This paper proposes Security Level 5 (SL5), a new security standard for AI datacenters designed to withstand attacks from the world's most capable adversaries — nation-states with years-ahead expertise and massive resources. The first version focuses on requirements with long lead times (facility construction, hardware procurement, organizational capabilities) that must be planned years in advance. Some requirements are major departures from current practice and may require government-level security capabilities that private companies can't achieve alone.
Main takeaways:
- SL5 targets threats from top-tier state actors with cutting-edge cyber capabilities
- Focuses on interventions that take years to implement and can't be retrofitted quickly
- Originated from RAND's 2024 report on securing AI model weights
- Some security measures approximate government-level capabilities beyond typical private-sector practice
- Authors argue these bold measures are necessary and that planning must start now to have options by 2028-2029