The absence of effective international verification mechanisms impedes the safe cross-border deployment of high-risk, large-scale AI systems. Method: This paper proposes a six-layer redundant verification framework integrating chip-level hardware security, physical monitoring devices, whistleblower protections, confidential regulatory technologies, policy analysis, and expert field interviews. The framework prioritizes independence, abuse resistance, and decentralized architecture to ensure that no such AI system undergoes large-scale deployment until it has undergone internationally recognized safety risk assessments and demonstrated controllability. Contribution/Results: The study presents the first systematic mapping of verification capabilities required for trustworthy AI governance, identifies critical technology development pathways, and delivers a conceptually rigorous yet operationally feasible model—along with concrete implementation options—for multilateral compliance verification.

The risks of frontier AI may require international cooperation, which in turn may require verification: checking that all parties follow agreed-on rules. For instance, states might need to verify that powerful AI models are widely deployed only after their risks to international security have been evaluated and deemed manageable. However, research on AI verification could benefit from greater clarity and detail. To address this, this report provides an in-depth overview of AI verification, intended for both policy professionals and technical researchers. We present novel conceptual frameworks, detailed implementation options, and key R&D challenges. These draw on existing literature, expert interviews, and original analysis, all within the scope of confidentially overseeing AI development and deployment that uses thousands of high-end AI chips. We find that states could eventually verify compliance by using six largely independent verification approaches with substantial redundancy: (1) built-in security features in AI chips; (2-3) separate monitoring devices attached to AI chips; and (4-6) personnel-based mechanisms, such as whistleblower programs. While promising, these approaches require guardrails to protect against abuse and power concentration, and many of these technologies have yet to be built or stress-tested. To enable states to confidently verify compliance with rules on large-scale AI development and deployment, the R&D challenges we list need significant progress.