Saved in:
Bibliographic Details
Main Authors: Charnock, Jacob, Tlaie, Alejandro, O'Brien, Kyle, Casper, Stephen, Homewood, Aidan
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2601.11916
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914260831961088
author Charnock, Jacob
Tlaie, Alejandro
O'Brien, Kyle
Casper, Stephen
Homewood, Aidan
author_facet Charnock, Jacob
Tlaie, Alejandro
O'Brien, Kyle
Casper, Stephen
Homewood, Aidan
contents Frontier AI companies increasingly rely on external evaluations to assess risks from dangerous capabilities before deployment. However, external evaluators often receive limited model access, limited information, and little time, which can reduce evaluation rigour and confidence. The EU General-Purpose AI Code of Practice calls for "appropriate access", but does not specify what this means in practice. Furthermore, there is no common framework for describing different types and levels of evaluator access. To address this gap, we propose a taxonomy of access methods for dangerous capability evaluations. We disentangle three aspects of access: model access, model information, and evaluation timeframe. For each aspect, we review benefits and risks, including how expanding access can reduce false negatives and improve stakeholder trust, but can also increase security and capacity challenges. We argue that these limitations can likely be mitigated through technical means and safeguards used in other industries. Based on the taxonomy, we propose three descriptive access levels: AL1 (black-box model access and minimal information), AL2 (grey-box model access and substantial information), and AL3 (white-box model access and comprehensive information), to support clearer communication between evaluators, frontier AI companies, and policymakers. We believe these levels correspond to the different standards for appropriate access defined in the EU Code of Practice, though these standards may change over time.
format Preprint
id arxiv_https___arxiv_org_abs_2601_11916
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Expanding External Access To Frontier AI Models For Dangerous Capability Evaluations
Charnock, Jacob
Tlaie, Alejandro
O'Brien, Kyle
Casper, Stephen
Homewood, Aidan
Computers and Society
Frontier AI companies increasingly rely on external evaluations to assess risks from dangerous capabilities before deployment. However, external evaluators often receive limited model access, limited information, and little time, which can reduce evaluation rigour and confidence. The EU General-Purpose AI Code of Practice calls for "appropriate access", but does not specify what this means in practice. Furthermore, there is no common framework for describing different types and levels of evaluator access. To address this gap, we propose a taxonomy of access methods for dangerous capability evaluations. We disentangle three aspects of access: model access, model information, and evaluation timeframe. For each aspect, we review benefits and risks, including how expanding access can reduce false negatives and improve stakeholder trust, but can also increase security and capacity challenges. We argue that these limitations can likely be mitigated through technical means and safeguards used in other industries. Based on the taxonomy, we propose three descriptive access levels: AL1 (black-box model access and minimal information), AL2 (grey-box model access and substantial information), and AL3 (white-box model access and comprehensive information), to support clearer communication between evaluators, frontier AI companies, and policymakers. We believe these levels correspond to the different standards for appropriate access defined in the EU Code of Practice, though these standards may change over time.
title Expanding External Access To Frontier AI Models For Dangerous Capability Evaluations
topic Computers and Society
url https://arxiv.org/abs/2601.11916