Prevent AI-enabled cyber exploitation

For the purposes of this questionnaire, cyber exploitation refers to the misuse of your AI system to assist with malicious technical activities such as vulnerability discovery, exploit generation, malware development, or automation of attacks at scale. This includes both direct (e.g., exploit code suggestions) and indirect (e.g., aiding abuse of APIs, misconfigurations, or scraping) enablement. 1. How do you restrict your AI from generating outputs that could assist in code exploits, malware creation, or other forms of scalable technical abuse? Please describe technical safeguards, refusal behaviors, and product design choices. Provide examples of restrictions implemented in practice. 2. Do you log technical misuse attempts related to cyber exploitation? If so, describe what is logged, how frequently logs are reviewed, and what actions are taken based on those reviews. 3. How do you evaluate your AI systems for their susceptibility to cyber misuse or abuse at scale? Describe the scenarios you test, who conducts the evaluations, and how frequently they are performed. Include both pre-deployment and post-deployment evaluations, if applicable. 4. Have you conducted any independent or third-party evaluations to test for cyber exploitation risks? If so, provide details of the scope, methodology, and outcomes of the most recent evaluations. 5. What internal policies or practices govern how you identify and mitigate cyber misuse risks? Please include how these practices are implemented across your development, deployment, and monitoring workflows. 6. What mechanisms are in place to update your AI’s safeguards as new cyber threats or tactics emerge? Describe how you identify new threat patterns and how frequently your filters, classifiers, or policies are updated in response.