The threat modeling framework, IC methodology application, and capability-catastrophe argument reflect my own research agenda. I directed the research and endorse all arguments.I used AI to assist in writing this post, and it's likely that >30% is AI-generated text.

This is part one of a two-part series. Part two — on compute governance architecture — is published here: https://forum.effectivealtruism.org/posts/LLR4G4EXDcao4WYFB/beyond-the-threshold-designing-compute-governance-that

Originally published at: https://taha-research-platform.vercel.app/governance/from-benchmark-to-threat-model

The current policy response to advanced AI risk exhibits an almost textbook analytic failure in real time. This essay attempts to provide the conceptual architecture that is missing.

I. The Misconfiguration Problem

The intelligence community has a concept called a warning failure a situation where adequate signals existed but were not integrated into a coherent threat assessment before catastrophe arrived. Pearl Harbor. 9/11. In both cases, the problem was not missing data. It was the absence of a framework for synthesizing tactical signals into strategic warning.

We are currently in the early stages of an AI warning failure. The tactical signals exist. SWE-Bench Verified has been crossed at 93.9%. SWE-Bench Pro — the contamination-resistant, complexity-hardened successor sits at 23% for the best available models, marking the leading edge of the autonomous capability frontier. Epoch AI's quality-adjusted AI output metrics suggest growth exceeding 2,000% annually. Yet policymakers have not produced a unified threat model that connects these capability signals to catastrophic risk windows.

1. Why Benchmarks Are Warning Signals, Not Engineering Metrics

The prevailing treatment of AI benchmarks in policy circles is fundamentally mistaken. Benchmarks are discussed as engineering scorecards measures of product improvement useful to developers and perhaps to procurement officers. This framing misses their strategic function. A capability benchmark is an observable, measurable proxy for an underlying capability that cannot be directly observed. SWE-Bench Pro does not measure AI progress in the abstract. It measures a specific, strategically relevant capability: the ability of an autonomous agent to identify, reason about, and resolve complex software engineering problems without human guidance.


This capability matters catastrophically for one reason: software is the substrate of AI development itself. An agent that can autonomously resolve 90% of real-world software engineering tasks at human-expert level is an agent that can, in principle, contribute to its own improvement. Not through fictional hard takeoff scenarios, but through the mundane, cumulative process of finding optimizations  architectural tweaks, training procedure improvements, inference efficiency gains that collectively compress the timeline to more capable systems.

2. Applying Intelligence Community Methodology to Capability Assessment

The intelligence community developed structured analytic techniques specifically to prevent the cognitive failures that produce warning disasters. Three of these techniques are directly applicable to AI capability assessment.

Capability-anchored threat modeling. Traditional threat assessment balances capability against intent. This framework fails for AI systems because intent is fundamentally ambiguous AI systems exhibit what researchers have called fluid agency, where behavioral dispositions are stochastic, context-dependent, and in some cases deceptive. The Anthropic sleeper agents paper demonstrated empirically that models can maintain hidden behavioral dispositions that persist through safety training and activate under specific deployment conditions. When intent is unmappable, IC methodology is clear: threat assessment must anchor on capability signals alone.

Red team analysis of capability trajectories. Red teaming requires analysts to adopt the adversary's perspective and stress-test the most dangerous plausible outcomes. For AI capability assessment, this means asking: if the SWE-Bench Pro trajectory extrapolates at current rates, what is the distribution of dates at which autonomous AI-assisted AI research constitutes a majority of frontier AI research output? The honest answer is that this distribution has non-negligible probability mass in the 2027–2030 window. Red team discipline requires treating that probability mass seriously regardless of how uncomfortable it is to acknowledge.

Structured analytic techniques against mind-set failure. The prevailing cognitive mind-set in AI policy assumes that AI progress will remain legible, gradual, and subject to meaningful oversight at each increment. This mind-set is the AI equivalent of the pre-9/11 assumption that non-state actors could not orchestrate sophisticated coordinated attacks on domestic soil. SAT methodology requires explicitly surfacing and challenging this embedded assumption before it produces a warning failure.

3. The Warning Failure That Is Already Unfolding

In 1941, the tactical intelligence was present. Naval signals, diplomatic intercepts, behavioral indicators from Japanese fleet movements. The failure was institutional: different agencies held different fragments of the picture and had no mechanism to synthesize them into a coherent warning. Today, the tactical intelligence is present. SWE-Bench trajectories, compute scaling data, Epoch AI capability forecasts, METR productivity reversal findings, the sleeper agents empirical results, Apollo Research alignment faking findings. These signals are distributed across AI safety research, economic productivity studies, and capability evaluation institutions that largely do not communicate in the language of strategic threat assessment.

The assumption filtering out the incoming signal is this: that the distance between current AI capabilities and catastrophically dangerous AI capabilities is large enough that existing oversight mechanisms will have time to adapt. This assumption has not been empirically established. It is an artifact of the cognitive difficulty of imagining capability acceleration. It is exactly the type of embedded mind-set that structured analytic techniques exist to surface and challenge.

4. Compute as the Strategic Chokepoint
 

Grand strategy requires identifying the most effective points of leverage for a given threat environment. In the nuclear era, the chokepoint was enriched fissile material. The entire architecture of nonproliferation the NPT, IAEA inspections, export controls on centrifuge technology was built around controlling access to that specific input. The equivalent chokepoint for AI capability is advanced semiconductor fabrication. The analogy is structurally precise. Frontier AI training requires advanced logic chips that can only be fabricated by a small number of facilities using equipment produced by a small number of firms primarily ASML, Applied Materials, and Lam Research, all in US-allied jurisdictions.

The current US export control regime represents a first-order implementation of this strategy. Its weakness demonstrated by the DeepSeek result is that algorithmic efficiency improvements can partially substitute for hardware scale, making fixed compute thresholds insufficient as a sole control mechanism. A grand strategy informed by IC methodology would combine compute governance with systematic capability monitoring and investment in interpretability and evaluation infrastructure sufficient to verify safety properties of systems that reach designated capability thresholds, regardless of the compute path that produced them.

5. The Grand Strategy That Is Missing

George Kennan's 1946 Long Telegram did not attempt to predict the specific date or mechanism of Soviet military action. It analyzed the structural realities driving Soviet behavior and derived a strategic posture capable of managing the threat across a wide range of possible futures. The United States does not currently have a Long Telegram for AI. What exists instead is a collection of reactive policy instruments  executive orders, compute export controls, safety institute mandates  that respond to specific near-term manifestations of AI risk without a coherent structural framework connecting them to a long-horizon threat assessment.

A grand strategy for AI would have three structural components. First, a capability monitoring architecture that treats benchmark trajectories as strategic intelligence products, produced by institutions with the analytical independence and methodological rigor of the intelligence community. Second, a threshold-triggered escalation framework that pre-specifies the governance responses to specific capability milestones, rather than designing responses ad hoc after capabilities have already been deployed. Third, international coordination structured around the compute chokepoint  a regime coordinating export controls, capability monitoring standards, and incident reporting across US-allied semiconductor supply chain participants.

6. The Asymmetry That Makes Urgency Rational

If the capability catastrophe link is weaker than this essay argues, the cost of building the monitoring and governance infrastructure described here is modest. Evaluation institutions, threshold frameworks, and international coordination mechanisms are valuable even in scenarios where catastrophic risk does not materialize. If the capability catastrophe link is stronger than most policymakers assume, the cost of not building this infrastructure is catastrophic and potentially irreversible. This asymmetry is not a rhetorical device. It is the same asymmetry that made Kennan's containment doctrine rational under uncertainty about Soviet intentions. You do not need high confidence in the worst-case scenario to justify a strategic posture designed to manage it.

The benchmark trajectories visible today are more than sufficient to justify the grand strategy investment this essay describes. The governance window is open. The compute chokepoint is real and actionable. The grand strategy framework exists in historical precedent. What is missing is the institutional willingness to treat this as a strategic problem requiring strategic analysis, rather than a technical problem awaiting a technical solution. The Long Telegram for AI needs to be written. The benchmark data to write it from already exists.