本文探讨了在AI风险日益凸显的背景下，现有项目在技术研究、政策支持、信息揭露及保护举报人方面的现状与不足。文章指出，当前AI技术研究与对齐研究在短期内实现目标的可能性存疑，而AI监管与国际协调可能更为关键。同时，作者分析了现有举报人指南的局限性，尤其是在涉及泄露机密信息和跨国庇护方面。文章还评估了Tails、Tor Browser、SecureDrop、Signal和Protonmail等技术项目的支持度与潜在改进空间，并对The Intercept、Wikileaks等媒体组织及Snowden等知名举报人的角色进行了审视。最终，文章提出了一个“理论变革”模型，强调通过高质量的举报人指南、公众意识的提升以及关键信息的揭露，来推动AI风险的解决。

🎯 **AI风险的紧迫性与现有应对策略的不足**：文章强调，AI技术的发展带来了严峻的风险，但目前的研究和对齐策略可能难以在短期内有效解决问题。作者对技术AI对齐研究的进展持谨慎态度，并认为AI禁令和国际协调可能更为有效。同时，公众对AI风险的认知度仍然很低，尽管已有大量资金投入，但旨在提升公众意识的运动往往能以更少的成本获得更大的成效。

⚖️ **举报人支持体系的局限性与改进方向**：现有的举报人指南大多由美国本土人士撰写，对涉及泄露机密信息或需要跨国庇护的举报人而言，信息量和指导性不足。文章指出，这类举报人需要国际法、庇护申请和地缘政治方面的专业知识，而公开的指南中尚缺乏这方面的内容。因此，需要开发更全面的指南，覆盖更广泛的法律和实践层面。

💻 **技术工具的评估与优化**：文章对Tails、Tor Browser、SecureDrop、Signal和Protonmail等技术工具进行了评估。虽然对Tails和Tor Browser给予高度支持，认为它们是项目的基础，但对SecureDrop的地理适用性、Signal的手机号注册机制以及Protonmail的安全性提出了改进建议。作者认为，记者和内容创作者应考虑运行独立的服务器，以减少对第三方服务的依赖，并提升举报人的操作安全（opsec）。

📰 **媒体组织与知名举报人的作用与影响**：文章审视了The Intercept等媒体组织的历史表现，以及Wikileaks和Edward Snowden等知名举报人的贡献与局限。The Intercept因操作安全问题导致泄密者被捕，而Snowden在获得庇护后受到限制。作者认为，知名人士的关注和独立媒体的报道对提升公众对AI风险的认知至关重要，但同时也需要保障举报人的安全和隐私。

Published on November 5, 2025 9:08 AM GMT

2025-11-05

Disclaimer

I have quickly copy-pasted sections from an older document. Minor errors possible.

Existing projects and weaknesses

EA projects

Most EA funding currently goes to:
technical AI research
I am supportive of technical AI alignment research but bearish on most of it working out given the timeframe of 5 years.I am more optimistic on AI ban and international coordination, than I am on most alignment research agendas.Out of the alignment research agendas I'm most optimistic on AI boxing. This too will only work until some level of superintelligence, and eventually international coordination to pause or ban research is needed.
supporting AI policymakers
By 2026-27, AI will likely become a top item of national security interest of both US and China.Convincing US policymakers is less helpful, if the policymakers are attempting to act against the perceived self-interest of both the US Congress and Senate members, and the perceived self-interest of leaders of US intelligence community,
99% of humanity is still broadly unaware of the AI risk arguments as presented by Yudkowsky and others, despite billions in funding for AI risk. Movements that aim for mass public support are able to get more awareness for less money spent IMO.

Existing whistleblower guides

SecureDrop (Freedom of the Press Foundation) provides basic guidelines for whistleblowers using their systemGuides by Government Accountability Project (GAP)Tech Worker's Handbook by the Signals NetworkGuides by ProtonmailDid not find guides by EFF, ACLU, yetGIJN list of guides for journalists (not whistleblowers)

My generic view on most existing whistleblower guides

Generally supportiveMostly written by citizens of US resident in US. This has obvious chilling effect on what they can publish in public.Some of these guides have a lot of useful information. I have read all the above guides in detail.Most of their guides are useful for a whistleblower who does not leak classified information, and stays within the US for a legal defence.They have a lot less public information on whistleblowers who escape the country (such as Snowden or Assange) or leak classified information. Such whistleblowers need legal expertise on international law, making asylum requests, and geopolitics. I have not found a public guide with this information yet.

Existing tech projects

Side note: Less than 100 devs seem to be managing the codebases for all the below listed projects. This all by itself seems like an attack vector to me. I have not verified exact figures.Tails (owned by Tor project)
Highly supportiveIt acts as a foundation for this project
Tor browser
Highly supportiveIt acts as a foundation for this project
SecureDrop (uses pgp and Tor under-the-hood)
Highly supportiveSee my document on this, for a detailed review and criticism of SecureDropBiggest weakness is that it is only used by journalists inside of the US geopolitical sphere of influence (North America, Europe, Australia, etc). Not used by journalists in India, China, Russia, Israel for example.Second biggest weakness is that it does very little to improve opsec of whistleblower, and primarily improves opsec of journalist. IMO this is not great, as it does not earn trust of whistleblower who is more likely to go to prison. (Multiple previous case studies including Reality Winner, where journalists have been careless about whistleblower privacy.)
Signal
Highly supportiveFor this project, I think Signal is not optimal, atleast as it works today.SecureDrop or similar approach may still be best for this project. Journalist and youtubers can run their own onion servers without involving any third party server.Posting messages to Signal's servers is slightly better than posting encrypted messages on some random third party server, like how say, dark web vendors do currently. Signal takes some measures such as sealed sender (which I like) and secure enclave (which I don't like) to reduce metadata they collect on their server.Signal doesn't run well on tails, some of its features are mobile-native. For instance it only does phone number registration, no anonymous method such as cryptocurrency payment or PoW hashes. Waiting for this to get fixed.I might write a detailed review of Signal sometime.
Protonmail
Highly supportiveFor this project, Protonmail does not offer significant security features compared to just using gmail. Can assume both maintain logs and will cooperate with law enforcement. The main feature I like is that Protonmail offers anonymous registration using cryptocurrency.Bare minimum opsec: Protonmail + PGP + tailsBare minimum that any journalist or youtuber should be offering IMO, even if they don't have full-time effort to devote to running servers or studying cybersecurity.Lack of technical knowledge is the only reason I can see why journalists and youtubers don't offer this.

Existing journalist projects

The Intercept
I take neutral and not positive opinion on their work todayWas founded with help of Laura Poitras and Glenn Greenwald, who worked with the Edward Snowden leaksBoth of them ended up resigned due to lapses of opsec on the part of the Intercept editors, which ended with Reality Winner being imprisonedBoth journalists are now working independently.Glenn Greenwald runs an independent news channel on Rumble.
Independent SecureDrop servers
Some journalists such as Stefania Maurizi and Kenneth Rosen run SecureDrop servers independent of any corporate-funded media org.Stefania Maurizi has worked with both Assange and Snowden previously.
Wikileaks
Highly supportiveAssange has recently been released from prison after few years in UK prison and few years in Ecuador embassy.His latest statement after being released does not indicate any plans to continue operating wikileaks.Likely has extensive expertise relevant to this project, but may not be able to publicly provide it.

Existing whistleblowers

With enough branding, it may be possible to contact existing govt whistleblowers for their expertise.Edward Snowden
Likely has extensive expertise relevant to this project, but may not be able to provide it. Putin's terms for asylum explicitly included not carrying out any further leaks.
See list of case studies for more.

Theory of change

We publish a high-quality guide supporting whistleblowersWe make the guide popular in relevant circles=> a) Whistleblowing without going to prison becomes less risky, and b) whistleblowers feel they have moral support from our team, and c) whistleblower becomes better calibrated on success likelihood of this plan, which is above 50% IMO.=> Increased probability that a whistleblower comes forward and leaks information.=> Leaked information gets published.=> Citizens in multiple countries are convinced AI risk is a top priority issue. More people within government of US and China are convinced AI risk is a top priority issue. They get an accurate picture of the situation as it plays out in real time.=> "Common knowledge" is established. It becomes more in the self-interest of anyone in US Congress/Senate to take steps on the issue.=> Complete global ban on AI research.

Whistleblowers are disprortionately important for changing everyone's minds (collective epistemology)

I generally think the average human being is bad (relative to me) at reasoning about hypothetical futures, but not that bad (relative to me) at reasoning about something with clear empirical data.

Imagine two hypothetical worlds. Which one leads to more people being convinced of the truth?

One world in which lots of people speculated about NSA backdoors in fiber optic cables and operating systems and so on but no actual backdoors were found, and no real empirical data for it.And another world in which nobody speculated about it, but a whistleblower like Snowden found clear empirical evidence for it.

I also think if you're inside an org that has lot of collective attention, you will also get a lot of collective attention.

Case study: As of 2025-01, Geoffrey Hinton has been covered by a lot of mainstream news channels. For most people on Earth who are now introduced to AI risk as a serious topic, I'm guessing this their first introduction.Case study: As of 2025-05, Daniel Kokjatilo's predictions have been read by people inside US executive branchMost AI risk advocates have probably not acquired same amount of attention as either of these two, despite spending lot more of their energy and attention in a attempt to acquire it.

I think one single whistleblower providing clear empirical evidence of incoming AI risk might end up convincing more people than hundreds of people making speculative arguments.

Red-teaming theory of change

Here is a giant list of reasons why people might not want to fund this.

(You can add a comment to upvote any reason or add a new one. I will add more arguments and evidence for whichever points get upvoted by more people.)

US intelligence circles will significantly underestimate national security implications of AI, lots of information about AI companies will not become classified - Disagree

I think AI will likely be the number one national security issue of the US by 2026 or 2027 and lots of important information will get classified soon after.I'm putting more evidence here because this argument got upvoted.Attention of govt and intelligence circles
Paul Nakasone
ex-Director of NSA, now on OpenAI boardRecent talk by Paul Nakasone
Says: Cybersecurity, AI, and protecting US intellectual property (including AI model weights) as the primary focus for the NSA.Likely a significant reason why he was hired by Sam Altman.
Timothy Haugh
ex-Director of NSA, fired by Trump in 2025Recent talk by Timothy Haugh (12:00 onwards)
Says: Cybersecurity and AI are top challenges of US govt.Says: AI-enabled cyberwarfare such as automated penetration testing now used by NSA.Says: Over 7000 NSA analsysts are now using LLMs in their toolkit.
William Burns
ex-Director of CIARecent talk by William Burns (22:00 onwards)
Says: Ability of CIA to adapt to emerging technologies including large language models is number one criteria of success of CIA.Says: Analysts use LLMs to process large volumes of data, process biometric data and city-level surveillance data.Says: Aware of ASI risk as a theoretical possibility.Says: CIA uses social media to identify and recruit potential Russian agents.
Avril Haines
ex-Director of National Intelligence, ex-Deputy Director of CIA, ex-National Security AdvisorRecent talk by Avril Haines
Says: major priority for her is US election interference using generative AI in social media by Russia and China
US policy efforts on GPU sanctioning China
Significant US policy efforts already in place to sanction GPU exports to other countries.China is currently bypassing export controls, which will lead US intelligence circles to devise measures to tighten export controls.Export controls are a standard lever that US policymaking and intelligence circles pull on many technologies, not just AI. This ensure US remains in frontier R&D of most science, technology and engineering.
Attention of Big Tech companies
Leaders of Big Tech companies, including Jensen Huang, Satya Nadella, Larry Ellison, Reid Hoffman, Mark Zuckerberg, Elon Musk and Bill Gates have made public statements that their major focus is AI competitiveness.Elon Musk
Elon Musk is explicitly interested in influencing US govt policy on tech.As of 2025-05, Elon Musk likely owns the world's largest GPU datacenter.Has publicly spoken about AI risk on multiple podcasts
Mark Zuckerberg
As of 2025-05, open sources latest AI modelsHas previously interacted with multiple members of Senate and CongressHas publicly spoken about AI risk on multiple pdocasts
People who understand nothing about AI will follow lagging indicators like capital and attention. This includes people within US govt.Capital inflow to AI industry and AI risk
OpenAI, Deepmind and Anthropic have posted total annual revenue of $10B in 2024. This implies total market cap between $100B and $1T as of 2024. For reference, combined market cap of Apple, Google, Microsoft and Facebook is $10T as of 2025-05.All Big Tech companies have experience handling US classified information. Amazon and Microsoft manage significant fraction of US government datacentres.If you believe AI in 2027 will be signifcantly better than AI in 2024, you can make corresponding estimates of revenue and market cap.
Attention inflow to AI industry
OpenAI claims 400 million weekly active users. This is 5% of world population. For reference, estimated 67% of world population has ever used the internet.As of 2025-05, Geoffrey Hinton speaking about AI risk has been covered by mainstream news channels across the world, which has significant increased the fraction of humanity that is aware of AI risk. (You can test this hypothesis by speaking to strangers outside of your friends-of-friends bubble.)

AI capability increases will outpace ability of US intelligence circles to adapt. Lots of information won't become classified. - Weakly disagree

I have low (but not zero) probability we get ASI by 2027. If we get ASI by 2030, I think there's enough time for them to adapt.Classifying information is possible without significant changes in org structure or operational practices of AI labs. This means it can be done very quickly.
Classification is a legal tool.The actual operational practices to defend information can take multiple years to implement, but this can come after information is already marked classified in terms of legality.
US govt can retroactively classify information after it has already been leaked.
This allows the US govt to pursue a legal case against the whistleblower under Espionage Act and prevent them from presenting evidence in court because it is now classified information.The specific detail of whether information was classified at the time of leaking is less important than whether it poses a national security threat as deemed by US intelligence circles. (Law does not matter when it collides with incentives, basically.)Case studies
Mark Klein's 2006 leak of AT&T wiretapping - retroactively classifiedHillary Clinton 2016 email leak - retroactively classifiedAbu Ghraib abuse photographs 2004 - retroactively classifiedSgt. Bowe Bergdahl 15-6 investigation file 2016 - retroactively classified

Opsec requirements to protect yourself from the US govt is very hard, and my current level of technical competence is not enough to add value here. - Disagree

The whistleblower guide I'm writing explicitly states that the strategy is leaving the US and publishing, not staying anonymous indefinitely. It is assumed the NSA or AI lab internal security will doxx you eventually.A lot of people with cybersecurity background are IMO too focussed on ensuring anonymity indefinitely, which I agree is very hard. My strategy requires as much preparation of legal and media training aspects as it does cybersecurity, because it is not a strategy that relies on indefinite anonymity.IMO there's atleast 50% chance a top software developer at an AI company can pull this off even without a guide.Part of the value of the guide is simply reminding developers that succeeding at this plan is hard but not impossibly hard, and that with some preparation there's a high probability they can pull this off.Increasing probability of success from say 50% to 70% makes this guide worth publishing for me. There's a strong case IMO for why this success probability increase directly correlates with reduction in AI x-risk probability.
One whistleblower's publication of empirical real world data could be worth more for collective epistemology than hundreds of high-status people making speculative arguments.

Should support whistleblowers coming out publicly in the US, instead of going to another country to release the documents - Disagree

I agree that for people who don't leak classified information, staying in the US with a legal defence is an option.
That requires a very different guide from this one, and it may be worth writing that too. Once I'm done writing this guide I might consider writing that one too.There's also a lot more empirical data for that type of guide, because there are more such cases.
Case studies
Every single example of leaking US government classified information in past 30 years has led to the whistleblower getting imprisoned, if they leaked US classified information
Example: Reality Winner, Chelsea Manning
Only one person leaked US classified information and escaped prison.
Example: Edward Snowden
Examples of people who were not imprisoned despite leaking US classified information are >30 years old.
Example: Daniel Ellsberg, maybe Perry Fellwock

Should privately support whistleblowers leaking classified information, but publicly not talk about leaking classified information - Disagree

Many aspects of the plan depend critically on whether classified information is leaked or not, as most whistleblowers who don't leak classified information don't get imprisoned, and all whistleblowers who leak classified information get imprisoned.Having clear writing and thinking on this issue is extremely important. I can't muddy it by replacing "classified" with some euphemism for it.I would like to earn the trust of a potential whistleblower without deception.In case of a conflict of interest between doing what is right for the whistleblower, versus doing what is right for the journalist / lawyer / funder / etc, I will prioritise the whistleblower.Whistleblowers are the people most likely to go to prison, and this is a factor influencing why I prioritise earning their trust over everyone else's.

Writing such a guide is too hard. Any whistleblower who needs your guide is going to get themselves arrested anyway. - Disagree

Since the plan involves leaving the US, I think it's possible for a potential whistleblower to make some opsec mistakes and still escape with their life.The guide explicitly states that indefinite anonymity is not possible, and what is at stake is only the time duration before they get doxxed.The guide needs to transmit both the opsec mindset, and a specific set of opsec rules. If both are successfully transmitted, the whistleblower can then attempt to adapt any part of it to their unique circumstances.Transmitting opsec mindset, not just a set of opsec rules, is hard to do in a short amount of time. I still think it is worth figuring out how to do this. A lot of employees at OpenAI/Anthropic/Deepmind/etc are software developers and teaching them security mindset may be easier to do.A high-quality guide for this set of circumstances does not exist on the internet as far as I know. There are a lot of opsec guides on the internet for everyone from software developers to non-classified whistleblowers to dark web drug vendors to hackers. Obtaining information from those guides and distilling it into a clear set of rules requires time and energy the whistleblower may not have. Most likely, they will benefit from a ready-to-go guide.The guide will have to be regularly updated with new information as security landscape changes.

Hot war between US and China/Russia is very unlikely. US journalists and youtubers can be trusted to publish the documents, non-US journalists don't need to be involved. - Disagree

I agree there is a significant probability no hot war happens. I think hot war has atleast 10% chance, and is worth preparing for.I'm guessing our actual disagreement is on how likely superintelligent AI is to be built in the first place, or something similar.
It is obvious to me why a intelligence community and AI lab that has succeeded at building aligned superintelligent AI will try to disable the military and nuclear command of the other country, for instance by cyberhacking, hyperpersuasion, bioweapons, nanotech weapons or so on.Even if superintelligent AI has not yet been built, if your country has significant chance of building it first, it makes game theoretic sense to pre-emptively escalate military conflict.If any country's govt actually gets convinced that superintelligent AI is likely to cause human extinction, they might pre-emptively escalate military conflict to get other govts to stop building it.
US journalists will have specific pro-US govt biases in how the publish about the piece.
This could make it harder to convince the general public outside the US of the issue, even they are aware of it.

Publishing original redacted documents is not necessary. Journalists writing a propaganda piece on the issue without publishing documents is fine - Disagree

Counterexamples:
Kelsey Piper at Vox publishes redacted documents.Snowden insisted on transferring documents to journalists and picking journalists who will report the truth honestly and choose what to disclose.

Supporting independent whistleblowers is useful, but supporting independent cyberhackers is not useful - Disagree

Choosing not to support independent cyberhackers significantly reduces the amount of information that can be published.Case study
Guccifer 2.0 leak revealing private emails of Hillary Clinton about Bernie Sanders was most likely obtained by cyberhacking not by a whistleblowerThis had non-negligible influence on 2016 US election

Whistleblower providing clearcut evidence will not lead to an AI ban - Disagree

Examples of specific evidence a whistleblower may uncover:
Latest capabilities of AI models, including real examples of AI being using for persuasion (including hyperpersuasion), cyberhacking (including discovering novel zerodays in hardware or software), bioweapons R&D (including inventing novel bioweapons), designs for hypothetical future weapons, and so on.Private notes such as diaries and emails where leadership of AI company or leadership of government talks about their true values, including whose lives they prioritise above whose.
Example: 2016 DNC email leak uncovered some of Hillary Clinton's true thoughts on her campaign backers or on Bernie Sanders. This led to non-zero influence on US election in 2016.Example: Assange's collateral murder video uncovered true thoughts of those involved in the shooting. This led to non-zero influence on anti-war protests in US, but has not yet significantly changed US foreign policy.Since ideologies (including moral ideologies) associated with AI risk are more extreme, the uncovered information on true values of leaders could also be more extreme.
Full causal chain behind a certain decision, including all the decison-makers involved and how certain stakeholders conspired to take control away from other stakeholders.
Example: Snowden explains in detail how the US Supreme Court, members of Congress and Senate, judges on the FISA court, US inspector general, internal reporting channels within NSA were all systematically used or hacked, in order to keep secret the extent to which NSA surveillance has pervaded. This has not yet lead to major changes in this issue.There may be a similar causal chain behind important decisons taken using AI, where many nominal decision-makers in US democracy are routed around and power is centralised in the hands of a very small number of people.See also: AI governance papers posted on Lesswrong on AI-enabled dictatorships and coups.

Instead of mass broadcasting whistleblower guide, consider passing a message to AI employees privately - Maybe

Someone else can take this strategy while I follow my strategy. I think both are worth doing.Me starting my project could inspire someone else to collaborate or start similar projects.

Finding journalists in non-US-allied states who cover tech accurately and can adopt latest tech tools may be difficult - Agree

Agree, but still think it is worth trying.

Legal expertise is currently missing on the team - Agree

Will need to collaborate with someone with legal expertise

Moral

It is possible there is misalignment of moral values between me and the funder. This is discussed here.

Should not leak classified info, breaking US law is morally wrong - Disagree

Moral disagreements are hard to resolve, I don't know of any one paragraph answer that is likely to convince you. Maybe post your specific disagreement somewhere and I can have a look.

Supporting whistleblowers is morally correct but supporting independent cyberhackers is morally incorrect - Disagree

Both will necessarily leak important information of people without their consent.Moral disagreements are hard to resolve, I don't know of any one paragraph answer that is likely to convince you. Maybe post your specific disagreement somewhere and I can have a look.

Private lives of people at the companies might get leaked and this is bad. - Disagree

I assume that the whistleblower or the journalist will often redact information that is not politically important, in either case. Private lives of people can still be redacted.It is possible that both the whistleblower and the journalist choose to not redact some information. I am okay with this happening in the worst case, and I understand why some people might not be okay with this.I think downsides of a world with powerful organisations able to keep secrets are worse than downsides of their private lives also being revealed to public.Case studies
Wikileaks has previously posted private life details such as evidence a politically influential person hired sex workers.

Discuss