Saved in:
Bibliographic Details
Main Authors: Thiergart, Lisa, Tzfati, Yoav, Wagstaff, Peter, Guy, Cosio, Luis, Reiner, Philip
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2605.08449
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914546150539264
author Thiergart, Lisa
Tzfati, Yoav
Wagstaff, Peter
Guy
Cosio, Luis
Reiner, Philip
author_facet Thiergart, Lisa
Tzfati, Yoav
Wagstaff, Peter
Guy
Cosio, Luis
Reiner, Philip
contents Security Level 5 (SL5) is a security posture for AI systems that could plausibly thwart top-priority operations by the world's most cyber-capable institutions: those with extensive resources, state-level infrastructure, and expertise years ahead of the public state of the art. The SL5 terminology originates from the RAND Corporation's 2024 report "Securing AI Model Weights". Frontier AI development requires use-case-specific, productivity-optimised and updateable AI datacenter security standards. This first revision of the SL5 standard focuses on requirements with long lead times: interventions that must be planned years in advance, such as facility construction, hardware procurement, and organizational capability development. We prioritize these requirements because preserving optionality for SL5 by 2028/2029 requires starting now. These capabilities cannot be retrofitted on short notice when the need becomes urgent. Some requirements represent significant departures from current day standard practice. We believe bold measures are necessary for this level of security and see clear opportunities to apply optimization pressure to existing and novel solutions to customize them for the AI industry and address the practical operational requirements as much as possible. Our organization exists to begin paving this path. Some requirements approximate government security capabilities where private-sector approaches may be insufficient. We identify these gaps and note where government involvement may ultimately be necessary.
format Preprint
id arxiv_https___arxiv_org_abs_2605_08449
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle SL5 Standard for AI Security
Thiergart, Lisa
Tzfati, Yoav
Wagstaff, Peter
Guy
Cosio, Luis
Reiner, Philip
Cryptography and Security
Security Level 5 (SL5) is a security posture for AI systems that could plausibly thwart top-priority operations by the world's most cyber-capable institutions: those with extensive resources, state-level infrastructure, and expertise years ahead of the public state of the art. The SL5 terminology originates from the RAND Corporation's 2024 report "Securing AI Model Weights". Frontier AI development requires use-case-specific, productivity-optimised and updateable AI datacenter security standards. This first revision of the SL5 standard focuses on requirements with long lead times: interventions that must be planned years in advance, such as facility construction, hardware procurement, and organizational capability development. We prioritize these requirements because preserving optionality for SL5 by 2028/2029 requires starting now. These capabilities cannot be retrofitted on short notice when the need becomes urgent. Some requirements represent significant departures from current day standard practice. We believe bold measures are necessary for this level of security and see clear opportunities to apply optimization pressure to existing and novel solutions to customize them for the AI industry and address the practical operational requirements as much as possible. Our organization exists to begin paving this path. Some requirements approximate government security capabilities where private-sector approaches may be insufficient. We identify these gaps and note where government involvement may ultimately be necessary.
title SL5 Standard for AI Security
topic Cryptography and Security
url https://arxiv.org/abs/2605.08449