International AI Safety Report: A Conversation with Shalaleh Rismani of Mila - Quebec AI Institute Institute

By Audrey Hingle in conversation with Shalaleh Rismani

The International AI Safety Report brings together research from experts around the world to provide a shared evidence base on the capabilities and risks of advanced AI systems. IX’s Mallory Knodel saw the main report presented at the United Nations General Assembly earlier this year, where it was introduced as part of an effort to inform global cooperation on AI governance.

To better understand the thinking behind the report and its recent update, I spoke with Shalaleh Rismani of Mila - Quebec AI Institute, one of the authors of the recent First Key Update. The update focuses on rapid advances in AI reasoning capabilities and examines how those developments intersect with emerging risks, including cybersecurity, biological threats, and impacts on labor markets. You can read both the report and the update at internationalaisafetyreport.org

Why this report, and why now? What gap did the team hope to fill in the global AI safety conversation?

This is the second year the safety report has been produced as a collaborative project. The main report’s scope was set early by the lead writers and panelists, with input from experts around the world. The goal was to synthesize evidence on the most advanced AI systems, including technologies already being rolled out and others still in development, in a way that would be useful for policymakers.

As the field evolved, the team realized that one annual report was not enough to keep up with the pace of change. This year, the leadership decided to produce two interim updates in addition to the main report. The first, released in October, focused heavily on capabilities, particularly what researchers refer to as “reasoning capabilities.” These include systems that can generate multiple possible answers or ask clarifying questions before responding. The second update, coming at the end of November, will continue tracking those advances, while the next full report will be published in February.

The report cites thousands of studies. How did the team ensure that this huge body of research remains usable for policymakers and practitioners?

The main goal is to bring in as much evidence from the academic literature as possible and make it accessible to policymakers and the public. Each section is led by researchers embedded in the literature, and multiple rounds of revisions happen with expert reviewers.

Every citation goes through a vetting process to confirm that it comes from credible academic sources. Because AI research moves so fast, much of the work is pre-published, which makes it harder to assess. Still, the idea is to present the full range of research and show both where strong evidence exists and where gaps remain.

Publishing is one thing, but ensuring impact is another. How does the team think about getting the report in front of key audiences?

The dissemination strategy is a collaborative effort between the Chair, the writing team and the secretariat. The team participates in many briefings with governments and policymakers around the world. For example, we engaged directly with policymakers on the findings of the first key update, including from the EU, India, UK, Canada, Singapore, UAE, Australia, Japan, Kenya and others. Because panelists, senior advisers, and reviewers come from different countries, there is already strong buy-in. Civil society, academia, and major technology companies are also involved in the process, which helps expand the report’s reach.

How did the team integrate human rights considerations into what is otherwise a very technical safety framework?

Human rights are not presented as a standalone section, but they are integrated throughout the report. One way is by identifying where evidence exists and where it does not, which highlights gaps relevant to fairness, privacy, and equity. Many evaluations measure performance on benchmarks but not real-world outcomes. Pointing out those gaps helps guide future human rights work by showing where contextual studies are needed.

Some of the risks discussed in this update also touch directly on human rights. For example, the growing adoption of AI companionship technologies raises concerns about loneliness and emotional well-being. The report also notes early evidence of labor market impacts, particularly in software engineering, although broader economic effects are still unclear.

The report came out of a large international process. What did that collaboration reveal about where consensus exists and where it still breaks down when it comes to defining and governing AI safety?

There is broad agreement that AI systems are improving on certain benchmarks, but less consensus on whether those benchmarks accurately measure complex abilities like reasoning. Some experts question whether the current evaluation frameworks are valid for assessing reasoning at all.

There is also consensus that potential risks should be monitored proactively rather than ignored, though there is debate about which risks are most pressing. Monitoring and controllability risks, for instance, are still contested. Some lab studies suggest models underperform when they know they are being evaluated, while others do not show this effect. In contrast, there is stronger agreement around risks such as AI companionship, labor market disruption, and cyber offense and defense.

The report brings together such a wide range of evidence and perspectives. How do you think about assessing risk and avoiding overhyping progress?

The report does not use a specific framework to assess risk. There are frameworks being proposed for evaluating AI systems, and we report on developments in those frameworks rather than applying one ourselves.

We also recognize the risk of overhyping AI progress, especially right now. To address this, we try to look for real-world evidence of both improvements and shortcomings. The review processes and involvement of stakeholders are other ways this can be managed and help keep the report balanced.

If you had to highlight one or two takeaways that you hope will shape AI policy or practice in 2026, what would they be?

There is a significant gap in evaluating real-world impacts. Policymakers need a clearer understanding of how AI systems affect work, research, and society, not just benchmark scores. Creating infrastructure to support independent evaluations and audits will be key, whether through third-party organizations or public feedback mechanisms.

The second update, coming later this year, will focus on risk management practices and the solutions being proposed to address them. The goal is to show that progress is happening while recognizing that there is still much more work to do.

IX at MozFest

We’re back from our recent session at MozFest and buzzing with excitement from all of the ideas and connections we made. The room was packed for our session, Encryption and Feminism: Reimagining Child Safety Without Surveillance, and the conversation went far beyond the usual encryption talking points. Participants pushed into the real tensions between safety and care, shared lived experiences of how surveillance harms survivors and marginalised communities, and offered concrete ideas for what genuinely feminist approaches to child safety could look like.

We’re now working through the feedback forms and pulling those insights into a draft set of feminist principles for encryption. We’re also exploring an online rerun so more people can join the discussion and contribute, since not everyone interested could make it to MozFest and many at MozFest who wanted to attend couldn’t fit everyone into the room. So stay tuned!

From the Group Chat 👥 💬

This week in our Signal community, we got talking about:

IX contributor Heather Burns blew up Hacker News and even got a shout-out in the Financial Times for her viral blog post “Time to start de-Appling,” which warns UK users to migrate their data off iCloud after Apple announced it will disable Advanced Data Protection under the Investigatory Powers Act. Heather argues the move exposes how post-Brexit tech policy is eroding privacy rights. The post comes hot on the heels of our MozFest session on encryption and feminism, where we explored similar themes: governments invoke “child safety” to justify weakening encryption, sometimes at the expense of the very people it protects.

This Week's Links

Open Social Web

• Protocols for Publishers is now an independent project! Check out the newsletter and let them hear your preferences for their next event in Europe. https://protocolsforpublishers.com/pfp-europe2026-interest 

Internet Governance

• Internet governance expert Alice Munyua has warned that ICANN’s involvement in a new continental framework risks creating a “double standard” in Africa, where government-led models could undermine long-standing community-driven governance principles. https://circleid.com/posts/governance-or-capture-africas-internet-rules-face-a-double-standard-expert-warns 
• The Authoritarian Stack is an investigative project that maps how a network of US tech billionaires, venture capital funds, and defense-tech companies are consolidating state power through privatized infrastructure, led by Prof. Francesca Bria and xof-research.org. https://www.authoritarian-stack.info 
• Fragmentation across digital asset networks poses a growing threat to global finance, and true interoperability will require aligning technology, legal frameworks, and regulatory oversight, much like how shared internet protocols once unified early networks, argues Vivian Clavel Díaz. https://www.omfif.org/2025/11/the-missing-piece-of-the-fragmentation-problem 
• Researchers from Princeton presented new findings at the IETF’s Decentralized Internet Infrastructure Research Group showing that a handful of companies now control most of the internet’s core infrastructure. https://practicespace.substack.com/p/a-handful-of-companies-control-the 
• A new IETF draft warns that the Domain Name System faces major technical and policy challenges in supporting the emerging Internet of Autonomous Things, citing latency, mobility, security, and privacy limitations that could undermine future autonomous networks. https://circleid.com/posts/dns-under-strain-technical-and-policy-challenges-in-supporting-the-internet-of-autonomous-things 
• EU Commission President Ursula von der Leyen has been accused of falling for the AI industry’s self-promoting hype after claiming the technology will “approach human reasoning” next year. https://euobserver.com/digital/ar68689659 
• The European Commission has launched a new Multi-Stakeholder Forum on Internet Standards Deployment to support the rollout of key network security measures under the NIS2 Directive, bringing together industry, regulators, and technical experts to accelerate adoption of modern internet, email, DNS, and routing standards across the EU. https://digital-strategy.ec.europa.eu/en/news/european-commission-seeks-participants-multi-stakeholder-forum-internet-standards-deployment 
• The Transparency Coalition’s 2025 State AI Legislation Report found that 27 US states enacted 73 new AI-related laws this year, with California leading the way. The report highlights growing bipartisan concern over deepfakes, AI chatbots targeting minors, and the use of AI in healthcare. https://www.transparencycoalition.ai/news/transparency-coalition-publishes-2025-state-ai-legislation-report 

Digital Rights

• While phone rates in the US have fallen dramatically over the past two decades thanks to competition, mobile adoption, and internet-based services, there’s one place where they haven’t: prisons. Behind FCC’s latest efforts to rein in costs, and telecom giants and state correctional systems fight to keep rates high. https://broadbandbreakfast.com/congress-tried-twice-to-reduce-prison-phone-rates 
• At the Paris Peace Forum, world leaders, ministers, and media advocates convened to defend information integrity and independent journalism, renewing global commitments and funding for the Partnership on Information and Democracy. https://www.youtube.com/watch?v=5YQy6iV1KdQ 
• As LA Public Press covered months of federal immigration raids across Los Angeles, its journalists found themselves facing the same dangers as foreign correspondents in war zones says their editor-in-chief Michelle Zenarosa. https://www.poynter.org/business-work/2025/la-public-press-journalists-covering-ice-raids-safety 
• The Financial Times reports that Lloyds Banking Group analyzed data from over 30,000 employee bank accounts, which staff are required to hold with the bank, as part of its salary negotiations with trade unions. The bank compared workers’ financial resilience, savings, and spending patterns with those of regular customers to argue that employees were faring better during the cost of living. https://www.ft.com/content/7d3d3e88-206a-49db-aaa3-085f1c28f8d6 
• The Common Crawl Foundation, a little-known nonprofit that scrapes and archives billions of webpages, has become a major data source for AI companies like OpenAI, Google, Anthropic, Nvidia, Meta, and Amazon. Although Common Crawl presents itself as a public research tool, the Atlantic’s Alex Reisner’s investigation found that it has enabled AI firms to train on paywalled journalism. https://www.theatlantic.com/technology/2025/11/common-crawl-ai-training-data/684567
  • ICYMI: “Training Data for the Price of a Sandwich, Common Crawl’s Impact on Generative AI by Stefan Baak and Mozilla Insights” https://www.mozillafoundation.org/en/research/library/generative-ai-training-data/common-crawl 

Technology for Society

• Bitchat for Gaza is a new messaging app that allows users to chat securely with or without internet access. https://updates.techforpalestine.org/bitchat-for-gaza-messaging-without-internet 
• Europe’s SLICES initiative is building a large-scale research infrastructure to support next-generation internet and digital infrastructure experimentation, aiming to boost scientific reproducibility, technological sovereignty, and innovation across the continent. https://www.innovationnewsnetwork.com/experiment-innovate-transform-the-future-of-digital-infrastructure-starts-with-slices/63435 
• UN High Commissioner for Human Rights Volker Türk warned that the growing concentration of wealth and power among a handful of major tech companies, which are now richer than many national economies, poses a major threat to democracy and human rights, particularly as unregulated AI amplifies their influence. https://www.businesstimes.com.sg/companies-markets/telcos-media-tech/concentration-corporate-power-huge-concern-un-rights-chief 
• BetaNYC’s November 7, 2025 This Week in NYC’s #CivicTech newsletter congratulates Mayor-elect Zohran Mamdani and lays out a detailed public-interest technology agenda for his administration. https://www.beta.nyc/2025/11/07/this-week-in-nycs-civictech-november-7-2025 
• Leaders from Kenya, Benin, UNFPA, and civil society spoke at Africa’s first symposium on technology-facilitated gender-based violence, sharing data and survivor-centered strategies to make the digital public square safer for women and girls. https://www.youtube.com/live/-H7aPxm-g-k 

Privacy and Security

• Cyber researcher Ovi has uncovered a new North Korean–linked malware strain, “EndClient RAT,” targeting human rights defenders working on North Korea issues. https://www.0x0v1.com/endclientrat 
• ZKPs, or Zero-Knowledge Proofs, are cryptographic methods that let one party prove something is true without revealing the underlying data. But as Sofía Celi, Kyle Den Hartog, and Hamed Haddadi at Brave Research write, deploying them for age verification isn’t the privacy silver bullet it’s often claimed to be. https://brave.com/blog/zkp-age-verification-limits 
• Mozilla has rolled out expanded fingerprinting protections in Firefox 145, cutting the number of users trackable by hidden web identifiers nearly in half. https://blog.mozilla.org/en/firefox/fingerprinting-protections 
• Cyberattacks targeting internet-connected and mobile devices have surged across critical infrastructure sectors, with manufacturing, energy, and healthcare seeing some of the steepest year-over-year increases, according to new data from Zscaler. https://www.cybersecuritydive.com/news/mobile-iot-attacks-surge-critical-infrastructure-zscaler/805008 
• NSO Group has been taken over by investors led by Hollywood producer Robert Simonds and installed former US ambassador David Friedman as executive chair, signaling a push to rehabilitate Pegasus spyware’s image and court US law-enforcement customers despite sanctions, lawsuits, and a WhatsApp injunction. https://www.wsj.com/tech/israeli-spyware-maker-nso-gets-new-owners-leadership-and-seeks-to-mend-reputation-166ac50e 
• A new five-year study has found that adoption of BGP-based DDoS scrubbing services has nearly tripled worldwide since 2020, as more networks turn to large-scale traffic rerouting to defend against cyberattacks on critical infrastructure. https://blog.apnic.net/2025/11/05/a-first-look-at-the-adoption-of-bgp-based-ddos-scrubbing-services-a-five-year-longitudinal-analysis 
• IAB Tech Lab has launched a new “Device Attestation” feature within its Open Measurement SDK to curb connected TV ad fraud, adapting the Internet Engineering Task Force’s (IETF) Privacy Pass Protocol to let device manufacturers securely verify when ads are genuinely served on real CTV devices. https://videoweek.com/2025/11/04/iab-tech-lab-cracks-down-on-ctv-fraud-with-device-attestation-support 
• The OpenID Foundation has responded to Utah’s State-Endorsed Digital Identity (SEDI) program, urging the state to adopt proven open standards for privacy, security, and interoperability. https://www.biometricupdate.com/202511/for-utahs-digital-id-program-openid-recommends-proven-open-standards 
• Signal has issued new guidance warning users about phishing, impersonation, and scam attempts that exploit human trust rather than technical vulnerabilities. https://support.signal.org/hc/en-us/articles/9932566320410-Staying-Safe-from-Phishing-Scams-and-Impersonation 

Upcoming Events

• Pulse 2025: The Trump Effect on Digital Resilience in the Global Majority is the second public webinar organized by the Digital Resilience Network. December 3, 2pm UTC. https://digitalresilience.network/register-for-our-public-webinar-pulse-2025-the-trump-effect-on-digital-resilience-in-the-global-majority  

Careers and Funding Opportunities

United States

• Evitable: Chief of Staff. San Francisco, CA. https://evitable.com/chief-of-staff 
• ACLU: New York, NY. 
  • Cyber Security Engineer. https://www.aclu.org/careers/apply/?job=8226293002&type=national  
  • Product Manager, Technology. https://www.aclu.org/careers/apply/?job=8220646002&type=national 
  • IT Program Manager, Affiliate Technology Services. https://www.aclu.org/careers/apply/?job=8036945002&type=national 
• The Knight First Amendment Institute: Summer 2026 Legal Internship. New York, NY. https://knightcolumbia.org/page/summer-2026-legal-internship 
• Girls Who Code: Manager, Program Planning & Delivery (Education). New York, NY. https://jobs.lever.co/girlswhocode/e18aada8-578c-46fd-90c4-80ee5d7320f7/apply
• NYU: Adjunct Faculty - Technology Strategy. Brooklyn, NY. https://apply.interfolio.com/176429 
• Philips: Responsible AI Lead. Cambridge, MA. https://www.careers.philips.com/global/en/job/566417/Responsible-AI-Lead-USA-Cambridge-MA 
• Thorn: Senior Researcher. Remote US. https://www.thorn.org/careers/application/?gh_jid=8245013002 
• AI For Good: Program Lead. Remote US. https://apply.workable.com/evidence-action/j/A94E2AEC5F 
• The Patrick J. McGovern Foundation: Strategy Analyst. Remote US. https://jobs.lever.co/mcgovern/274b9846-aa9c-401d-b778-cc4a5deef86b 

Global

• Future of Life Institute: EU Policy Advocate/Lead. Hybrid Brussels, BE. https://jobs.lever.co/futureof-life/7e1334b8-30c4-49e2-9514-80bfdf6bbce8? 
• University of Helsinki: Research fellow in AI in Social Research on Diversity. Helsinki, FI. https://jobs.helsinki.fi/job/Helsinki-Research-fellow-in-AI-in-Social-Research-on-Diversity/1330272957 
• Sony: AI Ethics SME. Budapest, HU. https://sonyglobal.wd1.myworkdayjobs.com/en-US/Sony_Europe_Careers/job/Budapest/AI-Ethics-SME_JR-118346 
• Pivotal: Research Fellowship. London, UK. https://www.pivotal-research.org/fellowship 
• The Future of Life Institute: UK Policy Advocate/Lead. Remote UK. https://jobs.lever.co/futureof-life/f8ec847b-0bd3-4f41-bd59-3e387158769d 
• Mozilla AI: Solutions Engineer – Agent Platform. Remote US, CA, EU, UK. https://job-boards.greenhouse.io/mozillaai/jobs/4934689007 
• Windfall Trust: Communications Director. Remote. https://docs.google.com/document/d/1pYVSTNTRzHHkqd6RlJhJyR3210d9DdMEY10AZDJgGM0/edit?tab=t.0#heading=h.wxqlt7q7q4pc 

Opportunities to Get Involved

• Applications are open for Morgan Stanley’s Tech Change Makers program, a pro bono initiative where teams of the company’s technologists partner with nonprofits for 6–8 months to help them develop or improve technology solutions that advance their missions. https://morganstanleysurvey.qualtrics.com/jfe/form/SV_eEEv5Or5rFQCDIi 

What did we miss? Please send us a reply or write to editor@exchangepoint.tech.