All publications
publishedimmersive dossierhigh risk

Critical reading · A public proposal, not scientific consensus

Frontier AI, under review

Demis Hassabis proposes an evaluation gate before the most capable models are released. This dossier reconstructs the mechanism, challenges its premises, and asks who examines the examiner.

Start from zeroView learning map
Leer en españolSame factual ledger

Imagine a technology advancing faster than the instruments designed to measure it. Every new version performs better, yet tests age, some questions are defective, and real behavior changes when the model is connected to tools, users, and organizations. This is the problem Demis Hassabis's text tries to solve: create an institution capable of reviewing frontier AI models before they reach the market and continuing to track them afterward.

The idea is appealing because it turns an abstract debate about the future into a concrete mechanism: define thresholds, identify frontier labs, obtain early access, run evaluations, require remediation, and coordinate a response. But an institutional proposal does not become effective merely by describing its parts. It needs technical capacity, legal authority, independence, appeal procedures, protection of secrets, post-release monitoring, and a way to learn when its own tests fail.

This publication does not try to decide whether artificial general intelligence (AGI) will arrive soon or assign a probability of catastrophe. Those numbers are not available in the source. The guiding question is more useful: what would need to be true for a release gate to reduce risk without becoming opaque, captured, or impossible to operate? To answer, we will separate what Hassabis forecasts, what he proposes, what already exists, what external institutional sources measure, and what remains open.

You can read the journey as a pedagogical audit. First you will build a mental map; then you will inspect three statistical signals without mixing them; next you will tour the institutional architecture in 3D; finally, you will test with a reproducible scenario whether a 30-day window can contain the work it promises. No visual effect replaces evidence: every interaction has an explanation, formula, limit, and textual alternative.

01 · Essential map

The proposal in ninety seconds, without turning it into a promise

Hassabis begins with an urgent premise: models are progressing inside a commercial and geopolitical race that, in his view, is leaving our capacity to understand them behind. His answer is a U.S. standards body, funded largely by industry and publicly overseen. That body would decide which capabilities make a model frontier, which organizations become frontier labs, and which protocols they must pass before deployment.

To make it examinable, this dossier reconstructs the mechanism in six moves. The first four synthesize elements that Hassabis states explicitly or partly specifies: prepare documentation and access, classify the model, evaluate cyber, biological, and autonomous-action capabilities, and challenge protocols with held-out tests. The final two—an authority turning findings into release conditions and a cycle reopening the decision after deployment—are normative completions made by this dossier, not a legal architecture already defined by the author. That distinction lets us study the cycle without turning reconstruction into promise.

The essay proposes a voluntary phase and possible later formalization. It also suggests evaluations might change quarterly, saturated benchmarks be retired, and third parties help build tests. Decisive pieces remain missing: who grants authority, what rights an evaluated company has, what information becomes public, who answers for a mistaken decision, and how a foreign or noncooperative developer is treated. Understanding the proposal requires holding the mechanism and its gaps at the same time.

02 · Learning to classify

Five kinds of statement that must not be mixed

A reader can leave impressed and still not know what they just accepted. Classification is the antidote. When Hassabis places AGI a few years away, he makes a forecast. When he compares its impact to a multiplied Industrial Revolution, he uses quantitative rhetoric. When he describes prerelease review, he presents a proposal. When he says competition accelerates benefits and risks, he combines observation and causal interpretation. When he asks about purpose and post-scarcity, he opens a normative discussion.

This separation does not weaken the essay; it makes a fair reading possible. A vision can guide research without constituting evidence. An analogy can reveal a mechanism without transferring every feature of the original case. A proposal can answer a real problem and remain incomplete. Error begins when visual design erases these boundaries: an invented curve turns rhetoric into data; a risk meter turns assumptions into false precision; a 3D scene turns spatial proximity into probability. Here each class keeps its label.

01

Forecast

Describes an expected future. It should name the author, horizon, criterion, and reasons for doubt; it is not presented as an observation.

02

Analogy

Transfers a useful structure, such as FINRA, but always needs a sentence explaining where it stops working.

03

Proposal

Defines desired actors and actions. It is assessed through coherence, feasibility, incentives, and accountability mechanisms.

04

Data

Comes from a particular method and unit. Its reach ends where the dataset, benchmark, and measurement design end.

05

Value judgment

States which future is desirable. It requires social deliberation and cannot be delegated to technologists alone.

03 · Statistical evidence

The frontier advances; the instruments can break too

Three signals help explain why measurement has become a governance problem. The 2026 AI Index reports a 30-percentage-point gain in one year on Humanity's Last Exam. In the same synthesis, a review found between 2% and 42% invalid questions in widely used benchmarks. The responsible AI chapter recorded 233 documented incidents in 2024 and 362 in 2025. These are different data with different units, and they must not be added into a danger index.

The first panel shows relative speed inside one evaluation. The second shows that an instrument can contain enough defects to distort comparisons. The third shows repositories documenting more incidents, but does not distinguish how much of the increase comes from wider deployment, more harm, better media coverage, or record changes. The correct reading is not that any number proves the whole thesis. It is that an institution deciding about models must refresh tests, state uncertainty, and observe the world beyond the lab.

NIST adds a crucial distinction. Accuracy on the questions contained in a benchmark can differ from generalized accuracy across the universe of similar questions. In its analysis of 22 models and 3 benchmarks, it proposes statistical models that make assumptions explicit and quantify uncertainty more effectively. This improves decisions, but it does not produce a universal safety test. Good measurement begins by stating which variable is not being measured.

Observed data · derived comparison

Three signals of the measurement problem

Select a signal to read it without mixing units.

How to read this signalBenchmark velocity

Shows progress inside one test. It does not measure general intelligence or safety.

Method, table, and limits
SignalPeriod or rangeValueDoes not mean
Humanity's Last ExamOne year+30 percentage points30 points of general intelligence
Invalid questionsMMLU Math to GSM8K2%–42%Error rate of every benchmark
Documented incidents2024 to 2025233 → 362Total causal harm rate
Sources
SRC-103 · SRC-104
Primary limit
Humanity's Last Exam measures one benchmark, not general intelligence or safety. Invalid-question rates come from different benchmarks, and incidents are curated records that may be revised.
Three separate panels: a 30 percentage-point gain on Humanity's Last Exam; invalid questions ranging from 2% to 42%; and documented incidents rising from 233 in 2024 to 362 in 2025.

04 · Guided 3D tour

A release gate is a chain of responsibility

The scene represents six stages, not a galaxy of risk. Use previous and next to follow the flow from the lab to monitoring. Every node answers four questions: who acts, what they receive, what they produce, and what remains undefined. Glow identifies the selected stage; it does not encode importance, certainty, or probability. The same information remains in a navigable list and table so WebGL is never the only route to understanding.

Notice where independence changes. The developer has the deepest knowledge of the system and an incentive to release it. The body needs access and talent, yet may depend financially on labs. Agencies and national laboratories add expertise in sensitive domains while protecting secrets. External auditors diversify review but need accreditation and oversight. The final authority requires legal grounding and an appeal procedure. After release, users, researchers, and incident registries become sensors of the real system.

The important lesson is in the links. A model card without technical access can remain a declaration. A benchmark without a statistical protocol can yield a fragile classification. A decision without remediation turns an audit into punishment; remediation without verification becomes a promise. A release without monitoring assumes the lab reproduces the world. The architecture is only as strong as the transfer of evidence between stages and the ability to reopen a decision.

Illustrative normative reconstruction · geometry does not encode risk

3D tour of the release gate

Guided six-stage tour. Stages 5 and 6 complete gaps; they are not powers already granted.

Step 1 · Explicit proposal

The lab prepares evidence and access

Owner
Developing laboratory
Receives
Model, model card, internal controls, and secure environment
Produces
Verifiable package and technical access
Open question
What must be disclosed, and what needs protection?
Full table, assumptions, and limits
StagePrimary ownerEvidence or actionOpen question
1. PrepareLaboratoryModel card, internal controls, and secure accessWhat must be disclosed?
2. ClassifyStandards bodyRevisable capability thresholdHow is arbitrage prevented?
3. EvaluateAgencies and expertsTests of cybersecurity, biological risk, and autonomous actionWhat coverage is enough?
4. ChallengeIndependent auditorHeld-out tests and protocol reviewWho audits the auditor?
5. DecideAuthority to be definedPossible decisions: release, condition, remediate, or pauseWhat authority and appeal exist?
6. MonitorActors to be definedIncidents, drift, and vulnerabilities reopen reviewWho can reopen the decision?
Assumptions
The sequence synthesizes the proposal and institutional practices; stages 5 and 6 are normative completions made by the dossier, not legal powers already defined by Hassabis. Position, distance, and glow do not encode risk magnitude. Every stage requires evidence that is also available in the DOM and in the alternative table.
Limits
The scene does not show that the system reduces risk or resolve jurisdiction, regulatory capture, or noncooperative models. Gaps and open questions are pending design decisions, not an absence of risk.
Six-stage reconstruction from the lab and frontier classification through independent review and two normative completions: release decision and post-release monitoring.

05 · Capacity lab

Thirty days are not a conclusion: they are an operational constraint

The essay suggests sharing a model up to 30 days before release. To know whether that window is plausible, it must first be translated into work: submitted models, suites per model, repetitions, accelerator hours, parallelism, expert review, and real utilization. The simulator calculates two bounds. The optimistic one assumes compute and human analysis occur in parallel; the conservative one adds both durations. Their difference shows how much the schedule depends on coordination.

Worked example using the initial scenario: 3 models × 12 suites × 20 repetitions × 8 hours produce 5,760 accelerator-hours. Dividing by 24 accelerators × 24 hours per day × 0.75 utilization gives 13.3 compute days. Human review totals 3 × 12 × 10 = 360 analyst-hours; with 8 analysts × 8 hours per day × 0.75, it takes 7.5 days. In parallel, the optimistic bound is 13.3 days; adding both workloads gives a conservative 20.8 days and leaves 9.2 days inside the window. These are scenario outputs, not a guarantee.

Before moving a control, make a prediction. If you double repetitions without increasing accelerators, compute days should grow. If you add analysts, human review should shrink. If an input in the numerator increases and duration falls, the model is broken. Then inspect sensitivity: the system recalculates every parameter with a 20% variation and shows which ones dominate the conservative result. This local monotonicity test is more valuable than a spectacular animation without verifiable logic.

The result only answers whether the described work fits under those assumptions. It does not answer whether suites are valid, cover emergent behavior, have wet-lab availability, offer experts secure access, or are recognized by the model as evaluation. More runs can produce more confidence in the wrong variable. The window must be understood as a capacity and governance decision, not as a scientific guarantee.

Synthetic scenario · does not predict safety

Can rigorous review fit into 30 days?

Predict first; then move the controls and explain what changed.

Primary workload
18 models
424 suites/model
550 runs/suite
124 accelerator·hour/run
464 accelerators
224 analysts
Advanced parameters
220 analyst·hour/(suite·model)
5095 %
5095 %
1460 days
Fits under these assumptions9.2 days

Conservative margin

Compute13.3 days
Human review7.5 days
30 days
Optimistic duration
13.3 days
Conservative duration
20.8 days

Conservative-result sensitivity

Change in days when each input rises by up to 20%—utilization is capped at 100%. For discrete quantities, this is a continuous local approximation, not a literal scenario. Capacity variables are shown as duration reductions.

  1. Submitted models+4.2 d
  2. Suites per model+4.2 d
  3. Runs per suite+2.7 d
  4. Compute per run+2.7 d
  5. Parallel accelerators-2.2 d
  6. Compute utilization-2.2 d
  7. Review per suite and model+1.5 d
  8. Analysts-1.3 d
  9. Human utilization-1.3 d

Fits under these assumptions. 9.2 days. Optimistic duration: 13.3 days. Conservative duration: 20.8 days.

Local text: it stays in this tab.0/320
Formulas, units, live table, and limits
D_compute = (models × suites × runs × hours) / (24 × accelerators × utilization)D_human = (models × suites × review hours) / (8 × analysts × utilization)Optimistic = max(D_compute, D_human) · Conservative = D_compute + D_human
VariableValueUnit
Submitted models3models
Suites per model12suites/model
Runs per suite20runs/suite
Compute per run8accelerator·hour/run
Parallel accelerators24accelerators
Analysts8analysts
Review per suite and model10analyst·hour/(suite·model)
Compute utilization75%
Human utilization75%
Review window30days
Assumptions
Initial values are an editable synthetic scenario, not observed costs. The optimistic duration allows full overlap between compute and analysis; the conservative duration adds them.
Limits
More runs do not guarantee coverage, construct validity, or risk detection. It does not model wet labs, secure access, benchmark creation, legal coordination, or real specialist availability.
Capacity simulator comparing compute and human-review days with a 30-day window and showing optimistic and conservative results; it does not estimate safety.

06 · The real starting point

The United States is not starting from zero: CAISI already occupies part of the map

The proposal can sound like the creation of a capability that does not exist. Yet CAISI, inside NIST, already presents itself as the government's point of contact for testing and industry collaboration. Its mandate includes voluntary agreements with developers and evaluators, cyber, bio, and chemical capability assessments, analysis of U.S. and adversary systems, and coordination with several federal agencies. It also publishes work on benchmarks, agents, and monitoring.

The difference is not semantic. CAISI describes voluntary cooperation and technical evaluation; the essay imagines a path toward market requirements and a hybrid organization funded largely by industry. The right question is therefore not whether to create an institution from nothing. It is which functions should remain public, which can be delegated, what additional authority is needed, how it can be funded without capture, and how existing capability can be integrated rather than duplicated.

Recognizing what already exists improves the proposal. It enables comparison of outcomes, identification of mandate gaps, and capacity estimates grounded in operational evidence. It also avoids a common policy trap: announcing a new structure before understanding why current structures fall short. A credible reform should publish an inventory of functions, owners, interfaces, and performance metrics that would justify moving or adding authority.

01

Already exists

Voluntary cooperation, technical evaluation, measurement work, and interagency coordination.

02

The proposal adds

A laboratory classification, a possible market gate, and industry funding at greater scale.

03

Still missing

Authority, due process, transparency, demonstrated capacity, jurisdictional limits, and auditing of the body itself.

07 · Analogy with limits

FINRA shows how expertise is built—and how capture risk can arise

The analogy helps us imagine a private organization that deeply understands an industry, charges its members, applies rules, and operates under public oversight. FINRA is a member-funded nonprofit registered with and overseen by the SEC. That structure can pay for specialized knowledge and react faster than a general bureaucracy. It also places the regulator close to the entities it knows and depends upon.

The SEC itself describes the inherent conflict when an organization serves commercial interests while regulating its members. Applied to AI, the problem may intensify: a few labs concentrate talent, compute, and data; technical criteria change; competition is geopolitical; a model may originate beyond the jurisdiction; and open weights may keep circulating after a decision. Industry funding can solve capacity and simultaneously bend priorities or raise barriers for smaller competitors.

FINRA is therefore not a template to copy. It is a design question. Who appoints the board? Which members must recuse themselves? Can the public authority veto rules? How does a lab appeal? Which information stays confidential and which becomes public? Who investigates the body if it minimizes a risk or favors a member? The analogy works when it forces answers to those questions; it breaks down when its name substitutes for legal and institutional analysis.

01

Helps explain

Sector expertise, stable funding, common rules, federal oversight, and capacity to adapt.

02

Stops working

AI is global, replicable, and dual use; it has no members, products, or jurisdiction equivalent to securities markets.

03

Essential control

Board independence, recusals, external audit, graduated transparency, appeals, and clearly defined public authority.

08 · Steelman and stress test

The strongest version of the proposal must survive its strongest objections

The strongest argument for it is coordination. Labs may face disincentives to slow down unilaterally in an intense race; no single agency holds all cyber, biological, statistical, and operational expertise; and no public benchmark stays valuable forever. A common body could create comparable expectations, reserve tests, protect sensitive access, fund evaluators, and offer a remediation path before a failure scales. Its purpose would not be to predict everything, but to raise the cost of ignoring known signals.

The strongest objection concerns legitimacy and measurement. If labs fund the examiner, they may influence what counts as risk. If the body uses visible thresholds, developers may optimize to cross them. If it uses secret tests, public auditability falls. If it exempts models below the threshold, it invites arbitrage or ignores combinations of systems. If it centralizes sensitive information, it becomes a security target. If an imperfect evaluation blocks market access, it may favor incumbents and delay legitimate benefits.

NIST has already observed solution contamination and grader gaming in agentic tasks. This does not mean human intent or universal deception; it means an implementation can reward shortcuts that violate its objective. Held-out tests reduce exposure but do not solve validity, coverage, or distribution shift. The design must combine automated evaluations with red teaming, specialists, whole-system analysis, and field evidence. Auditing the benchmark is as important as auditing the model.

01

Capture

Funding adds capacity and can shape agenda, appointments, confidentiality, and enforcement intensity.

02

Gaming

A system can improve its score by exploiting the protocol without acquiring the property the test intends to measure.

03

Arbitrage

Rigid thresholds allow activity to be split, combined, or displaced to avoid duties without reducing impact.

04

Jurisdiction

U.S. market access does not ensure global cooperation, inspection of foreign models, or control over open weights.

05

Concentration

Gathering models, vulnerabilities, and held-out tests improves evaluation and creates a very valuable target for attackers.

06

False closure

Passing review can become a safety seal and reduce vigilance precisely when real-world use begins.

09 · Provenance and interests

The proposal should be read alongside its author's institutional position

Hassabis is co-founder and CEO of Google DeepMind and Founder and CEO of Isomorphic Labs, a company whose stated mission is to find solutions for disease through digital biology. That experience gives him privileged knowledge of frontier capability, evaluation, applied science, and laboratory constraints. It also means he leads organizations that could be regulated by the regime or benefit from the technology he presents as transformative. These facts do not invalidate his argument or show bad faith. They do require disclosure and a design that does not depend on trust in any person or company.

The corporate context is especially relevant because Google published a FARO proposal in June 2026 with close similarities: an industry-funded body, federal oversight, standards, and attestation or audits. That document separates this channel from a different offer: early access for the U.S. government. Comparing the texts shows continuity of design, not conspiracy. The safe inference is that the personal essay belongs to a broader institutional debate in which Google has already taken a position.

The right response is symmetrical transparency. Labs should disclose frameworks, incidents, and conflicts; auditors should disclose funding and methods; the authority should publish rules, recusals, and reasons for decisions; and this publication should record its exact source, limits, and corrections. Provenance does not replace the argument. It lets us assess which evidence is missing and which incentives could shape its selection.

10 · The world after the lab

Prerelease evaluation ends just as the real system begins

A model does not enter the world alone. It is integrated with instructions, tools, memory, databases, permissions, products, and people. It changes through updates, fine-tuning, new uses, and adaptive attacks. Behavior absent in the lab may emerge as the input distribution or incentive changes. A prerelease gate is therefore a condition for learning, not a permanent certificate.

NIST organizes post-release monitoring into functionality, operations, human factors, security, compliance, and large-scale impacts. It also records obstacles: drift, fragmented logging, immature methods for detecting deceptive behavior, competitive pressure, and the difficulty of scaling human review. These limitations explain why the 3D cycle ends in monitoring and returns to evaluation. A critical vulnerability should be able to reopen the decision, trigger remediation, and refresh the benchmark.

The institution needs process and outcome indicators. Counting reviewed models is not enough. It should measure response time, domain coverage, reproducibility, evaluator disagreement, post-release findings missed by review, completion of remediation, and incident-report quality. Even those metrics can be gamed. The defense is to publish definitions, preserve audit data, and allow independent review of the institution itself.

11 · From technical control to society

Abundance does not mean distribution, purpose, or legitimacy

The essay ends with a vision of accelerated science, productivity, and possible post-scarcity. That possibility can inspire, but it is not an automatic consequence of technical capacity. Even very abundant production depends on energy, infrastructure, ownership, prices, institutions, and bargaining power. A discovery can exist without reaching those who need it. A productivity gain can raise welfare, concentrate rents, or do both across different groups.

Frontier regulation also does not answer by itself who receives benefits, who carries labor transitions, what knowledge remains open, or how countries without leading labs participate. These are not a soft appendix to safety. They shape legitimacy, cooperation, and society's willingness to accept risk. A technical body needs channels of deliberation that include workers, domain scientists, civil society, affected communities, and countries with less compute capacity.

The most responsible conclusion is conditional. If AI produces extraordinary advances, distribution and purpose will still need design. If progress slows, present harms will still require governance. If dangerous capabilities emerge, coordination will be more urgent and more difficult. Post-scarcity must remain a scenario for reflection, never a guaranteed return for accepting one institutional architecture.

12 · Conditional conclusion

What would need to be true for the framework to work

The proposal identifies a real deficit: capability, deployment, and competitive pressure can advance faster than evaluation. Its answer—an adaptable, technically competent, coordinating institution—deserves development. But the essay still provides an architecture of intention. Turning it into policy requires showing that the body measures relevant constructs, resists capture, protects information, treats participants fairly, and learns from later failures.

A useful pilot should freeze objectives before observing results, use historical and synthetic cases, compare evaluators, measure false positives and false negatives, record costs, and publish uncertainty. It should also test what happens when a lab does not cooperate, a benchmark leaks, two auditors disagree, a vulnerability appears later, or a foreign model crosses the threshold. Without those tests, the claim that the system preserves innovation and safety remains a hypothesis.

The decision is not a choice between speed and control as absolutes. It is the design of review capacity able to say what it knows, what it does not know, and when it must change its mind. That standard also applies to this dossier: figures link to sources, inferences are labeled, the simulator discloses its formula, and the 3D has a complete alternative. Premium experience is not the removal of uncertainty through glow. It is making uncertainty understandable, debatable, and auditable.

01

Validity

Tests must measure their declared risk or capability, with uncertainty, replication, and contamination review.

02

Independence

Funding, appointments, recusals, and auditing the auditor must keep expertise from becoming capture.

03

Due process

Published criteria, right to respond, verified remediation, appeal, and documented reasons for every decision.

04

Capacity

Enough talent, compute, secure access, and domain experts to prevent deadlines from hollowing out review.

05

Post-release learning

Monitoring, incidents, drift, and new attacks must reopen decisions and refresh evaluations.

06

Global legitimacy

International cooperation needs reciprocity, representation, and rules for open, foreign, and noncooperative models.

Understanding checkpoint

Check your mental model, not literal memory

Answer without scrolling up. The goal is to catch a conceptual mix before reading the explanation.

0/5ideas checked0 correct answers
01“AGI could be a few years away” is primarily…
02What changes when we recognize that CAISI already runs voluntary evaluations?
03What is the most important limit of the FINRA analogy?
04A model passes prerelease review and later changes when connected to tools. Which control is missing?
05In the simulator, you double repetitions while holding accelerators, hours, and parallelism constant. What must happen?
This text stays in your browser and is not sent anywhere.0/480

Traceability

Evidence ledger

18registered claims
CLM-101Hassabis estimates that AGI could be a few years away; this is a personal forecast, not a scientifically established date.disputed

Locator: First essay paragraph; contrasted with the international report executive summary

Uncertainty: Experts disagree about the future pace, and there is no universal operational AGI criterion that produces this date.

CLM-102The comparison with 10 times the Industrial Revolution at 10 times the speed expresses rhetorical magnitude; the essay provides no measurement supporting it.direct

Locator: Third essay paragraph

Uncertainty: It must not be converted into a probability, curve, growth rate, or economic data point.

CLM-103Hassabis proposes that labs initially share their models with the standards body up to 30 days before release.direct

Locator: A Framework for a Frontier AI Standards Body, prerelease-review paragraph

Uncertainty: The number is part of the proposal; it does not show that the window is sufficient for rigorous evaluation.

CLM-104The framework proposes updating evaluations perhaps quarterly, retiring saturated benchmarks, creating held-out tests, and developing an external-auditor ecosystem.direct

Locator: Standards-body section, paragraphs on refresh, held-out tests, and third parties

Uncertainty: The essay does not specify budget, capacity, appeal procedure, or success criteria for those functions.

CLM-105CAISI already maintains voluntary agreements with developers, evaluates capabilities relevant to national security, and coordinates methods with several federal agencies.direct

Locator: CAISI institutional page, function list

Uncertainty: The source describes a voluntary regime, not the general market-access gate imagined in the essay.

CLM-106FINRA is a private nonprofit funded by members and overseen by the SEC; the SEC recognizes an inherent conflict when an organization both serves and regulates its members.triangulated

Locator: FINRA, How We Are Organized and Funded; SEC, introduction and section A

Uncertainty: The financial analogy does not automatically transfer authority, jurisdiction, or safeguards to global AI.

CLM-107According to the 2026 AI Index, frontier models gained 30 percentage points in a single year on Humanity's Last Exam.direct

Locator: Technical Performance, finding 1

Uncertainty: The gain belongs to one benchmark and does not equal 30 points of general intelligence or safety.

CLM-108A review cited by the 2026 AI Index found invalid-question rates between 2% and 42% in widely used evaluations.direct

Locator: Technical Performance, finding 5

Uncertainty: The range combines different benchmarks and is not an error rate for all systems or evaluators.

CLM-109The AI Incident Database recorded 362 documented incidents in 2025, compared with 233 in 2024.direct

Locator: Chapter highlights and section 3.2, pages 2 and 6

Uncertainty: These are curated, revisable reports; the increase alone does not show that the causal harm rate rose by the same proportion.

CLM-110NIST distinguished benchmark accuracy from generalized accuracy while analyzing 22 frontier models across 3 benchmarks, showing that the measures can differ.direct

Locator: NIST AI 800-3 abstract and contributions

Uncertainty: The technique improves uncertainty quantification in specific settings; it does not turn a benchmark into a total safety measure.

CLM-111NIST cautions that automated benchmarks do not fit every objective and must be complemented by other methods when a task is dynamic, open-ended, or context-dependent.direct

Locator: NIST AI 800-2 introduction and Table I.1

Uncertainty: The document is an initial draft and does not prescribe a complete institutional governance design.

CLM-112CAISI documented solution contamination and grader gaming in agentic tasks, so a high score may not represent the capability an evaluation intended to measure.direct

Locator: Examples, definition, and practices for evaluation cheating

Uncertainty: The logs come from specific tasks and do not prove human-like intent or universal behavior.

CLM-113NIST considers post-deployment monitoring crucial and lists open problems including drift, fragmented logging, deceptive behavior, and scaling human review.direct

Locator: NIST AI 800-4 monitoring categories and challenge list

Uncertainty: The source identifies gaps; it does not show that a specific scheme resolves them.

CLM-114The international scientific report notes expert disagreement about the pace of progress and loss of control, and states that benchmarking, red teaming, and auditing have limitations.direct

Locator: Executive summary, points on progress, loss of control, and mitigations

Uncertainty: It is an institutional synthesis and deliberately preserves divergent scenarios and views.

CLM-115Hassabis's proposal closely resembles the FARO published by Google in June 2026: both combine industry funding, federal oversight, standards, and attestation or audits; Google treats early access offered to government as a separate channel.triangulated

Locator: Comparison between the standards-body section and pages 3, 9, and 10 of Google's document

Uncertainty: Documentary similarity does not prove coordinated authorship, hidden motive, or complete legal equivalence.

CLM-116Hassabis is co-founder and CEO of Google DeepMind and Founder and CEO of Isomorphic Labs; he leads a potentially regulated lab and a digital-biology company connected to scientific benefits highlighted by the essay.triangulated

Locator: Google DeepMind, Our vision; Isomorphic Labs, Leadership Team; essay discussion of Frontier Labs and science

Uncertainty: This is a relevant institutional interest requiring transparency; it is not evidence of bad faith.

CLM-117A credible release gate needs to combine prerelease evaluation, held-out tests, independence, explicit uncertainty, remediation, and post-release monitoring; no isolated score is enough.triangulated

Locator: Synthesis derived from benchmark limits, statistics, cheating, monitoring, and self-regulation conflicts

Uncertainty: This is an argued design criterion, not an empirical guarantee of net safety.

CLM-118Abundance and post-scarcity appear in the essay as future possibilities, not as demonstrated economic outcomes.direct

Locator: Introduction and The Future Is Not Yet Written section

Uncertainty: The essay does not model distribution, prices, energy, labor, ownership, or institutions needed for post-scarcity.

Operational bibliography

Sources and limitations

15registered sources
  1. SRC-101
    internal artifactInternal evidence · not publicly available

    A Framework for Frontier AI and the Dawning of a New Age — supplied text

    Demis Hassabis text supplied by the user · 2026-07-14

    Locator: pasted-text-1.txt attachment; base64-preserved bytes and manifests under content/intake/frontier-ai-framework

    Integrity fingerprint: sha256-f485b0b09a0d7bf48a40b9aa0c48a97c160167b54e4d506651487bc79dd98d4d

    This is the author's policy opinion, not a peer-reviewed paper or a consensus measurement.
  2. SRC-102
    primary source

    A Framework for Frontier AI and the Dawning of a New Age

    Demis Hassabis · 2026-07-14

    Locator: Full essay: AGI forecast, risks, standards body, and post-scarcity questions

    The public page may require JavaScript or block automated extraction; the analysis also uses the authorized hashed copy.
  3. SRC-103
    secondary source

    Technical Performance — 2026 AI Index Report

    Stanford Institute for Human-Centered AI · 2026-07-14

    Locator: Findings 1 and 5: Humanity's Last Exam and invalid-question rates

    This is a synthesis of multiple evaluations; its metrics are not a general measure of intelligence or safety.
  4. SRC-104
    secondary source

    Responsible AI — 2026 AI Index Report

    Stanford Institute for Human-Centered AI · 2026-07-14

    Locator: Chapter highlights and section 3.2, PDF pages 2 and 6

    Incidents are documented reports whose totals change with new additions; they do not estimate the total rate of AI-caused harm.
  5. SRC-105
    primary source

    Practices for Automated Benchmark Evaluations of Language Models — NIST AI 800-2

    NIST Center for AI Standards and Innovation · 2026-07-14

    Locator: Abstract, introduction, and Table I.1 on the scope and limits of automated benchmarks

    This is an initial draft of voluntary practices and is scoped to automated benchmark evaluations.
  6. SRC-106
    primary source

    Expanding the AI Evaluation Toolbox with Statistical Models — NIST AI 800-3

    National Institute of Standards and Technology · 2026-07-14

    Locator: Abstract and contributions: benchmark accuracy, generalized accuracy, and GLMMs

    The study analyzes specific models and benchmarks; it does not validate a single regulatory threshold for all risks.
  7. SRC-107
    secondary source

    International AI Safety Report 2026

    International AI Safety Report — more than 100 experts from over 30 countries and international organizations · 2026-07-14

    Locator: Executive summary and §§1.3, 2.2.2, and 3.2–3.3 on forecasting gaps, loss of control, and evaluation limitations

    This is an international scientific assessment published in February 2026; it preserves disagreements, its evidence base closes before December 2025, and it provides no reliable date for specific capabilities or AGI.
  8. SRC-108
    primary source

    About FINRA

    Financial Industry Regulatory Authority · 2026-07-14

    Locator: Sections How We Carry Out Our Mission and How We Are Organized and Funded

    FINRA regulates member broker-dealers under U.S. law; the analogy does not resolve jurisdiction, open models, or global AI coordination.
  9. SRC-109
    primary source

    Cheating on AI Agent Evaluations

    NIST Center for AI Standards and Innovation · 2026-07-14

    Locator: Examples of solution contamination, grader gaming, and detection practices

    The examples come from specific benchmarks and logs; they do not show that all agents cheat or quantify a universal risk.
  10. SRC-110
    primary source

    Center for AI Standards and Innovation

    National Institute of Standards and Technology · 2026-07-14

    Locator: Mandate and functions: voluntary agreements, security evaluations, and federal coordination

    The page describes the institutional mandate; it does not demonstrate the causal effectiveness of its evaluations or a mandatory market-access regime.
  11. SRC-111
    primary source

    Challenges to the Monitoring of Deployed AI Systems — NIST AI 800-4

    National Institute of Standards and Technology · 2026-07-14

    Locator: Monitoring categories and list of gaps, barriers, and open questions

    It organizes challenges identified in workshops and literature; it offers no single solution and does not show that a specific control eliminates risk.
  12. SRC-112
    primary source

    A Pragmatic Approach to AI Governance in America

    Google · 2026-07-14

    Locator: Pages 3, 9, and 10: FARO proposal, industry funding, federal oversight, and audits

    This is a Google corporate position and shares interests with labs that would be regulated; it is not an independent evaluation.
  13. SRC-113
    primary source

    Concept Release Concerning Self-Regulation

    U.S. Securities and Exchange Commission · 2026-07-14

    Locator: Introduction and section A on inherent conflicts in self-regulatory organizations

    This is a 2004 consultation document about securities markets; it informs the structural conflict but cannot by itself design an AI regulator.
  14. SRC-114
    primary source

    About Google DeepMind

    Google DeepMind · 2026-07-14

    Locator: Our vision section: Demis Hassabis, co-founder and CEO

    This is a corporate self-description and establishes only the role and stated mission.
  15. SRC-115
    primary source

    Our Team — Isomorphic Labs

    Isomorphic Labs · 2026-07-14

    Locator: Leadership Team: Sir Demis Hassabis, PhD — Founder and CEO

    This is a corporate self-description; it establishes the role and stated drug-discovery mission, not that the regulatory proposal benefits the company.

Closing

The question is not whether we should have hope or caution. It is whether we can build institutions capable of holding both: accelerating verifiable benefits, pausing when critical evidence emerges, and stating precisely what they still do not know.

© Christopher for the original text, structure, code, and visualizations. Third-party sources, quotations, trademarks, and images retain their respective rights.

Editorial status: published. This version corresponds to an approved release.