This shortened working week brings a cluster of items useful for practitioners thinking about AI risk classification and assurance ahead of 2026 planning cycles. The most practically significant finding is research demonstrating that AI agents can reach trained-professional capability in offensive cybersecurity when equipped with the right scaffolding — a reminder that risk assessments for AI tools used in or around sensitive environments should account for capability elicitation, not just baseline model behaviour. On the assurance side, the MLCommons AI Safety Benchmark taxonomy offers a structured starting point for scoping safety risks in conversational AI procurement, though practitioners should note the more current AILuminate v1.0 is the appropriate reference. The NIST investment in applied AI for critical infrastructure and manufacturing rounds out the picture, signalling continued US government movement toward operationalising AI in high-consequence sectors — context worth tracking as Australian agencies consider analogous deployments under existing Commonwealth frameworks.
NIST has awarded $20 million to MITRE to establish two AI Economic Security Centers - one targeting US manufacturing productivity and one focused on securing critical infrastructure from cyberthreats. The centres will develop and deploy AI-driven tools and agents in these national priority domains, building on NIST's existing CAISI program and aligning with the White House's July 2025 AI Action Plan. A further AI for Resilient Manufacturing Institute, with up to $70 million over five years, is also expected to be announced. Together these signal a structured US government effort to accelerate applied AI adoption in industrial and security-critical sectors.
Implications
MonitorDISR and CSIRO/Data61 policy teams may want to monitor outputs from these centres, particularly any standards, evaluation frameworks, or AI agent tooling applicable to critical infrastructure.
ConsiderAgencies developing AI strategy for critical infrastructure or manufacturing sectors could consider how US public-private partnership models compare to current Australian approaches.
Implications are AI-generated. Starting points, not advice.
The MIT AI Risk Repository spotlights the MLCommons AI Safety Benchmark v0.5, a taxonomy developed by an industry-academic consortium that defines 13 hazard categories for chat-tuned language models. Seven categories are covered by practical safety test prompts and a grading system, with an open platform (ModelBench) available for evaluation. The item notes that v0.5 has since been superseded by AILuminate v1.0, released February 2025. For APS practitioners evaluating conversational AI tools, the taxonomy offers a structured reference for safety risk scoping, though the more current AILuminate version would be the appropriate starting point.
Implications
MonitorAgencies developing AI assurance or procurement criteria for chat-based AI tools may want to monitor MLCommons AILuminate v1.0, the current version of this benchmark, as a potential reference standard.
ConsiderRisk and governance teams could assess whether the 13 hazard categories align with or complement existing Australian Government responsible AI risk frameworks when scoping safety evaluations.
Implications are AI-generated. Starting points, not advice.
The MIT AI Risk Repository has spotlighted a 2023 paper by Hendrycks, Mazeika, and Woodside that organises catastrophic AI risks into four categories based on proximate cause: malicious use (intentional), AI race dynamics (environmental/structural), organisational accidents (accidental), and rogue AI or loss of control (internal). Each category includes illustrative hypothetical scenarios and proposed mitigations. The MIT blog post is a summary rather than new analysis, and the underlying paper predates current Australian AI governance frameworks, but the taxonomy remains a useful reference point for risk classification work.
Implications
ConsiderAgencies developing or reviewing AI risk registers could consider whether this four-category taxonomy complements existing frameworks such as the NIST AI RMF or DISR guidance.
MonitorTeams tracking the MIT AI Risk Repository may want to monitor subsequent framework spotlights for emerging risk categorisation approaches relevant to Australian policy work.
Implications are AI-generated. Starting points, not advice.
Global22 Dec 2025Import AI – Substack (Jack Clark)
This edition of Import AI combines an editorial essay on the growing gap between AI practitioners and general users with a research summary on AI cybersecurity capabilities. The substantive finding is that researchers from Stanford, CMU, and Gray Swan AI demonstrated that AI agents equipped with the ARTEMIS scaffold can perform at the level of trained security professionals in realistic penetration testing environments. This suggests a 'capability overhang' in cyber AI - latent offensive capabilities that are unlocked by the right elicitation tooling rather than further model training. The editorial content, while thoughtful, is opinion and not directly actionable.
Implications
MonitorAPS cyber security and AI risk teams may want to monitor ARTEMIS-style research as it develops, given implications for threat modelling and red-teaming assumptions.
ConsiderAgencies could consider whether existing AI risk assessments adequately account for scaffold-enabled capability uplift in adversarial contexts, not just baseline model behaviour.
Implications are AI-generated. Starting points, not advice.