Systems Security
Research in this track covers software and infrastructure-level hardware security mechanisms for monitoring and securing AI development and deployment, including side-channel analysis, cluster security, and physical-layer verification. Importantly, this track is distinct from the broader "AI security" framing that refers to adversarial robustness or jailbreaking; the focus here is on literally securing the systems that advanced AI runs on, including data centers, hardware supply chains, compute clusters, and model weights.
- Initial application: No track-specific questions.
- Stream applications & follow-up: Apply to individual streams; follow-up includes interviews and/or additional assessments depending on the stream.
The track focuses on the hardware, software, and infrastructure that frontier AI systems run on. Even if alignment research succeeds, those safety properties only matter in practice if model weights aren't stolen, training and inference compute can't be tampered with, and the systems running advanced AI can be audited and verified. The track exists to build the technical foundations for that. Streams cover model weight protection, side-channel analysis, secure enclaves, hardware supply chain assurance, datacenter and cluster security, physical-layer verification of compute use, and the technical components that make compute governance and export controls enforceable.
We are looking for fellows with real depth in systems or security work. Essential traits are fluency in at least one of: security engineering, vulnerability research, cryptography, operating systems or other low-level software, hardware security (chips, FPGAs, embedded systems), or systems engineering at the infrastructure layer. ML expertise is preferred but not required. What matters is the ability to reason carefully about adversaries, side channels, and trust boundaries. Strong candidates have come from security teams at tech companies, hardware and chip design, cryptography research, government security work, CTF and vulnerability research backgrounds, and embedded systems engineering.
Fellows are matched to mentors based on fit, and projects produce concrete artifacts by program end: security audits, technical specifications, prototype defenses, attack demonstrations, or proposals for verification protocols. Target audiences include lab security and infrastructure teams, hardware vendors, and the policy actors who need technical groundwork to enforce compute governance and export controls.
This stream focuses on building realistic defensive cybersecurity benchmarks utilizing data from Asymmetric Security's work on real-world incidents.
In this project, we will explore GPU side-channel attacks to extract information about model usage. A simple example is to observe (via radio, power fluctuations, acoustics, etc.) which experts were used in each forward pass of an MOE model, then use those observations to guess which tokens were produced.
Implementing SL4/5 and searching for differentially defense-favored security tools.
This stream focuses on AI policy, especially technical governance topics. Tentative project options include: technical projects for verifying AI treaties, metascience for AI safety and governance, and proposals for tracking AI-caused job loss. Scholars can also propose their own projects.