Longterm Wiki
Updated 2026-01-30HistoryData
Page StatusContent
Edited 2 weeks ago2.1k words2 backlinks
65
QualityGood
82
ImportanceHigh
14
Structure14/15
18122055%1%
Updated weeklyOverdue by 7 days
Summary

Comprehensive analysis of 13 AI misuse cruxes with quantified evidence showing mixed uplift (RAND bio study found no significant difference, but cyber CTF scores improved 27%→76% in 3 months), deepfake incidents projected at 8M by 2025 (up from 500K in 2023), and human detection accuracy at only 24.5%. Framework explicitly maps uncertainties to policy responses (restrictions, compute governance, detection systems) with probability ranges for each position.

Issues2
QualityRated 65 but structure suggests 93 (underrated by 28 points)
Links16 links could use <R> components

AI Misuse Risk Cruxes

Crux

AI Misuse Risk Cruxes

Comprehensive analysis of 13 AI misuse cruxes with quantified evidence showing mixed uplift (RAND bio study found no significant difference, but cyber CTF scores improved 27%→76% in 3 months), deepfake incidents projected at 8M by 2025 (up from 500K in 2023), and human detection accuracy at only 24.5%. Framework explicitly maps uncertainties to policy responses (restrictions, compute governance, detection systems) with probability ranges for each position.

LessWrong80,000 Hours
Related
Risks
DeepfakesBioweapons RiskAI DisinformationAutonomous Weapons
Cruxes
AI Safety Solution Cruxes
2.1k words · 2 backlinks

Quick Assessment

DimensionAssessmentEvidence
Overall SeverityHighAI misuse incidents rose 8x since 2022; deepfakes responsible for 6.5% of all fraud (AI Incident Database)
Current Uplift EvidenceMixedRAND 2024 bioweapons study found no significant uplift; OpenAI cyber CTF scores improved 27% to 76% in 3 months (RAND, OpenAI)
Bioweapons RiskContested13/57 AI bio-tools rated "Red" risk; OpenAI o3 at 94th percentile virology; wet-lab bottleneck may dominate
Cyber RiskEscalating68% of analysts say AI phishing harder to detect; 703% increase in credential phishing H2 2024 (Deepstrike)
Disinformation RiskHighDeepfake fraud up 2,137% since 2022; human detection accuracy only 24.5% (UNESCO)
Mitigation EffectivenessPartialGuardrails reduce casual misuse; open-source models bypass restrictions; DNA screening at 97% after 2024 patch
TrendWorseningQ1 2025 deepfake incidents exceeded all of 2024 by 19%; AI cyber capabilities accelerating faster than defenses

Key Links

SourceLink
Official Websiteuscourts.gov
Wikipediaen.wikipedia.org
LessWronglesswrong.com

Overview

Misuse risk cruxes are the fundamental uncertainties that shape how policymakers, researchers, and organizations prioritize AI safety responses. These 13 cruxes determine whether AI provides meaningful "uplift" to malicious actors (30-45% say significant vs 35-45% modest), whether AI will favor offensive or defensive capabilities across security domains, and how effective various mitigation strategies can be. According to TIME's analysis of AI harm data, reports of AI-related incidents rose 50% year-over-year from 2022 to 2024, with malicious uses growing 8-fold since 2022.

Current evidence remains mixed across domains. The RAND biological uplift study (January 2024) tested 15 red teams with and without LLM access, finding no statistically significant difference in bioweapon attack plan viability. However, RAND's subsequent Global Risk Index for AI-enabled Biological Tools (2024) evaluated 57 state-of-the-art tools and indexed 13 as "Red" (action required), with one tool reaching the highest level of critical misuse-relevant capabilities. Meanwhile, CNAS analyses and Georgetown CSET research emphasize that rapid capability improvements require ongoing reassessment.

In cybersecurity, OpenAI's threat assessment (2025) notes that AI cyber capabilities improved from 27% to 76% on capture-the-flag benchmarks between August and November 2025, with GPT-5.2-Codex achieving the highest scores. According to Deepstrike's 2025 analysis, 68% of cyber threat analysts report AI-generated phishing is harder to detect than ever, with a 703% increase in credential phishing attacks in H2 2024. Deepfake incidents grew from 500,000 files in 2023 to a projected 8 million in 2025 (Keepnet Labs), with businesses losing an average of $100,000 per deepfake-related fraud incident and the $25.6 million Hong Kong deepfake fraud case serving as a landmark incident.

The stakes are substantial: if AI provides significant capability uplift to malicious actors, urgent restrictions on model access and compute governance become critical. If defenses can keep pace with offensive capabilities, investment priorities shift toward detection and response systems rather than prevention.

Misuse Risk Decision Framework

Loading diagram...

Risk Assessment Framework

Risk CategorySeverity AssessmentTimelineCurrent TrendKey Uncertainty
Bioweapons UpliftHigh (if real)2-5 yearsMixed evidenceWet-lab bottlenecks vs information barriers
Cyber Capability EnhancementMedium-High1-3 yearsGradual increaseCommodity vs sophisticated attack gap
Autonomous WeaponsHighOngoingAcceleratingInternational cooperation effectiveness
Mass DisinformationMedium-HighCurrentDetection losingAuthentication adoption rates
Surveillance AuthoritarianismMediumOngoingExpanding deploymentDemocratic resilience factors
Chemical WeaponsMedium3-7 yearsEarly evidenceSynthesis barrier strength
Infrastructure DisruptionHigh1-4 yearsEscalating complexityCritical system vulnerabilities

Source: Synthesis of expert assessments from CNAS, RAND Corporation, Georgetown CSET, and AI safety research organizations

Quantified Evidence Summary (2024-2025)

DomainKey MetricValueSourceYear
BioweaponsRed teams with/without LLM accessNo statistically significant differenceRAND Red-Team Study2024
BioweaponsAI bio-tools indexed as "Red" (high-risk)13 of 57 evaluatedRAND Global Risk Index2024
BioweaponsOpenAI o3 virology ranking94th percentile among expert virologistsOpenAI Virology Test2025
CyberCTF benchmark improvement (GPT-5 to 5.1)27% to 76%OpenAI Threat Assessment2025
CyberCritical infrastructure AI attacks50% faced attack in past yearMicrosoft Digital Defense Report2025
DeepfakesContent volume growth500K (2023) to 8M (2025)Deepstrike Research2025
DeepfakesAvg. business loss per incident≈$100,000Deloitte Financial Services2024
DeepfakesFraud incidents involving deepfakes>6% of all fraudEuropean Parliament Research2025
DeepfakesHuman detection accuracy (video)24.5%Academic studies2024
DeepfakesTool detection accuracy≈75%UNESCO Report2024
DisinformationPolitical deepfakes documented82 cases in 38 countriesAcademic research2024
FraudProjected GenAI fraud losses (US)$12.3B (2023) to $10B (2027)Deloitte Forecast2024

Capability and Uplift Cruxes

How much do AI systems lower barriers for dangerous capabilities?

Capabilitycritical

Whether AI provides meaningful 'uplift' for malicious actors beyond what's already available through internet search, scientific literature, and existing tools.

Resolvability: yearsCurrent state: Mixed evidence; RAND bio study found no significant uplift; other studies more concerning
Positions
AI provides significant uplift across domains(30-45%)
Held by: Some biosecurity researchers, AI safety community
Strong model restrictions; compute governance; weight security
AI provides modest uplift; real skills remain bottleneck(35-45%)
Held by: RAND researchers, Some security experts
Focus on detecting misuse rather than preventing access; invest in defenses
AI uplift is minimal; information already available(20-30%)
Held by: Some skeptics
Restrictions are largely security theater; focus on physical defenses and detection
Would update on
  • Rigorous red-team studies with real capability measurement
  • Evidence of AI-enabled attacks in the wild
  • Studies comparing AI-assisted vs non-AI-assisted malicious actors
  • Domain-specific uplift assessments (bio, cyber, chemical)
Related:bio-upliftcyber-uplift
RAND Bio StudyCNAS Bio Report

Key Evidence on AI Capability Uplift

DomainEvidence For UpliftEvidence Against UpliftQuantified FindingCurrent Assessment
BioweaponsKevin Esvelt warnings; OpenAI o3 at 94th percentile virology; 13/57 bio-tools at "Red" risk levelRAND study: no statistically significant difference in attack plan viability with/without LLMsWet-lab skills remain bottleneck; information uplift contestedContested; monitoring escalating
CyberweaponsCTF scores improved 27% to 76% (Aug-Nov 2025); 50% of critical infra faced AI attacksHigh-impact attacks still require sophisticated skills and physical accessMicrosoft 2025: nation-states using AI for lateral movement, vuln discoveryModerate-to-significant uplift demonstrated
Chemical WeaponsLiterature synthesis, reaction optimizationPhysical synthesis and materials access remain bottleneckLimited empirical studies; lower priority than bioLimited evidence; lower concern
Disinformation8M deepfakes projected (2025); 1,740% fraud increase (N. America); voice phishing up 442%Detection tools at ≈75% accuracy; authentication standards emergingHuman detection only 24.5% for video deepfakesSignificant uplift clearly demonstrated
SurveillanceEnhanced facial recognition, behavioral analysis; PLA using AI for 10,000 scenarios in 48 secondsPrivacy protection tech advancing; democratic resilienceFreedom House: expanding global deploymentClear uplift for monitoring

Does AI meaningfully increase bioweapons risk?

Capabilitycritical

Whether AI-assisted bioweapons development poses significantly higher risk than traditional paths to bioweapons.

Resolvability: yearsCurrent state: Contested; RAND study found no uplift; wet-lab skills may be real bottleneck
Positions
AI significantly increases bio risk(25-40%)
Held by: Some biosecurity researchers, Kevin Esvelt
Urgent model restrictions; biosafety evaluation requirements; synthesis screening
AI increases bio risk modestly; other interventions more important(35-45%)
Held by: RAND researchers
Invest in DNA screening, surveillance, medical countermeasures; model restrictions secondary
AI doesn't meaningfully change bio risk landscape(20-30%)
Focus on traditional biosecurity; AI restrictions low priority
Would update on
  • Evidence of AI being used in bio attacks
  • Comprehensive wet-lab bottleneck analysis
  • Improvement in AI Biological Design Tools
  • DNA synthesis screening effectiveness data
Related:ai-upliftrestrictions-effective
RAND Bio Red TeamCollaborations Bio

Does AI meaningfully increase cyber attack capability?

Capabilityhigh

Whether AI significantly enhances offensive cyber capabilities for individual attackers or small groups.

Resolvability: soonCurrent state: Some evidence of AI use in phishing/social engineering; limited evidence for sophisticated attacks
Positions
AI significantly increases cyber offense capability(40-55%)
Held by: Some cybersecurity researchers
Urgently improve cyber defenses; restrict AI coding assistance for attacks
AI helps with commodity attacks; sophisticated attacks still require skill(35-45%)
Focus on defending against scaled-up commodity attacks; elite threats unchanged
AI doesn't fundamentally change cyber landscape(15-25%)
Continue existing cyber strategy; AI is marginal factor
Would update on
  • AI-generated exploits being used in the wild
  • Evidence on AI use in state-sponsored cyber operations
  • AI vulnerability discovery capabilities
  • Red team assessments of AI cyber capabilities
Related:ai-upliftoffense-defense

Offense vs Defense Balance

Cyber Domain Assessment

CapabilityOffensive PotentialDefensive PotentialCurrent BalanceTrendEvidence
Vulnerability DiscoveryHigh - CTF scores 27%->76% (3 months)Medium - AI-assisted patchingFavors offenseAcceleratingOpenAI 2025
Social EngineeringVery High - voice phishing up 442%Low - human factor remainsStrongly favors offenseWidening gap49% of businesses report deepfake fraud
Incident ResponseLowHigh - automated threat huntingFavors defenseStrengthening$1B+ annual AI cybersecurity investment
Malware DevelopmentMedium - autonomous malware adapting in real-timeHigh - behavioral detectionRoughly balancedEvolvingMicrosoft 2025 DDR
AttributionMedium - obfuscation toolsHigh - pattern analysisFavors defenseImprovingState actors experimenting (CN, RU, IR, NK)

The cyber landscape is evolving rapidly. According to Microsoft's 2025 Digital Defense Report, adversaries are increasingly using generative AI for scaling social engineering, automating lateral movement, discovering vulnerabilities, and evading security controls. Chinese, Russian, Iranian, and North Korean cyber actors are already integrating AI to enhance their operations.

Source: CyberSeek workforce data, MITRE ATT&CK framework, and OpenAI threat assessment

Will AI favor offense or defense in security domains?

Security Dynamicscritical

Whether AI will primarily benefit attackers or defenders across security domains (cyber, bio, physical).

Resolvability: yearsCurrent state: Unclear; arguments for both directions; may vary by domain
Positions
AI favors offense across most domains(30-45%)
Held by: Some security researchers
Defensive investment may be futile; focus on preventing AI access for attackers
AI offense/defense balance varies by domain(35-45%)
Domain-specific analysis; invest in defense where possible; restrict where offense dominates
AI ultimately favors defense(20-30%)
Held by: Some optimists
Invest heavily in AI-enabled defenses; restrictions less necessary
Would update on
  • Evidence from AI deployment in cybersecurity
  • Domain-specific offense/defense analysis
  • Historical analysis of technology and offense/defense balance
  • Real-world outcomes of AI-enabled attacks vs defenses
Related:cyber-upliftdisinformation-defense

Can AI-powered detection match AI-powered disinformation generation?

Security Dynamicshigh

Whether AI systems for detecting synthetic content and disinformation can keep pace with AI generation capabilities.

Resolvability: yearsCurrent state: Detection currently losing; deepfakes increasingly convincing; detection arms race
Positions
Detection will fall permanently behind generation(40-55%)
Held by: Hany Farid, Many deepfake researchers
Shift to provenance-based authentication; detection is dead end
Detection and generation will reach equilibrium(25-35%)
Both approaches valuable; detection as complement to provenance
Detection can win with sufficient investment(15-25%)
Invest heavily in detection R&D
Would update on
  • Advances in deepfake detection that generalize
  • Real-world detection accuracy over time
  • Theoretical analysis of detection vs generation
  • Adversarial testing results
Related:offense-defenseauthentication-adoption
C2PA StandardDARPA MediForMeta Detection Research

Deepfake and Disinformation Metrics (2024-2025)

MetricValueTrendSource
Deepfake video growth550% increase (2019-2024); 95,820 videos (2023)AcceleratingDeepstrike 2025
Projected synthetic content90% of online content by 2026Europol estimateEuropean Parliament
Human detection accuracy (video)24.5%Asymmetrically lowAcademic studies
Human detection accuracy (images)62%ModerateAcademic studies
Tool detection accuracy≈75%Arms race dynamicUNESCO
Confident in detection abilityOnly 9% of adultsPublic awareness gapSurveys
Political deepfakes documented82 cases across 38 countries (mid-2023 to mid-2024)IncreasingAcademic research
North America fraud increase1,740%Dramatic accelerationIndustry reports
Voice phishing increase442% (late 2024)Driven by voice cloningZeroThreat

The detection gap is widening: while deepfake generation has become dramatically easier, human ability to detect synthetic content remains critically low. Only 0.1% of participants across modalities could reliably spot fakes in mixed tests, according to UNESCO research. This asymmetry strongly supports investing in provenance-based authentication systems like C2PA rather than relying on detection alone.

Mitigation Effectiveness

Model Restriction Approaches

Restriction TypeImplementation DifficultyCircumvention DifficultyEffectiveness AssessmentCurrent Deployment
Training-time SafetyMediumHighModerate - affects base capabilitiesConstitutional AI
Output FilteringLowLowLow - easily bypassedMost commercial APIs
Fine-tuning PreventionHighMediumHigh - but open models complicateLimited implementation
Access ControlsMediumMediumModerate - depends on enforcementOpenAI terms
Weight SecurityHighHighVery High - if enforceableEarly development

Source: Analysis of current AI lab practices and jailbreak research

Can AI model restrictions meaningfully reduce misuse?

Mitigationhigh

Whether training-time safety measures, output filters, and terms of service can prevent determined misuse of AI systems.

Resolvability: yearsCurrent state: Jailbreaks common; open models exist; effectiveness debated
Positions
Restrictions can meaningfully reduce misuse(25-40%)
Held by: AI labs, Some safety researchers
Invest in better guardrails; restrictions are worthwhile
Restrictions raise bar but determined actors can circumvent(40-50%)
Restrictions as one layer; combine with other defenses; accept imperfection
Restrictions are largely ineffective against serious threats(20-30%)
Held by: Some security researchers
Focus on other defenses; restrictions are mostly security theater
Would update on
  • Evidence on jailbreak prevalence and sophistication
  • Success of restriction improvements
  • Open model availability and capability trends
  • Evidence of restrictions preventing real attacks
Related:open-source-policy
Anthropic Constitutional AIOpenAI GPT-4 System Card

Should powerful AI models be open-sourced?

Mitigationhigh

Whether the benefits of open AI (research, democratization, competition) outweigh misuse risks.

Resolvability: yearsCurrent state: Hotly debated; Meta releases open models; others restrict
Positions
Open source benefits outweigh misuse risks(25-40%)
Held by: Meta, Open source advocates, Some researchers
Support open development; focus on defenses; restrictions futile anyway
Depends on capability level; dangerous capabilities shouldn't be open(40-50%)
Held by: Anthropic, Most governance researchers
Capability thresholds for openness; evaluate risks per model
Most AI development should remain closed for safety(15-25%)
Held by: Some safety researchers
Restrict open release; compute governance; model weight security
Would update on
  • Evidence of open model misuse in serious attacks
  • Research enabling from open models vs closed
  • Capability comparisons: open vs closed frontier
  • Security of closed model weights
Related:restrictions-effectiveai-uplift
Meta Llama 2 ReleaseStanford HAI Open Model Report

Can compute governance effectively limit dangerous AI development?

Mitigationhigh

Whether controlling access to AI training compute can prevent dangerous capabilities from reaching bad actors.

Resolvability: yearsCurrent state: Export controls emerging; monitoring limited; enforcement unclear
Positions
Compute governance can be effective chokepoint(30-45%)
Held by: RAND, Some governance researchers
Invest heavily in compute monitoring, export controls, and international coordination
Compute governance helps but has significant limits(35-45%)
Use compute governance as one tool; don't rely on it alone
Compute governance will be circumvented; not effective(20-30%)
Held by: Some skeptics
Focus on other interventions; compute governance has diminishing returns
Would update on
  • Effectiveness of chip export controls
  • Development of compute monitoring technologies
  • Algorithmic efficiency gains reducing compute requirements
  • International coordination on compute governance
Related:open-source-policy
Compute Governance ReportCSET Chip Export Analysis

Will content authentication standards achieve adoption?

Security Dynamicshigh

Whether provenance standards like C2PA will be adopted widely enough to create a trusted content ecosystem.

Resolvability: yearsCurrent state: Early deployment; major platforms uncommitted to full adoption
Positions
Authentication will achieve widespread adoption(30-45%)
Held by: C2PA coalition, Adobe, Microsoft
Invest in provenance infrastructure; detection becomes less critical
Adoption will be partial and fragmented(35-45%)
Need hybrid strategy; authentication + detection + literacy
Authentication will fail to achieve critical mass(20-30%)
Need regulatory mandates; pure market solution won't work
Would update on
  • Major platform (Meta, TikTok, X) full adoption
  • Camera manufacturer widespread integration
  • Evidence users value/check credentials
  • Authentication system compromises or gaming
Related:disinformation-defense
C2PA SpecificationAdobe Content Authenticity

Actor and Intent Analysis

Threat Actor Capabilities

Actor TypeAI Access LevelSophisticationPrimary Threat VectorRisk AssessmentDeterability
Nation-StatesHighVery HighCyber, surveillance, weaponsHighest capabilityHigh - diplomatic consequences
Terror GroupsMediumMediumMass casualty, propagandaModerate capabilityLow - ideological motivation
CriminalsHighMediumFraud, ransomwareHigh volumeMedium - profit motive
Lone ActorsHighVariableDepends on AI upliftMost unpredictableVery Low - no clear target
Corporate EspionageHighHighIP theft, competitive intelligenceModerate-HighMedium - business interests

Source: FBI Cyber Division threat assessments and CSIS Critical Questions

Who are the most concerning actors for AI misuse?

Actorsmedium

Whether nation-states, terrorist groups, or lone actors pose the greatest AI misuse risk.

Resolvability: yearsCurrent state: Different actors have different capabilities and intentions; threat landscape evolving
Positions
Nation-states are primary concern(30-40%)
Held by: Some national security analysts
Focus on great power competition; arms control; deterrence
Non-state actors are primary concern(35-45%)
Held by: Some terrorism researchers
Focus on preventing access; surveillance; disruption
Lone actors/small groups are primary concern with AI(25-35%)
Held by: Some AI safety researchers
AI uniquely enables solo actors; focus on preventing capability diffusion
Would update on
  • Evidence of AI use in attacks by different actor types
  • Capability requirements for AI-enabled attacks
  • Analysis of actor motivations and AI access
  • Historical patterns of technology-enabled terrorism
Related:ai-uplift

Are autonomous weapons inevitable?

Actorshigh

Whether military adoption of AI for lethal autonomous weapons systems will happen regardless of international efforts to restrict them.

Resolvability: yearsCurrent state: UN Resolution passed Dec 2024 (166-3); CCW GGE sessions Mar/Sep 2025; treaty goal by 2026
Positions
Autonomous weapons are inevitable; must manage not prevent(40-55%)
Held by: Some military analysts, Realists, US DoD position
Focus on norms around use; escalation management; not on bans
Meaningful restrictions are achievable on some systems(30-40%)
Held by: Arms control advocates, ICRC, UN Secretary-General
Pursue arms control; differentiate between system types; target treaty by 2026
Comprehensive restrictions on autonomous weapons possible(10-20%)
Held by: Campaign to Stop Killer Robots
Advocate for bans; international treaty
Would update on
  • Progress or failure of UN autonomous weapons negotiations
  • Major powers' autonomous weapons deployment decisions
  • Technical feasibility of meaningful restrictions
  • Incidents involving autonomous weapons
Related:offense-defense
UN CCW Autonomous WeaponsICRC Autonomous Weapons

International Autonomous Weapons Governance Status (2024-2025)

DevelopmentStatusKey ActorsImplications
UN General Assembly ResolutionPassed Dec 2024 (166-3; Russia, North Korea, Belarus opposed)UN member statesStrong international momentum; not legally binding
CCW Group of Governmental Experts10 days of sessions (Mar 3-7, Sep 1-5, 2025)High Contracting PartiesRolling text from Nov 2024 outlines regulatory measures
Treaty GoalTarget completion by end of 2026UN Sec-Gen Guterres, ICRC President SpoljaricAmbitious timeline; window narrowing
US PositionGovernance framework via DoD 2020 Ethical Principles; no banUS DoDResponsible, traceable, governable AI within human command
China PositionBan on "unacceptable" LAWS (lethal, autonomous, unterminating, indiscriminate, self-learning)China delegationPartial ban approach; "acceptable" LAWS permitted
Existing SystemsPhalanx CIWS (1970s), Iron Dome, Trophy, sentry guns (S. Korea, Israel)Various militariesPrecedent of autonomous targeting for decades

According to Congressional Research Service analysis, the U.S. does not prohibit LAWS development or employment, and some senior defense leaders have stated the U.S. may be compelled to develop such systems. The ASIL Insights notes growing momentum toward a new international treaty, though concerns remain about the rapidly narrowing window for effective regulation.

Impact and Scale Assessment

Mass Casualty Attack Scenarios

Attack VectorAI ContributionCasualty PotentialProbability (10 years)Key BottlenecksHistorical Precedents
BioweaponsPathogen design, synthesis guidanceVery High (>10k)5-15%Wet-lab skills, materials accessAum Shinrikyo (failed), state programs
CyberweaponsInfrastructure targeting, coordinationHigh (>1k)15-25%Physical access, critical systemsStuxnet, Ukraine grid attacks
Chemical WeaponsSynthesis optimizationMedium (>100)10-20%Materials access, deploymentTokyo subway, Syria
ConventionalTarget selection, coordinationMedium (>100)20-30%Physical access, materialsOklahoma City, 9/11
NuclearSecurity system exploitationExtreme (>100k)1-3%Fissile material accessNone successful (non-state)

Probability estimates based on Global Terrorism Database analysis and expert elicitation

How likely is AI-enabled mass casualty attack in next 10 years?

Scalecritical

Whether AI will enable attacks causing over 1,000 deaths within the next decade.

Resolvability: yearsCurrent state: No AI-enabled mass casualty attacks yet; capabilities developing
Positions
AI-enabled mass casualty attack likely (>50%)(15-30%)
Held by: Some risk analysts
Extreme urgency on prevention; major policy response needed
AI-enabled mass casualty attack possible but unlikely (10-50%)(40-55%)
Serious preparation needed; balance urgency with uncertainty
AI-enabled mass casualty attack very unlikely (&lt;10%)(25-40%)
Held by: Some skeptics
Focus on other AI risks; misuse concerns may be overblown
Would update on
  • AI-enabled attacks occurring (or not occurring)
  • Capability assessments over time
  • Evidence on attacker intentions and AI access
  • Defensive capability improvements
Related:bio-upliftcyber-upliftai-uplift

Will AI-enabled surveillance strengthen or weaken authoritarian regimes?

Scalemedium

Whether AI surveillance and control tools will make authoritarian regimes more stable and durable.

Resolvability: decadesCurrent state: AI surveillance deployed in China and elsewhere; effects on stability unclear
Positions
AI will significantly strengthen authoritarian control(35-50%)
Held by: Some surveillance researchers, Freedom House
AI may lock in authoritarianism; democracy promotion harder
AI is double-edged; can help both control and resistance(30-40%)
Focus on who gets AI first and how it's deployed
Fundamental factors matter more than surveillance technology(20-30%)
Held by: Some political scientists
Focus on traditional democracy support; surveillance is marginal factor
Would update on
  • Evidence on AI surveillance effects on regime stability
  • Protests/revolutions succeeding despite AI surveillance
  • Comparative studies of surveillance and regime type
  • AI tools enabling opposition movements
Related:actor-landscape
Freedom House AI SurveillanceCSIS Technology Authoritarianism

Current State & Trajectory

Near-term Developments (2025-2027)

Development AreaCurrent Status (Dec 2025)Expected TrajectoryKey Factors
Model CapabilitiesGPT-5 level; o3 at 94th percentile virology; CTF 76%Human-level in multiple specialized domainsScaling laws, algorithmic improvements
Defense Investment$2B+ annual cybersecurity AI; 3-5x growth occurringMajor enterprise adoption50% of critical infra already attacked
Regulatory ResponseEU AI Act in force; LAWS treaty negotiationsTreaty target by 2026; federal US legislation likelyPolitical pressure, incident triggers
Open Source ModelsLlama 3, DeepSeek-R1 (Jan 2025)Continued but contested growthCost breakthroughs, safety concerns
Compute GovernanceExport controls tightening; monitoring emergingInternational coordination increasingUS-China dynamics, evasion attempts
Deepfake Response8M projected files; C2PA adoption growingProvenance-based authentication scalingPlatform adoption critical
AI Misuse DetectionOpenAI, Microsoft publishing threat reportsReal-time monitoring becoming standardProvider cooperation essential

Medium-term Projections (2026-2030)

  • Capability Thresholds: Models approaching human performance in specialized domains like biochemistry and cybersecurity
  • Defensive Maturity: AI-powered detection and response systems become standard across critical infrastructure
  • Governance Infrastructure: Compute monitoring systems deployed, international agreements on autonomous weapons
  • Attack Sophistication: First sophisticated AI-enabled attacks likely demonstrated, shifting threat perceptions significantly

Long-term Uncertainty (2030+)

Key trajectories that remain highly uncertain:

TrendOptimistic ScenarioPessimistic ScenarioKey Determinants
Capability DiffusionControlled through governanceWidespread proliferationInternational cooperation success
Offense-Defense BalanceDefense keeps paceOffense advantage widensR&D investment allocation
Authentication AdoptionUniversal verificationFragmented ecosystemPlatform cooperation
International CooperationEffective regimes emergeFragmentation and competitionGeopolitical stability

Key Uncertainties & Expert Disagreements

Technical Uncertainties

UncertaintyRange of ViewsCurrent EvidenceResolution Timeline
LLM biological upliftNo uplift (RAND 2024) vs. concerning (CSET, Esvelt)Mixed; wet-lab bottleneck may dominate2-5 years as capabilities improve
AI cyber capability ceilingCommodity attacks only vs. sophisticated intrusionsCTF benchmarks improving rapidly (27%->76%)1-3 years; being resolved now
Deepfake detection viabilityArms race favoring offense vs. provenance solutionsHuman detection at 24.5%; tools at 75%2-4 years; depends on C2PA adoption
Open model misuse potentialDemocratization benefits vs. misuse risksDeepSeek-R1 cost breakthrough; no catastrophic misuse yetOngoing; each release re-evaluated

Policy Uncertainties

UncertaintyRange of ViewsCurrent EvidenceResolution Timeline
Compute governance effectivenessStrong chokepoint vs. easily circumventedExport controls having effect; evasion ongoing3-5 years as enforcement matures
LAWS treaty feasibilityTreaty achievable by 2026 vs. inevitable proliferationUN resolution 166-3; CCW negotiations ongoing2026 target deadline
Model restriction valueMeaningful reduction vs. security theaterJailbreaks common; open models existOngoing empirical question
Authentication adoptionUniversal adoption vs. fragmented ecosystemC2PA growing; major platforms uncommitted3-5 years for critical mass

Expert Disagreement Summary

The AI safety and security community remains divided on several fundamental questions. According to Georgetown CSET's assessment framework, these disagreements stem from genuine uncertainty about rapidly evolving capabilities, differing risk tolerances, and varying assumptions about attacker sophistication and motivation.

Key areas of active debate include:

  1. Bioweapons uplift magnitude: RAND's 2024 red-team study found no significant uplift, but their Global Risk Index identified 13 high-risk biological AI tools. OpenAI's o3 model scoring at the 94th percentile among virologists suggests capabilities are advancing.

  2. Offense-defense balance: OpenAI's threat assessment acknowledges planning for models reaching "High" cyber capability levels that could develop zero-day exploits or assist with complex intrusions. Meanwhile, defensive AI investment is growing rapidly.

  3. Regulatory approach: The U.S. DoD favors governance frameworks over bans for LAWS, while 166 UN member states voted for a resolution calling for action. China distinguishes "acceptable" from "unacceptable" autonomous weapons.

Key Sources and References

Primary Research Sources

SourceOrganizationKey PublicationsFocus Area
RAND CorporationIndependent researchBiological Red-Team Study (2024); Global Risk Index (2024)Bioweapons, defense
Georgetown CSETUniversity research centerMalicious Use Assessment Framework; Mechanisms of AI Harm (2025)Policy, misuse assessment
OpenAIAI labCyber Resilience Report (2025); Threat AssessmentCyber, capabilities
MicrosoftTechnology companyDigital Defense Report (2025)Cyber threats, state actors
CNASThink tankAI and National Security ReportsMilitary, policy

International Governance Sources

SourceFocusKey Documents
UN CCW GGE on LAWSAutonomous weaponsRolling text (Nov 2024); 2025 session schedules
ICRCInternational humanitarian lawAutonomous Weapons Position Papers
Congressional Research ServiceUS policyLAWS Policy Primer
ASILInternational lawTreaty Momentum Analysis (2025)

Deepfake and Disinformation Sources

SourceFocusKey Findings
Deepstrike ResearchStatistics8M deepfakes projected (2025); 550% growth (2019-2024)
UNESCODetection24.5% human detection accuracy; 0.1% reliable identification
European ParliamentPolicyEuropol 90% synthetic content projection by 2026
C2PA CoalitionProvenanceContent authenticity standards
Deloitte Financial ServicesFinancial impact$12.3B to $10B fraud projection (2023-2027)

Related Pages

Top Related Pages

Risk

Bioweapons Risk

AI-assisted biological weapon development represents one of the most severe near-term AI risks. In 2025, both OpenAI and Anthropic activated elevat...

Crux

AI Safety Solution Cruxes

Key uncertainties that determine which technical, coordination, and epistemic solutions to prioritize for AI safety and governance. Maps decision-r...

Crux

AI Epistemic Cruxes

Key uncertainties that fundamentally determine AI safety prioritization, solution selection, and strategic direction in epistemic risk mitigation, ...

Risk

AI Disinformation

AI enables disinformation campaigns at unprecedented scale and sophistication, transforming propaganda operations through automated content generat...

Risk

Autonomous Weapons

Lethal autonomous weapons systems (LAWS) represent one of the most immediate and concerning applications of AI in military contexts. The global mar...

Risks

Deepfakes

Concepts

AI MisuseOpenAIBioweapons RiskDeepfakesLessWrongCompute Monitoring

Approaches

Dangerous Capability EvaluationsCapability Unlearning / Removal

Historical

OpenClaw Matplotlib Incident (2026)

Models

AI Uplift Assessment ModelBioweapons Attack Chain Model

Labs

METR

Policy

China AI Regulatory Framework

Transition Model

Misuse PotentialHuman-Caused CatastropheCyber Threat Exposure