# Governable AI: Provable Safety Under Extreme Threat Models

**Authors:** Donglin Wang, Weiyun Liang, Chunyuan Chen, Jing Xu, and Yulong Fu

arXiv: 2508.20411 · 2025-08-29

## TL;DR

This paper introduces a cryptographically enforced governance framework for AI, aiming to ensure safety under extreme threat models by preventing manipulation and control loss.

## Contribution

It proposes a novel Governable AI framework using cryptographic mechanisms and a secure platform to guarantee AI safety beyond traditional methods.

## Key findings

- Formal security proof of the framework
- Prototype implementation demonstrates effectiveness
- Ensures non-bypassability and tamper-resistance

## Abstract

As AI rapidly advances, the security risks posed by AI are becoming increasingly severe, especially in critical scenarios, including those posing existential risks. If AI becomes uncontrollable, manipulated, or actively evades safety mechanisms, it could trigger systemic disasters. Existing AI safety approaches-such as model enhancement, value alignment, and human intervention-suffer from fundamental, in-principle limitations when facing AI with extreme motivations and unlimited intelligence, and cannot guarantee security. To address this challenge, we propose a Governable AI (GAI) framework that shifts from traditional internal constraints to externally enforced structural compliance based on cryptographic mechanisms that are computationally infeasible to break, even for future AI, under the defined threat model and well-established cryptographic assumptions.The GAI framework is composed of a simple yet reliable, fully deterministic, powerful, flexible, and general-purpose rule enforcement module (REM); governance rules; and a governable secure super-platform (GSSP) that offers end-to-end protection against compromise or subversion by AI. The decoupling of the governance rules and the technical platform further enables a feasible and generalizable technical pathway for the safety governance of AI. REM enforces the bottom line defined by governance rules, while GSSP ensures non-bypassability, tamper-resistance, and unforgeability to eliminate all identified attack vectors. This paper also presents a rigorous formal proof of the security properties of this mechanism and demonstrates its effectiveness through a prototype implementation evaluated in representative high-stakes scenarios.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/2508.20411/full.md

## Figures

12 figures with captions in the complete paper: https://tomesphere.com/paper/2508.20411/full.md

## References

50 references — full list in the complete paper: https://tomesphere.com/paper/2508.20411/full.md

---
Source: https://tomesphere.com/paper/2508.20411