Feb 2, 2026

AI Safety Template

A. Davíd Giagnocavo, Kazuki Kimura, Zane Estere Gruntmane, Siddharth Putta, Gaurav Joshi, Satoshi Nakamura

A prototype for creating standardized AI safety evaluations that run in a hardened & private way

Review Project

See Code

View Related Sprint

Reviewer's Comments

A very cool idea but quite hard to execute. But I assume a good team with time and recourses can do that.

The paper has a strong problem identification - the present lack of trusted, neutral infrastructure for cross-organisational eval comparison is a bottleneck for international AI governance, and the paper articulates the requirements clearly (collaborative, transparent, neutral, verifiable, privacy-preserving), while giving clear historical examples of the gains of this approach. The two-TEE architecture is a sensible design for this problem - separating evaluation code from model weights in distinct trust boundaries allows model providers to submit to third-party evals without risking IP exfiltration.

However, the main reproducibility gains highlighted are probably already achievable for the most part through standard containerisation. The hard reproducibility problems in evals, such as GPU floating-point non-determinism, prompt sensitivity, dataset contamination and LLM-as-judge variance are unaddressed by the architecture. The gain from the controller pattern over standard dependency pinning is real, but it is probably not the key bottleneck to reproducability in evals at present.

Cite this work

@misc {

title={

(HckPrj) AI Safety Template

author={

A. Davíd Giagnocavo, Kazuki Kimura, Zane Estere Gruntmane, Siddharth Putta, Gaurav Joshi, Satoshi Nakamura

date={

2/2/26

organization={Apart Research},

note={Research submission to the research sprint hosted by Apart.},

howpublished={https://apartresearch.com}

}

Recent Projects

View All

Feb 2, 2026

Prototyping an Embedded Off-Switch for AI Compute

This project prototypes an embedded off-switch for AI accelerators. The security block requires periodic cryptographic authorization to operate: the chip generates a nonce, an external authority signs it, and the chip verifies the signature before granting time-limited permission. Without valid authorization, outputs are gated to zero. The design was implemented in HardCaml and validated in simulation.

Feb 2, 2026

Fingerprinting All AI Cluster I/O Without Mutually Trusted Processors

We design and simulate a "border patrol" device for generating cryptographic evidence of data traffic entering and leaving an AI cluster, while eliminating the specific analog and steganographic side-channels that post-hoc verification can not close. The device eliminates the need for any mutually trusted logic, while still meeting the security needs of the prover and verifier.

Feb 2, 2026

Modelling the impact of verification in cross-border AI training projects

This paper develops a stylized game-theoretic model of cross-border AI training projects in which multiple states jointly train frontier models while retaining national control over compute resources. We focus on decentralized coordination regimes, where actors publicly pledge compute contributions but privately choose actual delivery, creating incentives to free-ride on a shared public good. To address this, the model introduces explicit verification mechanisms, represented as a continuous monitoring intensity that improves the precision of noisy signals about each actor's true compute contribution. Our findings suggest that policymakers designing international AI governance institutions face a commitment problem: half-measures in verification are counterproductive, and effective regimes require either accepting some free-riding or investing substantially in monitoring infrastructure.

Feb 2, 2026