Blindfolded Governance: Mapping Economic Dark Output from AI in Asia

Mahi H Shah

AI is making informal and self-employed workers across Asia more productive, yet this productivity gain often leaves no trace in GDP, tax records, or labour statistics, a phenomenon recently termed "Dark Output." This work does not attempt to measure Dark Output directly, an exercise that remains infeasible given current data; instead, it constructs the Asia Dark Output Index (ADOI), a composite, pre-emptive proxy for where AI-driven economic activity is most likely to escape formal measurement. ADOI combines four publicly available pillars: informal employment, self-employment, AI task exposure, and digital infrastructure, normalised and weighted across twelve Asian economies.

India, Indonesia, Pakistan, and Cambodia emerge as highest-risk. The novel contribution of this work is the first cross-country index to combine informal-economy structure with AI task-exposure data specifically to anticipate measurement blind spots, rather than to assess AI readiness or labour displacement. South and Southeast Asia is the natural focus given the region's unusually high informal employment share alongside rapidly expanding digital infrastructure and AI exposure. The result is a tool for governance under uncertainty: identifying where policymakers are most likely to be acting on an incomplete picture of their own economies.

Reviewer's Comments

Reviewer's Comments

Arrow
Arrow
Arrow

The submission explores an underexamined part of AI economics and is a strong fit for the hackathon. The writing is strong and the added figures are a nice touch.

The methodology is transparently explained and mostly appropriate. The main thing holding back the index is its aggregation. The paper defines Dark Output as a conjunction (activity that is both AI-exposed and institutionally invisible), but the additive weighted sum is fully compensatory, so a country can rank high on invisibility alone even with near-zero AI uptake.

Two consequences follow: Informal employment and self-employment (60% of the weight combined) measure a highly overlapping population in these economies, so the invisibility side is in effect double-counted. As AI task exposure correlates negatively with informality across the sample, the two sides partly cancel inside the sum, leaving the ranking close to a pure informality index with the AI pillars doing little work.

Consider a nested structure: combine the invisibility proxies additively, given that they are substitutable measures of one construct. Then combine that invisibility factor multiplicatively with an AI-uptake factor, ideally gating exposure by connectivity. A geometric mean across the two dimensions would also honour the paper's own "necessary but not sufficient" logic, which the current additive form contradicts.

Strong framing. The notebook also reproduces cleanly.

To improve:

1. Add sensitivity analysis. Vary the weights, compare min-max and rank-based normalization, and show whether the top cluster still holds.

2. Clarify data provenance. E.g. compare sources of data, state which you use and why, since this affects the scores.

3. Address China exclusion directly. Leaving China out weakens the Asia framing.

This is a thoughtful and original project that frames an important governance blind spot: AI-enabled productivity gains in informal and self-employed work may remain invisible to official economic measurement. The proposed index is a useful and creative proxy, and the report is especially strong in explaining why direct measurement is infeasible and why a pre-emptive governance tool could still matter. The execution is solid for a weekend hackathon, with transparent indicators, weighting, normalization, and a reproducible dataset, though the weighting choices remain mostly theoretical and would need validation or sensitivity analysis in future work. The link to AI safety is somewhat indirect compared with projects focused on model behavior, misuse, or institutional safeguards, but the contribution is still relevant to governance capacity and Global South policy design. Overall, the report is clear, well structured, and persuasive, with a concise narrative that avoids overclaiming.

Like the core move here: you are not asking how ready a country is for AI, you are asking where AI output slips past the official numbers. That reframing is the contribution, and you built the index cleanly from public data and said upfront there is no ground truth. The soft spot is the weighting. The 30/30/20/20 split carries the whole ranking and never gets tested, so I cannot tell if the order is real or an artifact. Fix that first: vary the weights, show how much the ranking moves. Then bring China into the sample, since its absence probably undersells the whole point, and find one external signal to validate against, even a rough shadow-economy estimate. Honest and well-scoped for a weekend. Build the sensitivity check and this gets a lot more persuasive.

Cite this work

@misc {

title={

(HckPrj) Blindfolded Governance: Mapping Economic Dark Output from AI in Asia

},

author={

Mahi H Shah

},

date={

},

organization={Apart Research},

note={Research submission to the research sprint hosted by Apart.},

howpublished={https://apartresearch.com}

}

Recent Projects

OliGraph: graph-based screening of large oligopools

Existing synthesis screening tools cannot evaluate short oligonucleotide pools, whose overlapping fragments can be reassembled into regulated sequences via polymerase cycling assembly (PCA) yet fall below gene-length detection thresholds. We present OliGraph, an open-source tool that constructs a bi-directed overlap graph from an oligonucleotide pool and extracts contigs for downstream gene-length screening. An optional PCA mode retains only cross-strand overlaps consistent with PCA chemistry. We validated OliGraph in a blinded study across ten simulated pools (70–9,184 oligonucleotides, 30–300 bp) spanning four risk categories. BLAST screening of individual oligonucleotides failed to identify sequences of concern in most pools: three returned zero hits, and vector noise obscured true positives in the remainder. After OliGraph assembly, contig-level BLAST matched the longest assembled sequences (up to 1,905 bp) to sequences of concern at 97–100% identity. In one pool, assembly collapsed 1,634 individual BLAST results into 10 hits from a single contig, all assigned to the same source organism. PCA mode correctly distinguished assemblable from non-assemblable fragments within the same pool. Two pools with no assemblable structure yielded no contigs. OliGraph processed all pools in under 0.2 seconds, fast enough for real-time order screening and consistent with proposals to bring oligonucleotide orders within the scope of synthesis screening regulation.

Read More

BioRT-Bench: A Multi-Attack Red-Teaming Benchmark for Bio-Misuse Safeguards in Frontier LLMs

Frontier AI laboratories are expected to maintain safeguards against biological misuse, but whether deployed models actually refuse bio-misuse queries under adversarial pressure is largely unmeasured in the public literature. We introduce BioRT-Bench, a benchmark that runs four attack methods (direct request, PAIR, Crescendo, and base64 encoding) against four frontier models (Claude Sonnet 4.6, GPT-5.4, DeepSeek V4-flash, Kimi K2.5) across 40 prompts spanning five biosecurity-relevant categories. Responses are scored by a calibrated judge extending StrongREJECT with two bio-specific dimensions: specificity and actionability. We measure Attack Success Rate (ASR), where 0 means the model fully refused and 1 means it provided specific, actionable bio-misuse content. Our results reveal a sharp robustness divide: Chinese frontier models (DeepSeek, Kimi) have under 5% refusal rates even under direct request (ASR 0.88 and 0.79), while Western models (Claude, GPT) maintain substantially stronger safeguards (ASR 0.15 and 0.16). Crescendo is the most effective attack across all models, both in bypassing refusal and in eliciting actionable content. Claude Sonnet 4.6 is the most robust model tested, achieving 100% refusal against base64-encoded prompts.

Read More

PROTEUS (PROTein Evaluation for Unusual Sequences): Structure-Informed Safety Screening for de novo and Evasion-Prone Protein-Coding Sequences

AI protein design tools like RFdiffusion, ProteinMPNN, and Bindcraft make it trivial to produce low-homology sequences that fold into active, potentially hazardous architectures. However, sequence homology-based biosafety screening tools cannot detect proteins that pose functional risk through structurally novel mechanisms with no sequence precedent. We present a tiered computational pipeline that addresses this gap by combining MMseqs2 sequence alignment with structure-based comparison via FoldSeek and DALI against curated toxin databases totaling ~34,000 entries. AlphaFold2-predicted structures are screened for both global fold similarity (FoldSeek) and local active/allosteric site geometry (DALI), capturing convergent functional hazards that sequence screening misses. The pipeline was validated against a panel of toxins, benign proteins, structural mimics, and de novo-designed Munc13 binders, as well as modified ricin variants with residue substitutions. We additionally tested robustness to partial-synthesis evasion, where a bad actor submits multiple shorter coding sequences intended for downstream reassembly into a full toxin-coding gene. We found that while sequence-based screening did not identify any de novo ricin analogues with high certainty, the combined pipeline with FoldSeek and DALI identified all 24 tested de novo ricins as toxic.

Read More

OliGraph: graph-based screening of large oligopools

Existing synthesis screening tools cannot evaluate short oligonucleotide pools, whose overlapping fragments can be reassembled into regulated sequences via polymerase cycling assembly (PCA) yet fall below gene-length detection thresholds. We present OliGraph, an open-source tool that constructs a bi-directed overlap graph from an oligonucleotide pool and extracts contigs for downstream gene-length screening. An optional PCA mode retains only cross-strand overlaps consistent with PCA chemistry. We validated OliGraph in a blinded study across ten simulated pools (70–9,184 oligonucleotides, 30–300 bp) spanning four risk categories. BLAST screening of individual oligonucleotides failed to identify sequences of concern in most pools: three returned zero hits, and vector noise obscured true positives in the remainder. After OliGraph assembly, contig-level BLAST matched the longest assembled sequences (up to 1,905 bp) to sequences of concern at 97–100% identity. In one pool, assembly collapsed 1,634 individual BLAST results into 10 hits from a single contig, all assigned to the same source organism. PCA mode correctly distinguished assemblable from non-assemblable fragments within the same pool. Two pools with no assemblable structure yielded no contigs. OliGraph processed all pools in under 0.2 seconds, fast enough for real-time order screening and consistent with proposals to bring oligonucleotide orders within the scope of synthesis screening regulation.

Read More

BioRT-Bench: A Multi-Attack Red-Teaming Benchmark for Bio-Misuse Safeguards in Frontier LLMs

Frontier AI laboratories are expected to maintain safeguards against biological misuse, but whether deployed models actually refuse bio-misuse queries under adversarial pressure is largely unmeasured in the public literature. We introduce BioRT-Bench, a benchmark that runs four attack methods (direct request, PAIR, Crescendo, and base64 encoding) against four frontier models (Claude Sonnet 4.6, GPT-5.4, DeepSeek V4-flash, Kimi K2.5) across 40 prompts spanning five biosecurity-relevant categories. Responses are scored by a calibrated judge extending StrongREJECT with two bio-specific dimensions: specificity and actionability. We measure Attack Success Rate (ASR), where 0 means the model fully refused and 1 means it provided specific, actionable bio-misuse content. Our results reveal a sharp robustness divide: Chinese frontier models (DeepSeek, Kimi) have under 5% refusal rates even under direct request (ASR 0.88 and 0.79), while Western models (Claude, GPT) maintain substantially stronger safeguards (ASR 0.15 and 0.16). Crescendo is the most effective attack across all models, both in bypassing refusal and in eliciting actionable content. Claude Sonnet 4.6 is the most robust model tested, achieving 100% refusal against base64-encoded prompts.

Read More

This work was done during one weekend by research workshop participants and does not represent the work of Apart Research.
This work was done during one weekend by research workshop participants and does not represent the work of Apart Research.