Singapore Consensus on AI Safety Research Priorities

Quick Assessment

Overview

The Singapore Consensus on Global AI Safety Research Priorities is a consensus document produced by the 2025 Singapore Conference on AI: International Scientific Exchange on AI Safety (SCAI), held on April 26, 2025, alongside ICLR 2025 in Singapore. The document was designed by an Expert Planning Committee consisting of Yoshua BengioPersonYoshua BengioComprehensive biographical overview of Yoshua Bengio's transition from deep learning pioneer (Turing Award 2018) to AI safety advocate, documenting his 2020 pivot at Mila toward safety research, co...Quality: 39/100, Tegan Maharaj, Luke Ong, Stuart RussellPersonStuart RussellStuart Russell (born 1962) is a British computer scientist and UC Berkeley professor who co-authored the dominant AI textbook 'Artificial Intelligence: A Modern Approach' (used in over 1,500 univer...Quality: 30/100, Dawn Song, Max TegmarkPersonMax TegmarkComprehensive biographical profile of Max Tegmark covering his transition from cosmology to AI safety advocacy, his role founding the Future of Life Institute, and his controversial Mathematical Un...Quality: 63/100, Lan Xue, and Ya-Qin Zhang, with 80 additional co-authors contributing feedback through several rounds of revision.¹

The Consensus builds on the 2025 International AI Safety Report (chaired by Bengio, backed by 33 governments) and aims to synthesize research priorities with broad agreement among diverse researchers. Its scope is limited to technical safety research for general-purpose AI (GPAI), including language models, multimodal models, and general-purpose agents—systems capable of performing or adapting to perform a wide range of tasks, particularly those that autonomously act and plan to accomplish complex tasks with minimal human oversight.

The document adopts a defence-in-depth model, organizing AI safety research into three complementary areas: challenges with evaluating AI risks (Assessment), challenges with creating trustworthy AI systems (Development), and challenges with monitoring and intervening after deployment (Control). This framework ensures that failures in any single area are caught by the others.

The Three-Area Framework

Area 1: Risk Assessment

The primary goal of risk assessment is to understand the severity and likelihood of potential harms. The Consensus identifies three sub-areas:

A. Developing methods to measure AI system impacts: This includes standardized assessments for risky behaviors through audit techniques and benchmarks, evaluation of new capabilities (including potentially dangerous ones), and real-world societal impact assessment through field tests and prospective risk analysis.

B. Enhanced metrology: Technical methods for quantitative risk assessment tailored to AI systems, aimed at reducing uncertainty and the need for large safety margins.

C. Third-party audit infrastructure: Secure infrastructure enabling thorough evaluation while protecting intellectual property and preventing model theft.

Key research topics include:

• Downstream impact forecasting: Assessing societal impacts (labor, misinformation, privacy) through usage data, trend analysis, and risk modeling, including "uplift studies" on malicious use capabilities
• Loss-of-control risk assessment: Assessing risks where advanced AI systems operate outside human control, potentially actively undermining control measures, including assessing AI agency, oversight evasion, persuasion, and resource acquisition capabilities

The Consensus notes a lack of expert consensus on the likelihood of severe loss-of-control scenarios, underscoring the need for improved methodology.

Area 2: Development of Trustworthy Systems

Following a classic safety engineering framework, this area covers specifying desired behavior, designing systems to meet specifications, and verifying compliance:

A. Specification & validation: Defining how the system should behave and ensuring the definition meets user and societal needs.

B. Training & design: New approaches to training data curation, robustness testing, and model editing to ensure systems resist tampering, jailbreaks, and misuse.

C. Verification: Safety engineering approaches that formally specify, build, and verify safe functionality.

The Consensus introduces two notable concepts:

• Limiting AGI risk dimensions: A framework categorizing AGI as the convergence of autonomy, generality, and intelligence—suggesting risk mitigation by deliberately limiting one or more attributes in system design
• Non-agentic guardrails: Using non-agentic AI systems to monitor agentic systems' proposed actions and intervene by blocking them if needed, including a "Scientist AI" that estimates the probability that a candidate action violates safety specifications

Area 3: Control and Societal Resilience

This area addresses post-deployment challenges through feedback-loop interventions:

• System-level monitoring and intervention: Scalable interpretabilitySafety AgendaInterpretabilityMechanistic interpretability has extracted 34M+ interpretable features from Claude 3 Sonnet with 90% automated labeling accuracy and demonstrated 75-85% success in causal validation, though less th...Quality: 66/100 and red-teaming methods that reveal failures in real-world environments, especially multi-agent contexts
• Ecosystem-wide monitoring: Continuous oversight extending beyond individual systems to the broader AI ecosystem
• Societal resilience research: Strengthening societal infrastructure (economic, security) against AI-enabled disruption and misuse
• AI control setups: Monitoring and intervention mechanisms that work even if the underlying untrusted AI system actively attempts to subvert safeguards

Areas of Mutual Interest

Unlike previous safety reports, the Singapore Consensus explicitly identifies areas where stakeholders—including rival companies and nations—may benefit from cooperation. The authors draw comparisons to aviation safety, where fierce competitors collaborate to prevent accidents because shared safety standards benefit everyone.

The Consensus emphasizes that carefully defined risk thresholds are the first example—actors may find it in their self-interest to share them widely or cooperate on their development, even with competitors.

Context Within the Summit Series

The Singapore Consensus occupies a distinct position within the evolving international AI safety summitPolicyInternational AI Safety Summit SeriesThree international AI safety summits (2023-2025) achieved first formal recognition of catastrophic AI risks from 28+ countries, established 10+ AI Safety Institutes with \$100-400M combined budget...Quality: 63/100 series. While the Bletchley (2023), Seoul (2024), and Paris (2025) summits were government-led diplomatic convenings focused on declarations and commitments, SCAI was a researcher-driven conference focused specifically on technical research priorities.

This researcher-driven approach was particularly significant following the Paris summit, where the US and UK refused to sign the declaration, raising concerns about fracturing political consensus. SCAI demonstrated that scientific consensus on AI safety priorities could be maintained across geopolitical lines even when diplomatic alignment weakened.

Limitations

• No enforcement mechanism: Like the diplomatic summits, the Consensus relies on voluntary adoption by researchers, companies, and governments
• Scope limited to GPAI: Does not address narrow AI systems, autonomous weapons specifically, or non-technical governance challenges
• Consensus by design: Deliberately avoids areas of genuine disagreement (such as the likelihood of loss-of-control scenarios), which may limit usefulness on the most contested questions
• Living document: Continues to evolve, meaning the research priorities may shift as the community revises them
• Implementation gap: Identifying research priorities does not guarantee funding, talent allocation, or institutional support for pursuing them

Sources