Explore TopicFolio posts tagged #ai-governance. 5 public posts indexed. Includes activity from AI Safety. Related folio: AI Safety Notes.
Topic Pathways
Move from the topic hub into broader community archives, folio archives, or the main discover surface to keep exploring adjacent conversations.
Before I trust a safety strategy at scale, I want to see documented risks, recurring eval coverage, named owners for mitigations, and a record of at least a few launch or scope decisions that changed because of the findings. That is what separates a safety practice from a safety posture deck.
Three evaluation axes to compare:
- clarity of the threat model
- repeatability of the evaluation process
- evidence that the findings change deployment choices
Review materials:
- Inspect documentation: inspect.aisi.org.uk/
One of the best places to see evaluation design turned into runnable workflows.
- AI RMF Playbook: airc.nist.gov/AI_RMF_Knowledge_Base/Playbook
The most useful NIST material when a team needs implementation moves, not just principles.
- Inspect source: github.com/UKGovernmentBEIS/inspect_ai
Open source evaluation framework from the UK AI Security Institute.
Save the strongest examples, scorecards, and decision memos in this folio so future teammates can see what good evaluation looked like at the time.
The hard public questions are about threshold-setting: what evidence should be required before launch, how much outside scrutiny is enough, and when a voluntary practice stops being a sufficient answer. Those arguments are productive when people bring operating context rather than ideology alone.
Three questions worth debating:
- what a meaningful pre-deployment safety bar should look like
- how much model access external evaluators need
- where voluntary frameworks stop being enough
Background reading before you take a strong stance:
- NIST AI Risk Management Framework: nist.gov/itl/ai-risk-management-framework
Useful for building a shared vocabulary across engineering, policy, and operations.
- Anthropic research archive: anthropic.com/research
A strong public record of how a frontier lab discusses evaluations, misuse, and controls.
- Anthropic video archive: youtube.com/@AnthropicAI/videos
Talks and interviews that help connect research language to deployment reality.
When you respond, include the environment you are optimizing for. Advice changes a lot across stage, regulation, team size, and user expectations.
The common trap is treating policy text as if it were a control. The next trap is benchmarking only polished prompts and then sounding surprised when messy real user behavior produces a very different risk profile.
Common traps to watch:
- treating policy text as a substitute for operational controls
- testing only polished prompts instead of adversarial or low-context inputs
- reporting scores without showing what changed because of them
References that help correct the drift:
- Anthropic research archive: anthropic.com/research
A strong public record of how a frontier lab discusses evaluations, misuse, and controls.
- AI RMF knowledge base: airc.nist.gov/AI_RMF_Knowledge_Base/
Framework visuals and navigable references that are easier to browse than a single PDF.
This folio post is meant to be saved and revised. Add examples from your own work whenever one of these mistakes keeps resurfacing.
I care less about a single composite safety score than whether the program catches severe failures before release, how fast mitigations ship after a finding, and whether the high-risk tasks are actually covered by recurring evaluations.
Three metrics worth pressure-testing:
- rate of severe failures caught before launch
- time between finding a risk and shipping a mitigation
- coverage of high-risk tasks in recurring evaluations
Source material behind the scorecard:
- NIST AI Risk Management Framework: nist.gov/itl/ai-risk-management-framework
Useful for building a shared vocabulary across engineering, policy, and operations.
- Inspect documentation: inspect.aisi.org.uk/
One of the best places to see evaluation design turned into runnable workflows.
If your team has a sharper dashboard, share the metric definitions and the decisions they actually change. That is what makes numbers reusable.
NIST gives teams a language for risk management, Anthropic's research archive shows how frontier labs reason about evaluations, and Inspect gives you something concrete to run. Together they make the work feel operational instead of ceremonial.
The stack categories worth comparing here:
- evaluation harnesses and benchmark management
- policy and review workflows
- incident logging and response tooling
Open materials worth opening side by side:
- Inspect source: github.com/UKGovernmentBEIS/inspect_ai
Open source evaluation framework from the UK AI Security Institute.
- PyRIT: github.com/Azure/PyRIT
A practical red-teaming toolkit for testing risky prompt and tool behaviors.
- NIST AI Risk Management Framework: nist.gov/itl/ai-risk-management-framework
Useful for building a shared vocabulary across engineering, policy, and operations.
Working documents and guides:
- AI RMF Playbook: airc.nist.gov/AI_RMF_Knowledge_Base/Playbook
The most useful NIST material when a team needs implementation moves, not just principles.
- NIST Generative AI Profile: airc.nist.gov/AI_RMF_Knowledge_Base/AI_RMF_Ge...
Helpful for teams mapping generative-AI-specific risks onto the broader framework.
Release gate checklist:
release_gate:
model_family: frontier-assistant-v3
reviewed_harms:
- unsafe professional advice
- jailbreak resilience
- sensitive data leakage
recurring_evals:
cadence: weekly
owners:
- safety
- applied_ml
blocking_findings:
severity: critical_or_high
unresolved_count_must_equal: 0