A Loss of Control Threat Map for AI Research and Development

Loss of control (LoC) describes a scenario in which humans no longer have control over an AI system and its impacts (for more of our research on loss of control see here ).¹ 

A Loss of Control Threat Map: Automating AI Research and Development

One leading threat model that is hypothesized to lead to LoC concerns itself with the recent practice of AI companies using AI systems to automate their internal AI research and development (R&D) pipeline (Stix et al. (a), 2025; Acharya et al., 2025; OpenAI, 2026; Anthropic (a), 2026). While this application stands to accelerate the development of increasingly capable AI models (Davidson et al., 2025;  Eth and Davidson 2025; Toner et al., 2026), it may also lead to developers losing control over the more capable AI systems developed (Stix et al. (b), 2025). Specifically, this threat may actualise if the AI systems used for AI R&D are misaligned with the developer’s intent and manage to pass on that misalignment to successive AI systems (Stix et al. (a), 2025; Stix et al. (b), 2025, Anthropic (a), 2026).   

To reason about this threat model more concretely, we developed a threat map that describes various pathways through which LoC could occur from deploying an AI system for AI R&D. The threat map is presented at two levels of detail (compact view and detailed view) and collates insights gleaned from existing threat scenarios and descriptions (e.g. Hubinger et al., 2024, Anthropic (b),  2026, UK AISI, 2025) as well as our own expertise.

Our threat map is focused on AI-executed pathways: pathways in which an AI system directly executes the actions that drive towards LoC without human involvement in the execution.

Conditions underpinning the Threat Map

Our threat map applies to an AI system which is:

1. Deployed for AI R&D. We expect that AI systems are deployed in the AI R&D pipeline to automate portions of, or the entire, AI R&D pipeline. Our assumption is consistent with public write ups and statement of frontier AI developers who have commented publicly about their extensive use of AI systems for AI R&D tasks that were previously executed by researchers and engineers (Amodei, 2026; OpenAI (b), 2026, Anthropic (a), 2026, Anthropic, 2025). These companies’ leaders have publicly talked about their intention of automating individual researchers by 2028 (Altman and Pachocki 2026), and the possibility of automating the entire AI R&D pipeline (Clark, 2026; Amodei, 2026). 
2. Highly capable. In order for an AI system to be used to automate portions of, or the entire, AI R&D pipeline, we expect that it must surpass a certain capability threshold. For the purpose of our threat map, this implies that the AI system is capable of taking certain detailed actions. For the current iteration of the threat map, we do not assume that the AI system will be able to execute every action perfectly or without being detected. In the future, we may update these assumptions since AI system capabilities have been increasing rapidly over the last year, including their ability to coherently complete longer and longer tasks (METR, 2026). 
3. Misaligned and possesses the propensity to scheme. Misalignment is an open scientific problem (Altman and Pachocki, 2026) and underpins the phenomena of AI scheming. Scheming is when an AI system has goals that are misaligned with the developer, and takes covert actions in pursuit of these goals (Balesni et al., 2024). However, since a scheming AI system is, by definition, actively attempting to conceal its intentions, it is difficult to detect whether an AI system has scheming tendencies (Stix et al. (a), 2025). Therefore it is plausible that a developer unknowingly deploys a highly capable scheming AI system to automate parts of or the entire AI R&D pipeline.

Click here to explore the threat map further. 

We intend to perform followup work concretizing the threat map’s mechanisms, outcomes and mitigations so please have a low bar for emailing us with any additional mitigations or mechanisms that don’t currently feature or other feedback. You can contact us on governance@apolloresearch.ai and if this kind of work excites you, see our  current governance research openings.

1. The concept of LoC has appeared in enacted and proposed legal frameworks such as California’s Senate Bill 53 (California Senate Bill 53, 2025), AI Risk Evaluation Act (S. 2983, 2025), the EU AI CoP (General Purpose AI Code of Practice, 2025) and Illinois Senate Bill 315 (Illinois Senate Bill 315, 2026) and has been the topic of discussion in recent letters to the executive from U.S. Senators (Sen. Banks, 2026), U.S. Senate floor speeches (U.S. Senate Congressional Record, 2026) and debates in the UK House of Lords (House of Lords, 2026). ↩︎