Anthropic Tests GRAM Access Control for Dual-Use Knowledge
Architectural access control embedded in training design could reshape how governments specify and procure AI for sensitive dual-use domains.
Key points
- Anthropic and AE Studio published GRAM, a pretraining method that routes dual-use knowledge into removable transformer modules.
- The approach could eventually enable deployment-specific capability control for government biosecurity and cybersecurity use cases.
- Research is explicitly preliminary, untested at frontier scale, and not deployed in production Claude models.
Implications for Australian agencies
- Monitor AI governance and biosecurity-adjacent policy teams may want to monitor GRAM's maturation, particularly downstream evaluations and adversarial recovery results, as evidence of real-world viability.
- Consider Agencies developing AI procurement specifications for sensitive domains could consider whether architectural capability segmentation warrants inclusion as a future evaluation criterion alongside existing safety controls.
Implications are AI-generated. Starting points, not advice — see methodology for how they're framed.
View original source
Copied.
Appeared in:
Weekly digest, 6 July 2026
"Anthropic Tests GRAM Access Control for Dual-Use Knowledge"
Source: Let's Data Science – AI Governance
Published: 9 July 2026
URL: https://letsdatascience.com/news/anthropic-tests-gram-access-control-for-dual-use-knowledge-7478636b
Anthropic and AE Studio have published research on Gradient-Routed Auxiliary Modules (GRAM), a pretraining technique that routes learning from dual-use categories — including virology, cybersecurity, and nuclear physics — into dedicated transformer modules that can later be removed or enabled per deployment. Experiments across 50 million to 5 billion parameters suggest removable modules approximate data-filtered models without broad performance loss. Anthropic emphasises the work is preliminary and has not been applied to production Claude models. The significance for practitioners is directional: access control may eventually shift from post-training refusals and classifiers into model architecture itself, which has implications for how agencies specify AI capabilities in sensitive government contexts.
Implications for Australian agencies:
- [Monitor] AI governance and biosecurity-adjacent policy teams may want to monitor GRAM's maturation, particularly downstream evaluations and adversarial recovery results, as evidence of real-world viability.
- [Consider] Agencies developing AI procurement specifications for sensitive domains could consider whether architectural capability segmentation warrants inclusion as a future evaluation criterion alongside existing safety controls.
Retrieved from SIMS, 18 July 2026.