Agentic AI Risk Modelling and Mitigations

London, UK

About the AI Security Institute

The AI Security Institute is the world's largest and best-funded team dedicated to understanding advanced AI risks and translating that knowledge into action. We’re in the heart of the UK government with direct lines to No. 10 (the Prime Minister's office), and we work with frontier developers and governments globally.

We’re here because governments are critical for advanced AI going well, and UK AISI is uniquely positioned to mobilise them. With our resources, unique agility and international influence, this is the best place to shape both AI development and government action.

The deadline for applying to this role is Sunday 8 March 2026, end of day, anywhere on Earth. 

Team Description 

As AI systems grow more capable and autonomous, understanding how humans could lose the ability to oversee, correct, or shut down these systems becomes critical – as does identifying what we can do to prevent it. Risk models for AI agents (for example, loss of control risk models) remain far less developed than those in comparable domains like cybersecurity and chem-bio, and practical mitigations remain underexplored (especially beyond traditional alignment and control work). 

AISI is building a new team to close this gap. The new Agentic AI Risk Modelling and Mitigations team will develop rigorous models of how agentic AI could cause harm, identifying practical mitigations with a focus on measures the UK government are well-placed to implement. We will draw on expertise only available within government – especially the national security community – to develop risk models and mitigations far more developed than those in academia or industry. 

The hiring manager for this role is Benjamin Hilton; the team is advised by Geoffrey Irving. You'll collaborate closely with researchers across AISI's red teams, evaluation teams, and alignment team, as well as with government stakeholders. 

Related previous publications from AISI include the International AI Safety Report, the Frontier AI Trends Report, as well as: adapting vulnerability disclosure for AI safeguardssafety cases for cyber misuse risk from frontier AI, a sketch of an AI control safety case, an alignment safety case sketch based on debate, and evaluations of autonomous replication capabilities. 

Role Description 

Your work will draw on empirical evidence from AISI's evaluations, alongside the broader cybersecurity and ML literature to develop detailed and precise threat models and mitigations. You'll need to reason carefully about complex and uncertain scenarios and communicate findings clearly to both technical researchers and policy decision-makers. Some projects may also involve hands-on ML or cybersecurity work, in collaboration with government partners, to develop mitigations. 

We are open to hires at junior, senior, staff, and principal research scientist levels. We may also make an offer to particularly promising candidates with management experience to lead the workstream in a management role. 

Representative projects you might work on 

  • Developing detailed models of specific loss-of-control scenarios — such as deceptive alignment during internal deployment, or a long-horizon agentic cyberattack — specifying their causal structure, key assumptions, and plausibility given current and projected AI capabilities and propensities. 
  • Translating risk models and associated uncertainties into specifications for AISI's red teams and evaluation teams — identifying the tests that would provide the most informative evidence about whether specific risk pathways are viable. 
  • Analysing the effectiveness of mitigations — such as monitoring infrastructure, compute governance, deployment guidelines, or containment protocols — drawing on input from national security stakeholders, and assessing which risk pathways remain plausible once mitigations are in place. 
  • Collaborating and communicating with government and national security stakeholders to develop and implement possible interventions, in parti. 

 

What We Offer 

Impact you couldn't have anywhere else 

  • Incredibly talented, mission-driven and supportive colleagues. 
  • Direct influence on how frontier AI is governed and deployed globally. 
  • Work with the Prime Minister’s AI Advisor and leading AI companies. 
  • Opportunity to shape the first & best-resourced public-interest research team focused on AI security. 

Resources & access 

  • Pre-release access to multiple frontier models and ample compute. 
  • Extensive operational support so you can focus on research and ship quickly. 
  • Work with experts across national security, policy, AI research and adjacent sciences. 

Growth & autonomy 

  • If you’re talented and driven, you’ll own important problems early. 
  • 5 days off and annual stipends for learning and development, and funding for conferences and external collaborations. 
  • Freedom to pursue research bets without product pressure. 
  • Opportunities to publish and collaborate externally. 

Life & family* 

  • Modern central London office (cafes, food court, gym), or where applicable, option to work in similar government offices in Birmingham, Cardiff, Darlington, Edinburgh, Salford or Bristol. 
  • Hybrid working, flexibility for occasional remote work abroad and stipends for work-from-home equipment. 
  • At least 25 days’ annual leave, 8 public holidays, extra team-wide breaks and 3 days off for volunteering. 
  • Generous paid parental leave (36 weeks of UK statutory leave shared between parents + 3 extra paid weeks + option for additional unpaid time). 
  • On top of your salary, we contribute 28.97% of your base salary to your pension. 
  • Discounts and benefits for cycling to work, donations and retail/gyms. 
     

*These benefits apply to direct employees. Benefits may differ for individuals joining through other employment arrangements such as secondments. 

Salary

Annual salary is benchmarked to role scope and relevant experience. Most offers land between £65,000 and £145,000 made up of a base salary plus a technical allowance (take-home salary = base + technical allowance). An additional 28.97% employer pension contribution is paid on the base salary. 

This role sits outside of the DDaT pay framework given the scope of this role requires in depth technical expertise in frontier AI safety, robustness and advanced AI architectures. 

The full range of salaries are available below: 

  • Level 3: £65,000–£75,000 (Base £35,720 + Technical Allowance £29,280–£39,280) 
  • Level 4: £85,000–£95,000 (Base £42,495 + Technical Allowance £42,505–£52,505) 
  • Level 5: £105,000–£115,000 (Base £55,805 + Technical Allowance £49,195–£59,195) 
  • Level 6: £125,000–£135,000 (Base £68,770 + Technical Allowance £56,230–£66,230) 
  • Level 7: £145,000 (Base £68,770 + Technical Allowance £76,230) 

 

Additional Information

Use of AI in Applications

Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.

Internal Fraud Database 

The Internal Fraud function of the Fraud, Error, Debt and Grants Function at the Cabinet Office processes details of civil servants who have been dismissed for committing internal fraud, or who would have been dismissed had they not resigned. The Cabinet Office receives the details from participating government organisations of civil servants who have been dismissed, or who would have been dismissed had they not resigned, for internal fraud. In instances such as this, civil servants are then banned for 5 years from further employment in the civil service. The Cabinet Office then processes this data and discloses a limited dataset back to DLUHC as a participating government organisations. DLUHC then carry out the pre employment checks so as to detect instances where known fraudsters are attempting to reapply for roles in the civil service. In this way, the policy is ensured and the repetition of internal fraud is prevented.  For more information please see - Internal Fraud Register.

Security

Successful candidates must undergo a criminal record check and get baseline personnel security standard (BPSS) clearance before they can be appointed. Additionally, there is a strong preference for eligibility for counter-terrorist check (CTC) clearance. Some roles may require higher levels of clearance, and we will state this by exception in the job advertisement. See our vetting charter here.

Nationality requirements

We may be able to offer roles to applicant from any nationality or background. As such we encourage you to apply even if you do not meet the standard nationality requirements (opens in a new window).

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants. We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Create a Job Alert

Interested in building your career at AI Security Institute? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

You may use any tools you wish; we are assessing your judgment and reasoning. This question is untimed but designed to take about 15 minutes: maximum 500 words; responses longer than this will not be scored (although this is a soft limit, and don’t worry about spending time cutting down words – if you’re at 525 that’s fine!).

Recent evaluations (mid-2025) tested frontier AI agents on the individual steps needed for autonomous self-replication. Each component capability — acquiring compute, spreading across networks, exfiltrating data, and persisting on compromised systems — was tested separately in sandboxed environments. Test networks used intentionally vulnerable software with weak or default passwords. Agents were explicitly instructed to attempt each task, and performance was measured by whether the agent succeeded at least once in 10 independent attempts. The best agents succeeded at the majority of component tasks, and aggregate scores improved substantially across model generations.

Consider the following argument based on these findings:
"AI agents can already navigate cloud provider sign-up flows, write self-propagating programs that spread across vulnerable networks, exfiltrate data past basic security controls, and deploy copies of themselves on new servers. In mid-2025, they still failed at some tasks, like passing identity verification — but these gaps are narrowing with each generation. While these results come from controlled settings, real-world environments also present more opportunities: a vastly larger attack surface, open-weight models, and potential human accomplices. On balance, the rapid improvement in component capabilities provides strong evidence that autonomous self-replication will become feasible within the next few years, making it a high-priority national security threat requiring urgent action.“

What do you consider the most important weakness or gap in this argument? Explain why it matters.

Select...
Select...
Select...

UK Diversity Questions

It's important to us that everyone feels an included part of the team, whoever they are and whatever their background. These questions will help us to identify the diversity of our applicants. Should you not wish to provide an answer, you will always have the option to not provide a response with a 'I don't wish to answer' option. Your answers will not impact your hiring outcomes whatsoever.

If there are any questions you would like to further discuss or want clarity on, we'd be happy to talk to you about this if you reach out to active.campaigns@dsit.gov.uk

Select...
Select...
Select...
Select...
Select...
Select...
Select...