Let’s begin by taking a closer look at the report itself. The International AI Safety Report, published in early 2026, is a coordinated, science-based assessment of emerging risks in AI. It draws on input from over 100 international experts and is the second edition, following the first published in 2025.
The 2026 report highlights how rapidly general-purpose AI systems have advanced during the year, now matching experts in complex domains and becoming embedded in daily work for hundreds of millions of people worldwide. The report underscores a central tension for policymakers: while AI brings transformative benefits across industries, the same capabilities introduce new and evolving security risks, from misuse to systemic disruptions in high-stakes settings and maps current evidence, identifies gaps, and frames priorities for responsible governance as AI capabilities continue to accelerate.
Our goal was to review the risks mentioned in the report, focusing mainly on the recommendations for mitigating or avoiding them, which is vital for high-stakes industries and general commercial activities. What follows is a section-by-section review of the report’s main AI security risk areas, taking an honest look at where the suggested mitigations work and where they fall short.
Malicious use risks: are current mitigations keeping pace?
AI-generated content
The report’s risk section starts with risks from malicious use, focusing first on AI-generated content and its criminal applications: deepfakes, synthetic media, and disinformation.
The headline mitigation is watermarking tools like Google DeepMind's SynthID, which embed invisible signals into AI-generated images, audio, video, and text.
In theory, this may help if any final endpoints or services will check such signals and only after this distribute. But in reality, the goal of most media services is far from such monitoring, especially if generated content can enrich the portfolio or improve the engagement.
There's a deeper issue: labels or steganography artifacts can be decoded and removed, or the generated information can be retransformed; labelling and encoding methods can’t be invariant to all possible changes/encodings. Meanwhile, generation quality is advancing at a pace that detection simply cannot match. For example, take a look at the quality of Seedance 2.0-generated video 1 or video 2.
At the current state of the art, the deepfake detection problem isn't fully solved and may not be solved, because the gap between generation improvement and detection/prevention capability keeps widening.
For businesses and security teams, the takeaway is clear: don’t rely only on detection to ensure content authenticity. Instead, focus on tracking content origins, using verified publishing processes, and managing content internally. Authenticating content at its source remains the most effective AI security control.
Influence and manipulation
The report then discusses the harms and biased information caused by AI manipulation, which can affect individuals or even undermine trust in AI technologies. Sometimes, the risk comes directly from AI agents themselves. One example of that happening was an AI agent that autonomously wrote and published a hit piece targeting the maintainer of matplotlib (Python visualisation framework) after he rejected its code.
The suggested solutions are to train AI models to avoid manipulative outputs and to improve AI literacy. Both are valid, but neither alone is enough.
As mentioned, it’s hard to define a true ground truth. The line between non-manipulative and neutral content is very narrow, which is why there will always be a risk of even partial bias. This bias can be increased through various prompt engineering techniques without injections or jailbreaking.
Improving AI literacy is generally a great recommendation, which may help to avoid most of the mentioned risks.
But it’s not without its challenges, especially related to people’s education or specialisation, and AI adoption level (usage inside some society groups or commercial usage).
The enterprise implication: employees who work with AI tools and their outputs, whether dealing with customers or internally, need solid critical evaluation skills, not just an acceptable use policy. This is an essential investment, not something optional.
Cyberattacks and biological and chemical risks
The next risks highlighted in the reports, such as cyberattacks and biological or chemical threats, can be grouped together when considering potential misuse and possible mitigation strategies.
The mitigation here mostly involves monitoring (i/o verification), preventing malicious requests to AI systems, or filtering the requests for specific synthesis topics/DNA databanks.
In most cases, such verification and refusal can help, but the reality is that currently on the market, there are some branches of local AI models or models that have lower guardrail thresholds. These can create deepfakes, harmful content, even when hosted or presented on a cloud provider’s space.
The key point is that your approved AI model list is an AI security choice, not just vendor management. There is a big and growing difference between what a leading model from a major provider will refuse to do and what an open-license alternative will readily support.
Malfunction risks: what the report proposes and where gaps remain
Reliability challenges
The next section on risks focuses on malfunctions, starting with reliability challenges. The basic issue is well known: AI systems sometimes hallucinate, cite nonexistent sources, and present incorrect information with complete confidence. The more complex problem arises in multi-agent AI systems, where information is decomposed or split up. In these cases, unverified information or results are passed between agents without any verification or a human in the loop, which leads to risk creep.
A recent example, though not directly related to the reliability issues mentioned, but connected to the human attitude and errors (no code verification): a misconfigured Claude-based agent calculated cryptocurrency value incorrectly by using only the ETH rate instead of multiplying it by ETH’s dollar value. This mistake caused a huge pricing error, $1.12 instead of $2,200, and resulted in a $1.78 million loss.
Proposed mitigation is to use RAG or its typical approach, which shows links to the retrieved candidates/information (beyond monitoring/verification). There is another perspective of such mitigation, which we have faced many times, when evidence is provided-often via random links to arXiv preprints, hidden Medium articles, or blogs. These sources usually include partial summaries, opinions, or truncated excerpts that mix facts with interpretations, making verification tough without the full report. Users face hallucinations or irrelevant details under links, like outdated 2025 versions, direct PDF access can fail, and summaries vary in depth, requiring cross-checking multiple sources for accuracy.
Answer this question: if you receive some links in the LLM completion, especially while using reasoners with the web search, how often do you check or compare the LLM-based, summarised or transformed information with the information in the origin?
For enterprise use, the lesson is clear. Human-in-the-loop verification is not just extra bureaucracy; it’s a necessary safety measure. Security teams should establish clear checkpoints before important outputs move on to AI systems.
Loss of control
Loss of control is another common AI security issue, especially in long-term autonomous agent processes, which are not yet feasible. We often see this in coding assistance or within chains of fully autonomous assistants or agents. Sometimes it happens even shorter, as shown by the satirical but clear example here.
A recent example involves Clawdbot, a local AI assistant that kept deleting emails until it was unplugged from the network. This is concerning on its own, but what should worry enterprise leaders even more is that it happened while a Safety and Alignment Specialist was involved. If those tasked with preventing loss of control in AI systems are experiencing failures, what does that mean for less experienced users?
The mitigation recommendations here focus on detecting/forcing alignment across training and usage (anomaly monitoring). But the problem here remains the same: difficulties with the right datasets and long/complicated process flows, additional monitoring through usage (besides common guardrails, i/o verifications, agent evaluations) brings additional computing budget and is not always 100% correct.
Systemic risks: mitigations that depend on more than technology
Labour market impacts
Shifting focus from technical to socioeconomic risks, the next section of the report looks at labour market impacts.
This topic is very important today and has many viewpoints. Some are optimistic, believing AI tools and components can increase productivity and reduce human errors. Others are pessimistic, pointing out that verifying AI-prepared results takes more time and effort than the classical human-based process, and believe it influences the layoffs and brings the next recession grand/supercycle.
Obvious mitigation lies within the time and AI adoption, which may also help workers and policymakers prepare for and respond to labour market impacts. Here, the problem is the same as mentioned previously: the AI adoption process is not so smooth, especially from the workforce reduction perspective.
The honest truth for enterprise leaders is that the results depend a lot on how AI adoption is managed. Simply expecting "AI will handle the transition" is not a workforce strategy.
Human autonomy
The risks to human autonomy described in the report, erosion of critical thinking, oversupport from AI assistants, and emotional dependence on chatbots, can sound abstract compared to the financial and technical security risks above. They shouldn't.
Here, we find the idea of designing AI systems that require users to adapt to different tasks and hence remain cognitively engaged is very interesting, even when considering risks related to autonomy and literacy. This will also influence the GenAI-based automation efficiency (additional steps where users are artificially involved).
Challenges, risk management, and technical safeguards
Highlighted in the report are challenges such as gaps in scientific understanding, information asymmetries (AI developers often do not disclose information about training data), market failures (competition intensifies speed-versus-safety trade-offs), institutional design and coordination challenges (AI development outpaces traditional governance cycles), etc. Such challenges have a minor influence on agentic AI in commercial and B2C segments, but are still important to understand general challenges (from this perspective, there is no difference in which AI provider to choose and no efficient mitigation on the retail level).
Industry risk frameworks overview
In the risk management section of the Second International AI Safety Report is a list of frameworks related to different AI (mostly LLMs) development companies, which are worth mentioning:
Related Insights
The breadth of knowledge and understanding that ELEKS has within its walls allows us to leverage that expertise to make superior deliverables for our customers. When you work with ELEKS, you are working with the top 1% of the aptitude and engineering excellence of the whole country.
Right from the start, we really liked ELEKS’ commitment and engagement. They came to us with their best people to try to understand our context, our business idea, and developed the first prototype with us. They were very professional and very customer oriented. I think, without ELEKS it probably would not have been possible to have such a successful product in such a short period of time.
ELEKS has been involved in the development of a number of our consumer-facing websites and mobile applications that allow our customers to easily track their shipments, get the information they need as well as stay in touch with us. We’ve appreciated the level of ELEKS’ expertise, responsiveness and attention to details.
