2026前沿人工智能风险管理框架报告 Frontier AI Risk Management Framework

iExecutiveSummaryOurvisionoftrustworthyAGIdevelopmentThefieldofArtificialIntelligence(AI)israpidlyadvancing,withsystemsincreasinglyperformingatorabovehumanlevelsacrossvariousdomains.Thesebreakthroughsofferunprecedentedop-portunitiestoaddresshumanity’sgreatestchallenges,fromscientificdiscoveriesandimprovedhealthcaretoenhancedeconomicproductivity.However,thisrapidprogressalsointroducesunprecedentedrisks.AsadvancedAIdevelopmentanddeploymentoutpacecrucialsafetymea-sures,theneedforrobustriskmanagementhasneverbeenmorecritical.ShanghaiArtificialIntelligenceLaboratoryisanadvancedresearchinstitutefocusingonAIre-searchandapplication.Workinginconcertwithuniversitiesandindustry,weexplorethefutureofAIbyconductingoriginalandforward-lookingscientificresearchthatmakesfundamentalcon-tributionstobasictheoryaswellasinnovationsinvarioustechnologicalfields.Westrivetobe-comeatop-tierglobalAIlaboratory,committedtothesafeandbeneficialdevelopmentofAI.Toproactivelynavigatethesechallengesandfosteraglobal“racetothetop”inAIsafety,wehaveproposedtheAI-45°Law[1],aroadmaptotrustworthyAGI.IntroducingourFrontierAIRiskManagementFrameworkInJuly2025,ShanghaiAILaboratory,incollaborationwithConcordiaAI,1releasedtheFrontierAIRiskManagementFrameworkv1.0(the“Framework”).Weproposedarobustsetofprotocolsdesignedtoempowergeneral-purposeAIdeveloperswithcomprehensiveguidelinesforproac-tivelyidentifying,assessing,mitigating,andgoverningasetofsevereAIrisksthatposethreatstopublicsafetyandnationalsecurity,therebysafeguardingindividualsandsociety.Thisframeworkservesasaguidelineforgeneral-purposeAI(GPAI)modeldeveloperstoman-agethepotentialsevererisksfromtheirgeneral-purposeAImodels.Thisframeworkalignswithstandardsandbestpracticesintheriskmanagementofsafety-criticalindustries.Itencompassessixinterconnectedstages:riskidentification,riskthresholds,riskanalysis,riskevaluation,riskmitigation,andriskgovernance(seeFrameworkOverview).EvolutiontoVersion1.5InFebruary2026,wewereproudtoreleaseVersion1.5oftheFramework.Keyupdatesinthenewversioninclude:•Expandedlossofcontrolcontent:Tobetterimplementthecoreprinciplesof“ensuringulti-matehumancontrol”and“proactivepreventionandresponse”toguardagainstAItechnol-ogygettingoutofcontrol,2werefinedthelossofcontrolriskscenariosandthresholds;we1ConcordiaAIisasocialenterprisededicatedtoadvancingAIsafetyandgovernance.2“Ensureultimatehumancontrol”and“proactivepreventionandresponse”arethetwoprinciplesfrom“Appendix2.FundamentalprinciplesfortrustworthyAI”ofAISafetyGovernanceFramework2.0[2].安远AlCONCORDIAAlExecutiveSummaryalsostrengthenedagentoversightprotocolsandemergencyresponsemechanisms,aimingtoprovideguidancetohelpacademiaandindustrycontinuouslymonitortheserisks.•Operationalizingriskanalysis:TomaketheFrameworkmoreoperational,wehaveupdatedtheriskanalysisguidanceforGPAImodelproviders.Byclarifyingtheessentialmodulesofthisprocess,suchasmodelevaluation,elicitation,riskmodelingandestimates,weaimtomakeiteasierfordeveloperstopracticallyimplementriskanalysisbestpractices(seeSection3.RiskAnalysis).•Enhancedinteroperability:Wehavemappedourriskmanagementmeasuresagainstlead-inginternationalanddomesticAIriskmanagementguidance,specificallyChina’sNationalTC260AISafetyGovernanceFramework2.0andtheEUCodeofPracticeforGeneral-PurposeAIModels(SafetyandSecurityChapter).Thishelpsdevelopersadoptsafetymea-suressharedbymajordomesticandinternationalregulatoryguidance(seeAppendixIandAppendixII).AIsafetyasaglobalpublicgoodAsoneofthefirstnon-profitAIlaboratoriestoproposeacomprehensiveframeworkofthiskind,wefirmlybelievethatAIsafetyisaglobalpublicgood[3,4].Thisframeworkrepresentsourcur-rentunderstandingandrecommendedapproachforanticipatingandaddressingsevereAIrisks.WecallonfrontierAIdevelopers,policymakers,andstakeholderstoadoptAIriskmanagementframeworks.AsAIcapabilitiescontinuetoadvancerapidly,collectiveactiontodayisessentialtoensurethattransformativeAIbenefitshumanitywhileavoidingcatastrophicrisks.Weinvitecollaborationonframeworkimplementationandcommittosharingourlearningsopenly.Trulyeffectivesocietalriskmitigationwillonlybeachievedwhencriticalorganizationsadoptandim-plementsimilarlevelsofprotection.Thestakesaretoohigh,andthepotentialbenefitstoogreat,foranythinglessthanourmostcoordinatedandcomprehensiveresponse.ContributionsandAcknowledgementJuly2025VersionScientificDirectorZhouBowenLeadAuthorsBrianTse†,FangLiang*,XuJia*,DuanYawen*,ShaoJing*ContributorsZhangJie,LiuDongrui,WangWeibing,ChengYuan,YuYi,GuoJiaxuan,LuChaochao†Firstauthor*EquaIcontributionsFebruary2026UpdatesContributorsDuanYawen,FangLiang,XuJia,ShaoJing,BrianTse,ZhangJie,WangWeibing,HuXiaAcknowledgementThankstoLiangJiaming,LiuShunchang,andothercoIIeaguesatShanghaiAILabandConcordiaAIfortheirvaIuabIesupportandcontributions.HowtocitethisreportShanghaiAILabandConcordiaAI.(2026).FrontierAIRiskManagementFramework(February2026).ivVersionsandUpdateScheduleTheFrontierAIRiskManagementFrameworkisintendedtobealivingdocument.TheauthorswillreviewthecontentandusefulnessoftheFrameworkregularlytodeterminewhetheranupdateisappropriate.CommentsontheFrameworkmaybesentviaemailtoauthorsatanytimeandwillbereviewedandintegratedsemi-annually.CurrentVersion:v1.5(February2026)ChangelogVersion1.5(February2026)•Expandedandrefinedtheriskscenarios,riskthresholds,agentoversightprotocols,andemergencyresponsemechanismsforlossofcontrolrisks.•Updatedriskanalysisguidancetoclarifyessentialmodules(modelevaluation,elicitation,riskmodelingandestimation)andmaketheframeworkmoreoperationalizable.•MappedriskmanagementmeasuresagainstChina’sTC260AISafetyGovernanceFrame-work2.0andtheEUCodeofPracticeforGPAIModelstoenhanceinteroperability.Version1.0(July2025)•InitialreleaseoftheFrontierAIRiskManagementFramework.vTableofContentsExecutiveSummaryiContributionsandAcknowledgementiiiVersionsandUpdateScheduleivTableofContentsvFrameworkOverview11RiskIdentification41.1ScopeofRiskIdentification 41.2RiskTaxonomy 51.3MisuseRisks 61.4LossofControlRisks 81.5AccidentRisks 101.6SystemicRisks 2RiskThresholds122.1Defining“YellowLines”and“RedLines”forAIDevelopment 122.2Domain-SpecificRedLineSpecifications 143RiskAnalysis203.1ContextualAnalysis 3.2ModelEvaluations 3.3RiskModelingandEstimation 243.4Post-deploymentRiskMonitoring 263.5LifecycleImplementation 264RiskEvaluation294.1Pre-mitigationRiskTreatmentOptions 304.2Post-mitigationResidualRiskEvaluationandDeploymentDecision-making 304.3ExternalCommunicationaboutDeploymentDecisions 325RiskMitigation345.1SafetyTrainingMeasures 355.2DeploymentMitigationMeasures 365.3SystemSecurityMeasures 385.4LifecycleRiskMitigation 40vi安远AlCONCORDIAAlTableofContents6RiskGovernance416.1InternalGovernanceMechanisms 426.2TransparencyandSocialOversightMechanisms 446.3EmergencyControlMechanisms 456.4PolicyUpdatesandFeedbackMechanisms 47AppendixI:FrameworkInteroperability49AppendixII:RiskTaxonomyMapping52AppendixIII:KeyTerms54AppendixIV:SpecificRecommendationsonModelEvaluations57Bibliography621FrameworkOverviewThisFrameworkprovidesastructuredapproachforgeneral-purposeAImodeldeveloperstoproactivelyidentify,assess,mitigate,andgovernsevereAIrisks.Itadaptsestablishedriskman-agementprinciplesforfrontierAIdevelopment,aligningwithstandardsincludingISO31000:2018,ISO/IEC23894:2023,andGB/T24353:2022.3WeorganizetheFrameworkaroundtwocomple-mentarystructures:asix-stageriskmanagementprocessthatdefineswhatdevelopersshoulddo,andathree-dimensionalanalyticallens(Environment–Threat–Capability)thatguideshowdevelopersshouldreasonaboutriskateverystage.TheSixStagesofAIRiskManagementControlledControlledDeploymentSuspensionofdeploymentordevelopmentGreenZoneYellowZoneContinuousMonitoringRoutineDeploymentYellowZoneRedZoneRedZoneFigure1:TheSixStagesofAIRiskManagementWerecommendthatdevelopersadoptacontinuous,six-stageriskmanagementloopthatevolvesthroughouttheAIdevelopmentlifecycle,asillustratedinFigure1.Eachstageproducesoutputsthatfeeddirectlyintosubsequentstages,whilegovernancemechanismsoverseeandconnectthemall:•Stage1–RiskIdentification(Section1):Werecommendthatdeveloperssystematicallycat-alogandcharacterizepotentialsevererisksarisingfromhigh-impactcapabilitiesofgeneral-purposeAImodels,establishingthefoundationaltaxonomythatinformsallsubsequent3Themainreferencesforterminologies,concepts,processescomefrom:GB/T24353:2022RiskManagementGuide-lines[5],GB/T23694:2024RiskManagementVocabulary[6],ISO/IEC23894:2023RiskManagementGuidelinesforAr-tificialIntelligence[7],ISO31000:2018RiskManagementGuidelines[8],ISO/IEC42001:2023ArtificialIntelligenceMan-agementSystem[9],NationalCybersecurityStandardizationTechnicalCommitteeArtificialIntelligenceSafetyStandardSystem(V1.0)[10];Bengio,Y.etal.”InternationalAISafetyReport(January2025),”Chapter3.1RiskManagement.2安远AlCONCORDIAAlFrameworkOverviewstages.TheidentificationprocesscontinuouslyfeedsnewandemergingrisksbackintotheloopasAIcapabilitiesadvanceandnewthreatscenariosemerge.•Stage2–RiskThresholds(Section2):Werecommendthatdevelopersdefineintolerablethresholds(“redlines”)andearlywarningindicators(“yellowlines”)thattranslatequalitativeriskdescriptionsintoactionabledecisioncriteria.Thesethresholdsshouldbecontinuouslyrefinedbasedonlessonslearnedfromriskanalysis,evaluationoutcomes,andmitigationeffectiveness,creatingafeedbackmechanismthatimprovesthresholdcalibrationovertime.•Stage3–RiskAnalysis(Section3):WerecommendthatdeveloperscharacterizetheriskprofileoftheirAImodelsthroughamulti-stageworkflowthatintegratescontextualanalysiswithempiricalassessments.Thisstageproducesrigorousevidenceregardingmodelca-pabilities,propensities,andtheeffectivenessofmitigation—employingcontextualanalysis,modelevaluationswithadvancedelicitationprotocols,riskmodelingusingtheE-T-Cframe-work(describedbelow),riskestimation,andpost-deploymentmonitoring.Byembeddingtheseassessmentsintoeachphaseofthedevelopmentlifecyclethroughdefinedtriggerpoints,thisstageprovidesthenecessaryevidencetoinformsubsequentriskevaluationdecisions.•Stage4–RiskEvaluation(Section4):WerecommendthatdeveloperscomparetherisksanalyzedinStage3againstthethresholdsestablishedinStage2toclassifymodelsintooneofthreeriskzones—Green(broadlyacceptable),Yellow(tolerableunderstrictcontrols),andRed(unacceptable)—andmakecorrespondingdeploymentdecisions.Thesezoneclassi-ficationsdirectlydeterminewhatmitigationmeasures(Stage5)andgovernanceprotocols(Stage6)arerequired.WhenresidualrisksaftermitigationremainintheYelloworRedzones,theprocessloopsbackthroughStage5forstrongermitigation;deploymentdeci-sionsshouldbejustifiedtransparentlythroughevidence-basedsafetycasesandsystemcards.•Stage5–RiskMitigation(Section5):Werecommendthatdevelopersimplementevidence-based,outcome-focusedmeasuresthatreduceidentifiedriskstoacceptablelevelsthrougha“Defense-in-Depth”strategy.Thisstageencompassessafetytraining,deploymentsafe-guards,systemsecurity,andlifecycleintegration,withmitigationintensityscaledtotheriskzoneclassification.Followingimplementation,theprocessloopsbacktoriskanalysistoassessresidualrisksanddeterminewhetheradditionalmeasuresareneeded,creatinganiterativecycleofriskreductionandverification.•Stage6(cross-cutting)–RiskGovernance(Section6):Riskgovernanceisacross-cuttingstagethatspanstheentireriskmanagementprocess.Werecommendthatdevelopersestablishorganizationalstructures,oversightmechanisms,andaccountabilityframeworksthatensuretheotherfivestagesarerigorouslyimplemented,continuouslymonitored,andregularlyadapted.Thisstageprovidesinternalgovernance,transparencyandexternalover-sight,emergencypreparedness,andcontinuouspolicyimprovement,whilefacilitatingco-ordinationbetweeninternalstakeholdersandexternaloversightbodies.3安远AlCONCORDIAAlFrameworkOverviewTheThreeDimensionsofDepIoymentEnvironment,ThreatSource,andEnabIingCapabiIityWerecommendthatdevelopersevaluateriskthroughthreeinterconnectedanalyticaldimensionsthattogetherapproximateboththelikelihoodandseverityofpotentialharm.ThisEnvironment–Threat–CapabiIity(E-T-C)frameworkunderpinsthethreshold-settingprocessinSection2andstructurestheriskmodelingandestimationinSection3:•DepIoymentEnvironment(E):TheoperationaIcontextandconstraintswithinwhichtheAImodeIisdepIoyed.Werecommendthatdevelopersassessfactorsincludingdeploymentdomain,operationalparameters,regulatoryenvironment,userdemographics,infrastructuredependencies,andavailableoversightmechanisms.Changesinthedeploymentenviron-mentcansignificantlyalterriskprofilesevenforidenticalAIcapabilities.•ThreatSource(T):TheoriginoragentthatcouIdtriggerharmfuIoutcomesthroughinter-actionswiththeAImodeI.Werecommendthatdevelopersconsiderexternalactors(ma-licioususers,adversaries),internalfactors(modelmisalignment,emergentpropensities),operationalfactors(humanerror,systemintegrationfailures),andemergentbehaviorsaris-ingfromcomplexAI-environmentinteractions.•EnabIingCapabiIity(C):ThecorefunctionaIabiIitiesoftheAImodeIthatenabIespecificriskscenariostomateriaIizewhenthemodeIisdepIoyedwithoutadditionaIsafeguards.Werecommendthatdevelopersevaluatebothintendedcapabilities(scientificreasoning,coding,planning)andemergentcapabilitiesthatmayarisefromscaleortraining,withpar-ticularattentiontocapabilitiesthatrepresentbottlenecksforharmfuloutcomes—thosethatmostsignificantlydeterminewhetherriskscanberealized.Thisthree-dimensionalapproachrequiresevaluationofnotjustwhatanAIsystemcando(Capa-bility),butwhereitoperates(Environment)andwhatcouldgowrong(ThreatSource),enablingmitigationstargetedatindividualdimensions—suchasdeploymentcontrolsforEnvironment,ac-cessrestrictionsforThreatSource,andhazardouscapabilityremovalforCapability.41.RiskIdentificationTheprimaryobjectiveoftheriskidentificationstageistosystematicallycatalogandcharacterizepotentialsevererisksarisingfromgeneral-purposeAImodels,establishingthebasictaxonomythatguidesallsubsequentriskmanagementactivities.Thisstagemapsouttherisklandscapethatinformsthethreshold-settingprocessinSection2(RiskThresholds),contextualizestheanal-ysismethodsinSection3(RiskAnalysis),andshapesthemitigationstrategiesinSection5(RiskMitigation)andgovernancemechanismsinSection6(RiskGovernance).Werecommendthatdevelopersimplementariskidentificationprocessthatintegratesthefol-lowingcorecomponents:•1)Scopedefinition(Section1.1):Identifyingwhichofthedeveloper’sAImodelsandsystemsfallwithintheframework’spurview,guidedbyriskcharacteristicsthatdistinguishsevereAIrisksfromothertechnologicalhazards.•2)Risktaxonomy(Section1.2):Buildingastructuredclassificationsystemthatcategorizesrisksintofourprimaryriskdomains:Misuse,LossofControl,Accident,andSystemicRisks.Eachdomainisdefinedbydistinctthreatsourcesandrequirestailoredriskmanagementapproaches.•3)Domain-specificriskcategoryidentification(Sections1.3,1.4,1.5,1.6):Identifyingspe-cificriskcategoriesandconcreteriskscenarioswithineachdomaintoguideanalysis.1.1ScopeofRiskIdentificationOurFrameworkbuildsupontheInternationalAISafetyReport(January2025)[11]andAISafetyGovernanceFrameworkv1.0[12]andv2.0[2],andfocusesonthesevererisksstemmingfromthehigh-impactcapabilitiesofgeneral-purposeAImodels.Theserisksposesignificantthreatstopublichealth,nationalsecurity,andsocietalstabilityduetotheirpotentialforrapidescalation,severesocietalharm,andunprecedentedscopeofimpact.Unliketraditionalriskmanagementframeworks,thisFrameworkalsoaddressestheuniquechallengeofpreparingforAIrisksthathavenotyetmaterializedorbeenfullycharacterized.Duringtheriskidentificationprocess,weprioritizerisksfromgeneral-purposeAImodelsthatexhibitoneormoreofthefollowingcharacteristics:•Uniquenesstogeneral-purposeAI:Riskswheregeneral-purposeAI’shigh-impactcapabil-itiesfundamentallyaltertherisklandscape.Thiscouldbebecausetheyamplifytheseverityofrisks(throughincreasingscaleandpotentialcostofharm),becausetheyincreaserisks’likelihood(throughexpandingattacksurfacesandreducingbarrierstomisuse),orbecausetheyintroduceentirelynewcategoriesofhazards.5安远AlCONCORDIAAl1.RiskIdentification•Asymmetrybetweenactionsandimpacts:Riskswherejustasmallnumberofthreatactorsorhazardouseventscancausedisproportionatelycatastrophicconsequencesforsociety,theeconomy,ortheenvironment.•Rapidonsetwithirreversibleconsequences:Riskswherehazardscanmanifestandpropa-gatequickly,demandingimmediateandcoordinatedemergencyresponse,whiletheircon-sequencesmaybeextremelydifficultorimpossibletoreverse,withlimitedoptionsforre-coveryandremediation.•Compoundorcascadeeffect:Riskswheremultipleinterconnectedhazardscanoccursi-multaneouslyortriggersecondaryandderivativeevents,creatingsystemicvulnerabilitiesthatamplifyoverallimpact.ThescopeofthisFramework’sriskidentificationencompasses,butisnotlimitedto,thefollowingcategoriesofgeneral-purposeAImodels:•Multi-modalLanguageModels[13,14]:Modelswithsophisticatedcapabilitiesinlanguageunderstanding,textgeneration,cross-modalprocessing,andadvancedreasoning.•AgenticGeneral-PurposeModels[15]:Modelsthatcanmanipulatetools,interactwithAPIs,andexecutetasksautonomouslywithminimalhumanoversight.•BiologicalFoundationModels[16]:Large-scalemodelstrainedondiversebiologicaldatatoanalyze,predict,andgeneratebiologicalsequencesandmolecularstructuresacrossge-nomic,proteomic,andmoleculardomains(e.g.,Evo2,ESM3,ChemBERTa).•Vision-Language-ActionModelsforEmbodiedAI[17]:Multi-modalmodelsthatbuilduponlargelanguagemodelsandvision-languagecapabilitiestogenerateactionsforembodiedagents(robots)fromnatural-languageinstructions.Thesemodelsintegratehigh-leveltaskplanners,whichcandecomposelong-horizonuserinstructionsintosequencesofsubtasks,withcontrolpoliciesadeptatpredictinglow-levelactionsforphysicalworldinteraction.1.2RiskTaxonomyThisFrameworkidentifiesfourriskdomains:MisuseRisks,LossofControlRisks,AccidentRisks,andSystemicRisks,compatiblewiththeriskdomainslistedintheInternationalAISafetyReportTable1.1:CategorizationofAIriskdomainsRiskDomainThreatSourceDescriptionMisuseRisksMaliciousactorsRisksarisingfromtheintentionalexploitationofAImodelcapabilitiesbymaliciousactorstocauseharmtoindividuals,organizations,orsociety.LossofControlRisksModelpropensitytounderminecontrolRisksassociatedwithscenariosinwhichoneormoregeneral-purposeAIsys-temscometooperateoutsideofanyone’scontrol,withnoclearpathtoregain-ingcontrol.Thisincludesbothpassivelossofcontrol(gradualreductioninhu-manoversight)andactivelossofcontrol(AIsystemsactivelyundermininghumancontrol).Continuesonnextpage...6安远AlCONCORDIAAl1.RiskIdentificationRiskDomainThreatSourceDescriptionAccidentRisksHumanoperationalerrorormodelunreliabilityRisksarisingfromoperationalfailures,modelunreliability,orimproperhumanoperationofAIsystemsdeployedinsafety-criticalinfrastructure,wheresinglepointsoffailurecantriggercascadingcatastrophicconsequences.SystemicRisksMisalignmentbetweenAItechnologyandsocietalinstitutionsRisksemergingfromwidespreaddeploymentofgeneral-purposeAI,beyondtherisksdirectlyposedbycapabilitiesofindividualmodels,arisingfrommismatchesbetweenAItechnologyandexistingsocial,economic,andinstitutionalframe-works.ThisFrameworkprimarilyaddressesrisksthataremanageablethroughinterventionsbyindividualAIdevelopers.Systemicrisksareidentifiedforcompleteness,buttheserequirecoordinatedindustry-wideandsocietal-levelresponsesthatextendbeyondthescopeofindividualmodeldevelopers.1.3MisuseRisksMisuserisksarisefromtheintentionalexploitationofAImodelcapabilitiesbymaliciousactorstocauseharmtoindividuals,organizations,orsociety.Thesethreatsleveragegeneral-purposeAItoamplifytraditionalattackmethodsandenablenewformsofmaliciousactivitythatwerepreviouslytechnicallyoreconomicallyunfeasible.Withinthemisuseriskdomain,weidentifythefollowinghigh-impactriskcategories:CyberOf-fenseRisks,BiologicalandChemicalRisks,PhysicalHarmandInjuryRisks,andLarge-scalePer-suasionandHarmfulManipulationRisks.1.3.1CyberOffenseRisksAI-enabledcyberoffenseposesasignificantsecurityriskinthecyberdomainbytransformingthescale,sophistication,andaccessibilityofcyber-attacks.Unliketraditionalcyberthreats,AIenablesattackersbothtoautomateexistingattackvectorsandtocreateentirelynewcategoriesofoffensivecapabilitiesthatcanadaptandevolveinrealtime.AIcanautomateandenhancecyber-attacks,includingvulnerabilitydiscoveryandexploitation,passwordcracking,maliciouscodegeneration,sophisticatedphishing,networkscanning,andsocialengineering.Thiscoulddramaticallylowerthebarriertoentryforattackerswhileincreasingthecomplexityofdefense[18].Suchmalicioususecouldleadtocriticalinfrastructureparalysis,widespreaddatabreaches,andsubstantialeconomiclosses.1.3.2BiologicalandChemicalRisksGeneral-purposeAIisadual-usetechnology.Thisposesacriticalrisk,asitsignificantlylow-erstechnicalthresholdsformaliciousnon-stateactorstodesign,synthesize,acquire,andde-ployCBRN(Chemical,Biological,Radiological,Nuclear)weapons[19].Thiscapabilityposesun-precedentedchallengestonationalsecurity,internationalnon-proliferationregimes,andglobalsecuritygovernance[20,21].7安远AlCONCORDIAAl1.RiskIdentificationBiologicaldomain:Biologicalfoundationmodelsandgeneral-purposeAIsystemsposerisksthroughtheircapacitytogeneratedangerousbiologicalinformation,includingpathogensequences,toxindesigns,orsynthesispathwaysforharmfulbiologicalagents.Thesemodelscouldfacilitatethedesignofnovelpathogenswithenhancedvirulence,optimizegene-editingtoolsformaliciousapplications,oracceleratebiologicalweaponsdevelopment[22].Forexample,AImodelscouldbeusedtoengineerpathogensthatcouldcauseaseverepandemic,comb