Back to Dashboard
Security / Deployment/ 6.4.3

6.4.3 Detection and Authorization of Dual-Use Capability at Inference Time

2026 Governance Status: Narrowly operationalized

Original Problem in the Paper

Motivation: if assessments flag dual-use domain competence, providers may need to avoid public default exposure while preserving legitimate uses (e.g., cybersecurity professionals patching vulnerabilities). Open problems: detect all requests for dual-use capabilities, distinguish legitimate from malicious intent, and require authentication/authorization (e.g., certified experts, red-teamers, researchers) before access; proof-of-concept authorization schemes were hypothetical.

July 2026 Update & Trajectory

Dual-use gating has moved from hypothetical to narrow deployment: Anthropic describes access controls plus real-time/asynchronous classifiers for catastrophic-risk safeguards, and OpenAI’s 2026 Cybersecurity Grant update says it introduced Trusted Access for Cyber with API credits for defensive deployment. However, reliable intent classification remains unverified; I could verify the OpenAI update only via the Grant Program page because the Trusted Access page itself returned 403. Authorization is operational for specific programs/domains, not a general inference-time standard.

Deployed / Operationalized

  • Tiered access/vetting for safety testing and partner use cases; enhanced due diligence based on trustworthiness and beneficial use-case.
  • Real-time prompt/completion classifiers plus asynchronous monitoring for CBRN/cyber and other severe-harm domains.
  • Cyber-defender trusted-access programs and API-credit grants for defensive cybersecurity use; offensive projects excluded.

New Tractable Vectors

  • Route detected dual-use requests into authorization workflows rather than blanket refusal.
  • Use domain-specific classifier cascades (cyber, bio, chem) with user identity, organization vetting, and monitoring.
  • Offer researcher/red-team modes with compensating controls, logging, and revocable access.

Key Open Questions

  • Robustly distinguishing malicious intent from legitimate dual-use work under jailbreaks, roleplay, ambiguity, and staged multi-turn requests.
  • Privacy-preserving credential/authorization schemes for sensitive occupations or researchers across jurisdictions.
  • Preventing authorized users from laundering capabilities to unauthorized users or automating harmful workflows.

Evidence & Primary Sources