Microsoft, Google, and xAI just handed the keys to the castle to the U.S. government. They call it "security testing." They call it "voluntary commitments." I call it a desperate bid for regulatory capture masquerading as national service.
The headlines suggest we are safer because a handful of bureaucrats at the AI Safety Institute (AISI) get to poke at GPT-5 or Grok-3 before the public does. This is a hallucination. In reality, these "pre-deployment" screenings are the digital equivalent of taking your shoes off at the airport. It creates the illusion of safety while the real threats move through the side doors.
The Myth of the Pre-Deployment Patch
The tech giants want you to believe that a model is a static object—like a bridge or a toaster—that can be "inspected" for flaws. This is a fundamental misunderstanding of how large language models (LLMs) operate.
An LLM is not a fixed piece of software; it is a probability engine. Its risks are emergent, not hard-coded. You cannot "find" a security flaw in a model the way you find a bug in a line of C++. Risks like prompt injection, jailbreaking, and social engineering are functions of the interaction between the user and the model.
Testing a model in a vacuum, before it hits the messy reality of millions of adversarial users, is a fool’s errand. I have watched engineering teams spend six months red-teaming a model only to have a teenager on Discord break the safety filters in twelve seconds using a "Grandmother" persona.
The AISI is Not Ready for This Fight
Let’s be honest about the power dynamic. The AI Safety Institute is a fledgling body trying to audit the most complex technology in human history. They are outgunned.
Google and Microsoft employ the world’s most expensive researchers. Do we really believe a government agency, hamstrung by federal pay scales and glacial procurement cycles, will find the "dangerous capabilities" that the developers somehow missed?
- Logic Check: If the developers found a risk, they’d fix it to avoid a PR nightmare.
- The Reality: If they didn't find it, the government is even less likely to catch it.
This isn't oversight. It's a rubber stamp. By giving the government early access, these companies get a "Safety Approved" sticker they can use to deflect liability when something inevitably goes wrong. It's a clever legal shield, not a security protocol.
Regulatory Capture in Real Time
Why would xAI, a company built on the brand of "maximum truth" and anti-censorship, agree to this? Because they know the game.
If you make the barrier to entry for AI "pre-deployment testing by the federal government," you effectively kill the competition. Small startups and open-source projects cannot afford to wait six months for a government sign-off. They don't have the legal teams to navigate the AISI’s red tape.
By "volunteering" for these checks, the Big Three are pulling up the ladder behind them. They are turning a fast-moving technological frontier into a slow-moving utility, where only the giants with deep pockets can play. This isn't about protecting the public from "existential risk"; it's about protecting the incumbents from the next brilliant kid in a garage.
The Data Privacy Trap
We need to talk about what "access" actually means. When the government gets access to these models for testing, what are they testing them with?
To stress-test a model for national security risks—like its ability to help design a biological weapon or execute a massive cyberattack—the testers must use sensitive, often classified data. We are now creating a pipeline where private companies and government agencies are swapping high-level weights and sensitive prompts in an environment that is itself a massive target for foreign intelligence.
Imagine a scenario where the AISI's testing environment is compromised. Instead of one company's model being leaked, you have a centralized repository of the world’s most powerful AI systems, all sitting in a government-managed honeypot. We are centralizing risk in the name of safety.
What Real Security Testing Looks Like
If we actually cared about security, we wouldn't be doing "voluntary commitments" behind closed doors. We would be doing the opposite.
- Mandatory Bug Bounties: Force companies to put up millions in escrow for anyone who can prove a model has a specific, repeatable dangerous capability.
- External, Decentralized Audits: Instead of one government agency, allow accredited third-party labs to compete for the best "attack" methodologies.
- Liability, Not Permission: Instead of asking for permission to launch, companies should be legally liable for the outputs and outcomes of their models. If your AI helps a bad actor take down a power grid, you pay for the power grid. That is a much stronger incentive than a polite chat with a bureaucrat.
The Wrong Question
The public keeps asking, "Is the government checking these models?"
The better question is, "Why are we pretending the government can check these models?"
We are witnessing the birth of a new priesthood. The high priests of AI (the CEOs) and the high priests of the State (the regulators) are coming together to tell us that they have the situation under control. They are using the language of "safety" to consolidate power.
The truth is that we are in an era of permissionless innovation that has outpaced our ability to regulate it through traditional means. Trying to apply 20th-century oversight to 21st-century intelligence is like trying to catch a neutrino with a butterfly net.
The Open Source Counter-Argument
The "security" excuse is consistently used to attack open-source AI. The argument goes: "If we release the weights, the terrorists win."
But as I’ve seen in decades of cybersecurity, "security through obscurity" is a lie. Open-source models like Llama or Mistral allow for thousands of independent researchers to find vulnerabilities and build defenses. Closing off the models to everyone except a few "trusted" government officials doesn't make the models safer; it just makes the flaws harder to find for the good guys.
By handing the government "early access," Microsoft and Google are signaling that they want a closed ecosystem. They want a world where AI is a guarded secret, controlled by a small group of elites.
If you think a government agency is going to be the thin line between us and "AI doom," you haven't been paying attention to how the government handles basic cybersecurity. These are the people who let the OPM hack happen. These are the people who still use COBOL for critical infrastructure.
Stop looking for a "safety" stamp from Washington. It’s a placebo.
Real security is found in transparency, decentralization, and the hard, ugly work of adversarial testing in the real world. Anything else is just a press release designed to keep the stock price high and the competition low.
The deals between the AI giants and the AISI aren't the beginning of AI safety. They are the beginning of the AI cartel.
