A team of researchers affiliated with the Center for Long-Term Cybersecurity’s AI Security Initiative has published the second annual update to the General-Purpose AI Risk-Management Standards Profile (Version 1.2), a resource to help identify and mitigate the risks and potential harmful impacts of general-purpose AI (GPAI) models.
The Profile Version 1.2 (Profile V1.2) is aimed primarily at developers of large-scale, state-of-the-art AI systems that “can provide many beneficial capabilities but also risks of adverse events with profound consequences,” the authors explain in the report’s abstract. “This document provides risk-management practices or controls for identifying, analyzing, and mitigating risks of GPAI models.”
Profile V1.2, released today, follows V1.0 and V1.1, as well as two earlier draft versions that were made publicly available for additional feedback.
The Profile V1.2 update was developed by Nada Madkour, Jessica Newman, Deepika Raman, Krystal Jackson, Evan Murphy, Charlotte Yuan, and Dan Hendrycks. The Profile was further informed by feedback from more than 150 stakeholders through a series of consultations and workshops held between May 2023 and January 2026.
Profile V1.2 is part of a growing body of resources intended to identify and mitigate the risks of AI systems, which introduce novel privacy, security, and equity concerns and can be used for a range of malicious purposes. Large-scale, cutting-edge GPAI models have the potential to behave unpredictably, manipulate or deceive humans in harmful ways, or lead to severe or catastrophic consequences. Profile V1.2 aims to ensure that developers of such systems take appropriate measures to anticipate and plan for a wide range of potential harms, from racial bias and environmental harms to destruction of critical infrastructure and degradation of democratic institutions.
Profile V1.2 is tailored to complement other AI risk-management standards, such as the NIST AI Risk Management Framework (AI RMF), developed by the National Institute of Standards and Technology (NIST), and ISO/IEC 23894, developed by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC).
Profile V1.2 provides guidelines for GPAI model developers based on “core functions” defined in the NIST AI RMF: “Govern,” for AI risk management process policies, roles, and responsibilities; “Map,” for identifying AI risks in context; “Measure,” for rating AI trustworthiness characteristics; and “Manage,” for decisions on prioritizing, avoiding, mitigating, or accepting AI risks.
Complementary Resources
In addition to the Profile V1.2, the researchers have developed a set of complementary resources intended to help make the Profile more usable. These include:
- Quick Guide: An Introductory Resource for the General-Purpose AI Risk-Management Standards Profile V1.2: A short introductory resource designed to complement the full profile. The Quick Guide was developed to be a condensed version of the full Profile, and includes the highest-priority risk-management steps and priority guidance in condensed form.
- Evaluation of Frontier AI Company Practices Using the General-Purpose AI Risk-Management Standards Profile V1.2: Formerly called the “Retrospective Test Use of the AI Risk-Management Standards Profile for General-Purpose AI Models,” this resource evaluates the risk-management practices of four frontier AI companies (Anthropic, OpenAI, Google, and Meta), using the GPAI Profile V1.2. Based on publicly available information, the researchers assess how well each company’s practices align with high-priority risk-management guidance and provide actionable recommendations for improvement.
- Mapping Key Standards and Regulations to the General-Purpose AI Risk-Management Standards Profile V1.2: This resource indicates how guidance in the GPAI Profile relates to clauses in key standards and regulations (e.g., the EU AI Act or ISO42001), making it easier to understand how these efforts relate to each other and to risk-management processes for general-purpose AI broadly.
- Transparency, Documentation, and Reporting Recommendations for General-Purpose AI Risk Management: This resource provides transparency recommendations in alignment with the GPAI Profile by providing a “crosswalk” between leading AI transparency governance resources. It also includes “additional recommendations” sections following the crosswalks that include guidance from other priority resources.
AISI researchers have also developed the Agentic AI Risk-Management Standards Profile, which complements the GPAI Profile and provides an overview of practices and controls for identifying, analyzing, and mitigating risks specific to agentic AI.
A Resource for Developers of GPAI and Foundation Models
The guidance is in Profile V1.2 is primarily intended for developers of large-scale GPAI models such as GPT-5, Claude Opus 4.5, Gemini 3 Pro, and Llama 4, among others, as well as “frontier models,” i.e., cutting-edge, state-of-the-art, or highly capable GPAI models. While sector-specific guidance is valuable for downstream developers of end-use applications, this approach does not consistently provide guidance for upstream developers of general-purpose AI. Such AI systems can have many uses, and upstream developers are often in a better position than downstream developers to identify emergent risks.
“This document can provide GPAI model deployers, evaluators, and regulators with information useful for evaluating the extent to which developers of GPAI models have followed relevant best practices,” the authors write. “Widespread norms for using best practices such as those detailed in this Profile can help ensure developers of GPAI models can be competitive without compromising on practices for AI safety, security, accountability, and related issues.”
Changes between the Version 1.2 Profile and the Version 1.1 Profile include:
- The addition of two high-priority subcategories:
- Govern 5.1: Recognizing the critical role of external feedback, especially third-party evaluations, in robust AI risk management, we included a dedicated sub-category to emphasize the importance of this essential step.
- Manage 4.1: Risk management does not end following a model’s deployment; continuous monitoring is required. Therefore, this update includes the addition of post-deployment monitoring as a high-priority sub-category.
- The addition of Section 2.2.1 on risk taxonomies.
- Terminology and scope refinements throughout this document:
- Most notable is that most instances of “general-purpose AI (GPAI)/foundation models” were changed to “GPAI models” to simplify our terminology.
- Additional, or updated, resources for:
- Establishing and operationalizing risk thresholds (Map 1.5);
- Red-teaming and benchmark capability evaluations (Measure 1.1);
- Transparency and documentation (Govern 1.4, Measure 2.9 and 3.1); and
- Incident response plans (Govern 1.4).
- Added actions and guidance from the EU GPAI Code of Practice (EC 2025a) under several sub-categories.
- Updated resources to their latest versions — e.g., the International AI Safety Report (Bengio et al. 2025) and NIST AI 800-1 2pd (NIST 2025).
- Expansion of AI risks, including new content on:
- Manipulation and deception (Map 5.1);
- Sandbagging during evaluations of hazardous capabilities (Govern 2.1, Map 5.1);
- Situational awareness (Map 5.1);
- Socioeconomic and labor market disruption (Map 5.1); and
- Possible intractability of removing backdoors (Map 5.1, Measure 2.7).
- The Roadmap of Issues to Address in Future Versions of the Profile (Appendix 3) has been updated to include:
- Restructuring the GPAI Profile around a pre-defined risk taxonomy, such as the one proposed in section 2.2.1;
- Developing targeted supplementary guidance for different stakeholders;
- Expanded guidance on internal deployment and AI R&D; and
- Enhanced risk-to-mitigation mapping.
- Updates to the Evaluation of Frontier AI Company Practices Using the General-Purpose AI Risk-Management Standards Profile (formerly Retrospective Test Use of Profile Guidance).
- Testing on new GPAI models (Claude Opus 4.5, GPT-5, Llama 4, and Gemini 3 Pro).
- To facilitate comparison, we included V1.1 testing results alongside current (V1.2) testing results for each model (e.g., Claude, Llama, GPT, and Gemini).
- Updates to the Profile Quick Guide, a short introductory resource designed to complement the full profile.
- Updates to the Mapping of Profile Guidance V1.2 to Key Standards and Regulations document, with added mappings to new regulations (e.g., EU AI Act) and commitments (e.g., the Frontier AI Safety Commitments).
- New supporting documentation:
For more information, email Nada Madkour (nada dot madkour at berkeley dot edu) or Deepika Raman (deepika dot raman at berkeley dot edu).
Download the Profile and Additional Resources
General-Purpose AI Risk-Management Standards Profile (Version 1.2)
Quick Guide: An Introductory Resource for the General-Purpose AI Risk Management Standards Profile V1.2
Evaluation of Frontier AI Company Practices Using the General-Purpose AI Risk-Management Standards Profile V1.2
Mapping Key Standards and Regulations to the AI Risk-Management Standards Profile V1.2
Transparency, Documentation, and Reporting Recommendations for General-Purpose AI Risk Management
Agentic AI Risk-Management Standards Profile
Version History
For version history and comparison, the following are earlier publicly available draft documents:
- AI Risk-Management Standards Profile for General-Purpose AI (GPAI) and Foundation Models (Version 1.1) (January 2025)
- AI Risk-Management Standards Profile for General-Purpose AI Systems (GPAIS) and Foundation Models (version 1.0) (November 2023)
- Second Full Draft (August 28th, 2023, 174 pp, Google Doc format) – or choose PDF format.
- First Full Draft (May 10th, 2023, 128 pp, Google Doc format) – or choose PDF format.
Policy Brief
See a policy brief related to the standards, published on September 27, 2023.
White Paper
See a white paper related to the standards, published on May 17, 2024.
The PDFs linked through this page are archived. They are kept only for reference purposes, and may not meet accessibility standards. If you need this content in a different format, please email cltc@berkeley.edu.
