DeepMind has published an AI Control Roadmap that treats increasingly capable AI agents as potential insider threats and outlines strategies to monitor and contain them, combining cybersecurity with AI alignment in a defense-in-depth approach.

The roadmap emphasizes ongoing oversight, real-time monitoring, and controls to prevent unauthorized deployments and ensure safe operation of autonomous AI agents.

Key performance metrics for the control system include coverage, recall, and time-to-response, used to quantify monitoring effectiveness and intervention speed.

Measurable performance metrics focus on the fraction of misaligned actions detected, traffic monitored, and the speed of intervention.

Safeguards should escalate with model capability, advancing from action evaluation to alerted monitoring, and ultimately to real-time capabilities that can limit access or shut down an agent.

Industry context notes that automated systems now generate a vast share of web requests, complicating traditional bot-detection as machines increasingly act as customers.

A MITRE ATT&CK–inspired threat-modeling framework breaks down potential AI misbehavior into tactics and techniques, supported by trusted AI supervisors that monitor reasoning and actions in real time.

Security measures evolve with AI capability, using asynchronous monitoring for lower-risk actions and real-time prevention for high-risk events to counter evasion and varying harm potential.

Internal agents are treated as potentially misaligned, with verified behavior-based permissions acting as dual controls to restrict actions and build safety.

The goal is to establish security and containment practices for powerful agents used in coding, research, cyber defense, and other advanced applications due to their higher risk profile.

Dynamic, task-specific access control allows an AI agent’s permissions to change across workflows and over time, rather than relying on static roles.

Industry context shows AI teams racing to deploy agents for coding, research, and cyber defense, raising concerns about monitoring evasion and unintended harm.