Systems Security

The track focuses on the hardware, software, and infrastructure that frontier AI systems run on. Even if alignment research succeeds, those safety properties only matter in practice if model weights aren't stolen, training and inference compute can't be tampered with, and the systems running advanced AI can be audited and verified. The track exists to build the technical foundations for that. Streams cover model weight protection, side-channel analysis, secure enclaves, hardware supply chain assurance, datacenter and cluster security, physical-layer verification of compute use, and the technical components that make compute governance and export controls enforceable.

We are looking for fellows with real depth in systems or security work. Essential traits are fluency in at least one of: security engineering, vulnerability research, cryptography, operating systems or other low-level software, hardware security (chips, FPGAs, embedded systems), or systems engineering at the infrastructure layer. ML expertise is preferred but not required. What matters is the ability to reason carefully about adversaries, side channels, and trust boundaries. Strong candidates have come from security teams at tech companies, hardware and chip design, cryptography research, government security work, CTF and vulnerability research backgrounds, and embedded systems engineering.

Fellows are matched to mentors based on fit, and projects produce concrete artifacts by program end: security audits, technical specifications, prototype defenses, attack demonstrations, or proposals for verification protocols. Target audiences include lab security and infrastructure teams, hardware vendors, and the policy actors who need technical groundwork to enforce compute governance and export controls.