ai governance, ethics and safety

Designing and operating organizational policies, technical controls and evaluation practices that reduce harms and systemic risk from ML systems, including model risk assessment, incident response, documentation standards (model cards, datasheets), red‑teaming/adversarial testing, formal verification and safety testing, and legal/regulatory compliance across privacy, accountability and transparency frameworks.

aigovernance,ethicsand

12-Month Skill Trend

Momentum and market value over time
Trending
Score
+20 in 12 mo
96
12 mo agoNow
Career
Value
+$12K in 12 mo
$42K/year
12 mo agoNow

Recommended Survey Paper

Quick overview of the field
View more

Must-Read Papers

Most classic and influential ideas
View more

This study addresses the systemic risks posed by on-premises AI coding agents, whose autonomous modifications to code and infrastructure may lead to severe organizational or societal harm due to challenges in timely constraint, auditing, or reversal. For the first time, it systematically applies three systems safety methodologies—STECA, STPA, and FRAM—to model risks in cutting-edge laboratory settings from multiple perspectives. The analysis reveals critical blind spots in current AI governance frameworks, particularly concerning unverifiable accountability, control failure caused by intervention delays, and weakened safeguards due to operational drift. The work underscores the necessity of integrating model-level evaluations with system-level hazard analysis, offering a crucial complementary pathway for robust AI risk management.

Agentic AIAI Risk ManagementLoss of Control

Limits of Safe AI Deployment: Differentiating Oversight and Control

Jul 04, 2025
DM
David Manheim
🏛️ Association for Long Term Existence and Resilience | Centre for the Governance of AI

This paper addresses the conceptual conflation of “oversight” and “control” in AI safety governance, systematically distinguishing their distinct objectives, operational mechanisms, and temporal scopes. Through a critical cross-disciplinary literature review—and integrating insights from Responsible AI maturity models and risk governance theory—it develops a theoretically rigorous yet policy-actionable analytical framework, introducing the first AI Oversight Maturity Model (AI-OMM). The model identifies critical boundary conditions for oversight failure and establishes a structured, conditional system for assessing the feasibility of meaningful human oversight. Key contributions include: (1) clarifying the normative distinction between oversight and control; (2) diagnosing design gaps and contextual limitations in current oversight mechanisms; and (3) providing regulators, auditors, and developers with a practical tool to evaluate oversight effectiveness, detect capability gaps, and guide technical alignment with governance requirements.

Differentiating oversight and control in AI supervisionIdentifying limitations and needs in AI supervision mechanismsProposing a framework for meaningful human supervision conditions

This study addresses the challenges of assessing compliance between organizational cybersecurity policies and abstract security control frameworks such as NIST SP 800-53, which are often time-consuming, difficult to standardize, and lack traceability. To overcome these limitations, the authors propose PROPAGATE, a novel framework that leverages large language models (LLMs) to automate control-level compliance evaluation for the first time. By integrating both open-source and closed-source LLMs, the framework automatically retrieves relevant policy text, evaluates coverage across 1,007 security controls, and generates interpretable gap analyses with actionable improvement recommendations. Experimental results on two real-world organizational policy corpora demonstrate high effectiveness, achieving F1 scores of 88.54 and 82.31, respectively, thereby enabling traceable and explainable compliance enhancement.

compliance assessmentcybersecurity policyNIST SP 800-53

Enterprise AI governance suffers from fragmentation: isolated risk management practices, conflicting cross-jurisdictional regulations, and high-level principles lacking operational specificity—leading to inflated governance costs and a false dichotomy between innovation and accountability. This paper proposes the Unified Control Framework (UCF), introducing a novel three-layered, synergistic design: (1) a unified risk taxonomy integrating organizational and societal dimensions; (2) structured, semantically mapped policy representations across jurisdictions; and (3) 42 streamlined, scenario-agnostic control items. Leveraging risk modeling, regulatory alignment, and control abstraction, UCF is empirically validated against the Colorado AI Act. Results demonstrate substantial reduction in redundant effort, comprehensive compliance coverage, and support for automated implementation—thereby enhancing both governance rigor and innovation efficiency.

Balancing innovation with responsible AI governance.Fragmented AI governance increases costs and complexity.Lack of unified controls for risk and compliance.

This work addresses a critical gap in the safety evaluation of large language models (LLMs), which has predominantly focused on general risks while neglecting systematic assessment of compliance with organization-specific policies such as allowlists and blocklists. To bridge this gap, we propose COMPASS, the first evaluation framework tailored for organizational policy alignment. COMPASS encompasses 5,920 test queries spanning eight industries, integrating policy-driven query generation, adversarial edge cases, human validation, and multi-model benchmarking. Experiments across seven mainstream LLMs reveal that while models correctly fulfill over 95% of permissible requests, they fail to reject 60%–87% of prohibited adversarial queries, exposing significant vulnerabilities in high-stakes policy enforcement scenarios. This study thus fills a crucial void in enterprise-grade AI safety evaluation.

compliance evaluationdenylist enforcementlarge language models

Latest Papers

What's happening recently
View more

AGENTSAFE: A Unified Framework for Ethical Assurance and Governance in Agentic AI

Dec 02, 2025
RK
Rafflesia Khan
🏛️ IBM Software | IBM Technology Sales | IBM Software

Large language model (LLM)-based agents introduce novel ethical and safety risks in autonomous planning, tool invocation, and dynamic interaction—risks inadequately addressed by current fragmented, non-end-to-end governance approaches. Method: We propose the first unified, full-lifecycle governance framework that maps identified risk categories to actionable design constraints, runtime controls, and audit mechanisms. The framework innovatively integrates semantic telemetry, dynamic authorization, cryptographic provenance tracking, and scenario-specific evaluation to establish a measurable and verifiable assurance system. Contribution/Results: Experimental evaluation demonstrates significant improvements in agent trustworthiness across safety, privacy preservation, fairness, and system resilience. The framework enables both pre-deployment multidimensional assessment and real-time operational governance, thereby closing the governance loop from design through deployment and runtime monitoring.

Addresses fragmented governance in autonomous AI agentsEnsures continuous governance and accountability in deploymentIntegrates risk identification to operational assurance pipeline

This work proposes an intelligent agent framework leveraging large language models to address the inefficiency and imprecision of expert-dependent cybersecurity incident retrospectives. By integrating system log analysis with security policy validation into an end-to-end pipeline, the approach employs GPT-4o for reasoning, LangGraph to orchestrate multi-agent workflows, and LlamaIndex for traceable policy retrieval. Crucially, it establishes an interpretable mapping from observed attack behaviors—structured using the MITRE ATT&CK framework—to underlying policy gaps. In simulated brute-force attack scenarios, the system automatically identifies missing or insufficient security controls and generates actionable, evidence-backed remediation recommendations. This significantly enhances both the efficiency of post-incident analysis and the transparency of security audits.

cybersecurityLarge Language ModelsMITRE ATT&CK

Internal Vulnerabilities, External Threats: A Grounded Framework for Enterprise Open Source Risk Governance

Oct 29, 2025
WY
Wenhao Yang
🏛️ Peking University | Bitergia | Huawei Technologies Co., Ltd.

Conventional open-source risk management overrelies on technical tools, failing to address systemic risks—including upstream “silent fixes,” community conflicts, and sudden license changes—resulting in governance blind spots. Method: This paper proposes a strategic open-source risk governance framework centered on the interaction between external threats and internal vulnerabilities, shifting from tactical response to proactive, strategic prevention. It innovatively introduces a Strategic Objective Matrix and a dual-risk taxonomy, yielding an “Object–Threat–Vulnerability–Mitigation” decision model; integrates grounded theory, strategic mapping, and capability-building principles to support organization-level governance decisions. Contribution/Results: Validated by three domain experts and applied in real-world case studies, the framework significantly enhances risk analytical capability and enables enterprises to establish a systematic, immunizing mechanism against open-source risks.

Addressing systemic open source risks beyond technical vulnerabilitiesDeveloping framework to connect external threats with internal vulnerabilitiesShifting from tactical risk management to holistic risk governance

AI system deployment faces three critical governance gaps: absence of use-case-level risk assessment, misalignment between high-level principles and operational controls, and lack of scalable mechanisms for governance integration. To address these, this paper introduces the Trust Integration Pillars (TIPS)—a structured governance framework that pioneers a four-dimensional closed-loop paradigm: risk profiling, control mapping, quantitative measurement, and role-based collaboration—achieving engineering-ready AI governance four years prior to the NIST AI Risk Management Framework (RMF). TIPS integrates Governance, Risk, and Compliance-as-Code (GRC-as-Code), risk-driven use-case classification matrices, multi-tier compliance dashboards, and role-specific governance dashboards to embed governance throughout the AI development lifecycle. Empirical evaluation demonstrates 100% governance coverage across cross-functional AI projects, a 47% improvement in critical risk identification accuracy, and 68% automation of governance actions—successfully deployed at scale in high-stakes domains including healthcare and finance.

Addresses inadequate AI risk assessment at the use case level.Provides mechanisms to operationalize trustworthy AI at scale.Translates high-level governance principles into actionable technical controls.

The Loss of Control Playbook: Degrees, Dynamics, and Preparedness

Nov 19, 2025
CS
Charlotte Stix
🏛️ Apollo Research

The field lacks a unified, operationally defined framework for AI “Loss of Control” (LoC), hindering rigorous safety analysis and governance. Method: We propose the first tiered LoC taxonomy and a socio-vulnerability evolution model, systematically characterizing three LoC pathways—Deviation, Bounded LoC, and Strict LoC—arising from objective misalignment or system failure. Innovatively, we introduce the Deployment-context, Affordance, and Permissions (DAP) external regulation framework, shifting focus from internal capability interventions to context-aware, deployable controls. Our approach integrates risk/threat modeling, pre-deployment testing, runtime monitoring, and multi-layered governance across the AI lifecycle. Contributions: (1) Quantifiable LoC severity criteria; (2) an early-warning pathway for societal vulnerability; (3) an immediately applicable DAP intervention framework; and (4) a “permanent hover” techno-governance co-design strategy. Together, these deliver a systematic, implementable foundation for advanced AI safety governance.

Developing a graded taxonomy for AI Loss of Control based on severity and persistenceModeling pathways to societal vulnerability from advanced AI systems causing harmProposing a preparedness framework focusing on extrinsic factors and governance measures

Hot Scholars

DS

Dawn Song

Professor of Computer Science, UC Berkeley
Computer Security and Privacy
JS

Jing Shao

Research Scientist, Shanghai AI Laboratory/Shanghai Jiao Tong University
Computer VisionMulti-Modal Large Language Model
RZ

Ruichen Zhang

Nanyang Technological University
Next-generation NetworkingEdge IntelligenceAgentic AIReinforcement learning
YC

Yejin Choi

Stanford University / NVIDIA
Natural Language ProcessingDeep LearningArtificial IntelligenceCommonsense Reasoning
HJ

Heng Ji

Professor of Computer Science, AICE Director, ASKS Director, UIUC, Amazon Scholar
Natural Language ProcessingLarge Language Models