WEST-CENTRAL ASIA AI SAFETY INSTITUTE (AISI) BLUEPRINT: A Socio-Technical Feasibility Framework and Deployment Compliance Sandbox
Ammara Durrani
Current Global South AI safety discourse systematically excludes West-Central Asian countries, leaving a critical geopolitical swing region operating in a governance vacuum. This paper introduces the West-Central Asia AI Safety Institute (AISI) Blueprint, a macro-institutional feasibility framework tailored for resource-constrained middle powers in this pivotal region navigating U.S.-China tech competition. Adapting Singapore’s 2C1D strategic framework, the blueprint shifts the governance paradigm from exclusionary upstream frontier capability training caps toward localized, edge-layer deployment-side defense while establishing a critical interface with international AI governance regimes. To demonstrate immediate operational utility, the framework integrates a functional U.S.-China AI-Biosecurity trade compliance artifact: the BioExport Navigator Compliance Sandbox (Module 1). This module automates multi-jurisdictional trade and dual-use compliance auditing for localized Small Language Models (SLMs). By replacing subjective multi-LLM cloud consensus with deterministic open-source evaluators (Promptfoo and PolyGuard), this socio-technical architecture provides West-Central Asian middle powers an actionable path toward verifiably safe model deployment, digital sovereignty, and agency to navigate great power AI competition.
Well done, you stand apart with the regional lens. Mapping West-Central Asia as a distinct, neglected vacuum with its own compute, linguistic, and kinetic risk profile is a genuinely valuable framing. Documenting the discarded multi-LLM approach and the candid limitations section are both real strengths. My greatest challenge was in reviewing the data and empirical claims when most of the evidence was withheld due to hazard and safety risks. The presentation compounds this in places such as the readiness indices are labelled a "conceptual model" in the figure but described as proof in the text, so tightening where modelled estimates are spoken of as findings would sharpen the whole paper. The highest-value fix is to make some of the data inspectable: even a small sanitized slice, a handful of example prompts, and the contingency table behind the McNemar's test. If the info-hazard designation does not allow this then reframe the numbers as a demonstration on a closed set rather than established findings, and lead with the framework, which is strong on its own
The technical research is innovative and robust with interesting and immediately implementable findings. They recommend an immediately useful and implementable solution for deployment-side defense in under-resourced, middle-power states. Their approach is two-fold: a macro-level Institutional Readiness Scorecard evaluating a middle power’s structural capacity to deploy an AI Safety Institute focused on localized, low-compute solutions; and a compliance tool to audit edge model deployments. The tool utilizes an open-source evaluation toolkit and a multilingual safety classifier to audit model responses and jailbreaks. It uses a past project, the “BioExport Navigator: A Decision-Support Tool for U.S.- China AI-Biosecurity Trade Compliance” as a case study. It clearly defines three potential catastrophic risks of AI in select West and Central Asian countries, and three distinct threat models or potential failure points relevant for the region. It also showcases institutional capacity for three specific countries. The limitations section provides a clear overview of pathways for potential pathways to strengthen the research post-hackathon.
The “Negative Results: What Did Not Work” section provided valuable evidence to support the authors argument that model response failure rates and safety breakdowns were more frequent in local languages and when referencing export control countries.
The most impactful and data-driven central arguments/thesis/key findings are buried. They need to be summarized and presented upfront in an executive summary:
• “The massive 46.3% accuracy gap in multilingual jailbreak detection proves that frontier cloud models experience severe alignment decay outside Western and East Asian language streams”
• “the West-Central Asian corridor is exposed to unmonitored dual-use proliferation”
• “Our empirical findings demonstrate that replacing fragile, cloud-dependent multi-LLM consensus with deterministic, local open-source evaluators (Promptfoo and PolyGuard) eliminates a 14.5% API call failure rate, accelerates evaluation speeds by 14x, and restores multilingual jailbreak detection accuracy in regional scripts like Urdu and Pashto by +46.3% (p < 0.0001). By housing our peerreviewed, expanded BioExport Navigator Compliance Sandbox (Module 1) within a structured national safety organ, under-resourced states can protect their digital borders from automated biosecurity exploits, malicious edge fine-tuning, and cross-border alignment drift”
• “By automatically treating regional West Asian scripts and geographic 16 location nodes as inherently high-risk anomalies, current state-of-the-art architectures enforce a form of digital algorithmic colonialism that erases under-resourced middle powers from the safety ecosystem. This empirical double-failure confirms that West-Central Asian nations cannot outsource safety verification to Western or East Asian cloud APIs, underscoring the urgent national security mandate to deploy self-hosted, deterministic, and open-source evaluation sandboxes (Promptfoo/PolyGuard) running entirely on air-gapped local edge hardware.”
I wish the paper included actionable recommendations for policymakers to implement the sandbox approach, maybe in a separate recommendations section. I’m unclear how incorporating this compliance sandbox into national organs actually prevents the use of open-weight models for risky use cases in terms of enforcement? In the case of jailbreaks, who is responsible for auditing deployments, catching violations, and reporting them to developers to patch? Would the govt be responsible for identifying jailbreaks and reporting to the model developers to patch? Or are the authors proposing a mandatory compliance certification that forces developers to natively incorporate multilingual support before entering the local market?
The paper seems to rely heavily on LLM generated writing. It provides lots of useful details and insights, but is overly “wordy” and lacks concise clarity and structure that enhances readability.
Figures 2-5 are overly dense and text-heavy for data visualization. They try to communicate too much information simultaneously, making them ineffective as communication tools.
Cite this work
@misc {
title={
(HckPrj) WEST-CENTRAL ASIA AI SAFETY INSTITUTE (AISI) BLUEPRINT: A Socio-Technical Feasibility Framework and Deployment Compliance Sandbox
},
author={
Ammara Durrani
},
date={
},
organization={Apart Research},
note={Research submission to the research sprint hosted by Apart.},
howpublished={https://apartresearch.com}
}


