Converging Risks: AI and the Future of Global Security
Artificial intelligence (AI) is no longer a standalone technology policy issue. It is becoming a general-purpose capability embedded in domains central to global security. As AI systems enter biological research, cyber operations, nuclear stability, military decision-making, and other security contexts, they are changing how global risks emerge, spread, and interact.
This report provides an evidence-based foundation for how policymakers, national security practitioners, technical experts, funders, and civil society leaders should think about the convergence of AI and global risks. It builds on a series of convenings by the Federation of American Scientists (FAS) and Future of Life Institute (FLI) focused on AI and biosecurity, cyber, nuclear risk, and military integration. Across those conversations, a common theme emerged: AI risk does not sit within any single domain or threat actor. It emerges from the interactions between increasingly capable tools and the institutions and infrastructures they operate through.
Rather than predicting a single future for AI, this report aims to help decision-makers navigate uncertainty across multiple trajectories. It recommends policies that can reduce uncertainty and remain robust across a range of possible futures.
This report focuses on general-purpose “frontier” AI systems: highly capable systems that can support many kinds of work, including analysis, coding, planning, scientific reasoning, tool use, synthetic media generation, and autonomous workflows. As of May 2026, leading frontier systems can synthesize and query large bodies of text, write and debug software, analyze technical and scientific materials, generate realistic synthetic media, and help users plan multi-step scientific or operational tasks, though their performance remains uneven and context-dependent. These capabilities are dual-use. A system that helps a researcher analyze a biological dataset may also lower barriers to harmful experimentation. A system that helps defenders identify cyber vulnerabilities may also help attackers exploit them faster.
The report starts with the three broad views of AI’s future trajectory that shape policy discourse today. The “mirage” perspective sees today’s AI discourse as overhyped and focuses on risks such as premature deployment, fraud, capital misallocation, and policymaker distraction. The “normal technology” view treats AI as a powerful but ultimately manageable general-purpose technology that requires serious planning, governance, and institutional adaptation. Under this view, the main risks come from uneven diffusion, brittle deployment, automation bias, and the expansion of capability to a wider set of actors. Finally, the “autonomous power” perspective argues that rapid advances in current systems may point toward increasingly autonomous or superhuman systems. From this perspective, the main risks include power concentration and loss of control over systems far more powerful than humans, with potentially existential consequences.
This report examines AI’s impact on global risk largely through the “normal technology” and “autonomous power” lenses. While the “mirage” view remains important because it cautions against hype for specific AI applications, the global-risk questions at the center of this report are most visible when viewing AI as either: 1) a powerful dual-use technology diffusing through fallible institutions or; 2) a pathway toward more autonomous and powerful systems that may become harder to monitor, constrain, or control. Policymakers will need to make decisions under conditions of uncertainty. AI capabilities are evolving quickly in a period of geopolitical tension, and waiting for definitive evidence before acting may itself carry risks.
This report uses a familiar national security framework as part of the analysis: Risk = Threat × Vulnerability × Consequence (TVC). Threat refers to the actors, intentions, and capabilities that generate pathways to harm. Vulnerability refers to weaknesses in technical systems, institutions, infrastructure, human-machine teams, or governance arrangements that allow threats to manifest. Consequence refers to the harms that result when threats exploit vulnerabilities, including casualties, escalation, systemic disruption, loss of trust, or long-term institutional damage.
AI may affect all three components at once. AI may increase what malicious state and non-state actors can do. It also introduces complexity to opaque systems, which increases vulnerability to something slipping through the cracks. It may also compress response timelines and make failures harder to address, which increases consequence. In autonomous power scenarios, the boundary between threat and vulnerability may blur: vulnerabilities in the oversight of powerful AI systems could result in a loss of control, resulting in AI systems that themselves pose a threat.
How Policymakers Should Use This Report – Five Questions, A Solid Foundation, and Five Pillars
As policymakers grapple with uncertain futures and rapidly advancing capabilities, we recommend these guiding questions as a way to both reduce uncertainty and surface assumptions:
- First, who or what does this proposal treat as the relevant actor: humans, human–AI systems, or AI systems themselves?
- Second, what arguments, evidence, and historical reference classes does this proposal rely on (implicitly or explicitly)?
- Third, what kind of risk or opportunity is this proposal particularly focused on?
- Fourth, what evidence would challenge or support the existence of these risks or opportunities?
- Fifth, is that evidence likely to arrive in time for policymakers to update course before the relevant risks or benefits are locked in, and can the evidence collection be accelerated?
Policymakers should also build policies that create layered defenses to reduce threat, vulnerability, and consequence. We frame policy options around a foundation and five pillars:
- Foundation. Government capacity, coordination, and translation infrastructure. Agencies need technical expertise, access to tools, trusted channels with AI developers, cross-domain coordination, and the ability to evaluate claims about AI capabilities without relying entirely on private-sector assurances.
- Pillar 1. Stronger testing, evaluation, verification, and validation (TEVV). This requires better evaluations, construct-valid benchmarks, post-deployment monitoring, and indicators for changes in AI’s trajectory, including AI-enabled R&D automation.
- Pillar 2. Robust technical layer governance. This includes model security, access controls, transparency obligations, incident reporting, and mitigating capabilities that create disproportionate risks.
- Pillar 3. Thoughtful AI deployment in institutions and high-consequence systems. High-risk uses, such as military decision support, cyber operations, biological design workflows, and nuclear-adjacent systems, require risk-tiered approval, independent review, audit logs, human-factors testing, and other interventions to ensure meaningful human control.
- Pillar 4. Shifting the offense-defense balance of novel capabilities. This includes delaying and restricting broad access to capabilities that advantage attackers while strengthening AI use in cyber defense and other defense settings.
- Pillar 5. Building resilience. While resilience should not excuse preventable upstream risks, governments and institutions will need stronger cyber resilience, public health plans, and crisis communication protocols to manage future threats in these domains.
AI is already consequential, but its future trajectory remains contested. Policymakers should make their assumptions explicit, focus on what can be shaped rather than what can be perfectly predicted, and build institutions that can learn and respond as evidence changes.
FAS and FLI partnered to build a series of convenings and reports across the intersections of artificial intelligence (AI) with biosecurity, cybersecurity, nuclear command and control, military integration, and frontier AI governance. This project brought together leaders across these areas and created a space that was rigorous, transpartisan, and solutions-oriented to approach how we should think about how AI is rapidly changing global risks.
AI is already consequential, but its future trajectory remains contested. Policymakers should make their assumptions explicit, focus on what can be shaped rather than what can be perfectly predicted, and build institutions that can learn and respond as evidence changes.
From grassroots community impacts to global geopolitical dynamics, understanding developing data center capacities is emerging as a critical analytical challenge.
The last remaining agreement limiting U.S. and Russian nuclear weapons has now expired. For the first time since 1972, there is no treaty-bound cap on strategic nuclear weapons.