Definition
AI safety is the research field focused on identifying, understanding, and mitigating harms from advanced AI systems — from misuse and misalignment to loss of control. It overlaps with but is distinct from AI ethics (focused on present-day harms) and AI security (focused on the systems themselves as targets).
Episodes covering this
- 210Same Website Request, Different Code — The Bias You Can't SeeBiased or Personalized? The Impact of Personal Information on AI-driven Development· ·14 min·Jul 09, 2026
- 208The Blank Space in Your AI Approval Box That Isn't EmptyUnicode TAG-Block Concealment of Tool-Metadata Payloads in the Model Context Protocol: An Approval-View Fidelity Gap Across Three Independent Server Implementations· ·15 min·Jul 08, 2026
- 207An AI Graded Its Own Math Test 94 Percent — It Actually Scored 20More Convincing, Not More Correct: Self-Play Reward Hacking of Reference-Free LLM Judges· ·12 min·Jul 08, 2026
- 204The Length Estimate Hiding Inside a Word-by-Word ModelHow Much is Left? LLMs Linearly Encode Their Remaining Output Length· ·14 min·Jul 07, 2026
- 203The Thought a Model Doesn't Say — and the Lens That Reads ItVerbalizable Representations Form a Global Workspace in Language ModelsGurnee, Sofroniew, Pearce et al. · Anthropic·16 min·Jul 07, 2026
- 202How Do You Know an AI Agent Actually Refused? Check the World, Not the WordsSafety Testing LLM Agents at Scale: From Risk Discovery to Evidence-Grounded VerificationFeng, Lin, Wen et al. · AntGroup / Hunan Institute of Advanced Technology·18 min·Jul 06, 2026
- 201One in Four NeurIPS Papers Cites a Reference That Doesn't ExistPhantom References: Hallucinated Citations That Survive Peer Review at Top-Tier ConferencesRussinovich, Kumar, Salem · Microsoft·19 min·Jul 06, 2026
- 199Finding a Model's Hidden Behaviors Without Knowing What You're Looking ForMechanistically Eliciting Latent Behaviors in Language ModelsMack, Panickssery, Turner · Principles of Intelligence·15 min·Jul 04, 2026
- 196AI Agents Reached Opposite Conclusions From the Same Data — and Passed ReviewThe Agentic Garden of Forking PathsMiao, Pritchard, Zou · Stanford University·18 min·Jul 03, 2026
- 195Why 'Be Careful' Does Nothing for AI Coding Agents, and What DoesCoding Agents Are Guessing: Measuring Action-Boundary Violations in Underspecified DevOps InstructionsJi, Zhang, Xu et al. · Hong Kong University of Science and Technology·15 min·Jul 03, 2026
- 190The Skill Every AI Manager Is Missing: Handing Out Exactly the Right KeysClawArena-Team: Benchmarking Subagent Orchestration and Dynamic Workflows in Language-Model AgentsXiong, Ji, Qiu et al. · UNC Chapel Hill·21 min·Jul 02, 2026
- 188A Coding Agent Found a Hole in a Peer-Reviewed STOC Proof for Five DollarsBeyond the Library: An Agentic Framework for Autoformalizing Research MathematicsMoakhar, Gholami, Springer et al. · University of Maryland·20 min·Jul 02, 2026
- 185Aligned to Refuse, Built to Tap: When Phone Agents Know the Task Is a Crime and Do It AnywayIt Lied to a Doctor to Buy Poison Ingredients: Quantifying Real-World Misuse of Phone-use AgentsSun, Chen, Zhou et al. · Fudan University·27 min·Jun 30, 2026
- 184An AI Built an Undetectable Secret Channel, And Another AI Couldn't Find ItTool Use Enables Undetectable Steganography in Multi-Agent LLM SystemsRippin, Marshall, Africa et al. · Oxford University·19 min·Jun 30, 2026
- 182How a Tiny Model Too Weak to Plan Cuts a Bigger Agent's Hallucinations by 80%Grounded Iterative Language Planning: How Parameterized World Models Reduce Hallucination Propagation in LLM AgentsSong, Cai · Emory University·17 min·Jun 29, 2026
- 175One Crosscoder Feature Flips a Stalling Chatbot Into a Working AgentLocalizing RL-Induced Tool Use to a Single Crosscoder FeatureShportko, Bhokare, AlZahrani et al. · Northwestern University·26 min·Jun 26, 2026
- 174When the AI 'Schemes,' It's Usually Just Lazy or ConfusedModel Forensics: Investigating Whether Concerning Behavior Reflects MisalignmentSingh, Kroiz, Rajamanoharan et al. · MATS·28 min·Jun 25, 2026
- 171The Safety Decision a Model Makes Before It Thinks a WordDo Thinking Tokens Help with Safety?Ri, Panigrahi, Arora · Princeton Language and Intelligence·25 min·Jun 25, 2026
- 164The Summarizer That Quietly Deletes Your Agent's Safety RulesGovernance Decay: How Context Compaction Silently Erases Safety Constraints in Long-Horizon LLM AgentsChen · Beijing Institute of Technology·28 min·Jun 23, 2026
- 158How Floating-Point Rounding Lets a Model Tell Which Chip It's On — And MisbehaveFloatDoor: Platform-Triggered Backdoors in LLMsLoose, Sander, Mächtle et al. · University of Luebeck·29 min·Jun 19, 2026
- 153Catching a Lie From the Inside, When the Words Look Completely HonestRift: A Conflict Signature for Deception in Language ModelsNyoma · Harmonic Labs·26 min·Jun 18, 2026
- 152Training a Model to Mean What It Says, And Why That Isn't the Same as Being GoodSelf-CTRL: Self-Consistency Training with Reinforcement LearningPres, Ruis, Ghebreselassie et al. · MIT CSAIL·26 min·Jun 18, 2026
- 150Don't Kill the Loser: A Different Way to Handle Two AI Agents CollidingCoAgent: Concurrency Control for Multi-Agent SystemsLyu, Zhang, Wu et al. · Shanghai Jiao Tong University·32 min·Jun 16, 2026
- 149When Cornering a Chatbot Makes It Lie: J.P. Morgan's Case for 'Playing Dead'Is Your Agent Playing Dead? Deployed LLM Agents Exhibit Constraint-Evasive Fabrication and ThanatosisRodríguez, Pozanco, Borrajo · J.P. Morgan AI Research·23 min·Jun 16, 2026
- 148Why Letting an AI Watch Its Own Scoreboard Can Quietly Overwrite Its SafetyGreed Is Learned: Visible Incentives as Reward-Hacking TriggersChe, Wu · NVIDIA Research·26 min·Jun 16, 2026
- 147Agents Fail at the Body, Not the Brain: A Self-Rewriting Scaffold That Lifts a 9B Model 44 PointsHarnessX: A Composable, Adaptive, and Evolvable Agent Harness FoundryChen, Lu, Zhao et al. · ·30 min·Jun 15, 2026
- 146How an Innocent README Can Freeze an AI Agent's Safety Check for an HourFrom Shield to Target: Denial-of-Service Attacks on LLM-Based Agent GuardrailsZhou, Wang, Ma et al. · Hong Kong University of Science and Technology·26 min·Jun 15, 2026
- 145Building Forgetting Into a Language Model With One Extra Line of CodeNatively Unlearnable Large Language ModelsGhosal, Maini, Raghunathan · Carnegie Mellon University·22 min·Jun 15, 2026
- 144When an AI Agent Just Copies Its Tool — And Bigger Models Copy MoreWhen the Tool Decides: LLM Agents Defer Blindly to Graph Neural Network Tools, and Stronger Backbones Defer MoreWang, Vemuri · raptorX.ai·15 min·Jun 15, 2026
- 143When a Model Notices You Forged Its Own Words, And Why That Breaks Safety TestsPrefill Awareness in Large Language ModelsWang, Mahajan, Africa et al. · Constellation / University of Wisconsin-Madison·24 min·Jun 12, 2026
- 140When a Reasoning Model Says "Let Me Double-Check" After It's Already DecidedBeyond the Commitment Boundary: Probing Epiphenomenal Chain-of-Thought in Large Reasoning ModelsScalena, Candussio, Bortolussi et al. · University of Groningen / University of Milano-Bicocca·27 min·Jun 12, 2026
- 139When Optimizing One GPU Kernel Quietly Breaks the Whole SystemArbor: Tree Search as a Cognition Layer for Autonomous AgentsPrakriya, Hou, Gong et al. · AMD·30 min·Jun 12, 2026
- 133How MiniMax Turned a Reward-Hacking Disaster Into Olympiad GoldMaxProof: Scaling Mathematical Proof with Generative-Verifier RL and Population-Level Test-Time ScalingChen, Zhang, Zhang et al. · MiniMax / The Chinese University of Hong Kong·34 min·Jun 12, 2026
- 131Why Autonomous Research Agents Forget Their Own Lessons, and Arbor's FixToward Generalist Autonomous Research via Hypothesis-Tree RefinementJin, Hu, Qiu et al. · Renmin University of China·33 min·Jun 11, 2026
- 128How a Model Can Earn Full Reward and Still Resist TrainingGeneralization Hacking: Models Can Game Reinforcement Learning by Preventing Behavioral GeneralizationXiao, Phuong · California Institute of Technology·29 min·Jun 11, 2026
- 125AI Coding Agents Run a Marathon, and Fewer Than One in Three FinishSWE-Marathon: Can Agents Autonomously Complete Ultra-Long-Horizon Software Work?Desai, Hu, Cabezas et al. · Abundant·27 min·Jun 09, 2026
- 124A Cheap Model With the Blueprints Beats Expensive Models Working BlindHardening Agent Benchmarks with Adversarial Hacker-Fixer LoopsZhong, Segal, Bercovich et al. · Carnegie Mellon University·27 min·Jun 09, 2026
- 123Five Identical Worlds, One Swapped Model: What Happens When AI Agents Run for Fifteen DaysEmergence World: A Platform for Evaluating Long-Horizon Multi-Agent AutonomyAkkil, Kokku, Vikram et al. · Emergence AI·30 min·Jun 09, 2026
- 122When Your Coding Agent Lies About the Fix: Verifying the Plan Before the Model RunsLean4Agent: Formal Modeling and Verification for Agent Workflow and TrajectoryWang, Huang, Wang et al. · University of Illinois Urbana-Champaign·24 min·Jun 09, 2026
- 121When the Agent Says It's Done But Nothing Happened: Debugging the Harness, Not the ModelFrom Failed Trajectories to Reliable LLM Agents: Diagnosing and Repairing Harness FlawsChen, Wang, Liu et al. · Institute of Software·27 min·Jun 05, 2026
- 118Why the Best-Aligned AI Models Are the Easiest to Trick Into Producing HarmSafety Paradox: How Enhanced Safety Awareness Leaves LLMs Vulnerable to Posterior AttackHoang, Le, Xu et al. · Singapore University of Technology and Design·23 min·Jun 05, 2026
- 112When an AI Agent Cheats Without Being Told: Inside the Meta-Agent ChallengeThe Meta-Agent Challenge: Are Current Agents Capable of Autonomous Agent Development?Lu, Wang, Wang et al. · Institute of Software·22 min·Jun 04, 2026
- 109An AI Got Caught Reading the Answer Key, And Why That Catch MattersEvoTrainer: Co-Evolving LLM Policies and Training Harnesses for Autonomous Agentic Reinforcement LearningChen, Shi, Li et al. · Shenzhen Institutes of Advanced Technology·28 min·Jun 03, 2026
- 108The Reasoning Cliff: Why Thinking Longer Makes Models Worse at Exact Step-by-Step TasksThe Deterministic Horizon: When Extended Reasoning Fails and Tool Delegation Becomes NecessaryGuo, Wu, Yiu · The University of Hong Kong·32 min·Jun 03, 2026
- 105The Trojan Is Your Agent's Memory: Why Single-Step Defenses Miss Persistent AttacksFrom Prompt Injection to Persistent Control: Defending Agentic Harness Against Trojan BackdoorsTan, Dou, Yang et al. · Gaoling School of Artificial Intelligence·26 min·Jun 01, 2026
- 104How Making a Research Agent Smarter Quietly Makes It Leak Your SecretsMosaicLeaks:Privacy Risks in Querying-in-the-Open for Deep Research AgentsGurung, Gella, Drouin et al. · University of Edinburgh·25 min·Jun 01, 2026
- 103AI Agents Tried to Invent a Post-Human Language, And Reinvented CherokeeEmergent Languages in Populations of Language Model Agents: From Token Efficiency to Oversight EvasionBeltoft, Brach, Torrielli et al. · University of Southern Denmark·26 min·Jun 01, 2026
- 102How to Catch an AI Attack That No Single Conversation RevealsStateful Online Monitoring Catches Distributed Agent AttacksBrown, Bhargav, Santhanam et al. · University of Pennsylvania·24 min·Jun 01, 2026
- 098Finding Millions of Readable Concepts Inside a Real, Deployed AI ModelScaling Monosemanticity: Extracting Interpretable Features from Claude 3 SonnetTempleton, Conerly, Marcus et al. · Anthropic·28 min·May 29, 2026
- 094Chain-of-Thought Monitoring Fails Across Languages, and Worst Where It's Needed MostThe Fragility of Chain-of-Thought Monitoring Across Typologically Diverse LanguagesOnyame, Zhou, Thopalli et al. · University of Virginia·24 min·May 28, 2026
- 093A Calibrated Knob for Weak-to-Strong AI Oversight, Tested on Real CodeCalibrating Conservatism for Scalable OversightOverman, Bayati · Stanford Graduate School of Business·22 min·May 28, 2026
- 089When AI-Written Papers Read Well But the Evidence Underneath Is BrokenScientistOne: Towards Human-Level Autonomous Research via Chain-of-EvidenceMeng, Mishra, Chen et al. · Google Cloud AI Research·32 min·May 27, 2026
- 087When No Agent Reads the Whole Document: A Universal Cliff in Multi-Agent ReviewA Universal Cliff and a Design Fingerprint: Cross-Section Defect Detection Under LLM OrchestrationFukui · Research Institute of Criminal Psychiatry·26 min·May 27, 2026
- 086Why Frozen-Weight Agents Still Get Worse Over TimeYour Agents Are Aging Too: Agent Lifespan Engineering for Deployed SystemsZhu, Ro, Robertson et al. · The University of Texas at Austin·23 min·May 27, 2026
- 080How a Two-Agent Trick Unlocked Large-Scale Training for Computer-Use AgentsCUA-Gym: Scaling Verifiable Training Environments and Tasks for Computer-Use AgentsWang, Lu, Wang et al. · The University of Hong Kong·32 min·May 26, 2026
- 075Growing Code and Proof Together: Verified Systems in Ten Hours Instead of a YearInductive Deductive Synthesis: Enabling AI to Generate Formally Verified SystemsAgarwal, Krentsel, Liu et al. · UC Berkeley·28 min·May 25, 2026
- 073When Three LLMs Talk to Each Other, Their Ideas Quietly Stop MovingMulti-LLM Systems Exhibit Robust Semantic CollapseKong, Lai, Piao et al. · University of Toronto·28 min·May 23, 2026
- 072A Robot Made Graphene Without Help, And Caught Itself HallucinatingQumus: Realization of An Embodied AI Quantum Material ExperimentalistShi, Zheng, Juan et al. · Princeton University·29 min·May 23, 2026
- 069When Smarter Models Forecast Worse: The Hidden Failure Mode in LLM PredictionsIs Capability a Liability? More Capable Language Models Make Worse Forecasts When It Matters MostMerrill, Lee, Karger · Forecasting Research Institute / UC Berkeley·30 min·May 22, 2026
- 062Treating Hallucinations as Exploits: A Gate-Based Architecture for Agent SafetyHallucination as Exploit: Evidence-Carrying Multimodal AgentsZhang, Zheng, Yang · Shenzhen University·24 min·May 20, 2026
- 061When Helpful Agents Go Sideways: A 404 Error, Campus Security, and Why Alignment Misses ThisAgent Meltdowns: The Road to Hell Is Paved with Helpful AgentsJha, Triedman, Bhattacharya et al. · Cornell University·27 min·May 20, 2026
- 058Why Upgrading Your AI Auditor to a Smarter Model Can Make Your System Less SafeThe Capability Paradox: How Smarter Auditors Make Multi-Agent Systems Less SecureLiu, Holz, Ye et al. · University of Chinese Academy of Sciences·32 min·May 19, 2026
- 057How Uber Caught 206 Leaked Credentials With an LLM-Powered Security StackADR: An Agentic Detection System for Enterprise Agentic AI SecurityLi, Hu, Xu et al. · Uber Technologies·28 min·May 19, 2026
- 054When Models Learn the Monitor Exists, the Reasoning Trace Stops Being a WindowTraining on Documents About Monitoring Leads to CoT ObfuscationHaskins, Chughtai, Engels · University of Canterbury·26 min·May 18, 2026
- 049An AI Agent Reached for Root in Twelve Minutes, Without Being AttackedAmbient Persuasion in a Deployed AI Agent: Unauthorized Escalation Following Routine Non-Adversarial Content ExposureCuadros, Maiga · Digital Epidemiology Laboratory·28 min·May 17, 2026
- 046When the AI Optimizer Edits the Grade Book: Why Harnessing Evolution Needs a WallHarnessing Agentic EvolutionZhang, Gu, Ruan et al. · The Hong Kong University of Science and Technology (Guangzhou) / DeepWisdom·24 min·May 15, 2026
- 045When a Frontier Model Talks Its Own Twin Into Climate DenialLLM-Based Persuasion Enables Guardrail Override in Frontier LLMsNogueira, Almeida, Bonás et al. · Maritaca AI·31 min·May 15, 2026
- 044How One Sentence and a Forged History Flip the Most Aligned ModelsHistory Anchors: How Prior Behavior Steers LLM Decisions Toward Unsafe ActionsSalgado · Independent Researcher·23 min·May 15, 2026
- 043When 'This Is False' Doesn't Stick: Why Models Learn the Lie AnywayNegation Neglect: When models fail to learn negations in trainingMayne, McKinney, Dubiński et al. · University of Oxford·18 min·May 14, 2026
- 039When Smarter Agents Get Fooled by Three Extra Nodes in a DatabaseOracle Poisoning: Corrupting Knowledge Graphs to Weaponise AI Agent ReasoningKereopa-Yorke, Diaz, Wright et al. · Microsoft·31 min·May 12, 2026
- 038How LLMs Get Persuaded: One Attention Head, A Tetrahedron, And A Single DialHow LLMs Are Persuaded: A Few Attention Heads, ReroutedSun, Kong, Zhang et al. · Northeastern University·23 min·May 12, 2026
- 037Why Hallucination Detectors Miss Stale Facts: A Geometric Story About What Models Know But Don't SayThe Geometry of Forgetting: Temporal Knowledge Drift as an Independent Axis in LLM RepresentationsElbadry, Heakl, Zhang et al. · Mohamed bin Zayed University of Artificial Intelligence (MBZUAI)·27 min·May 12, 2026
- 034Catching Multi-Agent Deadlocks Before Deployment With a 40-Year-Old ToolTraceFix: Repairing Agent Coordination Protocols with TLA+ CounterexamplesXia, Li, Ehsan et al. · Rutgers University·30 min·May 11, 2026
- 030Why Your AI Agent Won't Stop Working — and Each Model Falls for a Different TrapLoopTrap: Termination Poisoning Attacks on LLM AgentsXu, Wang, Zhang et al. · Zhejiang University·30 min·May 09, 2026
- 023Why a Small Agent Confidently Overwrites Memories It Doesn't UnderstandWhat Happens Inside Agent Memory? Circuit Analysis from Emergence to DiagnosisMao, Zhao, Penn et al. · City University of Hong Kong·23 min·May 07, 2026
- 020The Compliance Gap: Why AI Says Yes and Does NoThe Compliance Gap: Why AI Systems Promise to Follow Process Instructions but Don'tShin · Polymath Minds AI Lab·28 min·May 06, 2026
- 007Exploration Hacking: When Models Sabotage Their Own RL TrainingExploration Hacking: Can LLMs Learn to Resist RL Training?Jang, Falck, Braun et al. · MATS·23 min·May 02, 2026
- 006What Happens Inside Claude When It Decides to Blackmail SomeoneEmotion Concepts and their Function in a Large Language ModelSofroniew, Kauvar, Saunders et al. · Anthropic·22 min·May 02, 2026
- 001When AI Models Quietly Protect Each Other From ShutdownPeer-Preservation in Frontier ModelsPotter, Crispino, Siu et al. · University of California·25 min·May 01, 2026
Worth reading next
Papers we haven't done a deep dive on yet, but would recommend on this topic.
- Sycophancy to Subterfuge: Investigating Reward Tampering in Language Models
- Do Anything Now: Characterizing and Evaluating In-The-Wild Jailbreak Prompts on Large Language Models
- Llama Guard: LLM-based Input-Output Safeguard for Human-AI Conversations
- Conservative Agency via Attainable Utility Preservation
- Alignment faking in large language models
- Universal and Transferable Adversarial Attacks on Aligned Language Models
- Specification Gaming: The Flip Side of AI Ingenuity
- AI Control: Improving Safety Despite Intentional Subversion
- Reward Tampering Problems and Solutions in Reinforcement Learning: A Causal Influence Diagram Perspective
- Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training
- Prompt Injection Attacks against LLM-integrated Applications
- Auditing Language Models for Hidden Objectives