AI's Rising Risks: Hacking, Virology, Loss of Control — With Dan Hendrycks

Rufus Griscom

Will AI improve our lives or exterminate the species? What would it take to abolish poverty? Are you eating enough fermented foods? These are some of the questions we tackled recently on the Next Big Idea. I'm Rufus Griscom, and every week I sit down with the world's leading thinkers for in depth conversations that will help you live, work, and play smarter. Follow the Next Big Idea wherever you get your podcasts from. LinkedIn News I'm Jessi Hempel, host of the hello Monday Podcast. Start your week with the hello Monday Podcast. We'll navigate career pivots. We'll learn where happiness fits in. Listen to hello Monday with me, Jesse Hempel on the LinkedIn podcast network or wherever you get your podcasts.

Dan Hendricks

Now that artificial intelligence has tried to break out of a training environment, cheat at chess, and deceive safety evaluators, is it finally time to start worrying about the risks that artificial intelligence poses to us all? Here to speak with us about it is Dan Hendricks. He's the director of the center for AI Policy and also an advisor to Elon Musk's X AI and Scale AI. Dan, it's so great to see you. Welcome to the show.

Rufus Griscom

Glad to be here.

Dan Hendricks

It's an opportune moment to have you on the show because I'm recently doom curious and I'll explain what that means. So I had long been skeptical of this idea that AI could potentially break out of its training set or out of the computers and start to potentially even harm humans. I still think I'm on that path, but I'm starting to question it. We've recently seen research of AI starting to try to export its weights in scenarios where it thinks it might be rewritten, trying to fool evaluators, and even trying to break a game of chess by rewriting the rules because it's so interested in winning the game. So I'm just gonna put this to you right away, is what I'm seeing in these early moments of AIs trying to deceive evaluators or trying to change the rules that it's been given is that the early signs of us having AI as an adversary and not as.

Rufus Griscom

A friend, the easier way to see that it could be adversarial is just if people maliciously use these AI systems against us. So if we have an adversarial state trying to weaponize it against us, that's an easier way in, which could cause a lot of damage to us. Now there is an additional risk that the AI itself could have an adversarial relation to us and be a threat in itself. Not just the threat of humans in the forms of terrorists or in the forms of state actors, but the AIs themselves potentially working against us. I think those risks would potentially grow in time. I don't think they're as substantial now compared to just the malicious use sorts of risks. But yeah, I think that as time goes on and as they're more capable, if some small fraction of them do decide to deceive us or try to self exfiltrate themselves or develop an adversarial posture toward us, then that could be extraordinarily dangerous. So it depends. So I want to distinguish between what things are particularly concerning in the next year versus somewhat more in the future. And I think in the shorter term it is more of this. But that's not, not to downplay the fact that AIs could be threats later on.

Dan Hendricks

Now, from what I understand it from your first answer, you are concerned both the way that humans use AI and AI itself, sort of taking its own actions, our loss of control of artificial intelligence. So can you just rank sort of where you see the problems in terms of most serious to least serious and what we should be focusing on?

Rufus Griscom

That's a really good question. So the risks and their severity sort of depend on time. Some become much more severe later. So I don't think AI poses a risk of extinction like today. I don't think that they're powerful enough to do that because they can't make PowerPoints yet. They don't have agential skills, they can't accomplish tasks that require many hours to complete. And so since they lack that, this puts a severe limit on the amount of damage that they could do or their ability to operate autonomously. So I think there's a variety of risks. I think there's in malicious use in the shorter term, when AIs get more agential. I'd be concerned about AIs causing cyber attacks on critical infrastructure, possibly as directed by a rogue actor. There'd also be the risk of AIs facilitating the development of bioweapons, in particular pandemic causing ones, not smaller scale ones like Anthrax. Those are, I think, the two malicious use risks that would will need to be getting on top of in the next year or two. At the same time, there's loss of control risks, which I think primarily stem from people, an AI company trying to automate all of AI research and development. And they can't have humans check in on that process because that would slow them down too much. If you have a human do a week review every month of what's been going on and trying to interpret what's happening, this would slow them down substantially. And the competitor that doesn't do that will end up getting ahead. What that would mean is that you'd have basically AI development going very rapidly where there's nobody really checking what's going on or hardly checking. And I think a loss of control in that scenario is more likely.

Dan Hendricks

Right. And with the center for AI Safety, we're going to talk today about risks, but we're also going to talk about solutions. And with the center for AI Safety, what you're doing is basically pointing out the risks and trying to get to solutions to these problems. You told me you were just at the White House yesterday, the day before we were talking. So this stuff is something that you're actually working towards mitigating. And I think we're going to get to that in a bit. But first let's talk a little bit through some of the risks that you see with AI and how serious they actually are. One of them that just jumped out for me right away was bio creating bioweapons. Let me run you through what I think the scenario could be in my head and you tell me what I'm missing. With bioweapons, you'd basically be prompting an LLM to help you come up with new biological agents, effectively that you could go unleash against an enemy. And I think wouldn't that be predicated on the AI actually being able to come up with biological discoveries of its own? Right now, current LLMs, they don't really extend beyond the training set. Maybe there's an emergent property here or there, but they haven't made any discoveries and sort of been the biggest knock on them to this point. So I am curious if you're talking about immediate risks and one of them being, okay, there could be bioweapons that are created with AI, doesn't that suppose that there's going to be something much more advanced than the LLMs that we have today? Because with current LLMs, to me, it's basically like Google. It's a search for what's on the web and it can produce what's on the web, but it's not coming up with new compounds on its own.

Rufus Griscom

Yeah, so I think that for cyber, that's more in the future, but I think virology, expert level virology capabilities are much more plausible in the short term. So for instance, we have a Paper that'll be out maybe in some months, we'll see. But most of the work's for it's been done and in it we have Harvard and MIT expert level virologists sort of taking pictures of themselves in the wet lab and asking, what steps should I do next? So can the AI given this image and given this background context, help guide through step by step these various wet lab procedures in making viruses and manipulating their properties? And we are finding that with the most recent reasoning models, quite unlike the models from two years ago, like the initial GPT4, the most recent reasoning models are getting around 90th percentile compared to these expert level virologists in their area of expertise. So this suggests that they have some of these wet lab type of skills. And so if they can guide somebody through it step by step, that could be very dangerous. Now there is an ideation step, but that seems like a capability, them doing brainstorming to come up with ways to make viruses more dangerous. I think that's a capability that they've had for over a year, the brainstorming part, but the implementation part seems to be fairly different. So I think in bio, actually I would not be surprised if in a few months there's a consensus that they're expert level in many relevant ways and that we need to be doing something about that.

Dan Hendricks

Wow, that's crazy to me because I would think it would be the opposite, right, that cyber would be the thing that we need to be worried about because these things code so well, not virology. So I just want to ask you.

Rufus Griscom

But on that, biology has been such an interesting subject because they just know the literature really well, they know the ins and outs, but they've got a fantastic memory and they have so much background experience. It's been for some reason their easiest subject historically, biology and virology in earlier forms of measurements, like if you see how they do on exams. But now we're looking at their practical wet lab skills and they have those increasingly as well.

Dan Hendricks

So what about the evolution of the technology? Because this is all with large language models, right? Reasoning is just something that's taking place within a large language model like the GPT, which powers ChatGPT. So what is it about the current capabilities that have increased to the point where they're now able to guide somebody through the creation or manipulation of a virus? That seems to be like a changing capability.

Rufus Griscom

Well, now they have this image understanding, image understanding skills. So that's a problem that they didn't used to have that Makes it a lot easier for them to do guidance or sort of, you know, be an apprentice or sort of a guide on one's shoulder saying, now do this, now do that. But I don't know where that came from. That skill they've just trained on the Internet and maybe they read enough papers and saw enough pictures of things inside those papers to have a sense of the protocols and how to troubleshoot appropriately. So since they've read basically every academic paper written, maybe that's the cause of it. But it's a surprise. I mean, I was thinking that this practical, tacit knowledge or something wouldn't be something that they would pick up on necessarily. It'd make a lot more sense for them to have academic knowledge about knowledge of vocab words and things like that. So I don't know where it came from. It's there, right?

Dan Hendricks

But this is still all stuff that is known to people. It's not like the AI is coming up with nude viruses on its own. Well, so you can't prompt whatever GPT it is and say, create a new coronavirus.

Rufus Griscom

So if you're saying I'm trying to modify this property of the virus so that it has more transmissibility or a longer stealth period, then I think it could, with some pretty easy brainstorming, make some suggestions and then if it can guide you through the intermediate steps, that's something that could make it be much more lethal. I don't think it needs a. You don't need breakthroughs for doing some bioterrorism. Generally, the main limitation for risks, generally risks will be capability and intent. And historically our biorisks have been fairly low because the people with these capabilities has been a very small number, maybe a few hundred top virology PhDs and then a lot of them just don't intend to do this sort of thing. However, if these capabilities are out there without any sorts of restrictions and extremely accessible, then as it happens, then your risk surface is blown up by several orders of magnitude. A solution for this to let people keep access to these expert level virology capabilities is that they can just speak to sales or ask for permission to have some of these guardrails taken off. Like if they're a real researcher at Genentech or what have you, wanting these expert level virology capabilities, then they could just ask and then like, oh, you're a trusted user, sure, here's access to these capabilities. But if somebody just made an account a second ago, then by default they wouldn't have access to it. So for safety. A lot of people think that the way you go about safety is slowing down all of AI development or something like that. But I think there are very surgical things you can do where you just have it, refuse to talk about topics such as reverse genetics or guide you through practical intermediate steps for some virology methods. Wait, those safeguards don't exist today at xai, they do.

Dan Hendricks

You're an advisor at xai.

Rufus Griscom

Yeah, yeah, yeah.

Dan Hendricks

But what were the models that you were testing to try to find out whether they would help with the, the enhanced creation of virologists?

Rufus Griscom

We tested pretty much all of the leading ones that had these sort of multimodal capabilities and they'll have some sort of safeguards. But there are various holes and so those are being patched or communicated that, hey, there are various issues here. And so I'm hopeful that very quickly some of these vulnerabilities will be patched with it and then if people want access to those capabilities, then they could possibly be a trusted third party tester or something like that, or work at a biotech company and then those restrictions could be lifted for those use cases. But random users, we don't know who they are, asking how to make some virus more lethal or something, sorry, animal affecting virus, just punt or have the model refuse on that. That seems fine.

Dan Hendricks

Yeah. We do see the benchmarks come in through each model release and it's like, oh, now it's squared 84th or 90th percentile or 97th percentile on this math test or on this bio test. And for us it's like, oh, that's the model doing it. But what you're trying to say is, and correct me if I'm wrong, if it's getting 90% of the way that an expert virologist might get, then it could take a crafty user a number of prompts effectively to find their way towards that 100%. Because if they try it enough times, they might accidentally get to the. Not accidentally, but they might end up getting the bad virus that we're trying not to have the public create.

Rufus Griscom

Yeah, yeah. So this is what concerns me quite a bit. And I'm being more quiet about this just to.

Dan Hendricks

Oh, you're talking about.

Rufus Griscom

That's what I'm talking about now. But I'm not, you know, there's this orders of magnitude. It's being taken care of at XAI and this is sort of in our risk management framework there. And other labs are taking this sort of stuff more seriously or finding some vulnerabilities and then they're patching them. So I'm being nonspecific about some of the vulnerabilities here, but hopefully can provide more precision once they have that taken care of.

Dan Hendricks

But yeah, okay, I look forward to reading the paper. You're an advisor to Scale AI. They are a company that will give a lot of PhD level information to models in post training. So you've trained up the model on all of the Internet. It's pretty good at predicting the next word and then it needs some domain specific knowledge. Scale from my understanding, has PhDs and really smart people writing their knowledge down and then feeding it into the model to make these models smarter. How does a company like Scale AI approach this? Do they have to say, all right, if you're a virology PhD, you shouldn't be fine tuning the model with your information. What's going on there and how are you advising them?

Rufus Griscom

I've largely been advising on measuring capabilities and risks in these models. We did for instance a paper on the weapons mass destruction related knowledge that models would have together last year and for that we were finding a lot of the academic knowledge or knowledge that you would find in the literature, like does it really understand the literature? Quite well. And we were seeing that in biology and for bioweapons related papers that they did. However, this just tested their knowledge, not their know how. So that's why we did the follow up paper to see what's their actual wet lab know how skills. And those were lower, but now they're higher. And so now those vulnerabilities need to be patched and those patches are I gather underway. So we've also worked on other sorts of things together, like in measuring the capabilities of these models because I think it's important the public have some sense of how quickly is AI improving, What level is it at Currently? A recent paper we did together was humanities last exam where we put together various professors and postdocs and PhDs from all over the world and they could join in on the paper if they submit some good questions that stump the AI systems. I think this is a fairly difficult test. So it was think of something really difficult that you encountered in your research and try and turn that into a question. And I think each person, each researcher probably has one or two of these sorts of questions. So it's a compilation of that. And I think when there's very high performance on that benchmark that would be suggestive of something that has say in the ballpark of superhuman mathematician capabilities. And so I think that would revolutionize the academy quite substantially because all the theoretical sciences that are so dependent on mathematic would be a lot more automatable. You could just give it the math problem and it could probably crack it or crack it better than nearly anybody on earth could. So that's an example capability measurement that we're looking at. We excluded in humanities last exam, no virology related skills. So we were not collecting data for that because we didn't want to incentivize the models getting better at that particular skill through this benchmark.

Dan Hendricks

And how's the AI doing today on that exam?

Rufus Griscom

They're in the ballpark of like 10 to 20% overall, the very best models. So it'll take a while for it to get to 80 plus percent, but I think once it is 80 plus percent, that's basically a superhero. Mathematician is one way of thinking of it.

Dan Hendricks

But the thing is, there are 10 to 20% now and many experts within the AI field. The practitioners. We had Jan on a couple weeks ago talking about how we're getting to the point of diminishing returns with scaling. That current growth trajectory, or the current trajectory of generative AI in particular is limited because basically the labs are maximizing their ability to increase its capabilities. So I'm curious what you think, whether you think that's right because you're obviously working with these companies, you're working with xai, you're working with scale. If we are getting to this data wall or some wall or some moment of diminishing marginal return on the technology, is it possible that all this fear is somewhat misplaced? Because if the AI is not going to get much better than it is right now, at least with the current methods, we may not be a year or two away from AGI. We may not be getting AGI at the end of 2025 like some people are suggesting. And so then maybe we shouldn't be as afraid because again, the stuff is limited.

Rufus Griscom

Yeah. So if we were trapped at around the capability levels that we're at now, then that would definitely reduce urgency and means one could chill out a bit more and take it easy. But I'm not really seeing that. I think maybe what he's referring to is these sort of pre training paradigms, so running out of steam. So if you take an AI train on a big blob of data and have it just sort of predict the next token, do what basically gave rise to older models like GPT4, that sort of paradigm does seem like it's running out of steam. It has held for many, many orders of magnitude, but the returns on doing that are lower. That is separate from the new reasoning paradigm that has emerged in the past year, which is where you train models on math and coding types of questions with reinforcement learning. And that has a very steep slope and I don't see any signs of that slowing down. That seems to have a faster rate of improvement than the pre training paradigm the previous paradigm had. And there's still a lot of reasoning data left to go through and do reinforcement learning on. So I think we have quite a number of months or potentially years of being able to do that. And so personally I'm not even thinking too specifically about what AIs will be looking like in a few months. They'll be, I think, quite a bit better at math and coding, but I don't know how much better. So I'm largely just waiting because the rate of improvement is so high and we're so early on in this new paradigm that I don't find it useful to try and speculate here. I'm just going to wait a little while to see. But I would expect it to be quite better in each of these domains, in these STEM domains.

Dan Hendricks

Right. I guess reasoning does make it better at the areas that you're mostly concerned about doing math, coding.

Rufus Griscom

Yeah, that's right. Yeah.

Dan Hendricks

Because when it goes, tell me again if I'm wrong, when it goes step by step, it's much better at executing and working on these problems than if it's just printing answers.

Rufus Griscom

Yeah. And there is a possibility, and this is sort of a hope in the field, I don't know whether it will happen, is that these reasoning capabilities might also give these agent type of capabilities where it can do other sorts of things like make a PowerPoint for you and do things that would require operating over a very long time horizon. Potentially those would fall out of that skill set, would fall out of this paradigm. But it's not clear. There has been a fair amount of generalization from training on coding and mathematics to other sorts of domains like law for instance. And maybe if those skills get high enough, maybe it will be able to sort of reason its way through things step by step and act in a more coherent, a goal directed way across longer time spans.

Dan Hendricks

I'm going to try to channel Yann here a little bit. I think he would say that this is still going to be constrained by the fact that AI has no real understanding of the real world.

Rufus Griscom

Well, I don't know. That sounds like almost a no true Scotsman type of Thing, it's like, what's real understanding mean? Let me give you this predictive ability. There's sort of like, if it can do the stuff, that's what I care about. But if it doesn't satisfy some strict philosophical sense of something, some people might find that compelling. But I don't.

Dan Hendricks

I'll give you an example, like with the video generators, like, if AI really understood physics, then when you say give me a video of a car driving through a haystack, it will actually be a car driving through a haystack, as opposed to what I've done is give it that prompt and it's just hay exploding onto the front of a car with perfectly intact hay bales in the background.

Rufus Griscom

I think that for a lot of these sorts of queries, at least for. With images, for instance, we'd see a lot of nonsensical arrangements of things and things that don't make much sense if you look at it more closely. But then as you just scale up the models and they tend to just kind of get it increasingly so. So we might just see the same for images or, excuse me, for video. I think as well they have some good world model stuff. Like they'll have vanishing points being more coher. And if I were drawing or anything like that, I'd probably be lacking an understanding of the physics and geometry of the situation and making things internally coherent relative to them. So I don't know. Yeah, they seem pretty compelling and have a lot of the details right, including some of the more structural details, but there'll be gaps that one can keep zooming into. But I just think that that set will keep decreasing, as was sort of the case with. With images and text before. I mean, text back in the day, the same argument. It doesn't have a real understanding of causality. It's just sort of mixing together words and whatnot. And when it was barely able to construct sentences coherently, now it can, and then. Yeah, and now it can. So I don't know if it like then got a real understanding in the sort of philosophical sense that he's thinking for language, but it was good enough. And that might be the case with video as well.

Dan Hendricks

There were points where I was like, oh, but it is getting the guy sitting on the chair. When I say, do a video of a guy sitting on a chair and kicking his legs. And those legs are kicking and they are bending at the joints. So there must be some understanding there.

Rufus Griscom

Yeah, in some ways. But if you ask them to do gymnastics and I'll just Have limbs flailing all the time.

Dan Hendricks

The person just disappears into the floor. Okay, like you said at the beginning, ChatGPT isn't going to kill us yet. Let's talk about hacking. I do think that we glanced over it a little bit before, but in terms of we're now going through, I think the humans plus AI problem. Right. And hacking to me is one that I think we should definitely focus on. You mentioned that we're still not quite there, but it does seem to me. Again, I'm just going to go back to the point I made earlier. You can really code stuff up with these things and they enable pretty impressive code already. You could think that ChatGPT could produce pretty good phishing emails if you just kind of creatively. And not just ChatGPT but all of these GPT models, if you creatively prompt it, it will give you an email that you can send and try to phish somebody. Or even let's say you just take an open source model like Deep Seq, download it and then run it without safeguards. So where's the risk with hacking? I know you said it's a little bit further off. Why is it further off? And what should people be afraid of or what should people be concerned of?

Rufus Griscom

Yeah, yeah. So the risk from it, more of the risk comes from when they're able to autonomously do the hacking themselves. So trying to break into a system, finding an exploit, escalating privileges, causing damage from there, things like that, and that requires multiple different steps. And these agential skills that I keep referring to, that they currently don't have. So although they could facilitate in ransomware development and other forms of malware for them to autonomously execute and infiltrate systems, that is something that will require the new agential skills. And I don't see it's very unclear when those arrive. Could be a few months from now, could be a year from now. It's a little less, I'm a little more suspicious, maybe it would even take two years for that. That's something for us to get prepared for, figure out how we're going to deal with that, try and make safeguards increasingly robust to people trying to maliciously use it in those ways. But yeah, I think much of the risk source comes from being able to take one of these AIs, let's say one of these deep seq AIs, let's say it's Deep Seq agent version and it's able to actually do these cyber attacks. Then you can just run 10,000 of them simultaneously and Then some rogue actor could have it target critical infrastructure. Then this is causing quite severe damage. So for critical infrastructure, this could be like have it reduce the detector or the filter in a water plant or something like that. Then the water supply is ruined. Or you could target these thermostats in various homes because they're often some of the more advanced ones are connected to WI fi and then you turn them up and down simultaneously and this can just ruin transformers and blow them and then they take multiple years to replace things like that. But they aren't capable of doing that sort of thing currently. So it's more of a on the horizon type of thing. But I'm not feeling the urgency with that currently. I'm more concerned about. I think there's more the geopolitics of this, like making sure that states are aware of what's going on in AI, like they're at least able to follow the news and things like that in some capacity. I think things like that feel somewhat more urgent to me than trying to address cyber risks. There are things to do though, and I think we should create incentives beforehand.

Dan Hendricks

But maybe I'm too much of an optimist for my own good. But when I hear you talk about this, I also get a little bit excited about the capabilities of these programs because for instance, if AI can enhance the function of a virus, AI can probably create a vaccine, make medical discoveries. If AI can hack into the infrastructure of some country, find exploits and turn the thermostats up and down, then AI could probably do incredible amounts of very beneficial coding and computer work for humanity. So if we do get to that point, it seems to me like there's going to be these maybe two poles here. Right. One is the potentially scary and destructive stuff that you can mitigate with some of the controls that you talked about. But also amazing opportunity.

Rufus Griscom

Yeah. So it's in the thermostat thing was for messing with the electricity and that strain on the power grid and destroying transformers just for clarification in case. But yeah, I think you're pointing at that. It's dual use. So I'm not saying AI is bad in every single way. And it's like other dual use technologies. Bio is a dual use technology, can be used for bioweapons, can be used for healthcare. Nuclear technology is dual use. There's civilian applications for it as well, and chemicals too. And we have managed all of those other ones by selectively trying to limit some particular types of usage and restricting the capabilities of rogue actors to some of these technologies and making sure there are good safeguards for the civilian applications, and then we can actually capture the benefits. So it's not an all or nothing type of thing with AI, it's what are surgical restrictions one can place so that we can keep capturing the benefits. And so for instance, with virology, that's a matter of you have the safeguards and then the researchers who want access to those can speak to sales. That's basically a resolution of that problem, provided that you have the models kept behind APIs. Now, on this dual use part though, there's an offense defense balance. So for some applications, it can help, it can hurt, and maybe it helps more than it hurts, or maybe it will hurt more than it will help. In bio, I think that is offense dominant. If somebody creates a virus, there's not necessarily a cure that it will immediately. If it would help a rogue actor make a somewhat compelling virus. Now that could be enough to cause many millions to die, and it may take months or years to find a cure. There are many viruses for which we have not found cures yet. And for cyber, in most contexts, there's a balance between offense and defense, where if somebody can find a vulnerability with one of these hacking AIs, then they could also use that to patch the vulnerability. There is an exception though, where in the context of critical infrastructure there, the software is not updated rapidly. So even if you identify various vulnerabilities, there will not necessarily be a patch because the system needs to always be on, or there are interoperability constraints or the company that made the software is no longer in business, these sorts of things. So our critical infrastructure is a sitting duck. And so in that context, cyber is offense dominant. But in normal context it's roughly, there's roughly a duality. And for virology, I think that's largely offense dominant.

Dan Hendricks

So before we go to the nation state element of this, I need to ask you a question about the actual research houses themselves. Every research house says they're a concern with safety. From OpenAI to XAI, everything in the middle. Maybe not deep seq, we'll get to deep seq yet, but they're the ones that are building this technology. And I find it a little strange that you have companies that are saying we're built, it's weird. We have to build this and advance this technology so we can keep people safe. I never really understood that message.

Rufus Griscom

Yeah, I don't know if it's to say that we need to keep people safe. I think it's more that the main Organizations that have power in the world now are largely companies. And so if one's trying to influence the outcomes, one basically needs to be a company is how many of them will reason. They'll think that, yeah, you could be in civil society or you could protest, but this will not determine the course of events as much. So there's sort of. Many of them are buying themselves the option to hopefully influence things in a more positive direction. But most of the effort will be to stay competitive and stay in this arena. So I think over 90% of the intellectual energies that they're going to spend is actually, actually how can we afford the 10x larger supercomputer? That means being very competitive, speeding this up and making safety be some priority, but not necessarily a substantial one. So I do think there is an interesting contradiction or something that looks like a contradiction there. But I think if we think back to nuclear weapons. Nuclear weapons, Nobody wants nuclear weapons. There'd be zero on earth. Fantastic. That would be a nice thing to have if that would be a stable state. But it's not a stable state. One actor may then develop nuclear weapons and they could destroy the other. This encourages states to do an arms race and it makes everybody all collectively less secure. But that's just how the game theory ends up working. So you get a classic, what's called a security dilemma. Everybody's worse off collectively. And even if you took it seriously to say, yes, nuclear technology is dual use and potentially catastrophic and we need to be very risk conscious about it, you can agree with all those things, but you still might want nuclear weapons because other parties will also have nuclear weapons. And unilateral disarmament in many cases just didn't make game theoretic sense in the way that an individual company pies in their development while others race ahead doesn't make game theoretic sense. So I think this just points to the fact that there's some game theory is kind of confusing. And so you're getting some things that are seeming contradictions that if you use a nuclear analogy, go, yeah, I suppose that makes sense. And it's just kind of an ugly reality to internalize.

Dan Hendricks

Doesn't that discount the fact that these companies, if they want to influence the way things are going, they are going to be. It's like you're one in the same. Yes, you're influencing, but without you, this wouldn't be moving as fast as it is. Like it is interesting. For instance, think about Elon Musk, right? Obviously he has you in two days a week to work on safety inside xai, but he's also putting together what million GPU data centers to build the biggest, baddest LLM ever.

Rufus Griscom

Well, if he didn't, then he would be having less influence over it. So it's, it's not something that I would envision. Everybody would just sort of voluntarily pause. So subject to companies not sort of voluntarily rolling over and dying, then what's the best you can do subject to those constraints? But the competitive pressures are quite intense such that they do end up prioritizing, focusing on competitiveness and other priorities. Like what's the budget for safety research? It will be generally lower than would be nice to have if this were a less competitive environment.

Dan Hendricks

Do you think Elon is more interested in restoring this original vision that he had for OpenAI, making everything open source, making it safe? I would imagine he founded OpenAI with Sam Altman as sort of a beachhead against Google because he was afraid of what Google was going to do with this technology. So I'm curious if you think that XAI is along that mission or is he more interested in the sort of soft cultural power that comes with having the world's best AI, for instance, like you can change the way that it speaks about certain sensitive political issues. It can be anti woke, which we all know is sort of where Elon stands. So what, where do you think his true interest lies in building xai?

Rufus Griscom

Well, I think the, and I won't position myself as sort of speaking on behalf of.

Dan Hendricks

Yeah, we won't put you as Elon spokesperson, but you are in there.

Rufus Griscom

Yeah. So I think that the mission is to understand the universe. And so this means having AIs that are honest and accurate and truthful to improve the public's understanding of the world. So we will be getting an AI very fast moving, trying situation with AI if it keeps accelerating. And so good decision making will be very important and us understanding the world around us will be very important. So if there are more features that enable truth seeking and honesty and good forecasts and good judgment and institutional decision making, those would be great to have with the hope is that GROK could help help enable some of that so that civilization is steering itself more prudently in this potentially more turbulent period that's upcoming. That's one read on the mission statement. But I think that's the objective of it is understand the universe. And there are different sub objectives that that would give rise to and I think it's ability to help culture process events without censorship or political bias one way or the other is a stated objective and I think that would be indispensable in the years going forward.

Dan Hendricks

Do you buy that that's what they're doing? Because we also heard the same thing from Elon when it came to buying Twitter. Now X I don't know.

Rufus Griscom

I think Community Notes has been quite.

Dan Hendricks

But that was something that was built under Jack Dorsey. I'm not going to take sides here. I'm going to just observe empirically what I've seen. We know that substack links have been deprioritized because it was seen as a competitor with Twitter. We know that Musk, I think according to reporting, changed the algorithm to have his tweets show up more often. And his tweets took a strong stance towards supporting Donald Trump in the election. So to me, the idea that hearing again from Elon, and again, look, I respect what Elon's done as a business person, but hearing again that he has a plan to make a culturally relevant product that's free of censorship and politically unbiased, I don't know if I believe that anymore.

Rufus Griscom

So I don't know about some of the specific things such as the waiting thing or something like that. Profile things, for instance. I think that overall in terms of cultural influence and people being more disagreeable and doing less self censoring has been successful. I think that was the main objective of it. So I think that X had a large role to play there. So I don't know. I think in terms of shaping discourse norms in the US that seems to have been successful in my view.

Dan Hendricks

Yeah. I'm not saying pre Elon Twitter didn't censor, which is probably the wrong word because that's usually from the government didn't sort of shape the definition of speech to its own liking. It obviously had a progressive approach and moderated speech on a progressive approach. I just don't think Elon is not using his own influence when it comes to how he runs X. But you and I could speak about this.

Rufus Griscom

Yeah, this isn't even my sort of wheelhouse as much, but yeah, having a sort of like. Like since you brought it up.

Dan Hendricks

Oh, okay.

Rufus Griscom

All right, sure.

Dan Hendricks

I mean just the non biased and truthful things, so it's worth it.

Rufus Griscom

So I mean if there are ways in which it's extremely biased one way or the other, that's useful to know. This is a thing that is continually trying to be improved, at least for Xai's Grok. So. And I think that all the sort of product offering could get quite better at this, but I'm not speaking as a sort of representative there or anything like that. But I guess right now, in my personal capacity, I think that there's things to improve on for all these models in terms of their bias.

Dan Hendricks

All right, we agree on that front. You hinted at it previously, but you talk a little bit about how companies, basically, how you don't think it's a good idea for there to be an arms race here, and certainly there is one between the US And China. We know that US has put export controls on China. China has in some ways gotten around them through very creative procurement processes that go through Singapore.

Rufus Griscom

Right.

Dan Hendricks

We can probably say that with a pretty good degree of confidence. Then, of course, we see the release of Deep SEQ and some other AI applications from China, and everyone's trying to build the better AI so that they have the soft power, like we spoke about, to effectively a control to influence culture across the world. But also it's an offensive capability and defensive. Like you're saying if your country has the ability to manipulate viruses or to do cyber hacks, you become more powerful and you get to sort of potentially put your view of the world, implant your view of the world on the way that it operates. You have a paper out that's sort of arguing against this arms race. It's called superintelligent Strategy. It's with you, Eric Schmidt, we all know, former CEO of Google. I think he just started. He's taking over a drone company, so you can tell me a little bit about that. And Alexander Wang, former. Not the former, the current CEO of Scale AI, who's been formerly on this show. Talk a little bit about why you don't think it's a good idea for countries to pursue this arms race. Do you? Say it might be leading us to mutually assured AI malfunction? Not mutually assured, like nuclear destruction. I think that's what you get that from.

Rufus Griscom

Yeah. So the strategy has three parts, one of which is competitiveness. But we're saying that some forms of competition could be destabilizing and that you may be irrational to pursue it because you couldn't get away with it. So, in particular, this making a bid for superintelligence through some automated AI research and development loop could potentially lead to one state having some capabilities that are vastly beyond another state's. If one state gets to experience a decade of development in a year and the other one is the year behind, then this results in a very substantial difference in the state's capabilities. So this could be quite destabilizing. If one state might then start to get an insurmountable lead relative to the other. So I think that form of competition would be very dangerous because there's a risk of loss of control and because it might incentivize states to engage in preventive sabotage or preemptive sabotage to disable these sorts of projects. So I think states may want to deter each other from pursuing superintelligence through this means. And this then means that AI competition gets channeled into other sorts of realms, such as in the military realm of having more secure supply chains for robotics, for instance, and for, for AI chips, having reduced sole source supply chain dependence on Taiwan for making AI chips. States can compete in other dimensions, but them trying to compete to develop superintelligence first, I think that seems like a very risky idea. And I would not suggest that because there's too much of a risk of velocity control and there's too much of a risk that one state, if they do control it, uses it to disempower others and affects the balance of power far too much and destabilizes things. But the strategy overall, think of the.

Dan Hendricks

Cold War before you go on the strategy. My reaction to that is, good luck telling that to China.

Rufus Griscom

So I think it's totally so for deterrence. I think if the US were pulling ahead, both Russia and China may have a substantial interest in saying, hey, cut this out, pulling ahead to develop superintelligence, which could give it a huge advantage and an ability to crush them. They'd say, you don't get to do that. We are making a conditional threat that if you keep going forward in this because you're on the cusp of building this, then we will disable your data center or the surrounding power infrastructure so that you cannot continue building this. I think they could make that conditional threat to deter it, and we might do the same, or the US might do the same to, to China or other states that would do that. So I don't see why China wouldn't do that later on. Right now they're not as thinking about superintelligence and advanced AI. So this is more of a description of what the dynamics later on when AI is more salient. But it would be surprising to me if China were saying, yes, United States, go ahead, do your Manhattan Project to build superintelligence, Come back to us in a few years and then tell us you can boss us around, because now we're in a complete position of weakness and we'll be at your mercy and we'll accept whatever you say or tell us to do, I don't see that happening. I think they would just say move to preempt or deter that type of development so that they don't get put in that fragile position.

Dan Hendricks

Are you in like the Eleazar Yudkowski camp of bombing the data centers if we get to superintelligence?

Rufus Griscom

Well, so I think I'm advocating or pointing out that it becomes rational for states to deter each other by making conditional threats and by means that are less escalatory, such as cyber sabotage on data centers or surrounding power plants. I don't think one needs to get kinetic for this. And I think that if discussions start earlier, I don't see any reason things need to be escalating in that way or, or unilaterally actually doing that. We didn't need to get a nuclear exchange with Russia to sort of express that we have a preference against nuclear war. So I think, thank goodness. So indicating or making conditional threats through deterrence seems like a much smarter move than hey, wait a second, what are you doing there? And then bomb. That seems needless.

Dan Hendricks

Yeah, I'm not into that. But what you're talking about is sort of assuming that there will be a lead that will be protectable for a while. But everything we've seen with AI is that no one protects a lead. Right?

Rufus Griscom

Well, if there's. So one difference is that when you get to a different Paradigm like automated AI R&D, the slope might be extremely high, such that if the competitor starts to do automated AI R&D a year later, they may never catch up. Just because you're so far ahead and your gains are compounding on your gains. Like in social media companies, Eric will use this analogy where if one of them starts blowing up and growing before you started, it's often the case that you won't be able to catch up and they'll have a winner take all type of dynamic. Right now the rate of improvement is not that high or there's less of a path for a winner take all dynamic currently. But later on, when you have the ability to run 100,000 AI researchers simultaneously, this really accelerates things. Maybe OpenAI's got a few hundred, maybe it will say 300 AI researchers. So going from 300 AI researchers to orders of magnitude more world class ones create quite substantial developments. This is something that isn't new. This is something that Alan Turing and the founders of computer science had pointed out that this is a natural property of when you get AIs at this level of capability, then this creates this sort of recursive dynamic where things start accelerating extremely quickly and quite explosively.

Dan Hendricks

Okay. We managed to spend most of our conversation today talking about present risks or like, risks. In the near future, we should focus a little bit more on intelligence explosion and loss of control. And we're gonna do that right after the break.

Rufus Griscom

Hey, you.

Dan Hendricks

I'm Andrew Seaman.

Rufus Griscom

Do you want a new job or.

Dan Hendricks

Do you wanna move forward in your career?

Rufus Griscom

Well, you should listen to my weekly.

Dan Hendricks

Show called Get Hired with Andrew Seaman. We talk about it all and it's waiting for you. Yes, you, wherever you get your podcasts. Race the rudders, Race the sails.

Rufus Griscom

Race the sails. Captain, an unidentified ship is approaching. Over.

Dan Hendricks

Roger. Wait, is that an enterprise sales solution?

Rufus Griscom

Reach sales professionals, not professional sailors. With LinkedIn ads, you can target the right people by industry, job title and more. We'll even give you a $100 cred on your next campaign. Get started today at LinkedIn.com marketer terms and conditions apply.

Dan Hendricks

And we're back here on big technology Podcast with Dan Hendricks. He is the director and co founder of the center for AI Safety. Dan, it's great speaking with you about this stuff. Let's talk a little bit. You've been sort of talking about it in the first half, but I want to zero in here on this idea of intelligence explosion or what you talk about as basically having AI autonomously improve itself. Just talk through a little bit about how that might happen and whether you see that being something that is actually probable in our future.

Rufus Griscom

Yeah, the basic idea is just imagine automating one AI researcher, one world class one. Then there's a fun property with computers, which is there's copy and paste. So you can then have a whole fleet of these. Well, with humans, if you just have one of them, maybe they'll be able to train up somebody else who has a similar level of ability. So this adds a very interesting dynamic to the mix. And then you can get so many of them proceeding forward at once. And AIs also operate quite quickly. They can code a lot faster than people. So maybe it's. Maybe you've got 100,000 of these things operating at 100x the speed of a human. How fast will that go? Maybe conservatively, let's say it's just overall 10xing research. But 10xing research would mean, say, like a decade's worth of developments in a year. So that telescoping of all these developments makes things pretty wild and means that one player could possibly get AIs that go from like very good, you know, world class to being vastly better than everybody at everything. And it's super intelligence, something that towers far beyond any living person or collective of people. So if we get an AI like that, this could be destabilizing because it could be, you know, used to develop a super weapon potentially. Maybe it could find some breakthrough for anti ballistic missile systems which would make nuclear deterrence no longer work or other types of ways of weaponizing it. So that's why it's destabilizing. So states then, if they're seeing, don't run this many AI researchers simultaneously in these data centers working to build a next generation or superintelligence. Because if you do so, then that will put us in, that will make our survival be threatened. So them deterring, that would help them secure themselves and they can make those threats very credible currently. And I think we'll continue to be able to have these threats be credible going forward. So this is why I think it might take a while for superintelligence to be developed because there'll be deterrence around it later on and then maybe in the farther future there could be something multilateral, but that's speaking quite far out in very different economic conditions. In the meantime, with the AIs that we'd have in the future, those could still automate various things and increase prosperity and all of that. So we'd still have explosive economic growth if you had something that was just at an average human level ability running for very cheap. So I think that those are some of the later stage strategic dynamics. And I don't think we can get away with, or I don't think any state could get away with trying to build a superintelligence, go build a big data center out in the middle of the desert, trillion dollar cluster, bring all the researchers there and just not invite the other states to go. What do you think you're doing here?

Dan Hendricks

You were at the White House yesterday.

Rufus Griscom

Well, this is largely just sort of speaking about some of these, you know, strategic implications.

Dan Hendricks

Are they receptive?

Rufus Griscom

Yeah, I mean it's, this isn't a. There's always interest in, you know, thinking what are some of the later term dynamics, what things should happen now and whatnot. But this is, I think when people think White House sounds, where the President lives. So there's the. Well, yeah, so there's the Eisenhower building, which is part of the White House, kind of not, but that's where everybody works and whatnot. And I think some of the things we were speaking about here, like Virology, advancements, things like that. There's just a lot of things to speak about and think what things make sense or what things to keep in mind going forward.

Dan Hendricks

Yeah, I guess I'd rather an executive branch paying attention to this stuff than not.

Rufus Griscom

Yeah, yeah, that's right. Yeah, yeah. And what are the sort of ways that help, you know, maintain competitiveness? Because you know how people normally think about this, they'll think it's all or nothing and good or bad thing. And we're saying no, it's dual use. So that means there are some particular applications that are concerning and there are other applications that are good and you want to stem the particularly harmful applications. And what are ways of doing that while capturing the upside.

Dan Hendricks

Right. Okay, so the intelligence explosion part of this conversation, Neville brings up the loss of control part where to me, I think the thing that when people think about AI harm, they're always worried that AI is going to escape the simulation or whatever it is and act on its own and try to basically ensure that it preserves itself. We've seen it recently. I think I brought this up at the beginning of the show where Anthropic has done some experiments where the AI has run code to try to copy itself over onto a server if it thinks that its values are at risk of being changed. Is this so it's fun to think about, but it's also like probably just probability, like if you run it enough times because it's a probabilistic. That's concerning though engine.

Rufus Griscom

If it was like, oh, it's only one in a thousand of them intend to do this? Well, if you're running a million of them, then you're basically certain to get many of them to try and self exfiltrate.

Dan Hendricks

And so are you worried that this self exfiltration is going to be a thing?

Rufus Griscom

I think from a recursive automated ARD thing, I think that has really substantial probability behind it of a loss of control in that situation.

Dan Hendricks

You're worried about this.

Rufus Griscom

So there's, there's that, but I would distinguish between that and these sort of things that are not superintelligences or things that are not coming from that sort of really rapid loop like the currently existent systems. I think that the currently existing systems are relatively controllable or if there is some very concerning failure mode. We have been able to find ways to make them more controllable. For instance, for bioweapons refusal. We used not to be able to make robust safeguards for them two years ago. But we've done research with methods such as called circuit breakers and things like that. And those seem to improve the situation quite a bit and make it actually prohibitively difficult to do that jailbreaking. Maybe we'll find something similar with self exfiltration. I think people generally want to claim that current AIs are not controllable. I think that they're not highly reliably controllable. They're reasonably controllable. Maybe we could get some or it seems plausible that we'll get to have increasing levels of reliability. And so I'm sort of reserving judgment. It'll depend more on the empirical phenomena. So I think everybody should research this more and we'll sort of see what the risks actually are. But there are some that seem less empirically tractable or things that can't be empirically solved, like this loop thing, like how are you going to. You can't run this experiment 100 times or something like that and make it go well. You're making a huge attempt at building a superintelligence and it has destabilizing consequences. This isn't something that that's totally unprecedented. And for that you have more of like a one chance to get it right type of thing. But with the current systems, we can continually adjust them and retrain them and come up with better methods and iterate. So. So it is concerning. It would not surprise me if this would really start to make AI development itself extremely hazardous. Instead of just the deployment, but instead inside the lab, you need to be worried about the AI trying to be breaking out. Sometimes that's totally in the realm of possibility. But yeah, I could see it going either way.

Dan Hendricks

Yeah. I mean, this personally freaks me out because, yeah, if you see the AI trying to deceive evaluators, for instance, or you see the AI trying to break out, you really can't trust anything it's telling you. And we had Demis Asabis on the show a little while ago and he's basically like, listen, if you see deceptive behavior from AI, if you see alignment faking, you really can't trust anything in the safety training because it's lying to you.

Rufus Griscom

There is truth to that.

Dan Hendricks

Are you seeing deceptiveness at Grok, by the way?

Rufus Griscom

Oh, yeah, yeah. So we have a paper out last week. We're just measuring the extent to which they're deceptive. And in the scenarios we have, like all the models were in these sorts of scenarios under slight pressure to lie, not being told to lie, but just some slight pressure, then some of them will lie like 20% of the time. Some of them like 60% of the time. So they don't really have this sort of virtue sort of baked into them, the virtue of honesty. So I think we'll need to do more work and we'll need to do it quickly. So I'm sort of speaking in a more nonchalant way about this, but I can't get worked up about every single risk because or else I'll just be at 11 all the time. So there are some that I'm putting in different tiers than other risks. And this is a more speculative one. We've seen these sometimes get surprisingly handleable. But yeah, it could end up making things really, really bad. We'll see. We'll do things about it to make that not be the case.

Dan Hendricks

Okay, thank you. Two more topics for you, then we'll get out of here. Center for AI Safety who's funding it?

Rufus Griscom

Well, so there's not sort of one funder. It's largely just various philanthropists. The main funder would be Jan Tallon and Jan Tellen. Others who's a Skype co founder. There's a variety of other philanthropies or philanthropists generally. For instance, Elon doesn't. I've never asked him to fund the center. So that isn't to say I don't get any money from Elon. My appointment at Xai, I get a dollar a year at scale. At scale. AI, I've increased my salary exponentially to where I get $12 a year, a dollar per month from scale. But I'll try not to. Or I'll try to avoid getting complicated, having some complicated relations with them just so that I can not feel on behalf of any of them in particular.

Dan Hendricks

You're basically doing the work for them for free.

Rufus Griscom

Well, but it's useful, right? It's useful to do. And I mean, yeah, I mean I think the main objective is just try and generate some value here and as best as one can by reducing these sorts of risks. Yeah, I think it's a good arrangement because it enables me to do have a choose your adventure type of thing of like, oh, now I think the politics or geopolitics, this is more relevant. So now I can. Can go off and learn about this for some months and then work on a paper there. Compared to if it's like, no, you gotta be coding 80 hours a week. That's your job. That would be quite restrictive. And I couldn't be speaking with you.

Dan Hendricks

So I'm glad you're here. Thank you, Alex Wayne. So let's talk a little bit about this funding because I think that after Sam Altman was fired and then rehired at OpenAI, there was a sort of skepticism around effective altruism's impact on the AI field. And even Jan Talen, I'm reading from his statements right after the OpenAI governance crisis, highlights the fragility of voluntary AI motivated governance. So the world should not rely on such governance working as intended. Now, Yan is of course associated with ea. EA is like basically leading the conversation around AI safety. Is that good?

Rufus Griscom

So I think that in terms of Yan, I think he's funded organizations that are EA affiliated. I don't know if he'd call himself that, but whatever. People can ascribe labels how they'd like. I think that the, I mean, I've tweeted that EA is not equal to AI safety. I think that EA community generally is in slur on these. So I lived in Berkeley for a long time when I was doing my PhD and there was sort of a school, a sort of AI risk school that was, had very particular views about what things are important. So malicious use, for instance, when I was talking about malicious use in the beginning of this thing historically, really against that. Yeah, yeah, they're only loss of control. Don't talk about malicious use. That's a distraction. And so that was annoying because I'd always been working on robustness as a PhD student where the main thing was malicious use. So yeah, I ended up leaving Berkeley even before graduating just because of the sort of relatively suffocating atmosphere and the sort of central focus on. There'd be some new fad and you'd have to get interested in that. Some elk eliciting late knowledge. This is the important thing that you, you have to focus on or you have to focus on inner optimizers. There's lots of these speculative, empirically fragile things. So for instance, this alignment faking stuff that you're seeing, there's some concern there, but I'm not totally sold that this is a top tier type of priority. But in these communities this is all that matters currently, roughly speaking, this involuntary commitments from AI companies, I think voluntary commitments from AI companies are also a distraction because the companies will, you should expect most of them by default to just break those sorts of commitments if they end up going up against economic competitiveness. So I think it's a distraction relatively. And so I think there are many people who think that EA's broadly, their influence on this sort of thing has not been Overall positive, I think, at least for me and other sorts of researchers in this space who've been interested in AI risks. The amount of pressure to adopt some particular positions though on this be extraordinarily high and I think quite destructive. So I'm very pleased now that in the most in the past year or so there's been a lot more diversity of opinion, which has been quite important. And I think this is just because the broader world is getting more interested in AI. So a lot of these fixation on this is the one particular risk, this is the most important risk and everything else is distraction that just doesn't work. When you're speaking with the or interfacing with the real world, there's a lot of complications and AI is so multifaceted, so you can't, in your risk management approach, you can't just be focusing on one of them.

Dan Hendricks

Right. So you're not an effective altruist.

Rufus Griscom

I don't think of myself as that. I don't particularly get along with this school of thought, this sort of Berkeley AI alignment monolith. And I'm pleased that people can be more independently operating in this space now, which I don't think was the case for many, many years, including basically the entire time I was doing my PhD, and there'll be many people like Dylan Hatfield Manell, a professor at MIT who was also at Berkeley at the time, very suffocating. Rohan Shah, researcher at DeepMind, Very suffocating. They'll all feel this way.

Dan Hendricks

Okay, let's bring it home. We've been talking for more than an hour about AI safety as if it's controllable, but open source is really putting up a pretty valiant effort in this field, keeping pace with the proprietary labs. And of course open source is not controllable. What do you think about that? I mean, we just saw Deepseek, not to go back to it all the time, but it effectively equaled the cutting edge at the proprietary labs and put the weights on its website. So how can we possibly have a relationship of safety with AI if open source is out there exposing everything that's been done?

Rufus Griscom

So I haven't been endorsing open source historically, but I've thought that releasing the weights of models didn't seem robustly good or bad. So I sort of was like, it's fine, seems to have complicated effects. There's an advantage to it, which it helped with diffusion of the technology so that more people would have access to it and sort of get a sense of AI. And this increased sort of literacy on this topic and just increase public awareness and get the world more prepared for more advanced versions of AI. So that's been my historical position, but this depends on it should always proceed by a cost benefit analysis. So if, for instance, they have these cyber capabilities later on, yeah, I think that would be a potential place to be drawing the line on open weight releases personally. In particular the ones that could cause damage to critical infrastructure. You could still capture the benefits by having the models be available through APIs. And if they're like software developers, they have access to these more cyber offensive capabilities. But if they're a random user, they don't. If they're a random faceless user, they don't. And likewise for virology, once there's consensus, once the capabilities are so high that there's consensus about it being expert level in virology, I think that would be a very natural place to be having an international norm, not saying a treaty, because those take forever to write and ratify, but to a norm against open weights if they are expert level virologists. For the same reasons that we had the biological weapons convent, Russia or the Soviet Union and the US got together for the Biological Weapons Convention, the US and China did as well. We also coordinated on chemical weapons with the Chemical Weapons Convention and the Nuclear Non Proliferation Treaty. States find it in their incentive to work together to make sure that rogue actors do not have extremely hazardous, potentially catastrophic capabilities like chem, bio and nuclear inputs. So I think something similar might be reasonable for AI when they get at that capability threshold.

Dan Hendricks

Dan, I am at once kind of reassured that people are thinking about this stuff, but also more freaked out than I was when we sat down. But I do appreciate you coming in and giving us the full rundown of what to be concerned about and what maybe not to be as concerned about as we think about where AI is moving next. So thank you so much for coming on the show.

Rufus Griscom

Yep, yep. Thank you for having me. This has been fun.

Dan Hendricks

Super fun. If people want to learn more about your work or get in touch, how do they do that?

Rufus Griscom

I guess this, this paper or strategy we've been speaking about is@NationalSecurity AI and then I'm also on Twitter or X or whatever it's called, you should know you work with the. They're@x.com Danhedrics would be another way of following the goings on as the situation evolves. We'll keep trying to put out work and seeing what's going on with these risks. And if we come with technical interventions to make them less, then we'll also put that out, too. So, yeah, that's where you can find.

Dan Hendricks

Well, Godspeed, Dan, and we'll have to have you back.

Rufus Griscom

Thanks again.

Dan Hendricks

All right, everybody, thank you for listening, and we'll see you next time on Big Technology Podcast.