Greetings, BIML subscriber!

Spring is upon us and Berryville is coming back to life. It's been a busy season at BIML, and we're pleased to share our latest publication, No Security Meter for AI

AI benchmarks are fundamentally broken. They are often contaminated by their own publication and tend to measure narrow performance rather than actual capability. Today's security benchmarks are 'Halloween costumes in a security theater.' Recent research from UC Berkeley confirms this: eight of the most prominent AI agent benchmarks can be exploited to achieve near-perfect scores without completing even a single task.

Security has always been hard to measure, even in traditional software. Our paper compares the current state of AI security to software security in 1998, when the industry focused on buffer overflows and penetration testing. In 2026, most security people are still talking about prompt injection and AI red teaming. The field is in the same early stage, and has a lot of ground to cover.

A model that performs well on security tasks is not necessarily a secure model.

No Security Meter for AI

Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don’t actually work for measuring AI capabilities (even when they are NOT emergent systemic properties like security).

So let’s take a step back: how do you measure security in the first place? Good question. Over the last 30 years, security engineering for software evolved from black box penetration testing, through whitebox code analysis and architectural risk analysis to de facto process-driven standards like the Building Security In Maturity Model (BSIMM).

Software had a very deep impact on business operations, and it appears that AI is going to have an even deeper impact. Will a software security-like measurement move work for AI? Probably. In the meantime we can make real progress in AI security by cleaning up our WHAT piles and managing risk by identifying and applying good assurance processes.

(Spoiler alert: no matter what we do, we still don’t get a security meter for AI, so we need to be extra vigilant about security.)

Please enjoy our new paper, attached.