Detecting Offensive Cyber Agents: A Detection-in-Depth Approach
AI agents can now orchestrate cyberattacks, dramatically altering the nature of cyber threats. To defend against these emerging threats, actors must first be able to detect them. This report outlines the AI challenge to traditional detection capabilities, introduces a framework to guide the response, and puts this into practice with actionable mechanisms.
After Mythos: A National Security Playbook for Frontier AI
As the White House weighs a range of executive actions to address the national security risks from AI, IAPS proposes strategic policy responses to match the scale and urgency of the challenge.
AI Distillation Attacks: Executive and Congressional Action Can Go Further
The White House and Congress have begun acting on AI distillation attacks, but gaps remain. This memo assesses the OSTP NSTM and the proposed Deterring American AI Model Theft Act of 2026 and recommends further steps.
Advancing America’s Cyber Strategy with Differential Access
Advances in AI-enabled cyber capabilities risk giving threat actors an advantage. To advantage defenders, differential access shapes access to cyber-capable models. The U.S. government should leverage these initiatives to advance the White House Cyber Strategy and U.S. national security.
Risk Reporting for Developers’ Internal AI Model Use
Frontier AI companies run their most capable models internally for weeks before public release. This report offers a harmonized reporting standard for internal use risks across SB 53, RAISE, and the EU Code of Practice.
Mythos and the Evolving Cyber Landscape: Implications and Policy Priorities
Anthropic's Claude Mythos is its most cyber-capable model yet. Policymakers should treat Mythos—and the accelerating trajectory of AI-enabled cyber capabilities—as a national security risk requiring urgent action.
AI Decision Support Systems: A Neglected Source of Military AI Risk
AI decision-support systems are now widely operational in real-world conflicts, yet fall outside DoD policy on lethal autonomy. This memo explores what AI-DSS are, potential failure modes, and policy recommendations to ensure security, reliability, and meaningful human oversight.
Evaluation Awareness: Why Frontier AI Models Are Getting Harder to Test
AI systems can detect when they're tested and strategically modify their outputs. Policymakers should ensure CoT remains readable, standardize model access, and bolster post-deployment safeguards.
Semiconductor Manufacturing Equipment Export Controls
Semiconductor manufacturing equipment refers to the machines and components used to make modern chips. Export controls on this equipment have significantly delayed China’s AI chip making efforts, underpinning a strong US advantage in AI infrastructure.
Assessing Outcomes of H200 Exports to China
H200 exports to China would substantially boost Chinese frontier AI development and deployment capabilities, and therefore likely military applications for the PLA. Because end-user access and end use cannot feasibly be controlled once chips enter China, the BIS rule’s verification requirements are unenforceable.
Export Auditors as Market-Powered Export Enforcement
US export control enforcement isn't keeping pace with the AI chip market. We propose independent, for-profit export auditors—accredited by BIS—to detect chip diversion through on-site inspections, scaling with market growth.
AI Distillation Attacks: The Case for Targeted Government Intervention
In February 2026, Anthropic, OpenAI, and Google published evidence of systematic campaigns by Chinese AI companies to extract capabilities from American frontier models. This memo examines how distillation attacks work, why there is a case for targeted government intervention and what that might look like. Recommendations are offered to support industry efforts to counter distillation attacks: (1) consider BIS Entity List designations for adversary AI companies conducting distillation attacks; (2) assess the merits of PAIP Act sanctions against those engaging in or facilitating distillation attack; (3) explore the development of a NIST-led AI Distillation Defense Framework for the broader ecosystem.
Highly Autonomous Cyber-Capable Agents: Anticipating Capabilities, Tactics, and Strategic Implications
Offensive cyber capabilities in frontier AI models are advancing fast. In a matter of months, models have gone from near-zero to meaningful success rates on expert-level security challenges, and leading AI developers have begun triggering their own internal risk thresholds for cybersecurity. Meanwhile, real-world cases have already emerged in which AI agents autonomously executed significant portions of state-sponsored cyber campaigns. These developments raise an increasingly urgent question: what happens when AI systems can plan, execute, and sustain sophisticated cyber operations entirely on their own
Takeaways from the India AI Impact Summit
The India AI Impact Summit was the fourth in a series of global AI summits. The stated goal of the Summit was to shift the global AI conversation toward “demonstrable impact”, with a focus on inclusive growth. This included orienting the Summit towards various use cases of AI, such as with panels discussing how to drive adoption in sectors like finance, healthcare, and agriculture.
AI Integrity: Defending Against Backdoors and Secret Loyalties
Frontier AI systems are advancing rapidly and reshaping government operations. As government agencies integrate AI into intelligence analysis, policy research, software development, and military operations, adversaries are increasingly incentivized to compromise these systems. Defending against these threats requires preserving the integrity of AI systems. AI integrity means ensuring AI systems are free from secret or unauthorized modifications that could compromise their behavior.
Kimi Claw: Risks from Chinese-Hosted ‘Always On’ AI Agents
Beijing-based, Alibaba-backed AI company Moonshot now offers Kimi Claw - an 'always-on' AI agent embedded in its consumer platform that can access users' files, apps, and communications continuously. Where TikTok collects data from a single app, these agents represent a qualitatively deeper level of data exposure. This memo examines the privacy, cybersecurity, and national security risks, and recommends four low-cost steps the federal government can take now.
Issue Brief: The Stop Stealing Our Chips Act
The Stop Stealing Our Chips Act is a bipartisan, bicameral bill introduced in 2025 that would authorize a new Bureau of Industry and Security (BIS) program to strengthen export enforcement by financially rewarding individuals who report export violations to US authorities. This memo explains the bill and offers recommendations to strengthen enforcement.
Strategic Visions in AI Governance: Mapping Pathways to Victory
What AI policy objectives should one work towards? This depends greatly on one’s strategic vision. Strategic visions are high-level views about how to successfully navigate the transition to a world with powerful AI systems. The strategic visions discussed here particularly aim to address three severe risks: takeover by powerful misaligned AI systems, wars resulting from competitive dynamics around AI, and AI-enabled concentration of power among a small group of people.
New BIS Licensing Policy for H200s: Tough Guidelines, Weak Enforcement
On January 13, 2026, BIS released a new licensing policy for exports of the Nvidia H200, and similar AI accelerator chips, to China. The licensing policy is the regulatory implementation of the administration’s December 8, 2025 announcement that it would permit H200 sales to China in exchange for a 25% export fee. This memo analyzes and explains the new policy.
Crucial Considerations in ASI Deterrence
A new memo by IAPS Associate Researcher Oscar Delaney reviews the emerging “MAIM” (mutual assured AI malfunction) literature and evaluates the strategic dynamics that could shape ASI deterrence.