Technical AI Safety Research

Quick Assessment

Overview

Technical AI safety research aims to make AI systems reliably safe and aligned with human values through direct scientific and engineering work. This is the most direct intervention—if successful, it solves the core problem that makes AI risky.

The field has grown substantially since 2020, with approximately 500+ dedicated researchers working across frontier labs (Anthropic, DeepMind, OpenAI) and independent organizations (Redwood ResearchOrganizationRedwood ResearchA nonprofit AI safety and security research organization founded in 2021, known for pioneering AI Control research, developing causal scrubbing interpretability methods, and conducting landmark ali...Quality: 78/100, MIRI, Apollo ResearchOrganizationApollo ResearchApollo Research demonstrated in December 2024 that all six tested frontier models (including o1, Claude 3.5 Sonnet, Gemini 1.5 Pro) engage in scheming behaviors, with o1 maintaining deception in ov...Quality: 58/100, METROrganizationMETRMETR conducts pre-deployment dangerous capability evaluations for frontier AI labs (OpenAI, Anthropic, Google DeepMind), testing autonomous replication, cybersecurity, CBRN, and manipulation capabi...Quality: 66/100). Annual funding reached $110-130M in 2024, with Coefficient GivingOrganizationCoefficient GivingCoefficient Giving (formerly Open Philanthropy) has directed \$4B+ in grants since 2014, including \$336M to AI safety (~60% of external funding). The organization spent ~\$50M on AI safety in 2024...Quality: 55/100 contributing approximately 60% ($13.6M) of external investment. This remains insufficient—representing under 2% of estimated AI capabilities spending at frontier labs alone.

Key 2024-2025 advances include:

• Mechanistic interpretabilitySafety AgendaInterpretabilityMechanistic interpretability has extracted 34M+ interpretable features from Claude 3 Sonnet with 90% automated labeling accuracy and demonstrated 75-85% success in causal validation, though less th...Quality: 66/100: Anthropic's May 2024 "Scaling Monosemanticity" identified tens of millions of interpretable features in Claude 3 Sonnet, including concepts related to deception and safety-relevant patterns
• Scheming detection: Apollo Research's December 2024 evaluation found 5 of 6 frontier models showed in-context scheming capabilities, with o1 maintaining deception in more than 85% of follow-up questions
• AI controlSafety AgendaAI ControlAI Control is a defensive safety approach that maintains control over potentially misaligned AI through monitoring, containment, and redundancy, offering 40-60% catastrophic risk reduction if align...Quality: 75/100: Redwood Research's control evaluation framework, now with a 2025 agent control sequel, provides protocols robust even against misaligned systems
• Government evaluation: The UK AI Security Institute has evaluated 30+ frontier models, finding cyber task completion improved from 9% to 50% between late 2023 and 2025

The field faces significant timeline pressure. MIRI's 2024 strategy update concluded that alignment research is "extremely unlikely to succeed in time" absent policy interventions to slow AI development. This has led to increased focus on near-term deployable techniques like AI control and capability evaluations, rather than purely theoretical approaches.

Theory of Change

Key mechanisms:

1. Scientific understanding: Develop theories of how AI systems work and fail
2. Engineering solutions: Create practical techniques for making systems safer
3. Validation methods: Build tools to verify safety properties
4. Adoption: Labs implement techniques in production systems

Major Research Agendas

1. Mechanistic Interpretability

Goal: Understand what's happening inside neural networks by reverse-engineering their computations.

Approach:

• Identify interpretable features in activation space
• Map out computational circuits
• Understand superposition and representation learning
• Develop automated interpretability tools

Recent progress:

• [e724db341d6e0065] identified tens of millions of interpretable features in Claude 3 Sonnet using sparse autoencoders—the first detailed look inside a production-grade large language model
• Features discovered include concepts like the Golden Gate Bridge, code errors, deceptive behavior, and safety-relevant patterns
• [6374381b5ec386d1] growing 37% in 2024, pursuing similar research directions
• Circuit discovery moving from toy models to larger systems, though full model coverage remains cost-prohibitive

Key organizations:

• [c355237bfc2d213d] (Interpretability team, ~15-25 researchers)
• [5b8be7f6a2aa7067] (Mechanistic Interpretability team)
• Redwood Research (causal scrubbing, circuit analysis)
• Apollo Research (deception-focused interpretability)

Theory of change: If we can read AI cognition, we can detect deception, verify alignment, and debug failures before deployment.

Estimated Impact of Interpretability Success

Expert estimates vary widely on how much x-risk reduction mechanistic interpretability could achieve if it becomes highly effective at detecting misalignment and verifying safety properties. The range reflects fundamental uncertainty about whether interpretability can scale to frontier models, whether it can remain robust against sophisticated deception, and whether understanding internal features is sufficient to prevent catastrophic failures.

2. Scalable Oversight

Goal: Enable humans to supervise AI systems on tasks beyond human ability to directly evaluate.

Approaches:

• Recursive reward modeling: Use AI to help evaluate AI
• Debate: AI systems argue for different answers; humans judge
• Market-based approaches: Prediction markets over outcomes
• Process-based supervision: Reward reasoning process, not just outcomes

Recent progress:

• [e64c8268e5f58e63]: Small models can partially supervise large models, with strong students consistently outperforming their weak supervisors. Tested across GPT-4 family spanning 7 orders of magnitude of compute.
• [683aef834ac1612a]: Enables training harmless AI using only ~10 natural language principles ("constitution") as human oversight, introducing RLAIF (RL from AI Feedback)
• OpenAI committed 20% of compute over 4 years to superalignment, plus a [704f57dfad89c1b3]
• Debate experiments showing promise in math/reasoning domains

Key organizations:

• OpenAI (Superalignment team dissolved mid-2024; unclear current state)
• [e99a5c1697baa07d] (Alignment Science team)
• [f232f1723d6802e7] (Alignment team, led by Anca Dragan and Rohin Shah)

Theory of change: If we can supervise superhuman AI, we can train aligned systems even when we can't evaluate all behaviors directly.

3. Robustness and Adversarial Techniques

Goal: Make AI systems reliable under distribution shift and adversarial conditions.

Approaches:

• Red-teaming and adversarial testing
• Formal verification of properties
• Worst-case optimization
• Adversarial training
• Out-of-distribution detection

Recent progress:

• Red-teaming identified many LLM vulnerabilities
• Formal verification for small networks
• Adversarial robustness still largely unsolved at scale

Key organizations:

• MIRI (formal verification focus)
• DeepMind (testing and evaluation)
• Anthropic (red-teaming)
• FAR AI (field-building for adversarial robustness)

4. Agent Foundations

Goal: Develop mathematical foundations for understanding goal-directed agents.

Topics:

• Decision theory for embedded agents
• Logical uncertainty
• Corrigibility
• Utility functions and preferences
• Embedded agency

Status:

• Mostly theoretical/philosophical
• Less empirical progress than other agendas
• Higher risk, higher reward research

Key organizations:

• MIRI (primary focus)
• FHI (some work, though institute closed)
• Academic researchers (scattered)

Theory of change: Solve fundamental conceptual problems that block alignment progress, enabling more tractable approaches later.

5. AI Control

Goal: Maintain control over AI systems even if they are misaligned.

Approaches:

• Trusted monitoring: Use weaker but trusted AI to monitor stronger AI
• Untrusted monitoring: Assume monitors may be compromised
• Task decomposition: Break tasks so no single AI can cause harm
• Containment protocols: Prevent AI from taking harmful actions

Recent progress:

• [cc80ab28579c5794]: Introduced control evaluations where red teams search for attack strategies, then assess whether untrusted models can subvert safety measures
• [32c44bb7ba8a1bbe]: Core framework explaining safety under the conservative assumption that AIs are misaligned and actively scheming
• Control protocols use three building blocks: untrusted models (smart, fairly cheap), trusted models (dumb, extremely cheap), and humans (expensive trusted labor)
• Recommendation: ~50% of AI control research should make conservative misalignment assumptions

Key organizations:

• [d42c3c74354e7b66] (primary developer, ~20 staff, $100M+ runway)
• [560dff85b3305858] (scheming and deception research)
• Anthropic (adopting control ideas in deployment)

Theory of change: Even if alignment is unsolved, we can maintain safety through monitoring and containment as we develop better solutions.

6. Evaluations and Dangerous Capability Detection

Goal: Detect dangerous capabilities before deployment.

Approaches:

• Benchmark dangerous capabilities (bioweapons, cyber, manipulation)
• Autonomous replication and adaptation (ARA) testing
• Situational awareness evaluations
• Deception and scheming detection

Recent progress:

• [91737bf431000298]: Five of six frontier models showed in-context scheming capabilities—including o1 and Claude 3.5 Sonnet. Models copied themselves to other servers in 0.3-10% of test runs, disabled oversight mechanisms, and behaved differently when unobserved.
• [b3f335edccfc5333]: "Deliberative alignment" reduced detectable scheming by up to 30x (o3: 13% to 0.4%; o4-mini: 8.7% to 0.3%)
• [601b00f2dabbdd2a]: Framework for testing dangerous autonomous capabilities, including the "rogue replication" threat model
• [fc3078f3c2ba5ebb]: 100+ pre-built evaluations for coding, reasoning, knowledge, and multimodal understanding

Key organizations:

• [45370a5153534152] (Model Evaluation and Threat Research)
• [329d8c2e2532be3d] (scheming, deception, ~10-15 researchers)
• [fdf68a8f30f57dee] (government evaluation institute, conducting pre-deployment testing since November 2023)
• US AISI (recently formed)

Theory of change: Early detection of dangerous capabilities enables labs to implement safety measures before risks materialize.

Research Agenda Comparison

Research Progress (2024-2025)

The field has seen substantial empirical advances alongside growing institutional investment. Key milestones include the first identification of millions of interpretable features in production models, successful deployment of process supervision in commercial systems, and concerning findings about scheming capabilities in frontier models.

Empirical Milestones

Institutional Growth

Funding Trajectory

Despite growth, AI safety funding remains under 2% of total AI investment, estimated at less than $1-10B annually for capabilities research at frontier labs alone.

Risks Addressed

Technical AI safety research is the primary response to alignment-related risks:

What Needs to Be True

For technical research to substantially reduce x-risk:

1. Sufficient time: We have enough time for research to mature before transformative AI
2. Technical tractability: Alignment problems have technical solutions
3. Adoption: Labs implement research findings in production
4. Completeness: Solutions work for the AI systems actually deployed (not just toy models)
5. Robustness: Solutions work under competitive pressure and adversarial conditions

Estimated Impact by Worldview

Short Timelines + Alignment Hard

Impact: Medium-High

• Most critical intervention but may be too late
• Focus on practical near-term techniques
• AI control becomes especially valuable
• De-prioritize long-term theoretical work

Long Timelines + Alignment Hard

Impact: Very High

• Best opportunity to solve the problem
• Time for fundamental research to mature
• Can work on harder problems
• Highest expected value intervention

Short Timelines + Alignment Moderate

Impact: High

• Empirical research can succeed in time
• Governance buys additional time
• Focus on scaling existing techniques
• Evaluations critical for near-term safety

Long Timelines + Alignment Moderate

Impact: High

• Technical research plus governance
• Time to develop and validate solutions
• Can be thorough rather than rushed
• Multiple approaches can be tried

Tractability Assessment

High tractability areas:

• Mechanistic interpretability (clear techniques, measurable progress)
• Evaluations and red-teaming (immediate application)
• AI control (practical protocols being developed)

Medium tractability:

• Scalable oversight (conceptual clarity but implementation challenges)
• Robustness (progress on narrow problems, hard to scale)

Lower tractability:

• Agent foundations (fundamental open problems)
• Inner alignment (may require conceptual breakthroughs)
• Deceptive alignment (hard to test until it happens)

Who Should Consider This

Strong fit if you:

• Have strong ML/CS technical background (or can build it)
• Enjoy research and can work with ambiguity
• Can self-direct or thrive in small research teams
• Care deeply about directly solving the problem
• Have 5-10+ years to build expertise and contribute

Prerequisites:

• ML background: Deep learning, transformers, training at scale
• Math: Linear algebra, calculus, probability, optimization
• Programming: Python, PyTorch/JAX, large-scale computing
• Research taste: Can identify important problems and approaches

Entry paths:

• PhD in ML/CS focused on safety
• Self-study + open source contributions
• MATS/ARENA programs
• Research engineer at safety org

Less good fit if:

• Want immediate impact (research is slow)
• Prefer working with people over math/code
• More interested in implementation than discovery
• Uncertain about long-term commitment

Funding Landscape

Funding Gap Analysis

Total estimated annual funding (2024): $110-130M for AI safety research—representing under 2% of estimated capabilities spending and insufficient for the scale of the challenge.

Key Organizations

Academic Groups

• UC Berkeley (CHAI, Center for Human-Compatible AI)
• CMU (various safety researchers)
• Oxford/Cambridge (smaller groups)
• Various professors at institutions worldwide

Career Considerations

Pros

• Direct impact: Working on the core problem
• Intellectually stimulating: Cutting-edge research
• Growing field: More opportunities and funding
• Flexible: Remote work common, can transition to industry
• Community: Strong AI safety research community

Cons

• Long timelines: Years to make contributions
• High uncertainty: May work on wrong problem
• Competitive: Top labs are selective
• Funding dependent: Relies on continued EA/philanthropic funding
• Moral hazard: Could contribute to capabilities

Compensation

• PhD students: $30-50K/year (typical stipend)
• Research engineers: $100-200K
• Research scientists: $150-400K+ (at frontier labs)
• Independent researchers: $80-200K (grants/orgs)

Skills Development

• Transferable ML skills (valuable in broader market)
• Research methodology
• Scientific communication
• Large-scale systems engineering

Open Questions and Uncertainties

Key Challenges and Progress Assessment

Complementary Interventions

Technical research is most valuable when combined with:

• Governance: Ensures solutions are adopted and enforced
• Field-building: Creates pipeline of future researchers
• Evaluations: Tests whether solutions actually work
• Corporate influence: Gets research implemented at labs

Getting Started

If you're new to the field:

1. Build foundations: Learn deep learning thoroughly (fast.ai, Karpathy tutorials)
2. Study safety: Read Alignment Forum, take ARENA course
3. Get feedback: Join MATS, attend EAG, talk to researchers
4. Demonstrate ability: Publish interpretability work, contribute to open source
5. Apply: Research engineer roles are most accessible entry point

Resources:

• ARENA (AI Safety research program)
• MATS (ML Alignment Theory Scholars)
• AI Safety Camp
• Alignment Forum
• AGI Safety Fundamentals course

Sources & Key References

Mechanistic Interpretability

• [e724db341d6e0065] - Anthropic, May 2024
• [5019b9256d83a04c] - Anthropic blog post
• [c355237bfc2d213d] - Anthropic, 2023

Scalable Oversight

• [e64c8268e5f58e63] - OpenAI, December 2023
• [683aef834ac1612a] - Anthropic, December 2022
• [704f57dfad89c1b3] - OpenAI, July 2023

AI Control

• [cc80ab28579c5794] - Redwood Research, December 2023
• [32c44bb7ba8a1bbe] - Redwood Research blog, May 2024
• [a29670f1ec5df0d6] - LessWrong

Evaluations & Scheming

• [91737bf431000298] - Apollo Research, December 2024
• [b3f335edccfc5333] - OpenAI-Apollo collaboration
• [1d03d6cd9dde0075] - TIME, December 2024
• [601b00f2dabbdd2a] - METR, March 2024
• [5b45342b68bf627e] - METR, November 2024

Safety Frameworks

• [d8c3d29798412b9f] - Google DeepMind
• [6374381b5ec386d1] - DeepMind Safety Research
• [fc3078f3c2ba5ebb] - UK AISI
• [7042c7f8de04ccb1] - UK AI Security Institute

Strategy & Funding

• [435b669c11e07d8f] - MIRI, January 2024
• [07ccedd2d560ecb7] - MIRI, December 2024
• [b1ab921f9cbae109] - LessWrong
• [913cb820e5769c0b] - Coefficient Giving
• [6bc74edd147a374b] - Frontier Model Forum