AI Safety at the Global Level Insights from Digital Ministers Of
20 Feb 2026 10:00h - 11:00h
AI Safety at the Global Level Insights from Digital Ministers Of
Summary
The panel opened with Yoshua Bengio stressing the importance of independent scientific assessments of AI capabilities and risks, acknowledging deep uncertainty and pledging continued support for such reporting [1-5]. Lee Tiedrich introduced a multidisciplinary panel-including Singapore’s Minister Josephine Teo, Professor Alondra Nelson, and AI Security Institute director Adam Beaumont-to examine the safety report and asked about notable changes between 2025 and 2026 [7-19].
Bengio identified the rapid rise of autonomous AI agents that can operate for extended periods, access credentials and the internet, and interact with each other as a key emerging risk that reduces human oversight [20-31]. Minister Teo framed Singapore’s position as a small state that must balance adoption with safety, citing recent legislation that obliges platforms to remove harmful AI-generated images and highlighting AI’s dual role as both a cyber-threat and a target of attacks [36-70]. Nelson explained that the report aims to provide a “ground truth” by aggregating evidence-informed scenarios, deliberately avoiding prescriptive policy while exposing systemic risks such as loss of autonomy and social cohesion, and calling for stronger political will to act on the findings [78-103].
Beaumont emphasized the urgency of cybersecurity concerns, describing the institute’s pre- and post-deployment testing, red-team exercises, and the open-source Inspect framework as tools to raise evaluation standards and encourage a broader ecosystem of independent auditors [107-127][214-215]. Addressing the jagged performance of general-purpose models, Bengio argued for per-capability risk assessment and rigorous scientific communication to prevent false claims that could mislead policymakers [132-150]. Teo suggested that policymakers should create mandatory safety standards akin to product testing (e.g., IKEA’s durability checks) and explore mechanisms such as insurance schemes and pragmatic research roadmaps to bridge the gap between science and deployment [160-186].
Both Bengio and Nelson noted a missing “policy-options” layer between scientific evidence and legislative action, proposing that scientists outline possible courses without dictating choices to aid decision-makers [244-250]. Lee highlighted the need for greater AI literacy and for translating evaluation metrics across cultures and norms, drawing on Singapore’s governance experience [32-35]. He also raised the evidence gap in rapidly evolving risks, to which Beaumont replied that clear, transparent evaluation criteria and the development of third-party auditors are essential to fill that gap [211-215]. Nelson added that adopting standards similar to those used in human-genetics risk assessment and funding common-good research could strengthen the evaluation ecosystem [252-266].
The discussion concluded with consensus that multi-sector collaboration, standard-setting, and international agreements are essential to manage AI’s systemic and catastrophic risks, especially as sovereignty concerns demand cooperative safety frameworks rather than isolationist walls [292-303][304-311].
Keypoints
Major discussion points
– Rapid emergence of autonomous AI agents and multi-agent systems creates new safety challenges.
Yoshua highlighted that “advances in agency of the AI systems” mean “more autonomous… less oversight” and that agents can be given credentials and Internet access, leading to “concerning” interactions when they are let out into the world [20-31]. Josephine echoed this, noting the need to “think about how these AI agent systems are being architected” and to put “guardrails around it” [66-70].
– Translating scientific findings into concrete, thoughtful policy guardrails.
Josephine stressed that policymakers must turn safety insights into “operable guardrails,” often via standards, regulations, and laws, but “thoughtfully” to avoid stifling innovation [50-55]. She cited Singapore’s new law imposing obligations on services that host harmful AI-generated images [58-64] and discussed the exploration of “insurance schemes” and industry-wide standards as mechanisms to align incentives [168-173]. Yoshua added that scientific rigor and humility are essential so that “policy decisions… are not based on false claims” [138-150].
– Building an independent evaluation ecosystem to close the evidence gap.
The discussion began with a call for “independent scientific assessment” of AI risks [1-5]. Alondra explained that the report deliberately stays at “what do we know” and is moving toward “real-time” evidence [88-94]. Adam described concrete steps: the open-source Inspect framework, extensive red-team testing, and the goal of fostering a “wide ecosystem of third-party evaluators” akin to accounting auditors [214-225]. Lee’s follow-up question framed this as a need to define “step one… step two… and by whom” [221-225].
– Broadening the risk lens beyond catastrophic scenarios and emphasizing global cooperation.
Alondra argued for attention to “systemic risk,” including loss of autonomy, manipulation, job anxiety, and social cohesion, noting that these compounding harms threaten democracy [191-199]. Adam highlighted the dual-use nature of AI in cybersecurity and bio-security, stressing the urgency of understanding “the confluence of some of these risks” [119-124]. Yoshua and Josephine both stressed that AI risks transcend borders, calling for international agreements, shared standards, and collaborative governance rather than “walls” of sovereignty [292-302][227-233].
Overall purpose / goal of the discussion
The panel convened to unpack the findings of the newly released AI safety report, assess emerging technical risks, and explore how scientific evidence can be turned into practical, policy-ready tools and regulations. Participants aimed to identify research and evaluation gaps, propose mechanisms for trustworthy deployment, and chart a collaborative path forward for governments, industry, and the research community.
Overall tone and its evolution
The conversation maintained a collaborative and constructive tone throughout, marked by mutual respect among academics, policymakers, and industry leaders. It began with a forward-looking, cautious optimism about scientific assessment [1-5], moved into urgent concern over autonomous agents and systemic risks [20-31][191-199], shifted to pragmatic problem-solving regarding policy translation and evaluation tools [50-64][214-225], and concluded with a unifying call for international cooperation and responsible governance [292-302][227-233]. While the tone remained respectful, the urgency and emphasis on concrete action grew as the discussion progressed.
Speakers
– Alondra Nelson – Area of Expertise: Science, technology, and social values; AI policy and ethics.
Role/Title: Harold F. Linder Chair and Professor at the Institute for Advanced Study, where she leads the Science, Technology, and Social Values Lab; former Deputy Director of the White House Office of Science and Technology; senior advisor on the AI safety report. [S1][S3]
– Josephine Teo – Area of Expertise: Digital development, AI governance, cybersecurity.
Role/Title: Singapore Minister (Minister for Communications and Information) leading Singapore’s digital development, smart-nation strategy, public communications, and cybersecurity initiatives. [S4]
– Yoshua Bengio – Area of Expertise: Deep learning, AI research, AI safety.
Role/Title: Professor, University of Montreal; AI pioneer and Turing Award laureate; co-chair of the AI safety report. [S9]
– Adam Beaumont – Area of Expertise: AI security, risk assessment, red-team testing.
Role/Title: Director, UK AI Security Institute (AI Security Institute). [S13]
– Lee Tiedrich – Area of Expertise: AI policy, governance, evaluation frameworks.
Role/Title: Researcher at the University of Maryland; moderator/facilitator of the panel discussion. [S15][S16]
– Participant – Area of Expertise: (not specified)
Role/Title: Audience member who asked questions during the Q&A.
Additional speakers:
– Melinda – Area of Expertise: (not specified)
Role/Title: Unidentified participant addressed during the Q&A segment.
The session opened with Yoshua Bengio emphasizing that policymakers worldwide need independent scientific assessments of AI capabilities, harms, and existing mitigation measures, and warning that the future will contain “unknown unknowns” such as psychological effects that must be prepared for on the basis of the best scientific knowledge [1-5].
Lee Tiedrich introduced the multidisciplinary panel: Minister Josephine Teo (Singapore, digital development, smart-nation strategy, cybersecurity), Professor Alondra Nelson (Institute for Advanced Study, senior advisor to the report), and Adam Beaumont (director of the UK’s AI Security Institute, the first government-backed body for safe, beneficial AI) [11-16]. He asked Yoshua to highlight the most significant changes between 2025 and 2026 [18-19].
Yoshua identified the rapid emergence of autonomous AI agents as the key shift. These agents can operate for hours or days, hold credentials, and access the Internet, thereby reducing the “human-in-the-loop” oversight that characterises today’s chat-bots [22-29]. He warned that once deployed, agents begin to interact with one another, a nascent but concerning phenomenon [30-31][S29][S62].
Lee noted the need for greater AI literacy so the public understands what agents can and cannot do [32-35].
Minister Teo likened AI governance to aviation safety: Singapore does not build aircraft, yet must ensure safe manufacturing, maintenance, and air-traffic management. She highlighted Singapore’s new law that imposes statutory obligations on platforms to remove harmful AI-generated images once notified [58-64], and stressed that AI is both a cyber-threat and a cyber-target, especially for multi-agent systems. She called for thoughtful guardrails, standards, and insurance-type schemes to manage these risks [65-70].
Alondra Nelson described the report as a ground-truth, evidence-based resource that deliberately does not prescribe policy. It uses OECD-style scenarios to provide foresight and expands its scope to systemic risks-loss of human autonomy, manipulation, job anxiety, and threats to social cohesion and democracy [78-85][90-93][191-199][202-204][88-102]. She warned of a collective-action problem and urged the community to agree on a small set of evaluation standards, recommending public-sector funding (analogy to the Human Genome Project’s “LC program”) to support upstream safety research [221-225][256-259].
Adam Beaumont outlined the AI Security Institute’s work: pre-deployment testing, post-deployment red-team exercises, model-card disclosures, grant-making, and the open-source Inspect framework that enables third-party auditors to evaluate models [107-127][214-215]. He emphasized the need for clear measurement goals, transparent reporting, and the development of a wide ecosystem of independent evaluators, akin to accounting auditors [214-225].
Addressing the jagged performance of general-purpose models, Yoshua warned that AI can be extremely capable in some domains while weak in others, creating dual-use dangers. He called for per-capability risk and intention assessments, and stressed scientific rigor, humility, and group review to avoid false claims that could mislead policymakers [132-150].
When asked how to translate science into practice for organisations without scientific staff, Minister Teo used an IKEA analogy: safety should be certified by standards and insurance-type mechanisms so end-users need not verify safety themselves. She mentioned Singapore’s national AI R&D plan that funds responsible-AI research, the development of testing frameworks and toolkits, and the importance of insurance schemes discussed at Davos [161-166][169-186][180-184].
Yoshua suggested adding an optional “policy-options” layer to the report-scientifically grounded choices and their likely consequences-while explicitly not prescribing a single course of action [244-250]. Alondra agreed that the report should remain evidence-based and highlighted the need for standardised evaluation protocols and public funding to support them [256-259].
Adam argued that evaluation responsibility should be shared among government, industry, academia, civil society, and individuals, recommending regulatory sandboxes, joint funding programmes, and collaborative pilots to build the ecosystem [267-277].
In the audience Q&A on AI sovereignty, Yoshua replied that true sovereignty means partnerships and international agreements, not isolationist “walls”, and called for mechanisms to verify compliance [292-300]. Minister Teo concurred, stating that a self-contained “sovereign AI” is unrealistic and would leave nations behind [304-312].
Points of Consensus (all speakers):
1. Urgent need for guardrails, standards, and independent evaluation of autonomous agents and multi-agent systems [20-31][68-70][214-216][256-259];
2. Scientific rigor and evidence-based, non-prescriptive reporting as the foundation for policy [138-150][76-77][88-102];
3. Dual-use cyber- and bio-security threats amplified by increased autonomy [65-70][119-124][22-31];
4. International cooperation over isolationist sovereignty [292-302][304-312];
5. Practical tooling (e.g., Inspect, insurance schemes) to give end-users confidence [155-159][161-166][214-215].
Remaining Open Issues
– Concrete standards and guardrails for agent credential access;
– Effective labeling or watermarking of harmful AI-generated content;
– Mechanisms for international verification of AI-safety agreements;
– Standardised metrics for assessing intent and capability in jagged models;
– Clear allocation of responsibility among governments, industry, and individuals;
– Development of real-time, longitudinal evaluation methods to keep pace with rapid model improvements [58-64][68-70][292-302][132-150][214-225].
Action Items
1. Develop and promote third-party evaluation frameworks (e.g., expand the Inspect ecosystem) [107-127][214-215];
2. Enact thoughtful, targeted standards and regulatory sandboxes that balance innovation with safety [155-159][161-166][169-186];
3. Increase funding for research on multi-agent systems, cybersecurity, and bio-security (including insurance-type incentives) [107-127][180-184];
4. Continue collaborative updates of safety research priorities (Singapore’s responsible-AI programme as a model) [180-184];
5. Produce scientifically grounded policy-option briefs that outline possible actions and their consequences without prescribing a single path [244-250];
6. Foster cross-sector partnerships to co-design evaluation standards and verification protocols [214-225][256-259][292-302].
The discussion underscored that, while there is strong agreement on the challenges posed by autonomous agents, the need for rigorous independent evaluation, dual-use threats, and global cooperation, the path forward requires careful balancing of timely guardrails with ongoing research and the establishment of shared standards. Continued, science-driven dialogue will be essential to navigate the “unknown unknowns” ahead.
continue rapidly for policymakers across the globe to rely on an independent scientific assessment of what AI can do and what it can cause and what we can do already to try to mitigate this. I’m committed to continue supporting such reporting. As you know, we’re heading into a future with many unknown unknowns, things that we could not even imagine a year ago, like the psychological effects are happening, and there will be other surprises in the future. And so we must accept the prevailing uncertainty and collectively prepare for all plausible scenarios according to the scientific community. So thanks, and looking forward for the continued discussion. Thank you.
Oh, it’s working. Oh, okay. Well, thank you, Yashua, for your leadership and for giving us an overview of the safety report. And now we’re going to dig into the safety report in more detail. And to do this, we’ve got an amazing panel. To my left, we have Minister Josephine Teo from Singapore, who leads the Singapore government’s efforts in digital development, public communications and engagement, smart nation strategy, and cybersecurity. We’re also joined by Professor Alondra Nelson, who holds the Harold F. Linder Chair and leads science, technology, and social values lab at the Institute for Advanced Study, where she’s been on the faculty since 2019. And Alondra also contributed significantly to the report as a senior advisor. And then we also have Adam Beaumont, who is the director of the UK’s AI Security Institute.
The first and biggest government -backed organization dedicated to ensuring advanced AI is safe, secure, and beneficial. And I’m Lee Tedrick with the University of Maryland, and I also had the honor of serving as a senior advisor on the report. So to get us started, I’ll send the first question to Yashua. You talked about how the technology has evolved quite rapidly and continues to evolve rapidly, and you highlighted some of the significant changes. But are there any particular changes that really stand out to you as being significant in 2026 as compared to 2025?
Yes. I think in terms of risk management and potentially policy, the advances in agency of the AI systems is something we should pay a lot more attention. The reason is simple. Having AIs that are more autonomous means less oversight. So right now when you interface with a chatbot, of course the human is in the loop, right? It is a loop. And then usually you take what the AI is proposing, and then you humanize. You even do something. something with it. Agents are a different game where the agents will work on a problem for you for hours, days, and they will be given credentials. They will be given access to the Internet. So we need to have AI technology that will be much more reliable and avoid some of the issues we’re seeing today before this can be deployed in a way that’s safe and accepted because businesses and users at some point will be concerned that they can’t trust this technology with all the credentials that we might give them.
And then we’re also seeing things that are, I think, somewhat unexpected but not yet sufficiently studied, which is once we kind of let out these agents into the world, they start interacting with each other. And I think it’s about early days, but what we’re seeing is a bit concerning.
Yeah, I know it’s certainly gotten a lot of attention in the press, and I think it highlights the need to increase AI literacy too so people understand what these agents can and cannot do. For Minister Teo, Singapore has been at the forefront of AI governance from the ASEAN AI Governance Guide to the Singapore Consensus on AI Safety. And one of the things that Yashua highlighted that the report talks about is, you know, the need to translate some of the evaluation for different cultures and different norms and also to be able to put it into practice. Based on Singapore’s experience, what does it look like to take the science and actually put that into tools and practice that people around the world can use?
Thank you very much. Perhaps I will offer a perspective as a small state in a part of the world that has a lot of interest in the adoption of AI technologies, but perhaps is still only becoming much more aware of the extent of the risk. And so in my interaction with the international community, I think that the role of AI is really important. with my counterparts, I often share with them a perspective. They would have visited Singapore. They would have, you know, traveled in and out of our air hub. And I explained to them that Singapore does not own aircraft technologies. We, Boeing does not belong to us, neither does Airbus. But we have to be concerned about the safety of how these aircraft are manufactured.
We have to be concerned about maintenance, repair, and overhaul. We have to be concerned about air traffic management. If we didn’t have all of these elements in place, it’s very hard to see how you can have a thriving air hub, you know, and be responsible for the lives of millions of people passing through the airport. So that’s the reason why we think we have to be invested in the conversation and the efforts to bring about AI safety. If we want to see wide adoption in our region, then we must equally be aware of how the air traffic is manufactured. So the risk can be mitigated. The second point I’d like to make is that ultimately as policymakers, our objective in understanding the safety aspects must translate into how we can put them into operable guardrails.
And very often this would mean standards that are being imposed. This would mean regulations and laws. But we have to do it in a thoughtful way because we still do want to benefit from this technology. So if we are not targeted in the way we implement these requirements, then what we might achieve is not just the impact to the pace of innovation. What we could end up is a situation where we have given a false promise to our citizens, giving them the impression that we have protected them when in fact we haven’t actually done so. So that’s why I think we need to be thoughtful. interest is also that when there is clarity about what needs to be done, we want to be able to move very quickly.
Joshua talked about the misuse of AI, for example, to use them for generating images that often target women and children. And what we did was that last year we introduced a new law. It imposes statutory obligations on the services that bring these images and make this content available to vast numbers of people. They’ve always said that we are not responsible for the generation of such content. And so that’s something that we take on board. But having been notified of the existence of such harmful content, then there is an obligation for you to remove it. So this new law that we passed imposes such an obligation. And Joshua also talked about the financial… in the reports, our AI and cybersecurity is intersecting in very, very concerning ways.
For example, AI being used to target systems, and so AI is a threat. Now, however, we also see that AI itself can be a target of cyber attacks. And when AI becomes the target of cyber attacks, particularly for multi -agent systems, those kinds of risks can easily go out of hand. So even as the Singapore government is experimenting with the use of AI, we want to be very thoughtful about how these AI agent systems are being architected and what exactly goes into the decision -making process as to the agency that is being granted. Is there a way to put guardrails around it? So I would just say that AI as a threat, AI as a target, and where we really need to cooperate and do much better in that, is using AI as a tool.
to fight these threats. So those are the kinds of things that within the ASEAN community we hope to be able to make progress on.
That’s great, and thank you. And it’s a great segue to Alondra. You’ve worked not only in academia but have had high -level positions in the United States government, and a lot of your work is focused on the relationship between science, technology, and public accountability. And the report is really intended to inform policymakers and inform the broader community and intentionally does not take the next step of advising policymakers on what to do. And I’d be interested in your thoughts as to both the structure of the report and drawing that line, and importantly, what’s next? What should policymakers be thinking about as they read and digest the report?
Yeah, thank you so much, and thank you all for being here. So let me just start by thanking Yoshua again because I was at Bletchley. We were at Bletchley Park. We were having a… conversation and one of the things I said when I spoke there was that we are going to need new democratic institutions for this moment. One of those are certainly the ACs, but one of those is this report, right? Like our ability to have a ground truth as a global community about the risks are deeply important for any future that we’re going to have with AI that’s beneficial. So, and I know that takes a lot of work and so thank you Yoshua for doing that.
And in the course of doing that and it’s serving as a senior advisor have seen how they’ve created a whole new system. I mean, you know, some of it comes out of CS culture, some of it comes out of research culture that we know, but they literally have created a new institution to help us kind of think through what’s the best information, how do you make evidence -based claims about the state of science and the midst of kind of radical uncertainty and that’s a new task for researchers of across our fields and disciplines. So I just want to tip my hat to you and make sure that people actually know how much work you’ve put into this.
So, you know, I think the report, its mandate, and I think it does a really good job of exactly not crossing that line, Lee, which is to say, what do we know? What’s the best of what we know? What are some, I mean, this report, I think, for the first time uses some OECD scenario, so it’s sort of reaching a little bit to evidence -informed kind of foresight and forecasting. And, you know, it really responds to, I think, the fact that a lot of our information about what’s happening in AI comes from journalism. It’s a very hard time to be a journalist right now, so this is not a knock on journalists, but it’s just to say that we don’t have globally, you know, the kind of sort of horizon of information that we really need in the policy space to make good policy decisions.
That said, you know, states will have lots of different policies and concerns that they want to make, so it’s not the mandate of the report to sort of direct how people should think about the evidence, but it is to say there’s more than anecdotal journalism here, and this is the best of what we know. In this moment, Yoshua mentioned there’s sort of updates that are happening, so the report is the team is also getting better at getting the information and more closer to real time. So I think it establishes that ground truth that’s so important for AI, particularly in the context not only of uncertainty, as I said, but of lots of hype that we’re sort of reading about and hearing about every day.
But I would also say that the report does a good job of, at the end of each section, making some nods to policy. So these are – so what should policymakers make of these scientific insights? And so it does a very good job at sort of steering what the implications of the fact that we have now growing uses of multiagent systems. How might you need to think about that? How might you need to think about the fact that there are growing sort of biosecurity and cybersecurity risks, for example? And then, Lee, to your point about what needs to be done, I think we all know what needs to be done. And I think – I hope that the report, because it is not anecdotal, not whim, allows there to be some – stronger political spines and some more political will.
to make the hard decisions that we need to make in the regulatory and policy space, both in individual nation states and I think also as a global community. So if it can be a resource for helping policymakers make good and strong and evidence -based arguments, and also I think allowing governments to support the funding of the creation of more evidence, I think it will be all to the good and obviously moving into the space of some sort of guardrails and regulatory regime is what needs to happen is the next step.
Thank you, Alondra. And also it’s a great segue over to Adam because the report also identifies what are some of the key research gaps and what are some of the key gaps in the evaluation ecosystem. And so for you, Adam, as the leader of the AC, what jumped out to you? What did you do in terms of? of risks and what are your priorities in terms of how to start addressing those risks going forward based on the report?
Yeah, thank you very much. And I wanted to reiterate thanks to Joshua and the panel and also to call out the work of AC in supporting the secretariat of that for the past couple of years. And I know there are a couple of lead writers in the audience too. So it’s really great to see just the collaborative effort that’s happened around the world on that. I think it’s so important for enabling policymakers to have an objective, independent data science report. In AC, you asked me about which kind of risks jump out most. It’s quite hard to pick from our research staff. There’s about 100, so it’s like naming which is your favorite child. But there are a few from my – favorite’s a strange word.
There are a few that really jump out to me with my background in national security. And Joshua, you spoke. You’ve spoken a bit about this already. in cybersecurity and in biological capabilities. Both of those are very dual use. But I think in cybersecurity, we’ve seen such rapid development in the capability of the models, even in the last few weeks and months. And I think the report does a great job of explaining how that capability can assist in cyber operations at many different stages in that life cycle or different tasks. We’re not yet seeing that fully autonomous, though. And I think that is the area that concerns me that we’re trying to research and understand right now is, what does the confluence of some of these risks look like when combined with more autonomy, particularly in the genetic AI scenarios?
And some of the things we’re doing in AC about that, I guess we’re quite well known for our pre -deployment testing of frontier AI models. We also do post -deployment. You can see some of the impact of that in the model cards. Some of the companies published. we do a lot of red teaming and with that we’re trying to strengthen the safeguards of the models that are being provided but also raise the bar for the level of security research that’s happening so this week we published research around some of our methods on how we do that where we want to both responsibly disclose that but also grow the number of people that are working to help raise the bar we also use grant making and try to raise the level of investment happening in this space and then we’re trying to develop the way that we do evaluations to adapt to the way that models are improving capabilities, for example you get different results if they use more tokens with inference time scaling so we’re trying to make sure that our valuations account for that or by using cyber ranges rather than just capture the flag type scenarios so I care about all of those different risks that we are researching But the one I’m watching right now is probably on cybersecurity.
Thank you. And back to you, Yashua. One of the things that you had mentioned in the overview is the jagged performance of the general purpose AI models. And I’d be interested in your thoughts on how that impacts the evaluation science. If you have a general purpose model and it’s good at some tasks but not others, should evaluators be thinking about things differently?
Yes. Also, I think the general public and the media needs to escape this vision of an AGI moment. Because if AI continues to have these jagged capabilities, it means that we could well be in a world where AI already has dangerous capabilities and dual use for some things. At the same time as it might be really weak on other skills. And so the… The thing that matters at this point is in this world… that continues is very careful scientific evaluation of you know per scale per ability risk and capability right uh by the way that includes capability and intention something i didn’t mention too much in my presentation we’re seeing a lot of concerns with ais having goals that we would not like them to have um and in spite of our instructions acting uh against um their moral alignment training um so yeah this this is we we can’t stay at this very abstract i mean maybe like a few years ago thinking about agi was like a reasonable abstraction reaching human level but now it’s kind of meaningless because you know we’re gonna have things that can be extremely stupid in some ways maybe weak in some ways and already dangerous in the wrong hands in some other ways so we we have to be more technical and more precise you in talking about the risk And also, if you’re a business and you want to deploy, you also want to know, is the AI going to be good for what I’m trying to do?
I want to add one thing about the report spirit, about the report’s rigor. That’s not directly connected to your question, but I think it’s really important. There is a central requirement for science. When we talk about rigor, what does it mean? What it really means for every scientist, when they put something in writing or something official, they should not make a claim that could be false. They should only be claiming things that they’re totally sure about. Especially in the context. Where policymakers are going to use that information. You don’t want decisions to be taken based on false claims. And, of course, opinions abound in our world, especially because they impact people’s interests. And this is why it’s so important that we can ground our policy decisions in scientific evaluation.
And what it really means is this. It means a kind of humility and honesty, even when you may be biased in one way or another. To stick to those facts. And you need a group of people, because each of us can be personally biased, right? I am. Everyone is. It’s human. A group of people who can catch each other’s maybe going across that red line of rigor and not making statements that couldn’t be defended very strongly.
Thank you. And a very, very important point. I think… I think in addition to the policymakers needing to be able to use this information, I, through my work, end up talking to a lot of organizations, nonprofits, small and medium -sized businesses. And what I hear a lot is, like, it’s great. Like, you have to start with the science, and that is ground zero. But then for some of those other organizations, they need the tooling. They’re not going to have a whole scientific staff on how do we put that into practice. And I’m just wondering from the government’s perspective, Minister Teo, what are your thoughts on how we might be able to advance some of the tooling to take this great learning and make it easier for companies and other organizations to actually deploy?
I was at a similar session recently, and this topic came up. And the way I think about it is I use IKEA as an example. You know, when you go to IKEA, you buy furniture, and IKEA promises you that… furniture has been tested. So, you know, if it’s a couch, it has been jumped on, I don’t know, 25 ,000 times, and it didn’t break, you know, and so your kids are not going to be hurt if they jumped on it too, well, up to 25 ,000 times. And if you think about a user on the receiving end of this technology, it is, I think, quite unreasonable to expect them, you know, to have to impose safety conditions on their own.
They are simply not in a position to do so. They don’t have the power to decide, you know, what gets sold to them and what does not get sold to them. So we as policymakers must recognize that there is a huge gap between those that we are encouraging to adopt AI tools, adopt AI technology in various contexts. We must think about… Where are the right points to make… these requirements mandatory when it is perhaps not so much requirements that are mandatory, but it is useful for industries to come together. For example, in Davos, we discussed the possibility of insurance schemes, creating the right incentives for AI model developers. And I think that there is no easy landing point just yet.
But if we fail to engage in these conversations in a rational way, then I think we are even further behind in trying to manage the risks. So I would say that the thoughtfulness has to be applied at many different levels. There needs to be continued research in AI safety. And so I’m very happy that we are continuing to have this conversation. Thank you. in Singapore and we hope to update where are the areas of safety research that should be prioritised. I think this year, I certainly agree with you, multi -agent systems is going to come up quite prominently. But we cannot just stop there. We also have an ongoing programme. We started by setting aside commitments under our own national AI R &D plan and in fundamental research, one of the areas that we are very interested in is responsible AI.
So you need the two to go hand in hand. But can you not have some testing frameworks and toolkits to begin with? We think that that is also not helpful. It is more pragmatic to try and to recognise the shortcomings of those testing tools and then to invest further effort in promoting more thoughtful, thoughtful ways of looking at the research. of these systems and how to mitigate against them. Ultimately, we should try and get to a point where the end user has assurance of safety, that they don’t have to be thinking so hard about whether the proper tests have been applied. We’re not there yet, but I think we need to find a way to work out the roadmap.
That’s very interesting. You can also think of analogies in the medical context. We don’t always understand how the medicine works, but we have assurance that if it’s prescribed for us, it’s going to work well. Turning back to you, Alondra, there’s been a lot of conversation around catastrophic risks, and the report is intentionally broader than just catastrophic risks. I’d be interested in your thoughts as to whether that was a good place to draw the line and what some of the benefits are of broadening our aperture beyond just the catastrophic risks.
Thank you. Certainly, the reason that I continue to be involved with this is because… under Yoshua’s chairmanship of the report, that it is attentive to a broader set of risks. So there’s a section of the report that’s called systemic risk, and I think what we haven’t quite pieced together is that particularly if we care about democracy, if we care about social cohesion, it is not the individual risk, like we all have our favorites or unfavorites, Adam, to your point. It is the compounding of those risks together. Like we are careening without seatbelts in a car quickly in a society in which all of these risks and harms are happening simultaneously. So that is a very dangerous world for social cohesion.
That is not a society that’s healthy, and that’s not healthy for democracy. And so I think the attention to the broader set of risks, which include things like loss of human autonomy, what does it mean when you’re not in charge of your own decision -making, what does it mean when you’re not in charge of your own decision -making? What does it mean when sycophancy and other sorts of, I think, outputs mean that you are being manipulated in some way through the use of the tools and technologies? How do we think about the fact that there might be job loss or job displacement, the anxiety that it creates? I mean, talk about a lack of social cohesion.
The anxiety it’s already creating in a lot of societies about people’s livelihoods and their abilities to protect them and their families and their well -being. So I think what the report does incredibly well under a kind of large banner of safety is to think at a 30 ,000 -foot level, if you take all of the chapters together, about what are those compounding risks? What does it look like if all of those risks sort of move together simultaneously? And therefore, it is equally important to think about that technology in a healthcare space that’s malfunctioning, giving a misdiagnosis, as important as it is in some ways to think about a bio -risk. And so I think that’s important. And I’m…
I’m really gratified that the report continues to be anchored in that broader aperture of risk.
I would agree, too, because I think a lot of those risks are, especially with agents, they’re here today and they’re just going to continue to increase, and we do need to keep the focus on them.
Just a small comment about the systemic risks. Of course, I completely agree, but I want to point out one factor that makes them potentially catastrophic, except maybe at a slower pace, is because so many people are going to be using these systems, and the global dynamics and social dynamics are so difficult to anticipate and could be incredibly impactful, both on the positive and negative side.
I think Yashua and Alondra’s comments tee up the next question for Adam. These risks are evolving quite rapidly, and one of the things that the report, I think, emphasizes is we have an evidence gap. for researchers to keep up and it’s hard to do longitudinal studies in a very short period of time. I’d be interested in your perspectives from the ACs. How do you address that as you start thinking about real -world evaluation today and how does that impact the approach to evaluation and what might the ACs be able to do to help fill some of this evidence gap?
some of our learnings and some of them are quite simple there are things like if if you’re evaluating something be really clear what is it you are trying to measure and make sure your evaluation is actually getting after the thing that you are focused on as some can be quite misleading in the way that they are organized but in addition to areas where we had good consensus around best practices we also highlighted areas where there’s still uncertainty or we need more research and again we want to communicate that and be very transparent so that more people can join in as we do see this as requiring like many great minds around the world and they just aren’t enough safety and security researchers to do that all in one place but in addition to talking about the practice of evaluation we’re also trying to provide tooling for other organizations to do that and one of the things I’m very proud of the AC developed in the UK was the inspect framework there’s been open sourced and is used really extensively by different companies, organisations in government, outside government.
And the thing I would love to see over this coming year is how we can really grow a wide kind of ecosystem of third -party evaluators that can offer that independence and bring rigour and scientific method to the way that we measure these capabilities and then can communicate about them. And just I’m going to ask one quickfire question for the whole group and then I’m going to open it up for Q &A, so start thinking about your questions. But, you know, I’m interested, Adam, and I think it touches on some of the themes of like how do we take the science and bring it to practice and how do we actually create this evaluation ecosystem.
So step one is developing the science. Step two is then figuring out, well, how do we actually evaluate this? And then there’s the, you know, by whom. And how do you see an evaluation ecosystem? How do you see the ecosystem emerging? Do you see governments being the evaluators? Do you see this going more like we have with accounting, where you have third -party certified auditors doing the evaluations? I’d be interested in each of your thoughts. And maybe start with Minister Tia, and then we can go down the line.
Well, certainly in the ASEAN context, I would advocate for an approach that deals with near and present dangers that everyone is dealing with. The risk of not focusing on what’s most prominent in people’s minds today, policymakers’ minds today, is that the conversation may feel too theoretical, and we may lose interest and momentum, and we don’t even build the foundations of cooperating in a meaningful way. And what are some of those areas where AI intersects with? AI being used, misused, for harming people in terms of the content creation. I think that’s one. Almost every single policy. that I come across is very, very upset by the fact that they have to address their constituents’ concerns about all these harmful images that are being created with the help of AI.
It’s very offensive to our societies. And if we are not able to work on these areas in a meaningful way, in a practical way, then I think we risk losing my colleagues’ attention. So what can we do? We have to then seriously ask, is watermarking the correct approach of dealing with it? Is there some other way of labeling AI -generated content? Is that even the right direction that we should be moving on? The other area is that I think it will be very prominent, and that is the use of AI in cybersecurity. I don’t think at this point in time AI as a threat is adequately addressed. AI as a target is even further from that.
It’s in people’s minds. of the conversation in the areas that my colleagues care about, I think stands a better chance of anchoring their attention and creating meaningful opportunities for us to say, here are the ways you can test for it, and here are the tools that can be applied. They won’t be perfect, but they are important stuff.
So I want to mention maybe a totally different aspect that’s orthogonal to this. As I’ve been thinking about the process of bringing the science to have an impact with policymakers, I feel like there is a step in between what we’ve done and the actual political decision making, and that is using scientifically grounded policy options. So the report doesn’t go into recommendations, and I think that was a great mandate that we started from, but I think there is something in between taking the policy decisions and this. Thank you. grounded in what the scientists see and the people like economists and social scientists, based on this, what are reasonable options for policymakers without saying you have to take this one?
You could do this, you could do nothing. And what are the consequences that are expected based again on the science without making an actual recommendation? Because in the real world, I understand policymaking is hard because you always have a tension between different values and objectives and interests. We shouldn’t make those choices, but we can help make it easy for policymakers.
I think I would offer we’re just getting started with evaluations and assessments. And so I wouldn’t want to put a thumb on a scale and pick one. I mean, I think that we actually have to try a lot of different things. I also think to the extent that we have a body of knowledge around evaluation that is coming from ACs and policymaking, and other researchers. Thank you. that, you know, I worry that we’re going to have a collective action problem and so that everyone’s doing their own different kind of evaluation. And I think what we will need to fundamentally do is make, as a research community, a few choices about, you know, something closer to a standard, like this is the way that we are, the few ways that we’re going to proceed.
So I think there’s that. I do think that it needs to be obviously multi -sector. It’s a fairly obvious point. How do you do that is an open question. I wrote a piece in Science a few months ago where I suggested that we might think about the LC program for human genetics and genomics in which, you know, 3 % of the Human Genome Project research budget in 1990, 1991, was dedicated to upstream research of potential risks and harm of human genetics. So that doesn’t present risks and harms, but it means that you go in upstream to projects thinking about them as a part of the research and design, often before deployment. And it doesn’t mean that you can prevent things like someone doing illegal human genome gene editing, right?
But I think that you do have a global community that has thought about it and is ready to have a conversation and knew in the case of the human genome, the human gene editing, that it was wrong and why it was wrong and we had discussed it. So I think that there are, you know, lots of models that government’s deeply important here and that, you know, I think that there are schemes that would require, I think, the public sector to, you know, place a little money in the space of a sort of common good or a comments for research to understand and advance much more in the evaluation and assessment space.
Yes, you asked who should be involved in evaluation or where should be done and I guess my answer to that is should it be government, should it be industry? It’s kind of all of the above and I really agree with you that we’re very early in the journey and there’s still a lot of uncertainty but I do think there’s a role for governments to play, there’s a role for industry, there’s a role for researchers, civil society but also individuals and we saw that at the start of the year when people are very willing to trade away. They can trade away all their keys, passwords, anything for the… enjoyment of agent autonomy. And that reminds me a lot of the early days of cybersecurity where we need to grow ecosystems.
Individuals have a responsibility as much as governments and I’m sure over time we’ll see more institutions and organisations grow that help do that. But the key to it has got to be collaboration. So on a practical level, things like regulatory sandboxes or like policy lab type things where you can try limited pilot approaches seem to be good. We’re trying a bit of that in the UK. Things like joint funding programmes that bring researchers, policy makers together to kind of iterate options again seems a good idea. But I strongly agree we’re just early in the journey. We should keep options open.
Thank you. I think we have time for one or two questions. Wow, we have a lot of hands. What I’m going to do is call on two people. We’ll kind of combine the questions and we’ll let the panel. Well, I wish I had more time. So we’ll take one here and one over there. Go ahead. Right here in the second row. Can someone bring a microphone over? Or a speaker. It’s not a very good move, right?
Can you hear me?
Yes.
So I have a question. So, like, now we hear a lot about, like, the rise of business and sovereignty, like, everywhere, and, like, a lot of more countries are trying to claim it in some ways or another. And I would be really curious to hear, like, how, at least in the AI safety field, how are you seeing that impact and which other safety concerns are most pressing, like the grown -up of the window based on that first?
Yeah, so I think we should be careful about what sovereignty means. It doesn’t mean building walls around your country. It means making sure your country will retain the ability to, you know, take its decisions. And, you know, succeed economically. economically and politically. And often that means the opposite of walls around your country. It means making partnerships with others that increase your chances of, you know, not ending up in a bad place. And that includes agreements on safety, right, because many of the risks we’ve discussed, you know, they’re not limited by borders. We can collaborate on the safety technology with multiple countries. We can have the kinds of agreements that Singapore has been leading where multiple parties, you know, from many different countries agree on principles.
And eventually we will need international agreements and we will need technology for verification of these agreements. We are far from that, but that’s the only kind of world where, you know, I would want my children to live. Where AI is not used to dominate others and we don’t see, like, reckless behavior across. the world.
Ms. I’m so glad that Yoshua has offered a view that to me is a very sound approach. You said earlier that what we want is a world where every country can be at the table, not on the menu. And that’s exactly how you can preserve sovereignty, even with AI developments. The idea that you get sovereign AI by confining everything to your own shores, I think it gives a false sense of security. Firstly, it’s not achievable. Secondly, the idea that you can do so, I think, would mean that for many countries where the most sophisticated applications will have to originate from elsewhere, that just cuts you off. It cuts you off from being able also to make progress, and that puts you even further behind.
So how is that sovereign? So it has to be a topic that is dealt with thoughtfully. It’s not a term to be bandied about too easily.
Melinda, Adam, any thoughts? Okay. Yeah, so we unfortunately are running out of time, but I would love to thank our panelists for being here today and sharing the report. And I hope all of you will read the report and continue to engage with us because, as we said, there’s a lot more work to be done. Thank you very much. Thank you all. Thank you. you you Thank you. Thank you.
“Lee Tiedrich introduced the multidisciplinary panel including Minister Josephine Teo and Professor Alondra Nelson (and Adam Beaumont)”
The knowledge base lists Josephine Teo and Alondra Nelson as participants in the AI safety discussion, confirming their presence on the panel [S1].
“Yoshua Bengio identified the rapid emergence of autonomous AI agents as the key shift in AI between 2025 and 2026”
Sources describe a critical technological shift toward proactive, autonomous AI agents capable of independent decision-making, matching the report’s description of autonomous agents as a major change [S81] and [S82].
“These autonomous agents can operate for hours or days, hold credentials, and access the Internet, reducing human‑in‑the‑loop oversight”
The knowledge base notes that autonomous agents can act independently and perform tasks without continuous human supervision, providing background for the claim about extended operation and reduced oversight [S81] and [S82].
“Once deployed, agents begin to interact with one another, creating a nascent but concerning phenomenon”
Discussion of standards and protocols for agents to work together indicates that multi-agent interaction is an emerging issue, confirming the report’s point [S86].
“Minister Josephine Teo likened AI governance to aviation safety, using Singapore’s experience with aircraft safety as an analogy”
The policymaker’s guide explicitly describes Minister Teo’s aviation safety comparison to illustrate AI governance challenges [S6].
The panel shows strong convergence on four main themes: (1) the urgent need for guardrails, standards and independent evaluation of autonomous AI agents; (2) the importance of scientific rigor and evidence‑based, non‑prescriptive reporting; (3) recognition of dual‑use cyber‑ and bio‑security threats amplified by autonomy; (4) the necessity of international cooperation and multilateral frameworks for AI sovereignty. Additional consensus appears around practical tooling for businesses and the role of targeted funding mechanisms.
High consensus – the speakers from academia, government, and industry largely agree on the problem definition and on broad strategic directions, though they differ on implementation details. This alignment suggests that forthcoming policy initiatives can draw on a shared understanding of risk, the need for standards, and the value of collaborative, evidence‑driven approaches.
The discussion revealed moderate disagreement centred on how far scientific reports should go in guiding policy, the preferred architecture of AI evaluation (standardised versus third‑party ecosystem), and the timing of implementing guardrails for autonomous agents. While participants share the overarching goal of safe AI deployment, they diverge on the mechanisms, actors and urgency required to achieve it.
The level of disagreement is moderate: it does not fracture the dialogue but highlights distinct strategic preferences that could affect coordination, speed of regulation and the design of evaluation infrastructures. If unresolved, these differences may lead to fragmented standards, delayed safeguards, and uneven international cooperation in AI governance.
The discussion was steered by a handful of high‑impact remarks that repeatedly reframed the problem space—from Yoshua’s warning about autonomous agents and jagged capabilities, to Alondra’s call for new democratic institutions and systemic‑risk perspective, and Josephine’s concrete policy analogies and tooling proposals. Each of these comments opened new sub‑threads (AI literacy, regulatory guardrails, evaluation ecosystems, and global governance) and prompted other panelists to expand, challenge, or operationalize the ideas. Collectively, they moved the conversation from a broad safety report overview to a nuanced, multi‑dimensional agenda that links technical risk assessment, rigorous scientific standards, practical regulatory tools, and international cooperation.
Disclaimer: This is not an official session record. DiploAI generates these resources from audiovisual recordings, and they are presented as-is, including potential errors. Due to logistical challenges, such as discrepancies in audio/video or transcripts, names may be misspelled. We strive for accuracy to the best of our ability.
Related event
