The Profile and complementary resources provide safety and security guidelines for developers of large-scale, state-of-the-art AI systems.
A team of researchers affiliated with the Center for Long-Term Cybersecurity’s AI Security Initiative has published the second annual update to the General-Purpose AI Risk-Management Standards Profile (Version 1.2), a resource to help identify and mitigate the risks and potential harmful impacts of general-purpose AI (GPAI) models.
The Profile Version 1.2 is aimed primarily at developers of large-scale, state-of-the-art AI systems that “can provide many beneficial capabilities but also risks of adverse events with profound consequences,” the authors explain in the report’s abstract. “This document provides risk-management practices or controls for identifying, analyzing, and mitigating risks of GPAI models.”
Profile V1.2, released today, follows V1.0 and V1.1, as well as two earlier draft versions that were made publicly available for additional feedback.
The Profile V1.2 update was developed by Nada Madkour, Jessica Newman, Deepika Raman, Krystal Jackson, Evan Murphy, Charlotte Yuan, and Dan Hendrycks. The Profile was further informed by feedback from more than 150 stakeholders through a series of consultations and workshops held between May 2023 and January 2026.
Profile V1.2 is part of a growing body of resources intended to identify and mitigate the risks of AI systems, which introduce novel privacy, security, and equity concerns and can be used for a range of malicious purposes. Large-scale, cutting-edge GPAI models have the potential to behave unpredictably, manipulate or deceive humans in harmful ways, or lead to severe or catastrophic consequences. Profile V1.2 aims to ensure that developers of such systems take appropriate measures to anticipate and plan for a wide range of potential harms, from racial bias and environmental harms to destruction of critical infrastructure and degradation of democratic institutions.
Profile V1.2 is tailored to complement other AI risk-management standards, such as the NIST AI Risk Management Framework (AI RMF), developed by the National Institute of Standards and Technology (NIST), and ISO/IEC 23894, developed by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC).
Profile V1.2 provides guidelines for GPAI model developers based on “core functions” defined in the NIST AI RMF: “Govern,” for AI risk management process policies, roles, and responsibilities; “Map,” for identifying AI risks in context; “Measure,” for rating AI trustworthiness characteristics; and “Manage,” for decisions on prioritizing, avoiding, mitigating, or accepting AI risks.
Complementary Resources
In addition to the Profile V1.2, the researchers have developed a set of complementary resources intended to help make the Profile more usable. These include:
- Quick Guide: An Introductory Resource for the General-Purpose AI Risk-Management Standards Profile V1.2: A short introductory resource designed to complement the full profile. The Quick Guide was developed to be a condensed version of the full Profile, and includes the highest-priority risk-management steps and priority guidance in condensed form.
- Evaluation of Frontier AI Company Practices Using the General-Purpose AI Risk-Management Standards Profile V1.2: Formerly called the “Retrospective Test Use of the AI Risk-Management Standards Profile for General-Purpose AI Models,” this resource evaluates the risk-management practices of four frontier AI companies (Anthropic, OpenAI, Google, and Meta), using the GPAI Profile V1.2. Based on publicly available information, the researchers assess how well each company’s practices align with high-priority risk-management guidance and provide actionable recommendations for improvement.
- Mapping Key Standards and Regulations to the General-Purpose AI Risk-Management Standards Profile V1.2: This resource indicates how guidance in the GPAI Profile relates to clauses in key standards and regulations (e.g., the EU AI Act or ISO42001), making it easier to understand how these efforts relate to each other and to risk-management processes for general-purpose AI broadly.
- Transparency, Documentation, and Reporting Recommendations for General-Purpose AI Risk Management: This resource provides transparency recommendations in alignment with the GPAI Profile by providing a “crosswalk” between leading AI transparency governance resources. It also includes “additional recommendations” sections following the crosswalks that include guidance from other priority resources.
AISI researchers have also developed the Agentic AI Risk-Management Standards Profile, which complements the GPAI Profile and provides an overview of practices and controls for identifying, analyzing, and mitigating risks specific to agentic AI.
A Resource for Developers of GPAI and Foundation Models
The guidance is in Profile V1.2 is primarily intended for developers of large-scale GPAI models such as GPT-5, Claude Opus 4.5, Gemini 3 Pro, and Llama 4, among others, as well as “frontier models,” i.e., cutting-edge, state-of-the-art, or highly capable GPAI models. While sector-specific guidance is valuable for downstream developers of end-use applications, this approach does not consistently provide guidance for upstream developers of general-purpose AI. Such AI systems can have many uses, and upstream developers are often in a better position than downstream developers to identify emergent risks.
“This document can provide GPAI model deployers, evaluators, and regulators with information useful for evaluating the extent to which developers of GPAI models have followed relevant best practices,” the authors write. “Widespread norms for using best practices such as those detailed in this Profile can help ensure developers of GPAI models can be competitive without compromising on practices for AI safety, security, accountability, and related issues.”
Visit this page for more information.
The PDFs linked through this page are archived. They are kept only for reference purposes, and may not meet accessibility standards. If you need this content in a different format, please email cltc@berkeley.edu.
