“AI companies should publish security assessments” by ryan_greenblatt

“AI companies should publish security assessments” by ryan_greenblatt

From LessWrong (30+ Karma) by LessWrong

April 27, 2026 · 6 min

About this episode

Ryan Greenblatt discusses the importance of AI companies publishing security assessments by third-party experts.

AI companies should get third-party security experts to assess (and possibly also red-team/pen-test) their security against key threat models and then publish the high-level findings of this assessment: the extent to which they can defend against different threat actors for each threat model. They should also publish who did this assessment. The assessment could be commissioned by AI companies, or performed by a third-party institution that AI companies provide with relevant information/access. There are presumably lots of important details in doing this well, and I'm not a computer security expert, so I may be getting some of the details wrong. This is a relatively low-effort post in which I'm mostly trying to raise the salience of an idea. (I don't make a detailed case or spell out all the details here.) Thanks to Fabien Roger and Buck Shlegeris for comments and discussion. I suspect the controversial part of this claim is that they should make the high-level findings public. Publishing a summary of which threat actors you're robust to (for each relevant threat model) shouldn't meaningfully degrade security against the threat actors we care about, and this information seems…

People in this episode

Guest: ryan_greenblatt

Topics covered

  • AI security
  • third-party assessments
  • threat models
  • public transparency
  • computer security

Keywords

  • AI companies
  • security assessments
  • threat actors
  • red-team
  • pen-test
  • public findings

More episodes of LessWrong (30+ Karma)

Explore listener stats, chart rankings, contacts and more on the LessWrong (30+ Karma) podcast page.