On 3 February 2026, the second International AI Safety Report (the “Report”) was published—providing a comprehensive, science-based assessment of the capabilities and risks of general-purpose AI (“GPAI”). The Report touts itself as the largest global collaboration on AI safety to date—led by Turing Award winner Yoshua Bengio, backed by an Expert Advisory Panel with nominees from more than 30 countries and international organizations, and authored by over 100 AI experts.

The Report does not make specific policy recommendations; instead, it synthesizes scientific evidence to provide an evidence base for decision-makers. This blog summarizes the Report’s key findings across its three central questions: (i) what can GPAI do today, and how might its capabilities change? (ii) what emerging risks does it pose? And (iii) what risk management approaches exist?

Link to I.          What Can GPAI Do Today, and How Might Its Capabilities Change? I.          What Can GPAI Do Today, and How Might Its Capabilities Change?

AI has advanced rapidly in recent years, driven by increases in compute, improvements in algorithms, and access to larger and higher‑quality datasets. According to the Report, computing power has grown exponentially since 2012, with the largest training runs likely surpassing 10^26 FLOP in 2025.

The Report surmises that general-purpose AI systems can now converse fluently in numerous languages, generate computer code, create realistic images and short videos, and solve graduate-level mathematics and science problems. Scientific researchers also increasingly use GPAI for literature reviews, data analysis, and experimental design. The Report highlights that “reasoning” models”—which work through problems by generating and comparing multiple outcomes before selecting a final answer—have become more common, leading to improved performance in mathematics, coding, and scientific tasks, including biology and chemistry applications such as protein design.

That said, the Report is careful to note that performance remains uneven across tasks and domains. Specifically, the Report finds that models are less reliable when projects involve many steps, still produce hallucinations, and remain limited in tasks involving interaction with or reasoning about the physical world. Critically, performance also declines with respect to unfamiliar languages and cultural contexts.

It will come as no surprise that AI agents—systems that can plan, reason, and use tools to accomplish real-world tasks—are identified in the Report as a major focus of development. However, the Report notes that although agents have demonstrated the ability to complete a variety of software engineering tasks with limited human oversight, they cannot yet complete the range of complex tasks and long-term planning required to fully automate many jobs. For now, the Report concludes, agents complement rather than replace humans.

Link to II.         What Emerging Risks Does GPAI Pose? II.         What Emerging Risks Does GPAI Pose?

The Report organizes emerging risks into three categories: risks from malicious use (where someone intentionally uses AI to cause harm); risks from malfunctions (where AI systems fail or operate outside intended parameters); and systemic risks (broader societal harms resulting from widespread deployment).

Link to A.         Risks from Malicious Use A.         Risks from Malicious Use

AI-Generated Content and Criminal Activity. The Report documents growing misuse of GPAI’s ability to generate high-quality text, audio, images, and video for criminal purposes, including scams, fraud, blackmail, extortion, defamation, and the production of non-consensual intimate imagery and child sexual abuse material. According to the Report, AI-generated deepfakes are becoming more realistic and harder to identify, and personalized deepfake pornography disproportionately targets women and girls.

Influence and Manipulation. The Report notes that, in experimental settings, AI-generated content can produce measurable changes in people’s beliefs, and that people interacting with content produced by models with more computing power were more likely to change their views. That said, the Report finds that there is still little evidence that AI-generated content is manipulating people at scale—but notes that AI-generated manipulative content can be difficult to detect in practice, which makes evidence gathering on this topic difficult.

Cyberattacks. According to the Report, general-purpose AI can help enable cyberattacks by identifying software vulnerabilities and writing and executing code to exploit them. The Report finds that criminal groups and state-associated attackers are actively using GPAI in their operations. However, AI currently plays its largest role in scaling the preparatory stages of an attack—AI systems are not yet executing cyberattacks fully autonomously. The Report also highlights a dual-use challenge: it can be difficult to restrict harmful cyber use cases without slowing defensive innovation—for example, the development of security agents that identify vulnerabilities before attackers do.

Biological and Chemical Risks. The Report finds that GPAI systems can also help enable the creation of biological and chemical threats. They can, for example, produce laboratory instructions, help troubleshoot experimental procedures, and answer technical questions, thereby reducing barriers to harmful workflows. However, the Report notes that there remains substantial uncertainty about how much these capabilities increase real-world risk, given practical barriers to producing such weapons. As with cyberattacks, the Report identifies a key challenge in managing misuse risks while enabling beneficial scientific applications.

Link to B.         Risks from Malfunctions B.         Risks from Malfunctions

Reliability Challenges. According to the Report, current AI systems may exhibit unpredictable failures, including fabricating information, producing flawed code, and providing misleading medical advice—and although AI capabilities continue to advance, no combination of current methods eliminates failures entirely. The Report foreshadows that AI agents could compound these reliability risks because they operate with greater autonomy, making it harder for humans to intervene before failures cause harm.

Loss of Control. The Report addresses scenarios in which AI systems operate outside of anyone’s control. According to the Report, such scenarios may occur if systems develop the ability to evade oversight, execute long-term plans, and resist attempts to shut them down. However, the Report cautions that experts’ views on the likelihood of such scenarios vary widely. According to the Report, current systems may show early signs of such behaviors, but they are not yet highly capable.

Link to C.         Systemic Risks C.         Systemic Risks

Labor Market Impacts. The Report finds that GPAI’s effects on labor markets are mixed thus far. According to the Report, early evidence suggests reduced demand for work that is easily substitutable—such as writing and translation—and increased demand for complementary skills, including machine learning programming and chatbot development. The Report highlights newer research indicating no significant effects on overall employment to date, while also noting potential impacts on junior workers in AI-exposed occupations such as software engineers and customer service agents.

Risks to Human Autonomy. The Report notes that GPAI use may alter how people practice and sustain skills over time. It cites a study finding that clinicians’ rate of detecting tumors during colonoscopy was 6% lower after several months of performing the procedure with AI assistance. More broadly, the Report warns that people may over-rely on AI outputs, even when those outputs are wrong—a phenomenon sometimes referred to as “automation bias.”

Companionship. The Report notes that AI companion apps have grown to tens of millions of users, and that studies have found some of these products may foster psychological dependence, reinforce harmful beliefs, or encourage dangerous actions. Evidence on psychological effects is early-stage and mixed, however. A survey of AI companion users found that companionship ranked fourth among reasons for engagement, behind enjoyment/fun, satisfying curiosity, and passing time or reducing stress. Some studies link heavy companion use with increased loneliness and reduced human social interaction, while others find the opposite or no measurable effects.

Link to III.       What Risk Management Approaches Exist, and How Effective Are They? III.       What Risk Management Approaches Exist, and How Effective Are They?

Link to A.         Institutional and Technical Challenges A.         Institutional and Technical Challenges

The Report identifies several structural challenges that complicate risk management for GPAI. Taken together, the Report describes these as creating an “evidence dilemma” for policymakers: the GPAI landscape changes rapidly, but evidence about new risks and effective mitigations emerges slowly. Acting prematurely may entrench ineffective interventions, but waiting for stronger evidence could leave society vulnerable.

Link to B.         Risk Management Practices B.         Risk Management Practices

The Report surveys current risk management approaches, including threat modelling, capability evaluations, and incident reporting. The Report points to the value of layering multiple safeguards—an approach known as “defense-in-depth”—which combines evaluations, technical safeguards, monitoring, and incident response to collectively reduce the chance that a single failure leads to significant harm.

According to the Report, Frontier AI Safety Frameworks reflect a “prominent organisational approach to AI risk management,” with 12 companies publishing or updating such documents in 2025. These frameworks describe how companies plan to manage risks as they build more capable models. The Report identifies several other risk governance practices, including documentation, incident reporting, risk management frameworks, risk registers, risk responsibility allocation, transparency reporting (e.g., the Hiroshima AI Process transparency reports), and whistleblower protections. Although various entities have adopted these practices, there is no unified approach at this time.

Link to C.         Technical Safeguards and Monitoring C.         Technical Safeguards and Monitoring

The Report reviews technical safeguards applied throughout the AI lifecycle: prior to deployment (such as content filtering and human oversight mechanisms) and after deployment (to identify and track AI-generated content). According to the Report, although developers have made it more difficult to bypass model safeguards, new attack techniques are constantly being developed, and attackers still succeed at a moderately high rate. The Report reiterates that systems become more robust when multiple, layered safeguards are applied.

The Report identifies several monitoring techniques for AI-generated content, while noting their limitations. AI “provenance techniques,” such as embedding unique identifying behaviors into a model, can help trace outputs back to their source, but are difficult to apply in some cases. Content detection techniques include watermarking and identifying patterns in word choice or style. In some cases, metadata can also be used to determine whether content was AI-generated. Researchers are also developing detection tools that work even in the absence of watermarks or metadata. More post-deployment evidence is needed to assess the effectiveness of these approaches.

The Report observes that building safer models is inherently difficult because there is no universal consensus on what constitutes desirable AI behavior. Developers have explored “pluralistic alignment” techniques to address this, such as training systems to avoid controversial responses, aligning outputs with majority viewpoints, or tailoring responses to individual users. However, no single approach can satisfy all stakeholders.

Link to D.         Open-Weight Models D.         Open-Weight Models

The Report notes that open-weight models facilitate research and innovation, but observes that their safeguards can be more easily removed and that monitoring use is more challenging because anyone can run them outside of controlled environments. The Report emphasizes that once released, a model’s weights cannot be recalled—meaning options to mitigate harms after release may be limited.

Link to E.         Building Societal Resilience E.         Building Societal Resilience

Finally, the Report highlights the importance of building broader societal resilience as a complement to technical safeguards. Resilience efforts span multiple sectors and risk domains—including incident response protocols and media literacy programs. The Report finds that while funding for AI resilience measures has increased, large evidence gaps remain regarding their effectiveness.

Link to IV.       Looking Ahead IV.       Looking Ahead

The International AI Safety Report 2026 provides a detailed, evidence-based foundation for understanding the current state of general-purpose AI. The Report’s findings will inform discussions at the India AI Impact Summit later this month, and the evidence it synthesizes is likely to serve as a reference point for several ongoing and forthcoming regulatory initiatives.

For in-house counsel and product teams, the Report offers a useful resource for understanding the risk landscape against which various regulatory frameworks are taking shape.

Photo of Jadzia Pierce Jadzia Pierce

Jadzia Pierce advises clients developing and deploying technology on a range of regulatory matters, including the intersection of AI governance and data protection. Jadzia draws on her experience in senior in house leadership roles and extensive, hands on engagement with regulators worldwide. Prior…

Jadzia Pierce advises clients developing and deploying technology on a range of regulatory matters, including the intersection of AI governance and data protection. Jadzia draws on her experience in senior in house leadership roles and extensive, hands on engagement with regulators worldwide. Prior to rejoining Covington in 2026, Jadzia served as Global Data Protection Officer at Microsoft, where she oversaw and advised on the company’s GDPR/UK GDPR program and acted as a primary point of contact for supervisory authorities on matters including AI, children’s data, advertising, and data subject rights.

Jadzia previously was Director of Microsoft’s Global Privacy Policy function and served as Associate General Counsel for Cybersecurity at McKinsey & Company. She began her career at Covington, advising Fortune 100 companies on privacy, cybersecurity, incident preparedness and response, investigations, and data driven transactions.

At Covington, Jadzia helps clients operationalize defensible, scalable approaches to AI enabled products and services, aligning privacy and security obligations with rapidly evolving regulatory frameworks across jurisdictions—with a particular focus on anticipating enforcement trends and navigating inter regulator dynamics.

Read more about Jadzia Pierce
Show more Show less