Introduction

See full report

LoC has become a topic of increased attention for policymakers on both sides of the Atlantic. In the United States (U.S.), California enacted Senate Bill 53, which includes LoC within the “critical safety incidents” that frontier AI developers should identify, respond to, and report (California Senate Bill 53 2025), reflecting a previous mention of LoC in the California Report on Frontier AI Policy (Bommasani et al. 2025). More recently, the bipartisan legislation introduced by Senators Hawley and Blumenthal identifies LoC scenarios as one of the adverse AI incidents whose likelihood the Department of Energy would be tasked to evaluate (Artificial Intelligence Risk Evaluation Act 2025). In the European Union (EU), the EU AI Act’s General-Purpose AI Code of Practice categorizes LoC as a systemic risk, requiring covered deployers to assess and mitigate its risk ((EU General-Purpose AI Code of Practice 2025), Safety and Security Chapter, Appendix 1.4).

Similarly, LoC has been the subject of increasing attention from various frontier AI companies. Some of these companies have committed to voluntarily assessing AI capabilities instrumental to AI systems’ potential to “undermine human control” (Google DeepMind 2025) in their Frontier Safety Policies, and some have included LoC within the societal impacts discussed in their System Cards (OpenAI 2025).

Notwithstanding the rising interest, the topic area of LoC itself is nascent and lacks a common, clear definition. In this context, we found that neither AI literature nor other safety-critical industries (see Section 1.A.1) provide sufficient support for a common, clear, and, in turn, widely actionable definition of LoC. The absence of such a definition may soon contribute to epistemic confusion around LoC, especially as more decision- and policymakers engage with the topic. In turn, this could make the identification of early warning shots challenging and undermine the shared effort by the aforementioned and future legal frameworks to target and mitigate LoC threats appropriately. Finally, an absence of clarity could also lead to ‘crying wolf’ situations for phenomena that fall short of LoC, and ultimately contribute to fostering skepticism of LoC itself as a remote, impalpable, and speculative threat.

It is plausible that the object-level threat of LoC will significantly grow in the coming couple of years. We expect that this will occur due to two reasons: (i) AI capabilities will likely increase in line with established trends (Emberson and You 2025; METR 2025; Owen 2025); and, concurrently, (ii) there will be growing economic and strategic incentives to use these more highly advanced future AI systems in areas that are currently too complex or costly for wide AI system deployment (Patwardhan et al. 2025; Patel 2024; Shah et al. 2025). As a result, it is likely that these AI systems will be integrated into broader and higher-stakes use cases—some of which could be critical, such as in certain defense applications or in sensitive government settings (Chief Digital and Artificial Intelligence Office 2025; Anthropic 2025; UK Ministry of Defence (MOD) 2025)—and be given more wide-reaching modalities to execute on their use cases. Ultimately, this combination of advanced capabilities and AI system integration into high-stakes use cases in critical sectors could lead to more significant, far-reaching impacts should an undesirable event occur, including those that can devolve into LoC.

In this research report, we attempt to bring all aforementioned challenges into coherence. In doing so, we offer:

We endeavored to adhere to the core goal of this research report and capture the limited but growing existing evidence on LoC, without engaging in broad speculation. The scope of this research report is, therefore, limited as follows:

We do not provide a quantitative estimate of risk or an assessment of the likelihood of specific LoC scenarios described in the broader literature.
We do not elaborate on how likely it is that a specific capability highlighted in recent research (Phuong et al. 2025; Black et al. 2025; Meinke et al. 2025) would lead to LoC, nor on capability composition or thresholds.

Finally, throughout our research, we came across a variety of important open questions that we elected not to discuss and situate in this report. We offer a list of these questions in Appendix 1.

References

Anthropic. 2025. “Government: Responsible AI That Meets Government Needs.” https://claude.com/solutions/government.

Artificial Intelligence Risk Evaluation Act (2025). https://www.hawley.senate.gov/wp-content/uploads/2025/09/Hawley-Blumenthal-Artificial-Intelligence-Risk-Evaluation-Act.pdf.

Black, Sid, Asa Cooper Stickland, Jake Pencharz, et al. 2025. RepliBench: Evaluating the Autonomous Replication Capabilities of Language Model Agents. https://arxiv.org/abs/2504.18565.

Bommasani, Rishi, Scott R. Singer, Ruth E. Appel, et al. 2025. The California Report on Frontier AI Policy. Joint California Policy Working Group on AI Frontier Models. https://www.gov.ca.gov/wp-content/uploads/2025/06/June-17-2025-%E2%80%93-The-California-Report-on-Frontier-AI-Policy.pdf.

California Senate Bill 53, California Legislature (2025). https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260SB53.

Chief Digital and Artificial Intelligence Office. 2025. “CDAO Announces Partnerships with Frontier AI Companies to Address National Security Mission Areas.” Press release. U.S. Department of Defense, July 14. https://www.ai.mil/latest/news-press/pr-view/article/4242822/cdao-announces-partnerships-with-frontier-ai-companies-to-address-national-secu/.

Emberson, Luke, and Josh You. 2025. GPT-5 and GPT-4 Were Both Major Leaps in Benchmarks from the Previous Generation. https://epoch.ai/data-insights/gpt-capabilities-progress.

EU General-Purpose AI Code of Practice (2025). https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai.

Google DeepMind. 2025. Frontier Safety Framework Version 3.0. https://storage.googleapis.com/deepmind-media/DeepMind.com/Blog/strengthening-our-frontier-safety-framework/frontier-safety-framework_3.pdf.

Meinke, Alexander, Bronson Schoen, Jérémy Scheurer, Mikita Balesni, Rusheb Shah, and Marius Hobbhahn. 2025. Frontier Models Are Capable of in-Context Scheming. https://arxiv.org/abs/2412.04984.

METR. 2025. “Measuring AI Ability to Complete Long Tasks.” https://metr.org/blog/2025-03-19-measuring-ai-ability-to-complete-long-tasks/.

OpenAI. 2025. GPT-4o System Card. OpenAI. https://cdn.openai.com/gpt-4o-system-card.pdf.

Owen, David. 2025. What Will AI Look Like in 2030? Epoch AI. https://epoch.ai/files/AI_2030.pdf.

Patel, Dwarkesh. 2024. “John Schulman (OpenAI Cofounder) - Reasoning, RLHF, & Plan for 2027 AGI.” May 15. https://www.dwarkesh.com/p/john-schulman.

Patwardhan, Tejal, Rachel Dias, Elizabeth Proehl, et al. 2025. GDPval: Evaluating AI Model Performance on Real-World Economically Valuable Tasks. https://arxiv.org/abs/2510.04374.

Phuong, Mary, Roland S. Zimmermann, Ziyue Wang, et al. 2025. Evaluating Frontier Models for Stealth and Situational Awareness. https://arxiv.org/abs/2505.01420.

Shah, Rohin, Alex Irpan, Alexander Matt Turner, et al. 2025. An Approach to Technical AGI Safety and Security. https://arxiv.org/abs/2504.01849.

UK Ministry of Defence (MOD). 2025. “Largest Ever UK Defence AI Trial Conducted Across Land, Sea and Air.” Press release. GOV.UK, May 25. https://www.gov.uk/government/news/largest-ever-uk-defence-ai-trial-conducted-across-land-sea-and-air.