Tag: international network of ai safety institutes

  • AI Safety Institute Network: How Cross-Border Testing Works

    The AI safety institute network is a group of ten government-backed bodies — currently Australia, Canada, the EU, France, Japan, Kenya, the Republic of Korea, Singapore, the UK and the US — that coordinate technical methods for evaluating advanced AI models before and after deployment. It is not one institute; it is a forum for shared testing standards, joint exercises and information-sharing between national evaluators, formally renamed in February 2026 to reflect a wider science-of-evaluation mandate.

    The AI safety institute network traces to the May 2024 Seoul AI Summit, where the UK, US, Japan, Singapore, the EU and several other governments agreed to establish an international forum for AI safety science. Since then it has run joint model-testing pilots, absorbed a new member (Kenya), and changed its own name — developments that most explainer content published in 2024–25 has not caught up with.

    What is the AI safety institute network?

    The network is a technical forum, not a regulator. Each participating jurisdiction runs its own domestic AI safety or security institute — a government office, typically sitting inside a science or digital ministry — and the network is the channel through which those offices align methods rather than rules.

    As of February 2026 its formal name is the International Network for Advanced AI Measurement, Evaluation and Science, having operated since its November 2024 founding as the “International Network of AI Safety Institutes.” The rename, announced on the UK AI Security Institute’s blog, signals a shift from a safety-branding forum toward a standing scientific body focused on measurement methodology.

    • Established: November 2024, following the Seoul Statement of Intent signed at the May 2024 AI Seoul Summit
    • Current members: Australia, Canada, the European Union, France, Japan, Kenya, the Republic of Korea, Singapore, the United Kingdom and the United States
    • 2026 Network Coordinator: the United Kingdom, via the AI Security Institute (AISI)
    • Mandate: build internationally recognised methods for measuring and evaluating advanced AI capabilities and risks

    How does cross-border AI model testing actually work?

    Cross-border testing runs on bilateral agreements and joint exercises rather than a single binding treaty. The clearest example is the UK–US Memorandum of Understanding signed on 1 April 2024, under which the two institutes committed to a shared approach to model evaluations, at least one joint test of a publicly accessible model, technical-research collaboration and staff exchanges.

    Member institutes have already run several joint exercises. A pilot evaluation of an open foundation model tested interoperability between two toolkits — the UK’s open-source Inspect framework and Singapore’s Moonshot platform — checking whether results from different infrastructure could be compared directly.

    • A multilingual evaluation led jointly by Singapore, Japan and the UK translated and validated benchmark questions into ten languages to test privacy, crime, intellectual-property and jailbreak-resistance risks across languages
    • A joint exercise on “agentic” AI systems examined risks including sensitive-information leakage, fraud and cybersecurity in models capable of autonomous planning and task execution
    • Information-sharing covers model limitations, capabilities and documented safety incidents, subject to each institute’s domestic law

    No member institute has ceded sovereign testing authority to the network. Each government still decides what to evaluate and publish; the network’s value is methodological convergence, not enforcement.

    What changed when the network renamed itself in 2026?

    At a technical meeting held alongside the NeurIPS conference in San Diego in late 2025, members reported growing consensus on evaluation principles and surfaced open methodological questions in a February 2026 blog post — evidence the network has moved from launch-phase diplomacy to a working scientific programme.

    Consensus areas reported include: evaluations must state clear objectives before they run; results must be transparent and reproducible; testing parameters should match the evaluation’s purpose (best-case elicitation versus realistic use); and reports should separate individual tests and stay legible to non-specialist policymakers.

    Unresolved questions include how much methodological detail evaluators can publish without enabling replication of dangerous capabilities, how flexible reporting templates should be, and how to evaluate deployed AI systems — not just underlying models. The network’s next meeting is at the India AI Impact Summit, where members plan to test approaches against real-world use cases.

    How do the national institutes compare?

    Funding, remit and regulatory posture vary sharply between members — “the AI safety institute” is a misleading singular, since at least six materially different institutional models operate under one network.

    Jurisdiction Institute Parent body Reported funding Primary posture
    United Kingdom AI Security Institute (AISI, formerly AI Safety Institute) Department for Science, Innovation and Technology £100 million secured until 2030 Voluntary evaluations, R&D, 2026 Network Coordinator
    United States Center for AI Standards and Innovation (CAISI, formerly US AISI) NIST $10 million for FY2024/25 Voluntary evaluations and standards R&D
    European Union EU AI Office DG Connect €46.5 million setup funding Binding regulation — enforces the EU AI Act
    Singapore Digital Trust Centre / AI Verify Foundation IMDA $37 million setup funding Testing tooling and content-assurance standards
    Japan Japan AI Safety Institute IPA Not separately disclosed Evaluation methodology and standards research
    Canada Canadian AI Safety Institute ISED Not separately disclosed R&D and international coordination

    The EU is the outlier: its AI Office is the only member with statutory enforcement power, administering the EU AI Act’s obligations on providers of general-purpose models with systemic risk. Every other member’s work is voluntary — which is why joint testing protocols, not legislation, are the network’s main coordination tool.

    Where can academic researchers plug into pre-deployment evaluation work?

    Pre-deployment evaluation is not a closed government function. Several member institutes have built explicit, funded routes for academic researchers rather than treating testing as an internal civil-service exercise.

    • Open evaluation tooling: the UK AISI’s Inspect framework is published as open-source software, so university research groups can build and run their own model evaluations using the same infrastructure member institutes use, rather than reverse-engineering proprietary test harnesses
    • Grant-funded safety research: AISI’s Systemic Safety Grants programme has funded academic work on systemic AI risks, alongside The Alignment Project — a multi-funder grants and compute programme backed by AISI, UKRI, Schmidt Sciences and several frontier AI developers supporting alignment research beyond government labs
    • Conference-linked workshops: the network’s 2025 technical meeting was held alongside NeurIPS to exchange methods with academic and industry researchers, not as a closed intergovernmental session
    • Multilingual and cross-cultural evaluation gaps: the network has flagged that evaluation science for non-English, non-Western contexts is underdeveloped — a direct, citable entry point for university linguistics and computational social science groups

    For institutional leaders, the practical implication is that AI safety evaluation now sits alongside conventional funder compliance work: grant terms from bodies co-funding alignment research carry reporting and reproducibility expectations that research administration teams already apply to other externally funded programmes.

    Answer-first questions on the AI safety institute network

    Which countries have AI safety institutes?

    Ten members currently participate in the International Network for Advanced AI Measurement, Evaluation and Science: Australia, Canada, the European Union, France, Japan, Kenya, the Republic of Korea, Singapore, the United Kingdom and the United States, each running its own domestic evaluation body.

    Did the AI Safety Institute change its name?

    Yes. In 2025 the UK’s AI Safety Institute was renamed the AI Security Institute, and its US counterpart became the Center for AI Standards and Innovation (CAISI). In February 2026 the international network itself was renamed from the “International Network of AI Safety Institutes” to the “International Network for Advanced AI Measurement, Evaluation and Science.”

    Are the network’s testing protocols legally binding?

    No single binding treaty governs the whole network. Cooperation runs through bilateral instruments such as the UK–US Memorandum of Understanding and voluntary joint exercises; the EU AI Office is the sole member with statutory enforcement power, via the EU AI Act.

    Who coordinates the network in 2026?

    The United Kingdom, through its AI Security Institute, holds the 2026 Network Coordinator role and has committed to converting the group’s evaluation-science consensus into detailed best-practice documentation before the network’s next meeting at the India AI Impact Summit.

    What happens next

    The network’s trajectory — from a 2024 diplomatic statement to a 2026 renamed scientific body with a rotating coordinator and a published consensus-and-open-questions agenda — suggests consolidation around evaluation methodology rather than a drift into national silos. Kenya’s addition also signals a deliberate widening beyond the original G7-plus-Singapore core.

    For universities, funders and publishers tracking AI governance, the signal to watch is the best-practice documentation the UK has committed to during its 2026 coordinator term, and whether evaluating deployed AI systems — not just underlying models — gets resolved before the India AI Impact Summit.

  • AI Security Institute UK: What the Rebrand Means

    The UK AI Security Institute (AISI) is the government’s frontier-AI testing body, renamed in February 2025 from the AI Safety Institute to signal a sharper focus on cyber-harms, national security and misuse risk rather than broader ethical questions such as bias. For universities, the practical mandate — pre-deployment model access, evaluation infrastructure, and grant funding via the Alignment Project — has not shrunk, but proposals now compete more strongly when framed around security-relevant risk.

    The AI Security Institute is a directorate of the UK’s Department for Science, Innovation and Technology (DSIT) whose mission, in its own words, is “to equip governments with a scientific understanding of the risks posed by advanced AI.” It sits inside government but is designed, in AISI’s own framing, “like a startup in the government.”

    What is the AI Security Institute, and how did it start?

    AISI traces its origins to the Frontier AI Taskforce, launched with an initial £100 million budget in April 2023. It was formally established as the AI Safety Institute at the AI Safety Summit held at Bletchley Park in November 2023 — the world’s first major intergovernmental gathering on frontier-AI risk. The institute now operates on £66 million of funding per financial year, plus long-term resourcing commitments from DSIT.

    Its core activities are unchanged by the rename: testing leading AI systems before and after public release, informing UK and allied policymakers on emerging capabilities, and running an open-source evaluation platform called Inspect that lets companies, governments and academics run standardised safety tests. AISI holds pre-deployment access agreements with Anthropic, Google DeepMind and OpenAI, giving it — and by extension its research partners — visibility into frontier models before the public sees them.

    Why was the AI Safety Institute renamed the AI Security Institute?

    The rename took effect in February 2025, reported first by Infosecurity Magazine on 14 February that year. Observers, including Wikipedia’s contributor consensus on the institute’s own entry, read the change as signalling that AISI would step back from broader ethical territory — algorithmic bias, freedom of speech in AI systems — and concentrate on the most severe, security-relevant harms: cyberattacks, biological and chemical weapons uplift, and loss of control over autonomous systems.

    The shift echoed a parallel move in Washington. In June 2025, the US AI Safety Institute was renamed the Center for AI Standards and Innovation (CAISI), with then-Commerce Secretary Howard Lutnick stating that AI evaluation should not be used “under the guise” of restricting innovation. The UK’s own rename predates that, but both reflect a broader 2025 pivot among Western AI-safety bodies away from precautionary, existential-risk framing and toward concrete national-security and economic-competitiveness mandates.

    AISI’s published research areas now read as a security taxonomy rather than a general safety agenda: Cyber Misuse, Safeguards, Alignment, Control, Autonomy, Human Influence and Societal Resilience. Each maps to a specific threat model government departments can act on, rather than an open-ended ethics brief.

    How does AISI fit into the International Network of AI Safety Institutes?

    The International Network of AI Safety Institutes was agreed at the AI Seoul Summit in May 2024 and held its first formal meeting in November 2024. Its founding members are the UK, the United States, the European Union, Japan, France, Singapore, South Korea, Canada, Kenya and Australia (Australia’s own AI Safety Institute was announced in November 2025, after the network’s launch). Kenya remains the only African member.

    Membership matters for universities in a practical sense: the network’s joint testing exercises — including a July 2025 evaluation exercise on AI-agent risks such as sensitive-data leakage — set shared technical standards that AISI then applies domestically. A university research group that aligns its evaluation methodology with AISI’s is, by extension, aligning with a standard that a further nine jurisdictions recognise.

    International Network of AI Safety Institutes — selected member bodies
    Jurisdiction Institute Established
    United Kingdom AI Security Institute (AISI) Nov 2023; renamed Feb 2025
    United States Center for AI Standards and Innovation (CAISI) Nov 2023; renamed Jun 2025
    European Union EU AI Office May 2024
    France INESIA Jan 2025
    Japan J-AISI Feb 2024
    Singapore Digital Trust Centre (AISI-designated) Renamed May 2024
    Canada Canadian AI Safety Institute Nov 2024

    What does the rebrand mean for university model-access and red-teaming partnerships?

    For institutions pursuing model-access agreements or red-teaming collaborations, the security framing changes what gets funded, not whether funding exists. AISI mobilises more than £15 million in grants through the Alignment Project, open to university and non-profit researchers globally, and its priority-access arrangement covers over £1.5 billion of compute through the UK’s AI Research Resource and exascale supercomputing programme — a resource pool researchers can draw on for evaluation-relevant work.

    Three practical shifts follow from the rebrand:

    • Proposal framing: research questions pitched around cyber-misuse, safeguard robustness or loss-of-control scenarios now map more directly onto AISI’s stated research areas than proposals framed around general-purpose ethics or bias auditing.
    • Compute and model access: AISI’s pre-deployment agreements with frontier labs give it privileged visibility that university partners can sometimes access via joint evaluation projects — but access is gated by relevance to AISI’s security-risk taxonomy.
    • Policy context: the UK’s AI Opportunities Action Plan, published 13 January 2025, commits to expanding sovereign AI compute capacity at least 20-fold by 2030 and created a Sovereign AI Unit with up to £500 million in funding — infrastructure that sits alongside, not inside, AISI’s own compute allocation, but which shapes the wider funding climate university research offices are now navigating.

    Research administrators should note that AISI’s grant and access programmes are administered separately from Research England and UKRI mainstream funding lines, so due-diligence and reporting requirements differ from a standard research-council award.

    Answer-first Q&A

    Did the UK change the name of the AI Security Institute?

    Yes. The UK’s AI Safety Institute was renamed the AI Security Institute in February 2025. The institute itself did not change its legal status or parent department — it remains a directorate of DSIT — but its public mission language and research priorities shifted toward cyber-harms and national-security risk.

    What exactly does “AI security” mean in this context?

    In AISI’s usage, AI security covers risks where advanced models are misused for cyberattacks, biological or chemical weapons development, or where systems act autonomously beyond human oversight. It is narrower than the earlier “AI safety” framing, which also covered algorithmic bias and broader societal harms.

    Who leads the AI Security Institute?

    Adam Beaumont, formerly GCHQ’s Chief AI Officer, is Interim Director. Jade Leung, the Prime Minister’s AI Advisor and a former OpenAI governance lead, serves as Chief Technology Officer. Ian Hogarth chairs the institute, and its advisory board includes AI researcher Yoshua Bengio.

    Who funds the AI Security Institute?

    AISI is funded directly by the UK government through DSIT, at £66 million per financial year, with long-term resourcing commitments. It separately mobilises over £15 million in external grant funding through the Alignment Project for researchers, including those at universities, working outside government.

    Implications for research administrators

    The safety-to-security rebrand is best read as a narrowing of mandate language, not a withdrawal from academic engagement. Universities seeking model-access or red-teaming relationships with AISI should expect proposals to be evaluated more explicitly against its published risk taxonomy — cyber misuse, safeguards, alignment, control, autonomy, human influence and societal resilience — than against a general AI-ethics brief.

    Institutions should also track the International Network of AI Safety Institutes’ joint testing exercises as a source of emerging shared methodology, since AISI’s domestic evaluation standards are increasingly set in coordination with nine other jurisdictions rather than unilaterally. As the UK’s sovereign compute build-out under the AI Opportunities Action Plan proceeds toward its 2030 target, research offices with evaluation, red-teaming or alignment capacity are positioned to benefit from both AISI’s own grant lines and the wider national compute expansion.

    CASRAI tracks research-administration implications of national AI-governance bodies as part of its broader coverage of the standards landscape; see the CASRAI Dictionary for related terminology and the research administration hub for adjacent policy explainers.