Introducing The Attack Surface
A newsletter from the Frontier Security team at the Institute for AI Policy and Strategy (IAPS)
Welcome to The Attack Surface. Here, we’ll write about the security challenges created by the most powerful AI systems and what policymakers, developers, and defenders can do about them.
Who Are We?
This newsletter is written by researchers on the Frontier Security team at the Institute for AI Policy and Strategy (IAPS), a nonpartisan think tank focused on securing a positive future in a world with powerful AI1. We’ve published research on:
AI and cybersecurity, including reports on autonomous cyber-capable AI agents and how to structure access to cyber-capable AI models to advantage defenders.
AI in military and defense settings, including work on AI in military decision-making and forecasting the U.S. government’s potential role in advanced AI development.
Preparedness and visibility into frontier AI risks, including work on managing and reporting risks from developers’ internal AI systems, and building talent surge capacity in response to AI crises.
This newsletter is where we think out loud. Some posts will be quick reactions to breaking developments. Some will be arguments we’re still stress-testing. When we’re confident, we’ll say so. When we’re speculating, we’ll say that too.
Why This Newsletter Exists
Our goal is to dig into what happens when the most powerful AI systems meet the highest-stakes environments.
This question is no longer academic. In April 2026, Anthropic reported that its Mythos Preview model had autonomously discovered thousands of previously unknown vulnerabilities across every major operating system and web browser. How do we adjust to a world where cyber defense and offense move towards full automation of machine speed and scale?
Meanwhile, AI is already shaping decisions in active military operations. Palantir’s Maven Smart System, integrated with frontier AI models, has been used to generate and prioritize targets across thousands of U.S. strikes in Iran. The questions this raises about oversight, reliability, and failure modes in high-stakes military settings are urgent and largely unanswered.
And in a development that has received less public attention, AI companies are beginning to use AI to accelerate AI research itself. In a recent study, 20 of 25 leading AI researchers from major AI companies and universities identified the automation of AI R&D as one of the most severe and urgent risks in the field. If AI systems can meaningfully accelerate their own improvement, the pace of everything else we’ve mentioned gets faster.
AI has immense promise, but these and other challenges are far too substantial to ignore. To strive for a bright AI future, we need to shrink the attack surface. If the AI security challenge matters to you, you’re in the right place.
Though the opinions expressed in this newsletter are solely the authors’ own and not indicative of any institutional stance of IAPS. Our contributing authors may also have differing views—and diversity of opinion is something we cherish—so there is a possibility of conflicting posts or ideas.