The Whistleblower Channel Becomes the Safety Valve
Frontier AI governance increasingly depends on whether insiders can move safety knowledge out of private organizations before public institutions learn too late. A real channel is defined by rights, routing, evidence custody, and decision authority, not by a web form.
Inside the Lab
Advanced AI governance has a knowledge-location problem. The earliest evidence of dangerous capability, weak safeguards, internal pressure, evaluation gaps, security failures, or misleading public claims often appears inside the company building or deploying the system. By the time regulators, journalists, customers, users, or courts can see the problem, the decision may already have moved: a model released, a safety framework revised, a system integrated, a contract signed, a capability normalized.
A whistleblower channel is not a suggestion box. It is a protected, documented pathway for current or former workers, contractors, evaluators, security staff, researchers, policy staff, and other insiders to disclose safety-relevant information to someone with authority to investigate or act. In AI, that may mean internal leadership, a board committee, an auditor, a regulator, an attorney general, Congress, or another authorized public body. The channel becomes real only if the reporter can use it without retaliation and if the evidence survives long enough to be reviewed.
For this essay, an AI whistleblower channel has six minimum properties. Covered people know it exists. The scope is clear enough to distinguish safety warnings from ordinary HR disputes. Protected concerns can be reported without waiving lawful external-reporting rights. Evidence is preserved in a form investigators can inspect. Conflicts of interest are routed around when leadership, product pressure, or release incentives are implicated. And unresolved safety concerns can escalate outside the ordinary management chain.
A safety valve is the part of that channel that can change a decision while the warning is still actionable. It is not enough to let a report be received. The channel must be able to trigger evidence hold, independent technical review, release pause, safety-case revision, board notice, regulator contact, user notice, or remediation. Without that power, the channel records pressure rather than releasing it.
It is also not the same thing as a bug bounty, user support queue, ethics hotline, HR grievance process, or incident report, though it should connect to all of them. A bug bounty usually starts outside the firm and asks whether a product can be exploited. An incident report usually starts from a failure or near miss. A whistleblower channel starts from insider knowledge that the institution may be misrepresenting, suppressing, mishandling, or failing to act on a safety-relevant risk.
That makes the whistleblower channel more than an employment-law detail. It becomes a safety valve for model-mediated institutions. It is the path by which private operational knowledge can become accountable knowledge before harm is irreversible or too distributed to reconstruct.
The point is not that every internal disagreement should become a public scandal. Companies need confidentiality for security, user privacy, unreleased products, intellectual property, and ordinary personnel matters. But frontier AI creates a harder category: credible internal concern about systems whose failure modes could affect people outside the company at large scale. The channel should hear both legal violations and technically grounded warnings that do not yet map cleanly onto law, while routing ordinary employment disputes through other processes. If the only people with enough information to understand the risk are contractually, financially, culturally, or professionally discouraged from speaking, oversight becomes dependent on the institution being overseen.
That is the structural issue behind AI whistleblowing. The problem is not only bad managers retaliating against brave employees. It is a governance architecture in which public-risk information is born inside private firms whose incentives include secrecy, speed, valuation, competitive advantage, and narrative control.
Current Context
As of June 19, 2026, AI whistleblower governance has four layers. The first is existing law, such as SEC Rule 21F-17, which prohibits actions that impede direct communication with SEC staff about possible securities-law violations. That protection matters for AI companies whose public claims, investor representations, fundraising materials, public-company disclosures, or employment agreements intersect with securities law. It does not by itself create a general AI-safety whistleblower system, and SEC staff guidance says only the SEC may bring an enforcement action for a Rule 21F-17 violation.
The second layer is new AI-specific law. California's SB 53 is the clearest U.S. state example. The official bill text and Attorney General guidance create a protected path for covered employees responsible for assessing, managing, or addressing critical-safety-incident risk to disclose certain catastrophic-risk concerns or violations of the act to the Attorney General or specified entities. The same law requires large frontier developers to publish frontier AI frameworks, transmit certain catastrophic-risk assessments, report critical safety incidents, and preserve unredacted information behind redactions for five years.
The third layer is regulator-facing AI law outside the United States. The EU AI Act does not create the same kind of internal lab safety valve, but Article 87 applies the EU whistleblower directive to reports of AI Act infringements, Article 85 gives natural and legal persons a complaint route to market-surveillance authorities, and Article 55 requires providers of general-purpose AI models with systemic risk to evaluate models, assess and mitigate systemic risks, report serious incidents, and maintain cybersecurity. That is a compliance and enforcement channel, not a cure for every internal safety dispute.
The fourth layer is voluntary company process. OpenAI published a revised Raising Concerns Policy on January 12, 2026, describing protected disclosures, anonymous Integrity Line access, anti-retaliation commitments, and rights to report to government agencies. Anthropic's Responsible Scaling Policy page, updated May 26, 2026, links its RSP Noncompliance Reporting and Anti-Retaliation Policy and describes updates to reporting channels and external review. These are useful signs of institutionalization. This article treats them as public commitments and process evidence, not proof that the channel works under pressure. Company-controlled channels are not substitutes for independent authority, legal protection, or preserved evidence when the reported concern implicates executive strategy.
The federal picture remains incomplete. Senator Grassley announced the AI Whistleblower Protection Act in May 2025, and the House companion, H.R. 3460, was introduced as a bill to prohibit employment discrimination against whistleblowers reporting AI security vulnerabilities or AI violations. As of this review date, it is not enacted federal law. That gap is why state channels, regulator-specific protections, and company policy still carry so much practical weight.
Why AI Is Different
Whistleblowing is not new. Aviation, finance, medicine, nuclear safety, cybersecurity, defense contracting, and environmental regulation all rely on insiders who can report misconduct, hazards, fraud, or ignored warnings. AI inherits that tradition, but it does not fit it neatly.
First, many AI risks are not yet clean statutory violations. An employee may believe a model's internal deployment creates unacceptable cyber, biological, autonomy, deception, or loss-of-control risk without being able to point to a mature federal rule that has clearly been broken. Classic whistleblower protection often works best when the disclosure concerns illegality, fraud, waste, abuse, or violation of a known rule. Frontier AI can produce the more awkward case: a technically grounded warning about a danger for which law has not caught up.
Second, the relevant evidence is hard to summarize. A concern may depend on evaluation results, model behavior under scaffolding, tool-use traces, internal red-team findings, capability projections, security architecture, model-weight controls, deployment gates, or the gap between public safety claims and private uncertainty. A reporter cannot always explain the risk without disclosing sensitive technical material.
That evidence may also be dual-use. The same logs, prompts, weights-access records, exploit traces, or biological-risk evaluations that make a warning credible can expose users, security controls, trade secrets, or misuse pathways. A serious channel therefore needs secure intake and technically competent review, not a simple choice between public posting and silence.
Third, AI companies are labor markets for scarce specialists. Retaliation does not have to look like a firing. It can look like loss of equity, loss of access, bad references, exclusion from research networks, legal threat, forced arbitration, reputational labeling as disloyal, or a future employer deciding the employee is not worth the risk.
Fourth, the same secrecy that protects models from misuse can protect institutions from scrutiny. A company can argue that disclosure would reveal security-sensitive details. Sometimes that is true. The governance challenge is to route the warning to a trusted public or independent body without turning every disclosure into either a leak or a gag order.
Fifth, the people who see risk may sit outside ordinary employee categories. Contractors, labelers, red-teamers, eval vendors, security researchers, cloud staff, and deployment partners can see failures before full-time executives do. A safety valve that protects only a narrow class of senior employees will miss much of the evidence layer, especially where vendor and platform governance spreads responsibility across firms.
From Letter to Channel
The public AI-whistleblower debate sharpened in June 2024, when current and former employees from leading AI companies published the open letter A Right to Warn about Advanced Artificial Intelligence. The letter argued that AI companies have strong incentives to avoid effective oversight and weak obligations to share information about serious risks. Its requested commitments included not enforcing agreements that prohibit risk-related criticism, allowing anonymous concern-raising, supporting open criticism, and protecting public disclosure of risk-related confidential information when other processes fail.
The letter arrived after reporting about restrictive offboarding and nondisparagement practices at OpenAI. CNBC reported in May 2024 that OpenAI told former employees it would not cancel vested units and would not enforce non-disparagement and non-solicitation obligations in the relevant departure documents. The Associated Press later reported that OpenAI whistleblowers had filed an SEC complaint and asked the agency to investigate whether company agreements restricted workers from speaking out about AI risks.
That reporting had a name and a face. Daniel Kokotajlo, a former OpenAI governance researcher, left the company in 2024 and declined to sign the exit agreement's nondisparagement clause even though refusing put his vested equity at risk. Kelsey Piper's reporting in Vox described the offboarding agreement and later OpenAI's reversal. The episode exposed how a company's departure terms could quietly convert a safety researcher's compensation into a gag order. Kokotajlo then became a lead signatory of the Right to Warn letter. His case is much of this essay's argument compressed into a single biography. The chilling mechanism was not a lawsuit but a contract, and it operated on a person positioned to understand the risk.
Those episodes matter because they changed the frame. AI safety was no longer only about benchmark results, model cards, red teams, or government testing. It was also about employment contracts. A safety culture that depends on employees speaking frankly cannot coexist comfortably with agreements that make criticism feel legally or financially dangerous.
OpenAI later published a Raising Concerns Policy, dated January 2026, saying it protects employees' rights to make protected disclosures and provides channels including an anonymous Integrity Line. Anthropic publishes responsible-scaling materials and states in its transparency hub that employees can report AI-safety-related concerns through several channels, including an anonymous channel for potential violations of its Responsible Scaling Policy commitments.
These moves are real. They also show the central tension: voluntary internal channels are useful, but they are still designed, maintained, and interpreted by the institutions whose conduct may be at issue. A safety valve controlled entirely by the pressure vessel is not enough.
SB 53's Narrow Door
California's SB 53, the Transparency in Frontier Artificial Intelligence Act, turns part of this debate into law. Governor Gavin Newsom signed the bill on September 29, 2025. The Governor's announcement described the law as requiring large frontier developers to publish safety frameworks, creating a mechanism to report potential critical safety incidents to California's Office of Emergency Services, protecting whistleblowers who disclose significant health and safety risks, and authorizing civil penalties for noncompliance.
The California Attorney General's SB 53 page makes the protected-disclosure path concrete. Covered employees responsible for assessing, managing, or addressing risk of critical safety incidents may disclose information to the Attorney General or specified entities when they have reasonable cause to believe either that a frontier developer's activities pose a specific and substantial danger to public health or safety from catastrophic risk, or that the developer has violated the act. The page also says frontier developers cannot enforce rules, policies, contracts, or retaliation that prevent such disclosures.
The statute also requires a large frontier developer to provide a reasonable internal process for anonymous covered-employee disclosures, including monthly status updates to the reporter and quarterly sharing of disclosures and responses with officers and directors, with conflict handling when an officer or director is accused. Those details matter because a channel is not only an email address. It is a reporting cadence, an escalation path, and a record.
SB 53 also separates two kinds of warning. Critical safety incidents go to the Office of Emergency Services through an incident-reporting mechanism, with ordinary reporting within 15 days of discovery and faster disclosure to an appropriate authority when imminent death or serious physical injury is at issue. Covered-employee whistleblower reports go through the Attorney General path. Those routes should communicate, but they are not identical: one starts from an incident; the other can start from an insider's reasonable-cause belief about danger or statutory violation.
This is an important institutional change. The concern is no longer only "the company should listen." It becomes "there is a state-recognized route for certain insiders to report certain frontier-model risks." That route matters because it gives the warning an address. It also gives future governance something measurable: annual anonymized and aggregated reporting by the Attorney General about covered-employee reports beginning in 2027.
SB 53 also illustrates the tradeoff between secure reporting and public memory. The bill text exempts covered-employee reports and certain critical-safety-incident materials from California Public Records Act disclosure, while requiring aggregate Attorney General reporting. That confidentiality may be necessary for sensitive technical evidence and reporter protection. It also means public learning depends on the quality of the aggregate report, later enforcement, and whether independent institutions can inspect the underlying record when they need to.
But the door is narrow by design. SB 53 is focused on frontier developers and catastrophic risk. Its definition of catastrophic risk includes thresholds such as death or serious injury to more than 50 people, or more than $1 billion in property damage or loss, arising from specified model-related scenarios. That kind of threshold helps avoid turning the law into a general complaint system for every AI workplace dispute. It also means many serious AI harms will sit outside the core protection: discrimination, labor surveillance, companion dependency, medical-record errors, educational discipline, deceptive marketing, procurement misrepresentation, and ordinary automated-decision harms that are severe for individuals but not catastrophic in the statutory sense.
That limitation is not a reason to dismiss SB 53. It is a reason to understand what kind of safety valve it is. It is built for frontier-model public safety, not the whole social life of AI.
Voluntary Safety Valves
Internal AI reporting systems now sit beside public law. Anthropic's Responsible Scaling Policy page, last updated May 26, 2026, links to a noncompliance reporting and anti-retaliation policy and describes updates to reporting channels. Its transparency hub says staff can use emergency alerting, a general concern forum, and an anonymous channel for potential Responsible Scaling Policy violations.
OpenAI's Raising Concerns Policy similarly frames employee reporting as a formal process rather than an ad hoc appeal to leadership. It says employees may raise issues through managers, HR, Compliance, Legal, or an anonymous 24/7 Integrity Line, and that some issues may be shared with the Audit Committee of the Board. The existence of such policies matters because internal escalation is often the fastest path. A well-run company should want warnings before they become incidents, lawsuits, leaks, or regulator investigations.
The governance question is whether internal channels are credible under stress. Credibility depends on more than a web page. Employees need to know who receives the report, what confidentiality means, whether legal privilege will hide the result, whether retaliation is independently investigated, whether the board can see unresolved safety concerns, whether reporters can go outside the company if the process fails, and whether security-sensitive disclosures can reach government or independent reviewers without public leakage. They also need scope clarity: a channel limited to a specific framework violation is not the same as a general AI-safety whistleblower channel.
A weak internal channel can become a containment interface. It absorbs dissent, creates a record that the company "had a process," and leaves the reporter isolated. A strong internal channel should do the opposite: preserve evidence, route concerns to people with authority, protect the reporter, escalate unresolved safety disputes, and make it harder for management to pretend the warning never arrived. That is why it belongs beside AI Incident Reporting, AI Safety Cases, AI Audits and Third-Party Assurance, AI audit interfaces, and Agent Audit and Incident Review.
Failure Modes
The first failure mode is NDA governance. Confidentiality agreements can protect legitimate secrets, but broad nondisparagement, non-solicitation, secrecy, arbitration, or equity-linked departure terms can chill safety speech even when they are later unenforced or legally questionable. The chilling effect happens before the court case.
The second is internal-channel capture. A company can tell employees to report concerns internally while failing to provide a path to independent review when leadership is the problem or when the concern conflicts with release, revenue, or partnership pressure.
The third is catastrophe tunnel vision. Frontier-model laws may protect disclosures about catastrophic risk while leaving routine but widespread harms outside the whistleblower frame. A governance system that only hears existential alarms may miss the administrative injuries already reorganizing work, education, health, welfare, policing, and speech.
The fourth is evidence fragility. The facts behind an AI safety warning may live in logs, eval harnesses, model versions, internal documents, Slack discussions, board materials, or access-controlled dashboards. If those records can be changed, deleted, reclassified, or buried before review, the disclosure becomes a claim without a reconstruction path.
The fifth is retaliation by reputation. AI safety is a small professional world. Even without formal punishment, an employee can be marked as alarmist, uncollegial, political, disloyal, or unable to handle confidential work. That soft retaliation is difficult to prove and can be highly effective.
The sixth is public leak dependence. If protected channels are weak, employees may conclude that media leaks are the only path to accountability. Leaks can be socially necessary in extreme cases, but a system that depends on them is poorly designed. It forces reporters to choose between silence and uncontrolled disclosure.
The seventh is security overclassification. A company can label too much safety evidence as security-sensitive, trade-secret, or privileged. Some restriction is legitimate. Overclassification turns confidentiality into an evidence sink.
The eighth is intake theater. The organization publishes an integrity line, training module, or reporting form, but reports do not reach a technical reviewer with authority to stop a release, revise a safety case, notify a board committee, or preserve the underlying record. A channel that only receives concerns is not yet a channel that can govern them.
The ninth is authority bottleneck. A public channel can exist on paper while the receiving agency lacks staff, domain expertise, secure handling procedures, or political backing. A safety valve that cannot interpret the warning, protect the reporter, or compel evidence becomes another waiting room.
The tenth is evidence-exfiltration trap. If a channel gives workers no lawful way to describe technical evidence, the reporter may feel forced to copy logs, prompts, user data, weights-access records, or proprietary evaluations into unsafe places. A serious channel should define what evidence can be submitted, how sensitive material is handled, and how investigators can obtain the rest without turning the reporter into a security incident.
A Governance Standard
A serious AI whistleblower regime should do several concrete things.
NIST's Generative AI Profile is useful here because it treats incident response as lifecycle governance: plans should include points of contact, value-chain communication, escalation to organizational risk management authority, remediation timelines, and criteria for deactivation or disengagement. A whistleblower channel should be wired to that machinery rather than isolated from it.
First, protect good-faith safety disclosures even before clear illegality exists. AI law will lag capability. If protection only applies after a rule has been broken, the system cannot hear warnings about risks that law has not yet named.
Second, distinguish confidentiality from gagging. Employees can be required to protect trade secrets, user data, and security details while still being allowed to report risk to regulators, Congress, attorneys general, boards, auditors, or other authorized bodies.
Third, create independent escalation paths. Internal reporting should not be the only route. Serious unresolved concerns need protected access to external public authorities or genuinely independent review bodies with technical capacity.
Fourth, preserve technical evidence. Protected disclosures should trigger retention of relevant logs, model versions, eval results, safety reports, deployment decisions, incident records, permissions snapshots, board materials, and governance communications. A warning without evidence preservation can be neutralized by memory loss.
Fifth, separate legal privilege from safety investigation. A company may need counsel involved, but the channel should not convert every safety warning into an inaccessible litigation artifact. Independent directors, auditors, or regulators need a usable record.
Sixth, cover contractors and safety-adjacent workers. Critical AI knowledge is not held only by full-time researchers. Contractors, trust-and-safety workers, security staff, data workers, evaluators, policy staff, deployment engineers, and employees at deployment partners may see risks before executives do.
Seventh, make retaliation visible. Remedies should include reinstatement where relevant, back pay, damages, fees, civil penalties, and public reporting in anonymized form. Retaliation must become institutionally costly, not merely reputationally awkward.
Eighth, connect whistleblower channels to incident reporting and safety frameworks. A disclosure should not disappear into HR. It should be able to trigger incident review, safety-case revision, release delay, board notice, regulator notice, system-card correction, public-register update where lawful, or post-deployment monitoring.
Ninth, publish aggregate signal without exposing reporters. Annual or periodic reports should show report volume, broad concern types, time to resolution, retaliation allegations, escalation outcomes, and policy changes while protecting trade secrets, security, and reporter confidentiality. A channel no one uses, or one that never produces organizational change, is a warning sign.
Tenth, define evidence handling before crisis. Intake rules should say how reporters can submit eval results, model identifiers, logs, access records, deployment notes, or governance documents securely; what they should not copy; and how user data, trade secrets, privilege, and security-sensitive material will be protected. The evidentiary standard should connect to agent logs as receipts, not merely to narrative complaint forms.
Eleventh, protect external-reporting rights in plain language. Policies should say that lawful reports to regulators, attorneys general, Congress, labor agencies, securities regulators, or other authorized public bodies do not require company preclearance or advance notice. That clarity matters because uncertainty itself chills speech.
Twelfth, test the channel. Tabletop exercises and independent audits should verify that credible safety reports reach the right board or regulator path, that conflicts are handled, that records are retained, and that retaliation checks occur after closure. The result belongs in the same governance family as transparency registers, incident handling, and the site's claim hygiene discipline.
Thirteenth, publish the routing map. A worker should be able to tell whether a concern belongs in HR, legal compliance, safety-framework noncompliance, incident response, security disclosure, board escalation, regulator reporting, or public-interest disclosure. Ambiguity is not neutral. It is one of the ways warnings die.
Fourteenth, resource the receiving authority. A statutory reporting path needs staff who can triage technical evidence, protect identities, handle classified or security-sensitive material, compel preservation where lawful, and distinguish credible safety warnings from ordinary product disagreement. Otherwise the channel exists legally but not operationally.
Fifteenth, separate remedy from lesson. The individual reporter needs protection, but the organization also needs learning. The closeout should record what changed: framework revision, evaluation change, access-control fix, deployment delay, incident classification, public correction, or a documented reason for no action. A channel that protects the worker but forgets the warning is incomplete.
What This Changes
The whistleblower channel is an institutional ear. It decides whether the organization can hear itself before the outside world is forced to hear the crash.
Frontier AI companies publish safety frameworks, system cards, preparedness updates, policies, transparency hubs, and voluntary commitments. Those documents are useful, but they are surfaces. The harder question is what happens when someone inside believes the surface and the machinery have diverged.
That divergence is a classic recursive-reality problem. The institution builds a model of its own responsibility. The model becomes public language. Employees then experience the gap between public language and internal practice. If they cannot speak, the public model of safety becomes self-sealing. The organization is governed by its own description of itself.
A protected disclosure breaks that loop. It says the record inside the institution must be able to contest the institution's story. It gives public governance a way to receive inconvenient knowledge without requiring omniscience from regulators or heroism from isolated employees.
The danger is that whistleblower policy becomes another ritual of legitimacy: an integrity line, a PDF, a training module, a compliance checkbox, a promise against retaliation, and no usable path when the risk touches executive strategy. In that failure mode, the safety valve is painted on the wall.
The better standard is practical. If a company is building systems deployed into high-stakes public and institutional settings, then employees responsible for seeing risk must be able to warn institutions capable of acting on it. If a state creates a reporting channel, it must have the technical capacity and legal courage to use what it receives. If a public authority publishes aggregated reports, those reports should teach the field what kinds of concerns are surfacing and whether the channel is trusted.
AI governance cannot rely only on outside tests of finished systems. It needs protected routes from inside knowledge to public responsibility. The whistleblower channel is one of those routes. Whether it becomes a real safety valve or another interface of containment depends on who can use it, what evidence it preserves, and whether the warning can still change the decision before the model enters the world.
Source Discipline
This essay is governance analysis, not legal advice to any worker, company, or regulator. Legal status should come from primary legal sources: statute text, regulator pages, SEC guidance, official bill text, official agency announcements, and official EU AI Act text or Commission tools. SB 53 is law; H.R. 3460 and S. 1792 are proposed federal bills, not enacted federal law. SEC Rule 21F-17 matters where possible securities-law reporting is involved, but it should not be described as a general AI-safety whistleblower statute. EU AI Act complaint and reporting provisions should likewise be described as AI Act infringement channels, not as universal protection for every safety concern.
Company policies should be treated as commitments and process evidence, not as proof that reporters are protected under pressure. A policy page can show stated scope, channels, board routing, anonymity promises, and anti-retaliation language. It cannot prove independence, reporter trust, evidence preservation, legal enforceability, or whether leadership accepts inconvenient findings.
Press reporting is strongest for specific historical episodes: restrictive offboarding terms, public reversals, SEC complaints, and named whistleblower cases. It should not carry the legal analysis by itself. The clean evidentiary chain is: official law for duties, company documents for commitments, reporting for contested events, and later aggregate reports or enforcement actions for whether the channel worked. Avoid treating a brave disclosure, a company promise, or a proposed bill as evidence that the safety valve is already operational.
Sources
- A Right to Warn about Advanced Artificial Intelligence, open letter, June 4, 2024.
- Governor of California, Governor Newsom signs SB 53, advancing California's world-leading artificial intelligence industry, September 29, 2025.
- California Legislative Information, SB 53 bill text, Chapter 138, Statutes of 2025, approved September 29, 2025.
- California Department of Justice, Catastrophic Risks in Artificial Intelligence Foundation Models, reviewed June 19, 2026.
- U.S. Securities and Exchange Commission, Whistleblower Protections, including Rule 21F-17 guidance, reviewed June 19, 2026.
- U.S. Senate Committee on the Judiciary, Grassley Introduces AI Whistleblower Protection Act, May 15, 2025.
- GovInfo, H.R. 3460, AI Whistleblower Protection Act, introduced in House, 119th Congress.
- European Commission, AI Act Service Desk, Article 55, Article 85, and Article 87 of Regulation (EU) 2024/1689, reviewed June 19, 2026.
- OpenAI, OpenAI's Raising Concerns Policy and policy PDF dated January 12, 2026, reviewed June 19, 2026.
- Anthropic, Responsible Scaling Policy Updates, last updated May 26, 2026.
- Anthropic, RSP Noncompliance Reporting and Anti-Retaliation Policy, December 4, 2025.
- Anthropic, Transparency Hub: Voluntary Commitments, reviewed June 19, 2026.
- NIST, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile, NIST AI 600-1, July 2024.
- CNBC, OpenAI sends internal memo releasing former employees from non-disparagement agreements, May 24, 2024.
- Kelsey Piper, Vox, ChatGPT can talk, but OpenAI employees sure can't, May 17, 2024.
- Associated Press, OpenAI whistleblowers ask SEC to investigate the company's non-disclosure agreements with employees, July 2024.
- Related references: Frontier AI Safety Frameworks, AI Incident Reporting, AI Safety Cases, AI Audits and Third-Party Assurance, The AI Bug Bounty Becomes the Safety Valve, The Red Team Becomes the Release Theater, The AI Register Becomes Public Memory, The Agent Log Becomes the Receipt, Transparency and Public Registers, Incident and Complaint Protocol, Independent Correction Protocol, Vendor and Platform Governance, and AI Governance.