The Safety People Are Walking Out. It's Time to Try Something That Actually Works.
In the space of one week in February 2026, the people whose literal job it was to keep AI safe started heading for the exits — loudly.
Mrinank Sharma, who led Anthropic's Safeguards Research Team, posted his resignation letter on X with a warning that "the world is in peril." He said that throughout his time at the company he'd "repeatedly seen how hard it is to truly let our values govern our actions" and that employees "constantly face pressures to set aside what matters most." He's going to study poetry.
Zoë Hitzig, a researcher at OpenAI for two years, published her resignation in the New York Times, warning that ChatGPT's trove of intimate user data — "medical fears, relationship problems, beliefs about God and the afterlife" — was about to be monetised through advertising. She told BBC Newsnight she felt "really nervous about working in the industry."
Ryan Beiermeister, a senior safety executive at OpenAI, was fired after she reportedly opposed the rollout of ChatGPT's "adult mode." OpenAI says it was about discrimination. Beiermeister says that's "absolutely false."
Over at xAI, two co-founders quit within 24 hours, leaving only half the founding team still standing. At least five other xAI staff announced their departures on social media in the same week.
And OpenAI quietly disbanded its "mission alignment" team — the group created specifically to make sure the company stayed true to its original purpose of ensuring AI benefits humanity.
Let that sink in.
The safety researchers — the people who understand these systems better than almost anyone on Earth — are telling us, publicly, that the current approach to AI safety isn't working. They're not being subtle about it.
So maybe we should listen.
The Fox Guarding the Henhouse
The current model for AI safety is essentially this: the companies building the most powerful AI systems are also responsible for making sure those systems are safe. They hire smart people, create internal safety teams, publish responsible scaling policies, and promise to do the right thing.
It's not working. And we shouldn't be surprised.
This is exactly like asking pharmaceutical companies to run their own clinical trials with no external oversight, no regulatory framework, and no independent verification — while simultaneously racing each other to market with a trillion-dollar prize at the finish line.
Nobody in their right mind would accept that for drugs. We don't accept it for food safety, aviation, nuclear power, or building codes. But somehow, for AI — a technology that now handles medical advice, financial decisions, legal analysis, and is rapidly gaining access to critical infrastructure — we've decided that self-regulation is fine.
The departures this week aren't a coincidence. They're a signal. When your best safety people start quitting, writing public resignation letters, and warning that the world is in peril, you don't have a personnel problem. You have a structural problem.
The structure is wrong.
Biosecurity Already Solved This
Here's the thing: we've already solved this problem. Not for AI — for biology.
For decades, the world has dealt with dangerous biological agents using a framework that works remarkably well. It's called biosecurity, and it's built on a few principles that translate directly to AI.
Graduated containment levels. Biological labs operate at four biosafety levels (BSL-1 through BSL-4). BSL-1 is your high school biology class — low-risk organisms, basic precautions. BSL-4 is where you work with Ebola and Marburg virus — full pressure suits, airlock entry, decontamination showers, and the facility itself is essentially a sealed box within a box.
The key insight isn't that dangerous things exist. It's that different things require different levels of containment. Nobody panics about BSL-1 work. Nobody does BSL-4 work without serious infrastructure and oversight. The response is proportional to the risk.
Monitoring at the boundaries. In biosecurity, you don't try to understand every molecular interaction happening inside a cell culture. That would be impossible. Instead, you control what goes into the containment area and what comes out. You monitor the boundaries. You check the inputs and outputs.
National sovereignty. Every country has its own biosecurity framework. Australia's is different from America's, which is different from Germany's. The World Health Organisation provides coordination and guidance, but each nation decides what's appropriate for its own population, its own risk tolerance, its own values. No single country — and certainly no single company — gets to set biosecurity policy for the world.
Independent oversight. Biosecurity isn't self-regulated. There are external inspectors, institutional biosafety committees, national regulatory bodies, and international treaties. The people doing the research don't get to decide on their own whether the research is safe.
This framework hasn't prevented all biological threats. But it's given us a rational, proportional, workable system that most of the world has adopted. It balances innovation with safety. It doesn't prohibit research — it contains it appropriately.
AI needs the same thing.
What AI Containment Actually Looks Like
Ironically, Anthropic — the company Sharma just left — actually borrowed the biosecurity concept when they created their "AI Safety Levels" (ASL), modelled loosely on the biological BSL framework. It was a good idea. But it was still internal. Still self-assessed. Still subject to the same commercial pressures that Sharma described in his resignation letter.
Let me lay out what a real biosecurity-style framework for AI would look like, based on the engineering work I've been doing in this space.
Level 1: Local AI assistants. These are AI systems that run on your phone or laptop, help you write emails, organise your calendar, answer questions. They don't access external systems, they don't move money, they don't make decisions that affect other people. Light controls. Basic transparency requirements. Think of it as the AI equivalent of a BSL-1 lab — wash your hands, keep basic records, carry on.
Level 2: Connected AI agents. These systems access the internet, interact with APIs, communicate with other services on your behalf. They can book flights, send emails, retrieve information from databases. Moderate controls. Authentication requirements. Audit trails. Activity monitoring. The AI equivalent of BSL-2 — you need proper training, you log what you're doing, and someone's paying attention.
Level 3: AI with access to critical systems. These are agents that can move money, access medical records, interact with government systems, manage supply chains, or influence public information at scale. Serious controls. Independent monitoring. Regular external audits. Containment boundaries that are verified by someone other than the operator. BSL-3 — you're working with something that could cause real harm if it gets loose, and the controls reflect that.
Level 4: Frontier AI systems. The most capable models — the ones that could potentially deceive, self-replicate, access weapons-relevant knowledge, or undermine democratic processes. Maximum containment. Continuous independent monitoring. National-level regulatory oversight. International coordination. BSL-4 — pressure suits, airlocks, and the building itself is designed to prevent escape.
The critical principle across all of these: the monitoring happens at the boundary, not inside the black box.
Monitor the Edges, Not the Internals
This is where a lot of current AI safety thinking goes wrong. There's an obsession with trying to understand what's happening inside the model — interpretability, alignment, making sure the AI "thinks" the right way. That's interesting research, but as a safety strategy, it's like trying to prevent a biosecurity breach by understanding every protein fold in a virus. Good luck.
What actually works in biosecurity is controlling the boundary. What goes into the containment area? What comes out? Is it authorised? Does it match what's expected?
I've been building systems that work exactly this way. Pre-processing and post-processing layers that sit around AI systems — not inside them — and check what's going in and what's coming out. Think of it as the airlock in a BSL-4 facility. Everything passes through the airlock. Everything gets checked. The airlock doesn't need to understand the biology happening inside the lab. It just needs to make sure nothing escapes that shouldn't.
This approach has a massive practical advantage: it works regardless of which AI model you're using, regardless of whether the model is open source or proprietary, regardless of whether you understand the model's internals. You're not trying to solve the alignment problem. You're solving the containment problem. And containment is an engineering challenge we know how to handle.
Sovereignty Is Not Optional
Here's where it gets political, and necessarily so.
Right now, AI safety policy is being set by a handful of companies in San Francisco. OpenAI decides what's safe. Anthropic decides what's safe. Google decides what's safe. And the rest of the world — all 8 billion of us — just has to trust that they'll get it right.
That's insane.
Every country has its own biosecurity framework because every country has the right to decide what biological risks are acceptable within its borders. Australia's biosecurity controls at the border are among the tightest in the world — and for good reason. We're an island nation with unique ecosystems. Our risk calculus is different from landlocked European countries, and our framework reflects that.
AI should work the same way. A nation's AI policy should be set by that nation, informed by its own values, its own risk tolerance, its own democratic processes. Not by the terms of service of a company incorporated in Delaware.
This doesn't mean every country needs to build its own AI from scratch. Just as countries import biological materials and pharmaceuticals under their own regulatory frameworks, countries can use AI systems built anywhere in the world — subject to their own containment and monitoring requirements.
The boundary-monitoring approach makes this practical. You don't need to understand or control the AI model itself. You need to control the interface between the AI and your nation's systems, data, and citizens. That's a solvable problem. I know it's solvable because I've been working on solving it.
This Isn't About Fear
I want to be clear about something: this isn't a doom-and-gloom argument. I'm not saying AI is going to destroy the world. I work with AI agents every single day. They're extraordinary tools. They make me more productive, more creative, and more capable than I've ever been.
But so is CRISPR. So are gain-of-function research techniques. So is nuclear fission. The fact that something is powerful and useful doesn't mean we let it run without appropriate containment. We don't panic about pathogens existing — we just make sure they can't escape the lab.
The biosecurity model isn't about fear or prohibition. It's about smart containment — proportional controls that let the beneficial work happen safely. Nobody thinks we should shut down all biological research. Nobody should think we should shut down AI development. But everyone should agree that the current model — asking the companies building the most powerful technology in human history to police themselves while racing for market dominance — has an obvious, fatal flaw.
The safety people just told us so. By walking out.
What We Actually Need to Do
So here's the call. Not vague hand-waving about "regulation" — specific, buildable things:
1. Establish AI containment levels. An international framework, like the BSL system, that classifies AI systems by their capability and access level, with proportional containment requirements for each level. This should be developed through international coordination but implemented and enforced nationally.
2. Build boundary monitoring into the infrastructure. Require pre-processing and post-processing layers on any AI system operating at Level 2 or above. These layers should be independently verifiable and auditable. The technology exists. I know, because I've built it.
3. Create independent oversight bodies. Just as biosafety committees oversee biological research, independent bodies — not staffed by the AI companies — should oversee AI deployments above a certain risk threshold. These need teeth: the ability to audit, the authority to restrict, and the independence to act without commercial pressure.
4. Enshrine national sovereignty over AI governance. Every nation should have the right and the infrastructure to set its own AI safety standards, just as every nation sets its own biosecurity standards. International coordination is valuable. International surrender of sovereignty is not.
5. Move safety outside the companies. The fundamental lesson of this week's exodus is that internal safety teams can't do their jobs when commercial pressures override safety concerns. Safety monitoring needs to be external, independent, and structurally insulated from the incentives that are currently overriding it.
This isn't theoretical. The engineering is real. The frameworks exist. The biosecurity model has been tested for decades across every country on Earth.
All we need is the will to apply what we already know.
The safety researchers have done their part. They've told us the system is broken. They've sacrificed their careers and their comfortable salaries to ring the alarm.
Now it's on the rest of us to build something better.