Global AI safety efforts focus too much on prevention

A new analysis states that current AI governance strategies focus heavily on preventing harm while giving far less attention to how organizations coordinate responses when those safeguards break down. The study suggests that the real weakness in the global safety architecture lies not in prevention itself but in the lack of coordinated crisis-response mechanisms across institutions.

The study, The Coordination Gap in Frontier AI Safety Policies, was presented at the Second Conference of the International Association for Safe and Ethical Artificial Intelligence and released as an arXiv preprint. It examines how existing governance approaches emphasize capability evaluations, deployment restrictions, and internal safety triggers but remain poorly equipped to coordinate responses across governments, developers, infrastructure operators, and civil society when AI-related failures occur.

According to the author, policies implemented by major AI developers focus on technical evaluations, scaling thresholds, usage constraints, and compliance frameworks designed to halt deployment if systems cross defined capability or risk levels. While these mechanisms represent significant progress in responsible development, the paper contends that they operate primarily within individual organizations rather than across the broader ecosystem where real-world risks may unfold.

This gap becomes especially concerning as AI systems grow more powerful and widely deployed. Even extremely reliable safety measures cannot guarantee perfect containment in complex socio-technical systems. Failures, near misses, or unexpected interactions between systems are therefore likely to occur at some point. When they do, the effectiveness of governance will depend not only on preventative controls but also on the ability of institutions to coordinate rapidly and adaptively.

The paper describes this weakness as a structural coordination gap. Investments in systemic resilience and preparedness produce benefits that are shared broadly across society, while the costs of those investments are often borne by individual organizations that must slow development, allocate resources to contingency planning, or accept reduced operational flexibility. As a result, many actors underinvest in coordination capacity, creating a collective action problem that leaves the overall system vulnerable.

Frontier AI safety policies prioritize prevention over coordinated response

According to the research, most existing Frontier AI Safety Policies are built around preventative control mechanisms. Major AI labs have developed evaluation pipelines, deployment gates, monitoring systems, and internal escalation protocols designed to stop or slow development if safety thresholds are crossed. These frameworks often include decision committees, risk classification levels, and documentation requirements tied to model capabilities.

While such mechanisms represent an important layer of defense, they are typically designed for decision-making inside a single organization. In a crisis scenario involving multiple actors, the institutions responsible for responding to an incident may lack visibility into each other's reasoning processes, triggers for action, or operational plans. This absence of shared coordination frameworks can slow response times and create uncertainty about how different stakeholders will react to emerging threats.

The paper highlights the challenges posed by cross-domain risks associated with advanced AI systems. These include cybersecurity disruptions that could affect biological research environments, large-scale criminal misuse of autonomous AI agents, the partial exfiltration of powerful models, and psychological or societal harms emerging through widespread interaction with generative systems. Such scenarios may not fall neatly into existing regulatory categories, making coordinated response mechanisms even more critical.

In these cases, the absence of coordination capacity can leave institutions improvising in the middle of a crisis. Key conversations between governments, technology companies, and infrastructure operators may take place for the first time precisely when time pressure is greatest and uncertainty is highest. The study argues that governance systems should instead create structures that allow actors to understand each other's likely responses before crises unfold.

Another factor complicating coordination is uncertainty about risk thresholds. When organizations hold different beliefs about the level of danger posed by a particular system or event, they may hesitate to commit to costly safety measures unless they believe others will do the same. This dynamic can produce systemic underinvestment in preparedness even when most actors recognize the importance of cooperation.

The research suggests that focusing solely on evaluating model capabilities cannot solve this problem. Even highly sophisticated technical assessments may fail to capture real-world risk dynamics once systems are deployed at scale or interact with unpredictable human environments. Effective governance therefore requires mechanisms that extend beyond evaluation to include coordinated mitigation and response strategies.

Lessons from nuclear safety, pandemics, and cybersecurity

To identify possible solutions, the paper examines governance practices in other high-risk fields where complex technological systems interact with social and institutional structures. Nuclear safety, pandemic preparedness, and cybersecurity are highlighted as particularly relevant examples because they also involve catastrophic tail risks and require coordination across many independent organizations.

In these domains, safety regimes evolved to include what the paper describes as coordination primitives. These mechanisms include early-warning systems, predefined response procedures, information-sharing networks, and institutions responsible for convening relevant actors during emergencies. Rather than relying solely on prevention, these systems emphasize resilience and the capacity to respond collectively when failures occur.

For instance, global health governance relies on international reporting frameworks that require countries to escalate signals of emerging outbreaks. Cybersecurity governance uses sector-level coordination bodies that bring together infrastructure operators and government agencies to share information and align responses. Nuclear safety frameworks employ standardized incident classification systems that allow actors across countries and organizations to interpret events quickly and consistently.

The key lesson from these regimes is that coordination capacity is treated as a central objective rather than an afterthought. Responsibilities for information exchange, escalation, and joint decision-making are defined in advance so that organizations do not need to negotiate procedures during crises.

Frontier AI governance faces additional challenges that make coordination even more difficult. Artificial intelligence systems are general-purpose technologies with applications across many sectors, from healthcare and finance to scientific research and national security. Their potential failure modes may therefore cross multiple regulatory and institutional boundaries simultaneously.

Moreover, many AI risks do not have clear categorical definitions. Cyber incidents, misinformation campaigns, economic disruptions, or psychological harms may unfold gradually or interact with each other in unpredictable ways. This ambiguity complicates efforts to design standardized response frameworks and increases the need for flexible coordination mechanisms that can adapt to emerging threats.

Another difference is that earlier governance regimes often developed after major crises created political momentum for reform. Nuclear accidents, disease outbreaks, and infrastructure failures provided the lessons that shaped modern safety institutions. The study argues that waiting for similar "focusing events" in the AI domain could prove far more costly because the scale and speed of AI systems may leave little room for learning through repeated failure.

Scenario Response Registry proposed to strengthen AI crisis preparedness

The study proposes a new governance mechanism called a Scenario Response Registry. The concept is designed to make coordination capacity visible and testable before crises occur by requiring relevant actors to disclose how they would respond to specific risk scenarios.

Under this framework, a public authority would maintain a registry containing a library of potential AI risk scenarios spanning technical, economic, security, and cross-domain threats. Stakeholders such as AI developers, cloud infrastructure providers, government agencies, and operators of critical systems would submit standardized response plans describing the conditions that would trigger action and the measures they would take.

These filings would include predefined thresholds, operational responses, and resource commitments. By making these plans transparent to relevant participants, the system would allow policymakers and organizations to identify gaps, overlaps, or inconsistencies in preparedness strategies before emergencies arise.

The registry would also function as a platform for testing governance frameworks under simulated crisis conditions. Through tabletop exercises and scenario analysis, institutions could stress-test response strategies, refine decision thresholds, and build shared understanding about how different actors would coordinate during high-pressure events.

To encourage participation and ensure credible commitments, the study suggests linking the quality of response plans to tangible incentives. Organizations that submit robust plans could receive regulatory flexibility, preferential access to government resources such as computing infrastructure, or eligibility for public procurement contracts. Conversely, mechanisms such as financial bonds or insurance instruments could create consequences for failing to act when predefined triggers are reached.

An independent technical panel would oversee the development of the scenario library and auditing framework, helping ensure that the system remains technically credible and resistant to regulatory capture. Over time, feedback from exercises and real-world incidents could be used to update scenarios and refine coordination mechanisms.

The paper acknowledges that such a system would face practical challenges. Scenario libraries could become too narrow to capture emerging risks or too broad to support meaningful preparation. Organizations might submit response plans that they lack the capacity or willingness to execute, leading to performative compliance rather than genuine preparedness.

To address these risks, the study recommends iterative development with regular review processes rather than a fixed institutional design. Even partial coordination mechanisms, it argues, can improve systemic resilience by reducing uncertainty about how actors will behave during crises.

Overall, AI governance should shift from a model focused almost exclusively on prevention toward one that balances prevention with preparedness and coordinated response. Frontier AI safety policies have become increasingly sophisticated in their internal decision frameworks, but without cross-actor coordination mechanisms they may remain fragile when confronted with real-world shocks.