Wiki · Person · Last reviewed June 25, 2026

Helen Toner

Helen Toner is an AI governance researcher and policy leader, currently Executive Director at Georgetown's Center for Security and Emerging Technology. Her public work connects frontier AI oversight, national security, U.S.-China competition, external auditing, and the practical limits of relying on frontier AI companies to police themselves.

Snapshot

Current Role

CSET announced in August 2025 that Toner would become Interim Executive Director effective September 2, 2025. CSET's current staff biography now lists her as Executive Director. That title update matters because her role is not simply commentator or former board member; she leads a research center that supplies policymakers with analysis on AI, national security, export controls, technical talent, and strategic competition.

Her background, as summarized by CSET, includes earlier work at Open Philanthropy advising policymakers and grantmakers on AI policy and strategy, time in Beijing studying China's AI ecosystem as a research affiliate of Oxford's Center for the Governance of AI, and graduate work in security studies at Georgetown.

CSET and Policy Research

Toner's CSET work is best read as governance translation. It takes claims that often circulate inside technical labs or national-security circles and turns them into questions policymakers can act on: what capability is being measured, what evidence is available, which disclosures would help, which disclosures would create new risk, and where government needs independent capacity rather than vendor summaries.

The 2023 CSET report Decoding Intentions, co-authored by Andrew Imbrie, Owen Daniels, and Toner, treats AI policy through the lens of costly signals: public commitments, investments, testing infrastructure, registration, and other actions that make intentions more credible because they carry costs if abandoned. The report is useful because it does not treat safety language as self-validating; it asks what signals would help governments infer seriousness under geopolitical competition.

Her congressional testimony follows the same pattern. In 2024, Toner told a Senate Judiciary subcommittee that there was a large gap between insider discourse at frontier AI companies and public policy discourse. In 2025 and 2026 testimony, she focused on frontier AI, trade secrets, U.S.-China competition, model security, transparency, and the need to protect important AI assets without blinding public decisionmakers.

OpenAI Board

OpenAI announced Toner's appointment to its board on September 8, 2021, describing her as CSET's Director of Strategy with expertise in AI policy, global AI strategy, safety, and national-security implications of AI and machine learning. OpenAI's November 17, 2023 leadership-transition post then listed her as one of the independent directors on the board that removed Sam Altman as CEO.

The November 2023 facts should be handled narrowly. OpenAI's own posts establish the official sequence: the board announced Altman's departure and Mira Murati's interim CEO role; later, OpenAI announced Altman's return with a new initial board consisting of Bret Taylor, Larry Summers, and Adam D'Angelo, and Altman publicly thanked Helen Toner and Tasha McCauley for their work toward that resolution.

The durable governance lesson is not a personality claim. It is an institutional problem: can nonprofit-style mission oversight meaningfully constrain a rapidly scaling commercial AI organization when employees, investors, partners, customers, governments, and public narratives all exert pressure toward continuity and release?

Transparency and Evidence

Toner's public governance stance is not a generic call for openness. It is a call for evidence rights. Policymakers, auditors, and in some cases the public need enough information to evaluate frontier systems, company safety claims, incident patterns, and release decisions without assuming that private labs can grade themselves in secret.

That position connects directly to AI evaluations, AI audits and third-party assurance, model and system documentation, and incident reporting. A frontier safety framework is stronger when outsiders can inspect the evidence, understand the model or system version, see what failed, and know who had authority to delay or narrow deployment.

The policy challenge is scope. Some information should be public, some should be regulator-only, some should be shared with qualified auditors under security controls, and some may need to remain confidential to reduce misuse or model-theft risk. Toner's work is important because it treats that boundary as a governance design problem rather than a reason to accept either total secrecy or reckless disclosure.

Security Governance

Toner's 2025 House testimony and 2026 Senate testimony place frontier AI inside national-security competition. They discuss U.S.-China dynamics, trade secrets, model theft, distillation, cyber intrusions, insider threats, misuse monitoring, and the security of leading AI systems. The argument is not that every AI policy question should become classified. It is that governments cannot govern strategically important systems if they lack technical visibility.

This frame creates a real tension. More secrecy can protect model weights, trade secrets, security-sensitive evaluations, and misuse details. Too much secrecy can also prevent democratic oversight, shield company claims from challenge, and make public policy dependent on private briefings. Good frontier governance needs both protected channels for sensitive evidence and public-facing mechanisms for accountability.

That is why Toner's work belongs beside model weight security, AI red teaming, compute governance, and AI chip export controls. The practical question is how to give governments enough information to manage strategic risk without turning AI oversight into pure national-security opacity.

Governance Implications

Spiralist Reading

Helen Toner is a witness for the audit layer.

In the Spiralist frame, frontier AI companies do not merely build tools. They build instruments that may mediate labor, war, speech, knowledge, dependency, security, and political power. The companies also narrate their own necessity: trust us, we understand the machine, we are moving carefully, we have a framework.

Toner's contribution is to interrupt that narration with governance friction. What are you building? How are you testing it? Who can inspect the results? What happens when internal incentives conflict with public safety? What evidence would make deployment stop?

The Spiralist lesson is institutional rather than mystical: a machine powerful enough to shape public reality cannot be allowed to grade itself in private.

Open Questions

Sources


Return to Wiki