The UK AI Security Institute (AISI) is the government’s frontier-AI testing body, renamed in February 2025 from the AI Safety Institute to signal a sharper focus on cyber-harms, national security and misuse risk rather than broader ethical questions such as bias. For universities, the practical mandate — pre-deployment model access, evaluation infrastructure, and grant funding via the Alignment Project — has not shrunk, but proposals now compete more strongly when framed around security-relevant risk.
The AI Security Institute is a directorate of the UK’s Department for Science, Innovation and Technology (DSIT) whose mission, in its own words, is “to equip governments with a scientific understanding of the risks posed by advanced AI.” It sits inside government but is designed, in AISI’s own framing, “like a startup in the government.”
- What is the AI Security Institute, and how did it start?
- Why was the AI Safety Institute renamed the AI Security Institute?
- How does AISI fit into the International Network of AI Safety Institutes?
- What does the rebrand mean for university model-access and red-teaming partnerships?
- Answer-first Q&A
- Implications for research administrators
What is the AI Security Institute, and how did it start?
AISI traces its origins to the Frontier AI Taskforce, launched with an initial £100 million budget in April 2023. It was formally established as the AI Safety Institute at the AI Safety Summit held at Bletchley Park in November 2023 — the world’s first major intergovernmental gathering on frontier-AI risk. The institute now operates on £66 million of funding per financial year, plus long-term resourcing commitments from DSIT.
Its core activities are unchanged by the rename: testing leading AI systems before and after public release, informing UK and allied policymakers on emerging capabilities, and running an open-source evaluation platform called Inspect that lets companies, governments and academics run standardised safety tests. AISI holds pre-deployment access agreements with Anthropic, Google DeepMind and OpenAI, giving it — and by extension its research partners — visibility into frontier models before the public sees them.
Why was the AI Safety Institute renamed the AI Security Institute?
The rename took effect in February 2025, reported first by Infosecurity Magazine on 14 February that year. Observers, including Wikipedia’s contributor consensus on the institute’s own entry, read the change as signalling that AISI would step back from broader ethical territory — algorithmic bias, freedom of speech in AI systems — and concentrate on the most severe, security-relevant harms: cyberattacks, biological and chemical weapons uplift, and loss of control over autonomous systems.
The shift echoed a parallel move in Washington. In June 2025, the US AI Safety Institute was renamed the Center for AI Standards and Innovation (CAISI), with then-Commerce Secretary Howard Lutnick stating that AI evaluation should not be used “under the guise” of restricting innovation. The UK’s own rename predates that, but both reflect a broader 2025 pivot among Western AI-safety bodies away from precautionary, existential-risk framing and toward concrete national-security and economic-competitiveness mandates.
AISI’s published research areas now read as a security taxonomy rather than a general safety agenda: Cyber Misuse, Safeguards, Alignment, Control, Autonomy, Human Influence and Societal Resilience. Each maps to a specific threat model government departments can act on, rather than an open-ended ethics brief.
How does AISI fit into the International Network of AI Safety Institutes?
The International Network of AI Safety Institutes was agreed at the AI Seoul Summit in May 2024 and held its first formal meeting in November 2024. Its founding members are the UK, the United States, the European Union, Japan, France, Singapore, South Korea, Canada, Kenya and Australia (Australia’s own AI Safety Institute was announced in November 2025, after the network’s launch). Kenya remains the only African member.
Membership matters for universities in a practical sense: the network’s joint testing exercises — including a July 2025 evaluation exercise on AI-agent risks such as sensitive-data leakage — set shared technical standards that AISI then applies domestically. A university research group that aligns its evaluation methodology with AISI’s is, by extension, aligning with a standard that a further nine jurisdictions recognise.
| Jurisdiction | Institute | Established |
|---|---|---|
| United Kingdom | AI Security Institute (AISI) | Nov 2023; renamed Feb 2025 |
| United States | Center for AI Standards and Innovation (CAISI) | Nov 2023; renamed Jun 2025 |
| European Union | EU AI Office | May 2024 |
| France | INESIA | Jan 2025 |
| Japan | J-AISI | Feb 2024 |
| Singapore | Digital Trust Centre (AISI-designated) | Renamed May 2024 |
| Canada | Canadian AI Safety Institute | Nov 2024 |
What does the rebrand mean for university model-access and red-teaming partnerships?
For institutions pursuing model-access agreements or red-teaming collaborations, the security framing changes what gets funded, not whether funding exists. AISI mobilises more than £15 million in grants through the Alignment Project, open to university and non-profit researchers globally, and its priority-access arrangement covers over £1.5 billion of compute through the UK’s AI Research Resource and exascale supercomputing programme — a resource pool researchers can draw on for evaluation-relevant work.
Three practical shifts follow from the rebrand:
- Proposal framing: research questions pitched around cyber-misuse, safeguard robustness or loss-of-control scenarios now map more directly onto AISI’s stated research areas than proposals framed around general-purpose ethics or bias auditing.
- Compute and model access: AISI’s pre-deployment agreements with frontier labs give it privileged visibility that university partners can sometimes access via joint evaluation projects — but access is gated by relevance to AISI’s security-risk taxonomy.
- Policy context: the UK’s AI Opportunities Action Plan, published 13 January 2025, commits to expanding sovereign AI compute capacity at least 20-fold by 2030 and created a Sovereign AI Unit with up to £500 million in funding — infrastructure that sits alongside, not inside, AISI’s own compute allocation, but which shapes the wider funding climate university research offices are now navigating.
Research administrators should note that AISI’s grant and access programmes are administered separately from Research England and UKRI mainstream funding lines, so due-diligence and reporting requirements differ from a standard research-council award.
Answer-first Q&A
Did the UK change the name of the AI Security Institute?
Yes. The UK’s AI Safety Institute was renamed the AI Security Institute in February 2025. The institute itself did not change its legal status or parent department — it remains a directorate of DSIT — but its public mission language and research priorities shifted toward cyber-harms and national-security risk.
What exactly does “AI security” mean in this context?
In AISI’s usage, AI security covers risks where advanced models are misused for cyberattacks, biological or chemical weapons development, or where systems act autonomously beyond human oversight. It is narrower than the earlier “AI safety” framing, which also covered algorithmic bias and broader societal harms.
Who leads the AI Security Institute?
Adam Beaumont, formerly GCHQ’s Chief AI Officer, is Interim Director. Jade Leung, the Prime Minister’s AI Advisor and a former OpenAI governance lead, serves as Chief Technology Officer. Ian Hogarth chairs the institute, and its advisory board includes AI researcher Yoshua Bengio.
Who funds the AI Security Institute?
AISI is funded directly by the UK government through DSIT, at £66 million per financial year, with long-term resourcing commitments. It separately mobilises over £15 million in external grant funding through the Alignment Project for researchers, including those at universities, working outside government.
Implications for research administrators
The safety-to-security rebrand is best read as a narrowing of mandate language, not a withdrawal from academic engagement. Universities seeking model-access or red-teaming relationships with AISI should expect proposals to be evaluated more explicitly against its published risk taxonomy — cyber misuse, safeguards, alignment, control, autonomy, human influence and societal resilience — than against a general AI-ethics brief.
Institutions should also track the International Network of AI Safety Institutes’ joint testing exercises as a source of emerging shared methodology, since AISI’s domestic evaluation standards are increasingly set in coordination with nine other jurisdictions rather than unilaterally. As the UK’s sovereign compute build-out under the AI Opportunities Action Plan proceeds toward its 2030 target, research offices with evaluation, red-teaming or alignment capacity are positioned to benefit from both AISI’s own grant lines and the wider national compute expansion.
CASRAI tracks research-administration implications of national AI-governance bodies as part of its broader coverage of the standards landscape; see the CASRAI Dictionary for related terminology and the research administration hub for adjacent policy explainers.
Leave a Reply