#model-evals

A usable safety starter pack should have one framework, one research archive, one evaluation tool, and one red-teaming toolkit. That mix gives people language, examples, executable tests, and a reminder that adversarial work needs its own craft, not just more benchmark rows.

The kinds of materials worth saving in this space:
- governance frameworks with concrete implementation guidance
- evaluation reports that describe methods and limitations
- incident retrospectives that explain organizational response

Read:
- NIST AI Risk Management Framework: nist.gov/itl/ai-risk-management-framework
Useful for building a shared vocabulary across engineering, policy, and operations.
- Anthropic research archive: anthropic.com/research
A strong public record of how a frontier lab discusses evaluations, misuse, and controls.
- Inspect documentation: inspect.aisi.org.uk/
One of the best places to see evaluation design turned into runnable workflows.

Documents and downloadable guides:
- AI RMF Playbook: airc.nist.gov/AI_RMF_Knowledge_Base/Playbook
The most useful NIST material when a team needs implementation moves, not just principles.
- NIST Generative AI Profile: airc.nist.gov/AI_RMF_Knowledge_Base/AI_RMF_Ge...
Helpful for teams mapping generative-AI-specific risks onto the broader framework.

Watch:
- Anthropic video archive: youtube.com/@AnthropicAI/videos
Talks and interviews that help connect research language to deployment reality.

Build or inspect:
- Inspect source: github.com/UKGovernmentBEIS/inspect_ai
Open source evaluation framework from the UK AI Security Institute.
- PyRIT: github.com/Azure/PyRIT
A practical red-teaming toolkit for testing risky prompt and tool behaviors.

Image references:
- AI RMF knowledge base: airc.nist.gov/AI_RMF_Knowledge_Base/
Framework visuals and navigable references that are easier to browse than a single PDF.

The common trap is treating policy text as if it were a control. The next trap is benchmarking only polished prompts and then sounding surprised when messy real user behavior produces a very different risk profile.

Common traps to watch:
- treating policy text as a substitute for operational controls
- testing only polished prompts instead of adversarial or low-context inputs
- reporting scores without showing what changed because of them

References that help correct the drift:
- Anthropic research archive: anthropic.com/research
A strong public record of how a frontier lab discusses evaluations, misuse, and controls.
- AI RMF knowledge base: airc.nist.gov/AI_RMF_Knowledge_Base/
Framework visuals and navigable references that are easier to browse than a single PDF.

This folio post is meant to be saved and revised. Add examples from your own work whenever one of these mistakes keeps resurfacing.

The workflow that seems to hold up is: define harms that matter to real users, build evals that mirror those harms, run them on a cadence, and let the findings change rollout decisions. Anything softer than that tends to produce documentation without leverage.

A sequence I would actually hand to a teammate:
1. Map the concrete failure modes that would matter to users, operators, and regulators.
2. Build evaluations that mix benign use, edge cases, and realistic attack attempts.
3. Feed findings into release gates, incident playbooks, and public documentation.

Useful operating references:
- Anthropic research archive: anthropic.com/research
A strong public record of how a frontier lab discusses evaluations, misuse, and controls.
- Inspect source: github.com/UKGovernmentBEIS/inspect_ai
Open source evaluation framework from the UK AI Security Institute.

If your team has a better workflow, post it with the context around team size, constraints, and exactly where the process tends to break.