Research Scientist- Safeguards

Team Description 

Interventions that secure a system from abuse by bad actors will grow in importance as AI systems become more advanced and integrated into society. The AI Security Institute’s Safeguard Analysis Team researches these interventions: we evaluate the protections on current frontier AI systems and research what measures could better secure them in the future. We then share our findings with the frontier AI companies, key UK officials, and other governments – informing their deployment, research, and policy decision-making.  
 
We have published on several topics, including agent misuse, defending finetuning APIs, third-party attacks on agents, safeguards safety cases, and attacks on layered defenses. Some example impacts have been advancing the benchmarking of agent misuse, identifying safeguard vulnerabilities previously unknown to frontier AI companies, and producing insights into the feasibility and effectiveness of attacks and defences in data poisoning and fine-tuning APIs. 

In our team, you can also massively advance both research on how to attack and defend frontier AI and governments’ understanding of misuse risks, which we see as critical to advanced AI going well.  

Role Description 

We’re looking for researchers with expertise developing and analysing attacks and protections for systems based on large language models or who have broader experience with frontier LLM research and development. An ideal candidate would have a strong record of performing and publishing novel and impactful research in these or other areas of LLM research.  

We're primarily looking for research scientists, but we can support staff’s work spanning or alternating between research and engineering. The broader team's work includes research – like assessing the threats to frontier systems, performing novel adversarial ML research on frontier LLMs, and developing novel attacks – and engineering, such as building infrastructure for running evaluations. 

The team is currently led by Xander Davies and advised by Geoffrey Irving and Yarin Gal. You’ll work with incredible technical staff across AISI, including alumni from Anthropic, OpenAI, DeepMind, and top universities. You may also collaborate with external teams like Anthropic, OpenAI, and Gray Swan.  

We are open to hires at junior, senior, staff and principal research scientist levels.  

Representative projects you might work on 

• Designing, building, running and evaluating methods to automatically attack and evaluate safeguards, such as LLM-automated attacking and direct optimisation approaches. 

• Building a benchmark for asynchronous monitoring for signs of misuse and jailbreak development across multiple model interactions. 

• Investigating novel attacks and defences for data poisoning LLMs with backdoors or other attacker goals. 

• Performing adversarial testing of frontier AI system safeguards and produce reports that are impactful and action-guiding for safeguard developers. 

What we’re looking for 

In accordance with the Civil Service Commission rules, the following list contains all selection criteria for the interview process.

Required Experience

The experiences listed below should be interpreted as examples of the expertise we're looking for, as opposed to a list of everything we expect to find in one applicant:

You may be a good fit if you have:  

• Hands-on research experience with large language models (LLMs) - such as training, fine-tuning, evaluation, or safety research. 

• A demonstrated track record of peer-reviewed publications in top-tier ML conferences or journals. 

• Ability and experience writing clean, documented research code for machine learning experiments, including experience with ML frameworks like PyTorch or evaluation frameworks like Inspect. 

• A sense of mission, urgency, responsibility for success. 

• An ability to bring your own research ideas and work in a self-directed way, while also collaborating effectively and prioritizing team efforts over extensive solo work. 

Strong candidates may also have:  

• Experience working on adversarial robustness, other areas of AI security, or red teaming against any kind of system. 

• Extensive experience writing production quality code. 

• Desire to and experience with improving our team through mentoring and feedback. 

• Experience designing, shipping, and maintaining complex technical products. 

 

What We Offer

Impact you couldn't have anywhere else

• Incredibly talented, mission-driven and supportive colleagues.
• Direct influence on how frontier AI is governed and deployed globally.
• Work with the Prime Minister’s AI Advisor and leading AI companies.
• Opportunity to shape the first & best-resourced public-interest research team focused on AI security.

Resources & access

• Pre-release access to multiple frontier models and ample compute.
• Extensive operational support so you can focus on research and ship quickly.
• Work with experts across national security, policy, AI research and adjacent sciences.

Growth & autonomy

• If you’re talented and driven, you’ll own important problems early.
• 5 days off learning and development, annual stipends for learning and development and funding for conferences and external collaborations.
• Freedom to pursue research bets without product pressure.
• Opportunities to publish and collaborate externally.

Life & family

• Modern central London office (cafes, food court, gym) or option to work in similar government offices in Birmingham, Cardiff, Darlington, Edinburgh, Salford or Bristol.
• Hybrid working, flexibility for occasional remote work abroad and stipends for work-from-home equipment.
• At least 25 days’ annual leave, 8 public holidays, extra team-wide breaks and 3 days off for volunteering.
• Generous paid parental leave (36 weeks of UK statutory leave shared between parents + 3 extra paid weeks + option for additional unpaid time).
• On top of your salary, we contribute 28.97% of your base salary to your pension.
• Discounts and benefits for cycling to work, donations and retail/gyms.

Salary

Annual salary is benchmarked to role scope and relevant experience. Most offers land between £65,000 and £145,000 (base plus technical allowance), with 28.97% employer pension and other benefits on top. 

This role sits outside of the DDaT pay framework given the scope of this role requires in depth technical expertise in frontier AI safety, robustness and advanced AI architectures. 

The full range of salaries are as follows: 

• Level 3: £65,000–£75,000 (Base £35,720 + Technical Allowance £29,280–£39,280)
• Level 4: £85,000–£95,000 (Base £42,495 + Technical Allowance £42,505–£52,505)
• Level 5: £105,000–£115,000 (Base £55,805 + Technical Allowance £49,195–£59,195)
• Level 6: £125,000–£135,000 (Base £68,770 + Technical Allowance £56,230–£66,230)
• Level 7: £145,000 (Base £68,770 + Technical Allowance £76,230)