Detecting Offensive Cyber Agents: A Detection-in-Depth Approach
AI agents can now orchestrate cyberattacks, dramatically altering the nature of cyber threats. To defend against these emerging threats, actors must first be able to detect them. This report outlines the AI challenge to traditional detection capabilities, introduces a framework to guide the response, and puts this into practice with actionable mechanisms.
After Mythos: A National Security Playbook for Frontier AI
As the White House weighs a range of executive actions to address the national security risks from AI, IAPS proposes strategic policy responses to match the scale and urgency of the challenge.
Advancing America’s Cyber Strategy with Differential Access
Advances in AI-enabled cyber capabilities risk giving threat actors an advantage. To advantage defenders, differential access shapes access to cyber-capable models. The U.S. government should leverage these initiatives to advance the White House Cyber Strategy and U.S. national security.
Mythos and the Evolving Cyber Landscape: Implications and Policy Priorities
Anthropic's Claude Mythos is its most cyber-capable model yet. Policymakers should treat Mythos—and the accelerating trajectory of AI-enabled cyber capabilities—as a national security risk requiring urgent action.
IAPS Researchers React: The US AI Action Plan
The Trump Administration unveiled its comprehensive AI Action Plan on Wednesday. Experts at the Institute for AI Policy and Strategy reviewed the plan with an eye toward its national security implications. As AI continues to accelerate towards very powerful artificial general intelligence, our researchers discuss promising proposals for addressing critical AGI risks, offer key considerations for government implementation, and explore the plan's gaps and potential solutions.
Asymmetry by Design: Boosting Cyber Defenders with Differential Access to AI
“Differential access” is a strategy to tilt the cybersecurity balance toward defense by shaping access to advanced AI-powered cyber capabilities. We introduce three possible approaches, Promote Access, Manage Access, and Deny by Default, with one constant across all approaches — even in the most restrictive scenarios, developers should aim to advantage cyber defenders.