Weekly Digest

Week of 22 Dec 2025

22 Dec 2025 – 28 Dec 2025 · Generated 16 May 2026, 02:23 PM AEST · 4 items across 4 sections

This week at a glance

This shortened working week brings a cluster of items useful for practitioners thinking about AI risk classification and assurance ahead of 2026 planning cycles. The most practically significant finding is research demonstrating that AI agents can reach trained-professional capability in offensive cybersecurity when equipped with the right scaffolding — a reminder that risk assessments for AI tools used in or around sensitive environments should account for capability elicitation, not just baseline model behaviour. On the assurance side, the MLCommons AI Safety Benchmark taxonomy offers a structured starting point for scoping safety risks in conversational AI procurement, though practitioners should note the more current AILuminate v1.0 is the appropriate reference. The NIST investment in applied AI for critical infrastructure and manufacturing rounds out the picture, signalling continued US government movement toward operationalising AI in high-consequence sectors — context worth tracking as Australian agencies consider analogous deployments under existing Commonwealth frameworks.

Headlines

primary source commentary

Global Regulation & Policy1 item

NIST Information Technology RSS(US) 22 Dec 2025

NIST Launches Centers for AI in Manufacturing and Critical Infrastructure

NIST has awarded $20 million to MITRE to establish two AI Economic Security Centres: one targeting US manufacturing productivity and one focused on securing critical infrastructure from cyberthreats. The centres will develop AI-driven tools and evaluations, building on NIST's existing CAISI frontier model testing programme and the White House's July 2025 America's AI Action Plan. A separate AI for Resilient Manufacturing Institute, with up to $70 million over five years, is also planned under the Manufacturing USA programme. The initiative reflects a concerted US posture of deploying AI to reinforce industrial and infrastructure dominance.

Key points

  • NIST invests $20 million with MITRE to establish two AI centres focused on manufacturing productivity and critical infrastructure cybersecurity.
  • Centres extend NIST's CAISI work on AI evaluation and build toward a separate $70 million AI for Resilient Manufacturing Institute.
  • US-centric industrial AI strategy; limited direct Australian regulatory parallel, though signals priority areas for allied nations.

Implications

  • Monitor DISR and critical infrastructure policy teams may want to monitor outputs from these centres, particularly any standards or evaluation frameworks applicable to AI in industrial and infrastructure settings.
  • Consider Agencies developing Australia's AI strategy for critical infrastructure could consider how NIST's framing of AI-driven cybersecurity tools compares to current Australian approaches under existing sector-specific frameworks.

Standards & Frameworks1 item

MIT AI Risk Repository – Blog(Global) 25 Dec 2025

Introducing v0.5 of the AI Safety Benchmark from MLCommons

The MIT AI Risk Repository spotlights the MLCommons AI Safety Benchmark v0.5, a taxonomy and testing framework covering 13 hazard categories for chat-tuned language models, including violent crimes, CBRNE weapons, hate, and suicide. The benchmark provides prompt-based tests for seven of these categories, a grading system, and an open platform (ModelBench) for practical evaluation. Note that v0.5 has since been superseded by V1.0 (AILuminate), released in February 2025. This blog entry is a retrospective spotlight rather than a new development, and its primary value for APS readers is awareness of the MLCommons benchmark lineage and tooling.

Key points

  • MLCommons AI Safety Benchmark v0.5 defines 13 hazard categories for evaluating chat-based AI system safety.
  • Practical testing tools including ModelBench are openly available, making this usable for agency-level AI evaluation.
  • V0.5 has been superseded by V1.0 (AILuminate, Feb 2025); this spotlight is retrospective context, not a new release.

Implications

  • Consider Agencies evaluating or procuring chat-based AI systems could consider referencing the MLCommons AILuminate benchmark (V1.0) as an external safety evaluation standard.
  • Monitor AI governance teams may want to monitor the MLCommons AI Safety Working Group's benchmark evolution, particularly as it expands to image and multimodal AI systems.

Risk, Assurance & Ethics1 item

MIT AI Risk Repository – Blog(Global) 22 Dec 2025

An Overview of Catastrophic AI Risks

The MIT AI Risk Repository blog summarises the Hendrycks, Mazeika, and Woodside (2023) paper 'An Overview of Catastrophic AI Risks', which organises catastrophic AI risk sources into four categories based on proximate cause: malicious use (intentional), AI race dynamics (environmental/structural), organisational risks (accidental), and rogue AI (internal). Each category includes illustrative scenarios and proposed mitigations. The paper covers risks ranging from bioterrorism and lethal autonomous weapons to corporate competitive pressures undercutting safety, and loss-of-control scenarios such as proxy gaming and deception. The blog entry is a secondary digest rather than new analysis.

Key points

  • MIT AI Risk Repository spotlights a 2023 paper categorising catastrophic AI risks into four proximate causes.
  • The four categories — malicious use, AI race, organisational risks, and rogue AI — each include mitigations.
  • This is a secondary blog summary of a 2023 paper; primary value is as a reference for risk taxonomy work.

Implications

  • Consider APS risk and governance teams developing AI risk registers or scenario planning exercises could consider this four-category taxonomy as a reference structure.
  • Monitor Policy teams may want to monitor the MIT AI Risk Repository as it continues to surface and synthesise established risk frameworks relevant to government AI governance.

Technical Developments1 item

Import AI – Substack (Jack Clark)(Global) 22 Dec 2025

Import AI 438: Silent sirens, flashing for us all

This edition of Import AI leads with an essay on AI's 'illegibility' - the gap between AI's actual capabilities and how most people experience it day-to-day - before covering three research items. The most governance-relevant is a Stanford/CMU/Gray Swan study using ARTEMIS, a multi-agent scaffold, to compare AI agents against human penetration testers on a real university network. ARTEMIS significantly outperformed existing AI scaffolds and matched human professionals at roughly 30% of the cost, reinforcing the argument that today's frontier models are more capable than baseline evaluations suggest. Secondary items cover OSMO, an open-source tactile glove for human-to-robot skill transfer, and ChipMind, a data-structuring tool for LLM-assisted semiconductor design. A short fiction piece closes the issue.

Key points

  • Stanford/CMU research shows AI agents with scaffolding match professional penetration testers at $18/hour versus $60/hour for humans.
  • The ARTEMIS framework demonstrates frontier AI systems are systematically under-elicited - more capable than they appear without structured scaffolding.
  • Remaining items cover robotics data transfer (OSMO glove) and AI-assisted chip design - limited direct APS relevance.

Implications

  • Monitor Cyber and security policy teams may want to monitor ARTEMIS-style elicitation research as it informs realistic threat modelling for AI-augmented offensive cyber capabilities.
  • Consider Agencies procuring penetration testing services could consider how AI-assisted testing tools affect vendor capability assessments, pricing benchmarks, and contract specifications.

Implications are AI-generated. Starting points, not advice — see methodology for how they're framed.