Black lighthouse silhouette graphic – visual asset for The Midas Project Watchtower page.

Watchtower

Watchtower tracks changes to corporate and government AI safety policies, both announced and unannounced. Click any entry for details.

< Back

Date:

xAI

Change

Major

Unannounced

xAI rewrote and shortened its Frontier Artificial Intelligence Framework (FAIF) to a version dated Jun 30, 2026. The new PDF’s document title is “Privileged/Confidential DRAFT working FRAMEWORK DOC.” 

There are many changes. The clause mentioning whistleblower protections in the December 2025 FAIF was removed, “xAI employees have whistleblower protections enabling them to raise concerns to relevant government agencies regarding imminent threats to public safety,” along with the internal channel for employees to anonymously report framework nonadherence “with protections from retaliation.” There is currently no publicly available documentation on xAI’s whistleblower policy.

The December 2025 version was released as the document xAI would use to comply with California’s SB 53 (TFAIA) and defined catastrophic risk as it related to the law. In the new version, all references to TFAIA and the term “catastrophic risk” have been removed. Relatedly, the AB 2013 training data disclosure was also removed and, as of today’s publishing, there is no compliance information about AB 2013 on xAI’s website.

The new FAIF removes the two quantitative risk acceptance criteria the framework contained. The December 2025 version stated that the FAIF, “outlines the quantitative thresholds, metrics, and procedures that xAI may utilize to manage and improve the safety of its AI models,” and specified two deployment criteria: (1) a dishonesty rate of less than 1 out of 2 on the MASK honesty benchmark, and (2) an answer rate of less than 1 out of 20 on restricted biology and chemistry queries (a benchmark developed in collaboration with SecureBio). Both criteria are now gone. In their place, the new version adopts a qualitative “systemic risk acceptance determination” borrowing the language of the EU General-Purpose AI Code of Practice, “risk tiers,” “safety margins,” “residual risk.” None of them are defined in the FAIF.

Another change is xAI’s approach to mitigating risks of loss of control. The new version adds a paragraph that xAI’s practice centers around "scalable model oversight, training against high-risk model behaviors such as deception and sycophancy, and robust evaluation and red-teaming of model-driven agents in controlled sandboxes.” None of these categories are defined, nor are they attached to any commitment, evaluation, or trigger. In the previous version, there was a section that went into more detail around xAI’s approach to benchmarking. This has been removed. xAI's stated practices of training models to be "honest and have values conducive to controllability, such as recognizing and obeying an instruction hierarchy," and of directly instructing models via system prompt "to not deceive or deliberately mislead the user," were removed. So were the old version's admissions that a model recognizing its evaluation environment "may change its behavior intentionally or unintentionally," and that AIs "may develop value systems that are misaligned with humanity's interests and inflict widespread harms upon the public." Meanwhile, the paragraph describing loss of control scenarios as "speculative and difficult to precisely specify" survives verbatim later in the same document. 

Other notable removals:

  • The December version lists specific named benchmarks (Virology Capabilities Test, WMDP, BioLP-bench, Cybench). These have been replaced with a statement that xAI “may utilize public and internal benchmarks.” 

  • The “Public transparency and third-party review” section was entirely removed, along with this clause around operational and societal risks: “xAI aims to mitigate and address significant operational and societal risks posed by our AI models. We believe that public transparency, third-party review, and information security are important methods that can be utilized to address such risks.”

The rewrite does include some new additions, such as: a more detailed information security section (NIST 800-171 Rev. 3, SOC 2 Type II), a stated plan to conduct a full systemic risk assessment at least annually with defined trigger points for smaller evaluations, a "Harmful Manipulation Risks" domain (following the EU Code of Practice), and a statement that it will provide authorities with incident reports when legally required.

A diff of the changes can be found below: