Eticas presents a structured AI auditing framework that bridges risk cataloging to executable audit methodology, demonstrated end-to-end on PII leakage testing against GPT-4-0314. The taxonomy organizes 76 active subcategories across 10 categories with mappings to 18 external frameworks, and is published under CC BY 4.0 with SKOS/JSON-LD distributions. The key contribution is an operationalization layer that converts named risks into measurable, severity-graded findings — addressing a gap the authors identify across at least 74 existing AI risk taxonomies. The PII leakage demonstration shows disclosure rates ranging from 0% to 84% under adversarial conditioning, graded as SYSTEMIC severity.
A preprint from arXiv analyzes how open-source organizations are handling AI-generated and agent-driven contributions, comparing policies across six major projects (SymPy, LLVM, matplotlib, OpenInfra, Apache Software Foundation, Linux Foundation). The authors develop a six-dimensional taxonomy covering disclosure, responsibility, human oversight, licensing, enforcement, and maintainer workload, and score each organization's policy maturity. The paper maps documented agent incidents onto governance gaps and identifies misalignments with emerging regulatory frameworks including the EU AI Act, NIST AI RMF, and ISO/IEC 42001, proposing a harmonized tiered framework.
Anthropic has released a policy document describing their evolving framework for assessing and mitigating AI harms across five dimensions: physical, psychological, economic, societal, and individual autonomy impacts. The framework complements their existing Responsible Scaling Policy and informs decisions on usage policies, red-teaming, detection, and enforcement. Concrete examples include safeguards for computer use capabilities (fraud, phishing) and a reported 45% reduction in unnecessary refusals in Claude 3.7 Sonnet through improved handling of ambiguous prompts. Anthropic frames this as a work-in-progress and invites collaboration from the broader AI ecosystem.
OpenAI published a post outlining its approach to cybersecurity risk as its models grow more capable, covering risk assessment frameworks, misuse mitigation, and collaboration with the security community. The piece addresses both offensive risk (AI-enabled attacks) and defensive applications. It represents OpenAI's public positioning on responsible deployment in a high-stakes domain.
Anthropic released its Responsible Scaling Policy (RSP), a formal framework of technical and organizational protocols for managing catastrophic risks from increasingly capable AI systems. The policy introduces AI Safety Levels (ASL-1 through ASL-5+), modeled on US biosafety level standards, requiring progressively stricter safety, security, and operational standards as models become more capable. Current Claude models are classified as ASL-2; ASL-3 triggers stricter deployment constraints including adversarial red-teaming requirements. The policy has been approved by Anthropic's board and is intended as a template for industry-wide adoption.
Major insurers including Berkshire Hathaway units, Travelers Group, and Chubb are excluding or restricting AI-related liability coverage, signaling growing concern over hard-to-model AI-driven claims. OpenAI introduced GPT-Rosalind, a domain-specific LLM fine-tuned for life sciences workflows, while Anthropic launched Claude Design for visual asset generation targeting non-designers. Additional items cover an AI-run San Francisco retail store exposing agentic system limitations, Wall Street banks cutting junior roles via AI deployment, and Anthropic's continued engagement with the Trump administration despite prior Pentagon restrictions.
A new arXiv preprint introduces a model-agnostic empirical framework for auditing synthetic data generated by LLMs and generative AI systems for privacy leakage. The framework distinguishes 'true disclosures' (direct reproduction of user data) from 'phantom disclosures' (incidental generation), using held-out control sets and statistical hypothesis testing without requiring model access, canary insertion, or shadow model training. It functions as a membership inference attack and provides empirical lower bounds on privacy leakage that are tighter than prior data-based auditing methods. The approach is computationally lightweight and applicable to any synthetic data generation mechanism.
A new arXiv paper critically examines the 'GPTs are GPTs' occupational exposure scores (Eloundou et al., 2023), which have become a dominant empirical input to future-of-work policy debates. The authors identify two compounding gaps: structural limitations of static exposure scores (temporal, geographic, ontological) versus what policy questions actually require, and a coordination failure between researchers and policymakers who continue citing outdated measures. The paper surveys five families of methodological responses and argues that closing the research-policy gap requires participatory methods, better data infrastructure, and a shift from prediction to preparedness.
OpenAI has published guidance outlining a shared framework for conducting trustworthy third-party evaluations of frontier AI systems. The playbook covers methodology for assessing model capabilities, safeguards, and evaluation validity. This represents OpenAI's attempt to standardize and legitimize external auditing practices for frontier models.