I'm increasingly convinced that model access parity is a big deal and we are not on track to achieve it. By model access parity, I mean a small gap between (i) the model access for lab employees and (ii) the model access for external safety researchers, third-party auditors, and other actors trying to make the future go well). See here for an introduction.
The basic case is this: (1) Regardless of the strategic landscape, outsiders are well-suited to many crucial activities. (2) Outsiders will be positioned to spend billions of dollars towards making things go well.[1] (3) AI labour seems like the most promising route for spending money to tackle these activities. However, during the months where outsider activities are highest leverage, the best internal models might provide 2-60x more uplift than the best publicly-available models.[2] So without model access parity, this AI labour might be massively less effective.
In this post, I attempt to sketch some interventions. But I don't think any of them are great, mostly because they don't seem sticky. I wouldn't be surprised if you can think of something much better.
My overall judgement
Outsider orgs should try to directly advocate for model access parity to lab employees — both in the general case ("Here's why model access parity for outsiders is good") and their specific case ("Here's why our org in particular needs model access"). Concurrently, we should try to make the case to policymakers and the public — I think, since Mythos, it will be much easier to argue that labs should be compelled to provide the best internal models for certain applications (e.g. "it's like Project Glasswing but for bla"). This combination of advocacy seems pretty reasonable — the first type of advocacy seems suited to orgs which are helping the labs, and the second for orgs which are trying to constrain the labs.
Moreover, I think lab employees should push for a more consistent internal policy around access for outsiders. My understanding is that currently, if an insider wants to give special access to outsiders, this requires a bespoke negotiation with the labs. My guess is that, once crunch time hits, these negotiations will be prohibitive — a lag of a few months might matter a lot.
Another class of interventions is pre-empting potential bottlenecks, e.g. outsider orgs improving their security because they expect this to be the bottleneck on achieving model access. I think this will be pretty tricky, because it's hard to predict what the bottlenecks will be. For example: better security probably wouldn't have helped your org gain Mythos access — either during Project Glasswing, or later during the export controls. I think it will be so easy to expend huge amounts of effort trying to alleviate a potential bottleneck, and being completely off-target once the strategic landscape changes. Maybe this is a skill-issue on my part, and other people are better at prediction.
List of interventions
Below, I'll go into detail about specific interventions. I've ordered them from most promising to least promising, but I'm not confident in that ranking.
(1) Advocacy to lab employees
Idea. People in the outsider orgs should talk directly to lab employees, and explain the arguments for model access parity which are most legible/persuasive to them. They could try to get commitments from the labs, but I don’t expect these to be binding, so outsiders should mostly focus on getting insiders to actually believe the arguments.
Overall judgement. This looks pretty good, but it's difficult to centralise or to front-load. I do think that, on the margin, people should be writing short memos of the form "Why labs should endorse our work?"
Concrete steps:
Talk to outsiders who have already negotiated with the labs for model access, to understand how this goes — what access did they have, how did they get it, what did they have to concede, where do negotiations typically stall? Most of this isn't written down; ask people who've done it.
Talk to a small number of sympathetic lab employees who could actually push this internally. Ask the lab insiders what the cruxes/bottlenecks are in their internal conversations, and help alleviate those. Maybe you should write a 2-pager optimised for forwarding (this would be similar to a grant proposal, but asking for model access rather than money).
You probably want to frame model access parity as a productivity issue, i.e. "Look how much value our work provides you — don't you want to make us more productive?" This seems to have worked reasonable well in the pre-deployment testing space. If your organisation has use cases which aren't in the labs' interests, then they could potentially piggyback on the work which the labs like. (Although I'm worried this won't work for activities that are actively hostile to labs.)
Try to snowball more support, e.g. use your existing lab connections to book meetings with more lab connections. Try to generally increase the knowledge within the lab about what your org does and why.
Probably you'll need to understand the concerns of less-sympathetic lab employees who could veto the model access, e.g. the security teams.
Plausibly, if the model access gap is sufficiently high, then orgs should send someone to the labs specifically so they can champion the orgs internally.
Pros:
At least currently, lab employees seem best positioned to push for model access parity. Historically, when outsider orgs have been given special access to models or artefacts, this has routed via individual lab employees, or small teams.
This requires spending some social and professional capital, but not much.
Cons:
I’m worried that lab leadership might mislead the sympathetic insiders, i.e. sympathetic insiders tell the outsiders “Don’t worry, lab leadership said this will happen” and then it doesn’t happen.
The labs might worry about looking biased by providing special access to their friends. They might think "If we give org X the latest model, then we'd have to give it to org Y as well, otherwise we look biased". This is especially worrying if Org X isn't legible to the the public, investors, or governments — e.g. they work on esoteric philosophy.
It might distort the incentives of the outsiders if they are relying on goodwill with the labs to do their work.
This doesn’t work for orgs which need to be actively hostile to labs, i.e. orgs trying to generate evidence that the labs are being reckless.
(2) Advocacy to policymakers and the public
Idea. Outsiders could make public requests for model access parity. The hope is that someone would be persuaded to help make this happen, e.g. policymakers, public, etc.
Overall judgement. I think this should probably happen concurrently with advocacy to lab employees. It seems somewhat stickier than relying on the lab's goodwill. My main worry is probably that the work of outsiders might not be legible to the groups with leverage over the labs.
Concrete steps:
Outsiders could talk more about model access parity on podcasts, blogs, etc. They discuss how crucial model access would be for their work, and why their work is important.
Potentially, outsiders could sign an open letter, probably with prestigious academicsand the top outsider orgs. (This seems a little overblown at this stage.)
We probably want to frame this as a checks-and-balances issue, rather than a productivity issue. Why? Because it's probably politically feasible for labs to claim that it's not worth uplifting outsiders, given the security risks. Or labs might give access to stooges who won't challenge them, or chumps who will be incompetent at challenging them even if they try. However, if our framing is “checks-and-balances” then the public/policymakers will defer less to labs about model access decisions.
We could creatively interpret commitments that labs have already made as requiring model access parity, e.g. "You've already agreed to third-party evaluations. These evaluations are ineffective, because we don't have enough time. But we could do our job effectively if we had more uplift." See Appendix 3.4-5 of the EU AI Act Code of Practice.[3]
Pros:
USG is powerful enough to force labs to do things strongly against their interest. (And for UK and EU, weakly against their interest).
Governments might be a blocker on model access parity, not the labs. See the recent Mythos saga. Hence, it might be important to reverse the government’s position.
The “checks-and-balances” argument is probably more accurate than the “let us help the labs” argument. That is, I think outsiders will have highest leverage for activities which are weakly against the lab's interests, where direct advocacy might not be enough.
I don't think it will be difficult to explain to policymakers that model access parity would make outsider orgs 50x more effecient. Since Mythos, I think they understand that AI can make certain activities much more efficient.
Cons:
If labs don’t want to provide access, then I think they could have reasonable-sounding counterarguments, which would be difficult to disprove from the outside (e.g. “misuse risks are too high”)
Project Glasswing was legible to policymakers, because they could understand why cyberdefence is important. But some of the outsider efforts are less legible, e.g. speculative futurism, automated philosophy, etc.
Outsiders might be doing stuff which the government doesn't like, e.g. slowing down labs (if the political mood is that this is bad), or stopping power concentration.
(3) Push labs to have a model access policy
Idea. We could push labs to have an internal policy on outsider access. The hope is to have some transparency about how these decisions are actually made. They are free to revise the policy at any time, but not silently.
Overall judgement. I like this. If we want to ensure model access parity, then this would help us track our progress — we can see how much our interventions seem to improve the policy. My main worry is that this forces the lab to choose a policy they can defend, which might be worse than the policy they would actually want to follow, because the policy is forced seem impartial/unbiased.
Concrete steps:
Talk to lab employees about how model access decisions are actually made. Cross-refence this against what outsider orgs think. Check if there are disagreements and try to resolve them. Try to understand what the implicit policy is currently.
Ask sympathetic lab employees to push internally on making the policu explicit. This would probably need to be signed off by leadership, the security teams, and other groups.
Encourage labs to publish their policies.
Perhaps help labs coordinate on multilaterally expanding the policies, e.g. each frontier lab commits to providing METR with the best internal models to help them audit their competitors' models. This might be a coordination problem, i.e. the labs would do this multilaterally but not unilaterally.
Pros:
Transparency around model access policies might lead to a race-to-the-top. Potential hires would be more excited about working at the lab which was seen as supporting outsider orgs.
This makes the status quo legible and makes regression visible.
This is an easier request than a specific policy.
Once the policy exists, it might become sticky internally. When new models come out, labs will follow the policy by default, rather than renegotiating with every outsider org. So it might be possible for external AI safety researchers to get and keep their access.
To the extent that we can rely on these policies, it helps the outsiders track whether the model access gap will grow or shrink.
It helps focus our advocacy efforts. We can say "Please change this line in the document to this other line”. Without a policy, we don’t know what we actually want them to change.
Cons:
The labs might choose a bad policy and anchor on that.
It’s probably not in the labs interest to tie their hands, and we don’t have much leverage to get labs to tie their hands.
The policy we actually want is something like “orgs trying to make the future go well” — but this isn’t an objective, easily-adjudicated policy, which can easily be defended to the public.
(4) Dedicated org for model access parity
Idea. We could start an org decidated to model access parity. It would do whatever was necessary to ensure model access parity, including:
Negotiating with labs on behalf of third-party researchers.
Knowing the policies of each labs, and who to talk to in each lab.
Helping outsider orgs alleviate bottlenecks on model access — e.g. if the bottleneck is security, then the DRI org might hire a security consultancy for their client.
They might work with regulators, or the people advocating to policymakers.
Generally digging through any schlep to make model access happen
Overall judgement. I think this is pretty good, but might be overkill at this stage. I can see an org like this becoming a top priority. If Generator starts pumping out generalists, then this seems like a good option for them.
Concrete steps:
Find a skilled generalist, pair them with funding.
They would talk to outsider orgs who need model access, and see how much interest there would be in an org which helped them. If there is enough interest, then they would start an org and begin some of the activities.
I imagine they would mostly be muddling through myopically, trying to ensure that their client orgs have the model access that they say they need.
Pros:
A dedicated organisation would change the conversation from "labs vs. many loosely-coordinated organisations" to "labs vs. one professional negotiator."
Their would be to amortise expertise and experience across the core outsiders, reducing redundancy.
They would build connections with the labs and streamline the process.
Small orgs or independent researchers would know to contact them.
Cons:
Maybe the staff at the outsider orgs should do the negotiations themselves, because they have the social and professional connections with the lab employees.
To do this well, the dedicated org would need to be staffed with people with high opportunity cost.
(5) Draft a model access policy
Idea. An AI governance researcher would draft a model access policy. Labs could then adopt this, or we could push governments to enforce this.
Overall judgement. This is probably worthwhile for an AI governance researcher who felt motivated to do this. But it’s plausible that a bad version of this would be counterproductive.
Concrete steps:
The researcher would talk with outsiders to find what polices would be most attractive for them. And talk to lab insiders about which policies they would tolerate.
They would then choose some compromise between the labs and the outsiders, based on the political will.
We could then push this policy on the labs, using direct advocacy, or lobbying the government, or using other leverage.
Pros:
I think it would encourage labs to adopt their own model access policy, because they have a template from which to start with. Lab employees can ask themselves "What changes to this policy would we need before we would agree?"
If we have a good policy, this might anchor the discussion.
This seems like a well-scoped project, which won't take much FTE.
Cons:
We might sell ourselves short, e.g. write a policy which is weaker than what the labs would've given us.
(6) Pre-empt potential bottlenecks
Idea. Outsider orgs should think about why the labs (or regulators) might hesitate to provide the model access, and address those bottlenecks preemptively. This probably involves improving security. It might involve other things, as those bottlenecks become apparent.
Overall judgement. This doesn’t look attractive to me, because the bottlenecks will be so sensitive to the strategic landscape. My best guess is that we should resolve bottlenecks as they arise. If there are low-hanging fruits, then sure.
Concrete steps:
Talk to lab employees about what they expect the bottlenecks to be.
The current bottleneck is probably be security — so maybe hire a security consultancy, or get a certification, or pass the lab's security audit.
Maybe you should try to gain access to artefacts which aren't publicly available (e.g. hidden CoT traces, finetuning access). That will show you what the currrent bottlenecks are, and the future bottlenecks might be pretty similiar.
Pros:
When I spoke to senior lab employees about model access parity, this was the intervention they thought was best.
It's somewhat predicatable that security will be a bottleneck.
If resolving the bottlenecks requires a long lead-time, then you haven't got much choice other than pre-emption.
Cons:
It’s not clear what kinds of security the labs care about.
This will probably be costly, and impose friction on the outsider orgs.
Labs aren’t asking for this loudly. They haven't said "At some point, we will only deploy our models to organisations who have done bla."
Many outsiders already have good security, because they handle the pre-deployed models (e.g. METR, UK AISI, etc). But to my knowledge they can't use the best internal models to accelerate their research.
We might not see a significant model access gap for 6 months, and best security practices in 6 months might look different (because of AI progress in both offence and defence).
I'm hopeful that outsider orgs can muddle through if this becomes an issue, especially if the labs explicitly tell outsiders how to overcome the bottlenecks, e.g. the labs help the outsiders pass the security audit.
(7) Buy compute
Idea. If outsiders have compute, then they can use this as a chip when they negotiate for model access. We can say to labs "You can rent our $1B neocloud, but only if you provide your best internal models to us".
Overall judgement. I think this is the stickiest intervention. But it's already being looked into by the relevant people.
Concrete steps:
Buy a datacentre. It might be important to physically own the GPUs and hire your own physical security. (I'm somewhat worried about compute contracts, because they might be renegged.)
Pros.
It seems robustly good if we have stuff we can trade with the labs — not just for model access parity, but for other things we want the labs to do.
The compute would be useful for other things, e.g. running experiments, renting to make money, etc.
Cons.
It costs a lot of money.
It seems like a big operational endeavour.
The labs might be blocked by regulation from providing model access, in which case, having compute you can offer the labs isn’t useful.
(8) Pseudo-employees
Idea. This proposal comes from Ryan Greenblatt.
Pseudo-employees. Make a class of pseudo AI company employees who don't have equity and are pretty separate.
Overall judgement: I think this looks good. My guess is that lab security teams might have an issue with this, but not an insumountable one. I don't know what concrete steps we could take now to make this more likely.
Concrete steps:
Third-party risk assessors might push to join the labs as pseudo-employees, e.g. internal model access, corporate laptop, slack access, physical access, etc. The goal is to make this a position with some precedence within the labs.
Governments might place CAISI staff into the labs.
Pros:
I think it'd be good if there were more partial insiders, i.e. non-employees with many of the attributes of full employees.
From what I understand, there are precedents in the banking industry, where regulators are based full-time in the main office of the institution.
It would overcome many of the potential bottlenecks, e.g. security concerns.
Cons:
There's probably a low upper limit on how many pseudo-employees a lab could have, e.g. 5% of the workforce. Anthropic has ~5000 employees, so this would be only a hundred or so pseudo-employees.
You could probably be a pseudo-employee of at most one lab.
You would probably need to sign aggressive NDAs.
(9) Without artefacts
Idea. This is conceptually similar to the idea of “Buy compute”. However, instead of using compute to trade with the labs, we use artefacts — such as datasets, techniques, etc. Currently, outsiders give this to labs for free, because they would prefer the labs had access to those artefacts than not to have them, all-things-considered. But if the labs would also prefer to have those artefacts, then it seems fair to ask for something in return, e.g. model access.
Overall judgement. I think the weaker version of this idea (below) might be good. The extreme version seems pretty terrible.
Concrete steps:
Extreme version: Outsiders continue doing work that aligns with the lab's incentives (e.g. improve safety tech, building benchmarks, etc). But we don't give this to the labs. We keep it secret, so we can trade this with the labs during crunch time in return for model access.
Weak version: Outsiders collaborate with the labs on work that aligns with the lab's incentives (e.g. improve safety tech, building benchmarks, etc). But we push hard for model access for the entire org. The model access can be used not only for the projects the lab commissioned, but also for projects the lab didn't commission.
Pros.
It seems cheaper than buying a datacentre.
Cons.
This can easily backfire. If we overestimate how highly the labs value the artefacts, then we might end up demanding too much from them, so they don't "buy" the artefacts. This could be worse than offering the artefacts for "free".
It will be difficult to credibly demonstrate to the labs that the artefacts are useful, before they have seen them. Although if the outsider org has a great track record, this might be less worrying.
It requires coordination among the outsiders, to collectively "go on strike".
Mandate equal access. If any of your employees have access to a model, the public must also have access to that model via an API. (the idea here is to prevent secret intelligence explosions, and also to make it very obvious that an intelligence explosion is happening when it happens & have lots of info about the details of it, the model shenanigans, etc. public., and also preventing concentration of power in a single AI company.)
Overall judgement. My guess is that Kokotajlo's policy would be better than the status quo. But it seems much less achievable than ensuring model access for third-parties.
Concrete steps:
I'm not sure what the concrete steps would be. Probably you would need to start a movement around this.
You would then draft some policies on this, and try to get them passed.
Pros
This request would be backed by a very broad coalition.
It would have other benefits, e.g. waking up the public, avoiding power concentrations.
Cons:
I think that labs currently think of outsider orgs as in-group. But if the outsiders formed this coalition with the rest of the world for model access, then the outsiders would be seen as more out-group.
If there was a big movement for public access, then labs might be more worried about giving access to the outsiders, because this would be seen as a concession to this movementl. The lab would worry about slippery slope effects.
It's unclear whether public access would even be good, because it increases misuse risk.
I think the interventions for ensuring public acess looks pretty different than the interventions for the outsider access.
Workarounds if we lose model access parity
If there's a big model access gap, then outsiders should follow the best workaround. My overall judgement is that some of the workarounds are okay, but all of them impose pretty hefty costs.
Using worse models. Outsiders could keep working with publicly available models. This is fine if the value of outsider efforts has nearly saturated, such that things wouldn't go substantially better if outsiders had 20x uplift. I think this is pretty unlikely, so this is a bad workaround.
Prioritise low-uplift work. Suppose insider model access provides a big uplift on theoretical and empirical work, and a small uplift on conceptual work. Then the outsiders should prioritise the conceptual work, and let safety-minded insiders focus on theoretical and empirical work. This probably isn't great, because (i) I expect that outsiders will need to do a bunch of theoretical/empirical work with high uplift, and (ii) I think even conceptual work will start seeing substantial uplift within 18 months.
Field-building. We could grow the outsider headcount to compensate for the uplift gap. I think this isn't a great intervention, because so much effort is currently allocated to field-building, so I don't expect marginal effort to be effective. If the uplift gap is 5x, then we can't easily 5x the field.
Lab exodus. Maybe insiders should quit to help the outsiders. This would be justified if the internal uplift was so high that the insider tasks reached their saturation point, such that the marginal value of insider labour was lower than the marginal value of outsider labour (even though insiders enjoy massive uplift). I think this is a theoretical possibility, but the actual production function won't look like this. In particular: I expect insider tasks will be far from the saturation point, even with 100x uplift.
Joining the labs. This is the inverse of exodus: maybe outsiders should join the labs to gain the internal model access, and try to do their work as employees. My guess is this is the best workaround, but it's pretty sad:
Some people won't join the labs, even if they should. This is due to personal convictions, commitment to neutrality, and various logistical constraints. You should treat these people joining the labs as exogenous, rather than endogenising it to model access gap.
Joining a lab has costs: neutrality, freedom of expression, epistemic integrity, incentives, etc. I would prefer if we didn't have to swallow these costs in order to gain model access.
My uncertainty has two components: (1) When are outsiders highest leverage? If this is early crunch time, then we expect a smaller uplift gap; if late crunch time, then a larger gap. (2) What activities are outsiders doing? If this is activities with low uplift (e.g. lobbying) then we expect a smaller uplift gap; if high uplift activities (e.g. auditing models), then a larger gap.
"Teams must be provided with: 1. Sufficient access to the model, including internal components (e.g. logits, activations) and unmitigated versions where appropriate, 2. Model information, including specifications and training data, 3. Time (e.g. at least 20 business days for most tasks), and 4. Resources, including compute, engineering support, and staffing."
I think it's very reasonable to interpret (4) as requiring labs to provide model access to independent external model evaluators — not just so they can study the model, but so they can use the model.
However, if an AI company provides access to their best internal models to Nvidia, in order to accelerate chip design, then I’ll count that as insiders.
By small, I mean that the uplift gap is smaller than 1.2x. That is, the outsiders would prefer to operate at 20% greater serial speed, compared with switching from their current model access to the insider model access. I’m open to revising this operationalisation.
Summary
I'm increasingly convinced that model access parity is a big deal and we are not on track to achieve it. By model access parity, I mean a small gap between (i) the model access for lab employees and (ii) the model access for external safety researchers, third-party auditors, and other actors trying to make the future go well). See here for an introduction.
The basic case is this: (1) Regardless of the strategic landscape, outsiders are well-suited to many crucial activities. (2) Outsiders will be positioned to spend billions of dollars towards making things go well.[1] (3) AI labour seems like the most promising route for spending money to tackle these activities. However, during the months where outsider activities are highest leverage, the best internal models might provide 2-60x more uplift than the best publicly-available models.[2] So without model access parity, this AI labour might be massively less effective.
In this post, I attempt to sketch some interventions. But I don't think any of them are great, mostly because they don't seem sticky. I wouldn't be surprised if you can think of something much better.
My overall judgement
Outsider orgs should try to directly advocate for model access parity to lab employees — both in the general case ("Here's why model access parity for outsiders is good") and their specific case ("Here's why our org in particular needs model access"). Concurrently, we should try to make the case to policymakers and the public — I think, since Mythos, it will be much easier to argue that labs should be compelled to provide the best internal models for certain applications (e.g. "it's like Project Glasswing but for bla"). This combination of advocacy seems pretty reasonable — the first type of advocacy seems suited to orgs which are helping the labs, and the second for orgs which are trying to constrain the labs.
Moreover, I think lab employees should push for a more consistent internal policy around access for outsiders. My understanding is that currently, if an insider wants to give special access to outsiders, this requires a bespoke negotiation with the labs. My guess is that, once crunch time hits, these negotiations will be prohibitive — a lag of a few months might matter a lot.
Another class of interventions is pre-empting potential bottlenecks, e.g. outsider orgs improving their security because they expect this to be the bottleneck on achieving model access. I think this will be pretty tricky, because it's hard to predict what the bottlenecks will be. For example: better security probably wouldn't have helped your org gain Mythos access — either during Project Glasswing, or later during the export controls. I think it will be so easy to expend huge amounts of effort trying to alleviate a potential bottleneck, and being completely off-target once the strategic landscape changes. Maybe this is a skill-issue on my part, and other people are better at prediction.
List of interventions
Below, I'll go into detail about specific interventions. I've ordered them from most promising to least promising, but I'm not confident in that ranking.
(1) Advocacy to lab employees
Idea. People in the outsider orgs should talk directly to lab employees, and explain the arguments for model access parity which are most legible/persuasive to them. They could try to get commitments from the labs, but I don’t expect these to be binding, so outsiders should mostly focus on getting insiders to actually believe the arguments.
Overall judgement. This looks pretty good, but it's difficult to centralise or to front-load. I do think that, on the margin, people should be writing short memos of the form "Why labs should endorse our work?"
Concrete steps:
Pros:
Cons:
(2) Advocacy to policymakers and the public
Idea. Outsiders could make public requests for model access parity. The hope is that someone would be persuaded to help make this happen, e.g. policymakers, public, etc.
Overall judgement. I think this should probably happen concurrently with advocacy to lab employees. It seems somewhat stickier than relying on the lab's goodwill. My main worry is probably that the work of outsiders might not be legible to the groups with leverage over the labs.
Concrete steps:
Pros:
Cons:
(3) Push labs to have a model access policy
Idea. We could push labs to have an internal policy on outsider access. The hope is to have some transparency about how these decisions are actually made. They are free to revise the policy at any time, but not silently.
Overall judgement. I like this. If we want to ensure model access parity, then this would help us track our progress — we can see how much our interventions seem to improve the policy. My main worry is that this forces the lab to choose a policy they can defend, which might be worse than the policy they would actually want to follow, because the policy is forced seem impartial/unbiased.
Concrete steps:
Pros:
Cons:
(4) Dedicated org for model access parity
Idea. We could start an org decidated to model access parity. It would do whatever was necessary to ensure model access parity, including:
Overall judgement. I think this is pretty good, but might be overkill at this stage. I can see an org like this becoming a top priority. If Generator starts pumping out generalists, then this seems like a good option for them.
Concrete steps:
Pros:
Cons:
(5) Draft a model access policy
Idea. An AI governance researcher would draft a model access policy. Labs could then adopt this, or we could push governments to enforce this.
Overall judgement. This is probably worthwhile for an AI governance researcher who felt motivated to do this. But it’s plausible that a bad version of this would be counterproductive.
Concrete steps:
Pros:
Cons:
(6) Pre-empt potential bottlenecks
Idea. Outsider orgs should think about why the labs (or regulators) might hesitate to provide the model access, and address those bottlenecks preemptively. This probably involves improving security. It might involve other things, as those bottlenecks become apparent.
Overall judgement. This doesn’t look attractive to me, because the bottlenecks will be so sensitive to the strategic landscape. My best guess is that we should resolve bottlenecks as they arise. If there are low-hanging fruits, then sure.
Concrete steps:
Pros:
Cons:
(7) Buy compute
Idea. If outsiders have compute, then they can use this as a chip when they negotiate for model access. We can say to labs "You can rent our $1B neocloud, but only if you provide your best internal models to us".
Overall judgement. I think this is the stickiest intervention. But it's already being looked into by the relevant people.
Concrete steps:
Pros.
Cons.
(8) Pseudo-employees
Idea. This proposal comes from Ryan Greenblatt.
Pseudo-employees. Make a class of pseudo AI company employees who don't have equity and are pretty separate.
Overall judgement: I think this looks good. My guess is that lab security teams might have an issue with this, but not an insumountable one. I don't know what concrete steps we could take now to make this more likely.
Concrete steps:
Pros:
Cons:
(9) Without artefacts
Idea. This is conceptually similar to the idea of “Buy compute”. However, instead of using compute to trade with the labs, we use artefacts — such as datasets, techniques, etc. Currently, outsiders give this to labs for free, because they would prefer the labs had access to those artefacts than not to have them, all-things-considered. But if the labs would also prefer to have those artefacts, then it seems fair to ask for something in return, e.g. model access.
Overall judgement. I think the weaker version of this idea (below) might be good. The extreme version seems pretty terrible.
Concrete steps:
Pros.
Cons.
(10) Push for public access
Idea. This proposal comes from Daniel Kokotajlo:
Mandate equal access. If any of your employees have access to a model, the public must also have access to that model via an API. (the idea here is to prevent secret intelligence explosions, and also to make it very obvious that an intelligence explosion is happening when it happens & have lots of info about the details of it, the model shenanigans, etc. public., and also preventing concentration of power in a single AI company.)
Overall judgement. My guess is that Kokotajlo's policy would be better than the status quo. But it seems much less achievable than ensuring model access for third-parties.
Concrete steps:
Pros
Cons:
Workarounds if we lose model access parity
If there's a big model access gap, then outsiders should follow the best workaround. My overall judgement is that some of the workarounds are okay, but all of them impose pretty hefty costs.
See The third wave of American philanthropy (Nan Ransohoff, May 19th 2026).
My uncertainty has two components: (1) When are outsiders highest leverage? If this is early crunch time, then we expect a smaller uplift gap; if late crunch time, then a larger gap. (2) What activities are outsiders doing? If this is activities with low uplift (e.g. lobbying) then we expect a smaller uplift gap; if high uplift activities (e.g. auditing models), then a larger gap.
"Teams must be provided with:
1. Sufficient access to the model, including internal components (e.g. logits, activations) and unmitigated versions where appropriate,
2. Model information, including specifications and training data,
3. Time (e.g. at least 20 business days for most tasks), and
4. Resources, including compute, engineering support, and staffing."
I think it's very reasonable to interpret (4) as requiring labs to provide model access to independent external model evaluators — not just so they can study the model, but so they can use the model.
However, if an AI company provides access to their best internal models to Nvidia, in order to accelerate chip design, then I’ll count that as insiders.
By small, I mean that the uplift gap is smaller than 1.2x. That is, the outsiders would prefer to operate at 20% greater serial speed, compared with switching from their current model access to the insider model access. I’m open to revising this operationalisation.
Labs need those GPU slots for:
1. Internal AI labour
2. Compute for internal experiments
3. Training the next model
4. Very high-compensation labour (e.g. CEOs, lawyers, etc)
5. Gov/military applications, which might be mandated