BackAI ecosystem monitoring

This page is still being polished. If you have thoughts, please share them via the feedback form.

Data on this page is preliminary and may change. Please do not share or cite these figures publicly.

AI ecosystem monitoring

Bengio (2025)|LLM classified

Mitigation Taxonomy

3Ecosystem

3.2Shared Infrastructure

Shared benchmarks, datasets, standards, and resources that produce adoptable artifacts. These are public goods that reduce transaction costs for any organization that adopts them, without requiring coordination or enforcement.

Also in Ecosystem

3.1 Legal & Regulatory3.3 Voluntary & Cooperative

Definitionp. 30

Just as system monitoring techniques help AI developers oversee their systems, techniques for monitoring the broader AI ecosystem help stakeholders in society oversee the field of AI. Methods for ecosystem monitoring support the identification and tracking of AI systems and data. In turn, this can facilitate accountability infrastructure, support greater public understanding, and enable more informed governance.

LLM Classification Details

Reasoning

Ecosystem monitoring tracks AI systems across organizations to enable accountability and governance coordination among multiple stakeholders.

Code: 3.3.1Version: v0.6Classified: Jan 27, 2026

Part of

Control: Monitoring & Intervention

In engineering, “control” usually refers to the process of managing a system’s behaviour to achieve a desired outcome, even when faced with disturbances or uncertainties, and often in a feedback loop. The research areas in this category involve: A. Developing monitoring and intervention mechanisms for AI systems – This includes adapting conventional methods for monitoring (e.g. hardware -enabled mechanisms, user monitoring) and intervention (e.g. off-switches, override protocols), as well as designing new techniques for controlling very powerful AI systems that may actively undermine attempts to control them (e.g. scalable oversight, containment). B. Extending monitoring mechanisms to the broader AI ecosystem to which the AI system belongs – This entails methods to support the identification and tracking of AI systems and data (e.g. logging infrastructure, data provenance, model provenance). In turn, this can facilitate accountability infrastructure and enable more informed governance. C. Societal resilience research to strengthen societal infrastructure against AI-enabled disruption and misuse – This section studies how institutions and norms (e.g. economic, security) can adapt as future AI systems come to act as autonomous entities, as well as incident response mechanisms to enable clear and rapid coordination among relevant actors to detect, respond to, and recover from accidents or misuse of advanced AI systems.

Sub-mitigations (7)

Tracing usage patterns

One key, high-level lens into how AI systems impact the world is through usage monitoring (e.g. Anthropic-A). By collecting and monitoring data on how users access, download, and/or interact with frontier systems, AI service providers can gather insights about potential impacts and risks. However, key challenges with tracking usage include privacy preservation, infrastructure for sharing insights, and effective tools for identifying potential risks.

2.3.3 Monitoring & Logging

Lifecycle:Operate and MonitorActor:DeployerAIRM:Measure

Data provenance

Various techniques can help to identify AI-generated content and are a principal defence against AI deepfakes and misinformation. Methods include developing reliable classifiers of AI-generated content, watermarking AI-generated data (images, video, audio, and text) (Cao), and tagging AI-generated data with metadata to indicate its origin. These techniques are inherently imperfect – they can be undone by tampering with data. However, in forensic science, similar techniques like fingerprinting are also circumventable but useful nonetheless. Further progress on these methods will involve both more reliable methods for data provenance and their integration into AI products and services.

1.2.5 Provenance & Watermarking

Lifecycle:Collect and Process DataActor:DeveloperAIRM:Manage

Model provenance

Tools for model provenance help to identify and track AI models – especially open-weight ones. Most notably, these tools help researchers study the origins and lifecycle of harmful models in the ecosystem. Methods for model provenance involve techniques to help users and AI providers ascertain the identity and origin of a model. This can include black-box methods, such as identification backdoors (Cheng), identifiable biases in text generation (Kirchenbauer), and white-box methods, such as model weight watermarks. Much like data provenance methods, model provenance methods can be circumvented, but they can be informative in many cases nonetheless. Research frontiers include studying how stable these techniques are under fine-tuning and other modifications to a model’s weights. Engineering efforts may also be needed to integrate these techniques into model development and platform infrastructure

1.2.5 Provenance & Watermarking

Lifecycle:Build and Use ModelActor:DeveloperAIRM:Map

Agent authentication

Some protocols can allow for the verification of AI agent identities while they are using web services. As AI systems become increasingly capable and agentic, methods to authenticate AI agents when they use web services are increasingly important from a security and monitoring standpoint. Key challenges toward effective agent authentication lie in the development and standardisation of protocols (e.g. South).

3.2.2 Technical Standards

Lifecycle:Operate and MonitorActor:Governance ActorAIRM:Manage

Compute and hardware tracking

Researching techniques and gathering intelligence to monitor the distribution of AI hardware, both legal and illegal, enables the assessment of risks of malicious and irresponsible use and the allocation of resources to promote beneficial use (Sastry).

3.3.1 Industry Coordination

Lifecycle:Other (stage not listed)Actor:Governance ActorAIRM:Map

Logging infrastructure

Monitoring and saving information about what AI systems are doing allows for informed scrutiny when harmful or unexpected events happen. As highly autonomous AI systems grow in their capability and influence, there will be a rise in harmful and unintended incidents from these systems’ actions. Having effective infrastructure to capture and save information about what these systems do will be key for improving awareness and accountability in the age of advanced AI agents (Chan). Logged incidents and the necessary infrastructure constitute another example of a potential area of mutual interest. Just as competing aircraft manufacturers voluntarily share data about aircraft accidents, companies or countries may find it in their interest to share and jointly collect information about serious AI incidents. Establishing shared incident reporting systems allows the field to collectively learn from serious failures and risks, ensuring safety and security to foster public trust in AI’s opportunities.

3.3.1 Industry Coordination

Lifecycle:Operate and MonitorActor:Governance ActorAIRM:Measure

Assessing risk-management frameworks

Technical tools for risk management are only effective inasmuch as they are meaningfully integrated into safety frameworks. Just as it is key to evaluate and monitor AI systems, it is also necessary to evaluate and monitor risk management protocols for their effectiveness and robustness to single points of failure (e.g. human error). Currently, researchers’ ability to assess risk management frameworks is limited by the degree of transparency into how AI developers manage risks. However, monitoring the successes and failures of safety frameworks is key for risk management over time (Alaga).It is also an area of mutual interest due to the value of sharing insights on best practices and potential failures of risk management frameworks. Frontiers for future work include refining assessment frameworks and developing reporting infrastructure.

2.2 Risk & Assurance

Lifecycle:Other (outside lifecycle)Actor:Governance ActorAIRM:Measure

Other mitigations from Bengio (2025) (76)

Risk Assessment

The primary goal of risk assessment is to understand the severity and likelihood of a potential harm. Risk assessments are used to prioritise risks and determine if they cross thresholds that demand specific action. Consequential development and deployment decisions are predicated on these assessments. The research areas in this category involve: A. Developing methods to measure the impact of AI systems for both current and future AI – This includes developing standardised assessments for risky behaviours of AI systems through audit techniques and benchmarks, evaluation and assessment of new capabilities, including potentially dangerous ones; and for real-world societal impact such as labour, misinformation and privacy through field tests and prospective risks analysis. B. Enhancing metrology to ensure that the measurements are precise and repeatable – This includes research in technical methods for quantitative risk assessment tailored to AI systems to reduce uncertainty and the need for large safety margins. This is an important open area of research. C. Building enablers for third-party audits to support independent validation of risk assessments – This includes developing secure infrastructure that enables thorough evaluation while protecting intellectual property, including preventing model theft.

2.2.1 Risk Assessment

Lifecycle:Plan and DesignActor:Governance ActorAIRM:Measure

Risk Assessment > Audit techniques and benchmarks

Techniques and benchmarks with which AI systems can be effectively and efficiently tested for harmful behaviours are highly varied and central to risk assessments (IAISR, Birhane-A).

3.2.1 Benchmarks & Evaluation

Lifecycle:Other (outside lifecycle)Actor:DeveloperAIRM:Measure

Risk Assessment > Downstream impact assessment and forecasting

Assessing and forecasting the many societal impacts of AI systems is one of the most central goals of risk assessments.

2.2.1 Risk Assessment

Lifecycle:Plan and DesignActor:Governance ActorAIRM:Map

Risk Assessment > Secure evaluation infrastructure

External auditors and oversight bodies need infrastructure and protocols that enable thorough evaluation while protecting sensitive intellectual property. Ideally, evaluation infrastructure should enable double-blindness: the evaluator’s inability to directly access the system’s parameters and developers’ inability to know what exact evaluations are run (Reuel, Bucknall-A, Casper-B). Meanwhile, the importance of mutual security will continue to grow as system capabilities and risks increase. Methods for developing secure infrastructure for auditing and oversight are known to be possible.

3.2.2 Technical Standards

Lifecycle:Verify and ValidateActor:Governance ActorAIRM:Measure

Risk Assessment > System safety assessment

Safety assessment is not just about individual AI systems, but also their interaction with the rest of the world. For example, when an AI company discovers concerning behaviour from their system, the resulting risks depend, in part, on having internal processes in place to escalate the issue to senior leadership and work to mitigate the risks. System safety considers both AI systems and the broader context that they are deployed in. The study of system safety focuses on the interactions between different technical components as well as processes and incentives in an organisation (IAISR, Hendrycks-B, AISES, Alaga).

2.2.1 Risk Assessment

Lifecycle:Other (multiple stages)Actor:DeployerAIRM:Measure

Risk Assessment > Metrology for AI risk assessment

Metrology, the science of measurement, has only recently been studied in the context of AI risk assessment (IAISR, Hobbhahn). Current approaches generally lack standardisation, repeatability, and precision.

3.2.1 Benchmarks & Evaluation

Lifecycle:Other (outside lifecycle)Actor:Other (multiple actors)AIRM:Measure

View all 76 mitigations from this source →

Source Document

The Singapore Consensus on Global AI Safety Research Priorities

Bengio, Yoshua; Maharaj, Tegan; Ong, C.-H. Luke; Russell, Stuart D.; Song, Dawn; Tegmark, Max; Lan, Xue; Zhang, Ya-Qin; Casper, Stephen; Lee, Wan Sie; Mindermann, Sören; Wilfred, Vanessa; Balachandran, Vidhisha; Barez, Fazl; Belinsky, Michael; Bello, Imane; Bourgon, Malo; Brakel, Mark; Campos, Siméon; Cass-Beggs, Duncan; Chen, Jiahao; Chowdhury, Rumman; Seah, Kuan Chua; Clune, Jeff; Dai, Jie; Delaborde, Agnes; Dziri, Nouha; Eiras, Francisco; Engels, Joshua; Fan, Jinyu; Gleave, Adam; Goodman, Noah D.; Heide, Fynn; Heidecke, Johannes; Hendrycks, Dan; Hodes, Cyrus; Hsiang, Bryan Low Kian; Huang, Minlie; Jawhar, Sami; Wang, Jingyu; Kalai, Adam Tauman; Kamphuis, Meindert; Kankanhalli, Mohan; Kantamneni, Subhash; Kirk, M.; Kwa, Thomas; Ladish, Jeffrey; Lam, Kwok-Yan; Lee, Wan Sie; Lee, Taewhi; Li, Xiaopeng; Liu, Jiajun; Lu, Ching-Cheng; Mai, Yifan; Mallah, Richard; Michael, Julian; Moës, Nick; Møller, Simon Geir; Nam, K. H.; Ng, TP; Nitzberg, Mark; Nushi, Besmira; Ó hÉigeartaigh, Seán; Ortega, Alejandro; Peigné, Pierre; Petrie, J. Howard; Prud'homme, Benjamin; Rabbany, Reihaneh; Sanchez-Pi, Nayat; Schwettmann, Sarah; Shlegeris, Buck; Siddiqui, Saad; Sinha, Ashish; Soto, Martín; Tan, Cheston; Dong, Ting; Tjhi, William; Trager, Robert; Tse, Brian; Tung, Anthony K. H.; Willes, John; Wong, David; Xu, Wei; Xu, Rong; Zeng, Yi; Zhang, Hao; Žikelić, Djordje (2025)

This is the ﬁrst International AI Safety Report. Following an interim publication in May 2024, a diverse group of 96 Artiﬁcial Intelligence (AI) experts contributed to this ﬁrst full report, including an international Expert Advisory Panel nominated by 30 countries, the Organisation for Economic Co-operation and Development (OECD), the European Union (EU), and the United Nations (UN). The report aims to provide scientiﬁc information that will support informed policymaking. It does not recommend speciﬁc policies…. This report summarises the scientiﬁc evidence on the safety of general-purpose AI. The purpose of this report is to help create a shared international understanding of risks from advanced AI and how they can be mitigated. To achieve this, this report focuses on general-purpose AI – or AI that can perform a wide variety of tasks – since this type of AI has advanced particularly rapidly in recent years and has been deployed widely by technology companies for a range of consumer and business purposes. The report synthesises the state of scientiﬁc understanding of general-purpose AI, with a focus on understanding and managing its risks. Amid rapid advancements, research on general-purpose AI is currently in a time of scientiﬁc discovery, and – in many cases – is not yet settled science. The report provides a snapshot of the current scientiﬁc understanding of general-purpose AI and its risks. This includes identifying areas of scientiﬁc consensus and areas where there are different views or gaps in the current scientiﬁc understanding. People around the world will only be able to fully enjoy the potential beneﬁts of general- purpose AI safely if its risks are appropriately managed. This report focuses on identifying those risks and evaluating technical methods for assessing and mitigating them, including ways that general-purpose AI itself can be used to mitigate risks.

View source DOI: 10.48550/arXiv.2506.20702

Classification

AI Lifecycle Stage

Other (outside lifecycle)

Outside the standard AI system lifecycle

Responsible Actor

Governance Actor

Regulator, standards body, or oversight entity shaping AI policy

Affected Stakeholder

NIST AI RMF Function

Map

Identifying and documenting AI risks, contexts, and impacts

Govern

Risk Domains

Primary

6.5 Governance failure