_version_ 1866910015148785664
author Brundage, Miles
Dreksler, Noemi
Homewood, Aidan
McGregor, Sean
Paskov, Patricia
Stosz, Conrad
Sastry, Girish
Cooper, A. Feder
Balston, George
Adler, Steven
Casper, Stephen
Anderljung, Markus
Werner, Grace
Mindermann, Soren
Mavroudis, Vasilios
Bucknall, Ben
Stix, Charlotte
Freund, Jonas
Pacchiardi, Lorenzo
Hernandez-Orallo, Jose
Pistillo, Matteo
Chen, Michael
Painter, Chris
Ball, Dean W.
O'Keefe, Cullen
Weil, Gabriel
Harack, Ben
Finley, Graeme
Hassan, Ryan
Emmons, Scott
Foster, Charles
Reuel, Anka
Treece, Bri
Bengio, Yoshua
Reti, Daniel
Bommasani, Rishi
Trout, Cristian
Shamsabadi, Ali Shahin
Dattani, Rajiv
Weller, Adrian
Trager, Robert
Sevilla, Jaime
Wagner, Lauren
Soder, Lisa
Ramakrishnan, Ketan
Papadatos, Henry
Murray, Malcolm
Tovcimak, Ryan
author_facet Brundage, Miles
Dreksler, Noemi
Homewood, Aidan
McGregor, Sean
Paskov, Patricia
Stosz, Conrad
Sastry, Girish
Cooper, A. Feder
Balston, George
Adler, Steven
Casper, Stephen
Anderljung, Markus
Werner, Grace
Mindermann, Soren
Mavroudis, Vasilios
Bucknall, Ben
Stix, Charlotte
Freund, Jonas
Pacchiardi, Lorenzo
Hernandez-Orallo, Jose
Pistillo, Matteo
Chen, Michael
Painter, Chris
Ball, Dean W.
O'Keefe, Cullen
Weil, Gabriel
Harack, Ben
Finley, Graeme
Hassan, Ryan
Emmons, Scott
Foster, Charles
Reuel, Anka
Treece, Bri
Bengio, Yoshua
Reti, Daniel
Bommasani, Rishi
Trout, Cristian
Shamsabadi, Ali Shahin
Dattani, Rajiv
Weller, Adrian
Trager, Robert
Sevilla, Jaime
Wagner, Lauren
Soder, Lisa
Ramakrishnan, Ketan
Papadatos, Henry
Murray, Malcolm
Tovcimak, Ryan
contents We outline a vision for frontier AI auditing, which we define as rigorous third-party verification of frontier AI developers' safety and security claims, and evaluation of their systems and practices against relevant standards, based on deep, secure access to non-public information. Frontier AI audits should not be limited to a company's publicly deployed products, but should instead consider the full range of organization-level safety and security risks, including internal deployment of AI systems, information security practices, and safety decision-making processes. We describe four AI Assurance Levels (AALs), the higher levels of which provide greater confidence in audit findings. We recommend AAL-1 as a baseline for frontier AI generally, and AAL-2 as a near-term goal for the most advanced subset of frontier AI developers. Achieving the vision we outline will require (1) ensuring high quality standards for frontier AI auditing, so it does not devolve into a checkbox exercise or lag behind changes in the industry; (2) growing the ecosystem of audit providers at a rapid pace without compromising quality; (3) accelerating adoption of frontier AI auditing by clarifying and strengthening incentives; and (4) achieving technical readiness for high AI Assurance Levels so they can be applied when needed.
format Preprint
id arxiv_https___arxiv_org_abs_2601_11699
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Frontier AI Auditing: Toward Rigorous Third-Party Assessment of Safety and Security Practices at Leading AI Companies
Brundage, Miles
Dreksler, Noemi
Homewood, Aidan
McGregor, Sean
Paskov, Patricia
Stosz, Conrad
Sastry, Girish
Cooper, A. Feder
Balston, George
Adler, Steven
Casper, Stephen
Anderljung, Markus
Werner, Grace
Mindermann, Soren
Mavroudis, Vasilios
Bucknall, Ben
Stix, Charlotte
Freund, Jonas
Pacchiardi, Lorenzo
Hernandez-Orallo, Jose
Pistillo, Matteo
Chen, Michael
Painter, Chris
Ball, Dean W.
O'Keefe, Cullen
Weil, Gabriel
Harack, Ben
Finley, Graeme
Hassan, Ryan
Emmons, Scott
Foster, Charles
Reuel, Anka
Treece, Bri
Bengio, Yoshua
Reti, Daniel
Bommasani, Rishi
Trout, Cristian
Shamsabadi, Ali Shahin
Dattani, Rajiv
Weller, Adrian
Trager, Robert
Sevilla, Jaime
Wagner, Lauren
Soder, Lisa
Ramakrishnan, Ketan
Papadatos, Henry
Murray, Malcolm
Tovcimak, Ryan
Computers and Society
We outline a vision for frontier AI auditing, which we define as rigorous third-party verification of frontier AI developers' safety and security claims, and evaluation of their systems and practices against relevant standards, based on deep, secure access to non-public information. Frontier AI audits should not be limited to a company's publicly deployed products, but should instead consider the full range of organization-level safety and security risks, including internal deployment of AI systems, information security practices, and safety decision-making processes. We describe four AI Assurance Levels (AALs), the higher levels of which provide greater confidence in audit findings. We recommend AAL-1 as a baseline for frontier AI generally, and AAL-2 as a near-term goal for the most advanced subset of frontier AI developers. Achieving the vision we outline will require (1) ensuring high quality standards for frontier AI auditing, so it does not devolve into a checkbox exercise or lag behind changes in the industry; (2) growing the ecosystem of audit providers at a rapid pace without compromising quality; (3) accelerating adoption of frontier AI auditing by clarifying and strengthening incentives; and (4) achieving technical readiness for high AI Assurance Levels so they can be applied when needed.
title Frontier AI Auditing: Toward Rigorous Third-Party Assessment of Safety and Security Practices at Leading AI Companies
topic Computers and Society
url https://arxiv.org/abs/2601.11699