems, threatening safety with modest hardware. By analyzing over 5,000 open-source LLMs from HuggingFace, it shows that the size required for competitive benchmarks has dropped up to roughly $10\times$ while performance at a fixed size improves over time. It then simulates the compute budgets needed for social-harm campaigns (disinformation, spear-phishing, voice cloning, deepfakes) and finds that such campaigns are feasible on consumer devices and cheap clusters, anchoring the risk in real-world hardware access. The authors argue that existing governance focusing on high-compute thresholds misses these threats and propose alternative strategies—capability-based risk evaluation, defensive AI, and resilience measures—emphasizing the need for collaboration among policymakers, researchers, and industry to address a broader class of risks.
Abstract
Artificial intelligence (AI) systems are revolutionizing fields such as medicine, drug discovery, and materials science; however, many technologists and policymakers are also concerned about the technology's risks. To date, most concrete policies around AI governance have focused on managing AI risk by considering the amount of compute required to operate or build a given AI system. However, low-compute AI systems are becoming increasingly more performant - and more dangerous. Driven by agentic workflows, parameter quantization, and other model compression techniques, capabilities once only achievable on frontier-level systems have diffused into low-resource models deployable on consumer devices. In this report, we profile this trend by downloading historical benchmark performance data for over 5,000 large language models (LLMs) hosted on HuggingFace, noting the model size needed to achieve competitive LLM benchmarks has decreased by more than 10X over the past year. We then simulate the computational resources needed for an actor to launch a series of digital societal harm campaigns - such as disinformation botnets, sexual extortion schemes, voice-cloning fraud, and others - using low-compute open-source models and find nearly all studied campaigns can easily be executed on consumer-grade hardware. This position paper argues that protection measures for high-compute models leave serious security holes for their low-compute counterparts, meaning it is urgent both policymakers and technologists make greater efforts to understand and address this emerging class of threats.
