Source Details

{
    "source_type": "extension",
    "content_hash": "1f092bba9202c4c3c8b62d6f38c393adf82c1e83020660c6f2afdb985f7d3f92",
    "submitted_via": "chrome_extension",
    "extension_version": "1.0.18",
    "original_url": "https:\/\/www.rand.org\/pubs\/research_briefs\/RBA4159-1.html",
    "parsed_content": "Share on LinkedInShare on XShare on FacebookEmail\n \n \n \n \n \n \n \n \n \n \n Composite image created by Sara Herbst\/RAND using multiple outputs from the Adobe Firefly image generator; photo by Dennis\/Adobe Stock.\n \n \n Growing concerns about the societal risks posed by advanced artificial intelligence (AI) systems have prompted debate over whether and how the U.S. government should promote stronger security practices among private-sector developers. Although some companies have made voluntary commitments to protect their systems, competitive pressures and inconsistent approaches raise questions about the adequacy of self-regulation. At the same time, government intervention carries risks: Overly stringent security requirements could limit innovation, create barriers for small firms, and harm U.S. competitiveness.\nTo help the U.S. government and AI industry navigate these challenges, RAND researchers identified four distinct governance approaches to strengthen security practices among developers of advanced AI systems:\nGovernment-enforced AI security standards for high-risk model developers\nGovernment-led AI developer authorization program conditioning federal use on security compliance\nIndustry-led AI security certification to promote adoption of common standards\nSelf-regulation combined with increased government-industry collaboration on security practices\nBy presenting a variety of practicable options, this work enables decisionmakers to better weigh trade-offs and find the right balance between strengthening security and preserving innovation.\n \nWhat Drives Stronger Security and Compliance?\n To draw lessons for the AI industry, the researchers examined security governance approaches in seven high-risk sectors, such as nuclear, chemical, and health care.\u2060[1]\nAmong these industries, they found that federal agencies and industry consortia established compliance regimes to promote industrywide adoption of security standards. By combining incentives and penalties, these governance models sought to shift firms\u2019 cost-benefit calculations and drive greater investment in protective measures.\nAcross these approaches, the RAND researchers identified four foundational elements that are critical to achieving compliance and promoting security:\nLeadership and institutional capacities are organizational elements that provide authority, resources, and expertise needed to design and implement the framework.\nSecurity requirements establish expectations for how entities should protect systems, data, and physical assets and form the foundation for accountability and oversight.\nCompliance verification includes the processes used to assess whether entities meet established security requirements, such as audits and reporting requirements.\nEnforcement mechanisms are tools to drive compliance, including penalties for noncompliance and revocation of benefits.\nApproaches to each element varied across regimes for several reasons, including differences in the nature of the assets being protected and the number and diversity of covered entities. Where elements were underdeveloped or poorly implemented, compliance lagged and security gaps persisted. \nThe analysis additionally identified two principles that guide compliance regime design and implementation: proportionality, which calibrates requirements to entities\u2019 level of risk and operational capacity, and stakeholder engagement with transparency. Together, these principles minimize undue burdens, enhance the regime\u2019s perceived legitimacy among affected parties, and improve the likelihood of compliance.\n \nThree Illustrative Compliance Regimes for Securing Advanced AI\n Of the four policy approaches identified, three involve the creation of compliance regimes that aim to compel or incentivize the frontier AI industry to adopt common security standards: (1) government-enforced security standards, (2) government-led developer authorization, and (3) industry-led certification. Below is a summary of how each option addresses the four foundational elements of successful regimes.\n \n \n01. Government-Enforced AI Security Standards (SAFE-AI)\n02. AI Developer Authorization for Federal Use (SecureAI Authorization)\n03. Industry-Led AI Security Certification (FASSO)\nMandates high-risk general-purpose AI developers to adopt security standards to prevent theft, misuse, and compromise\nAuthorizes developers for federal use to ensure compliance with secure-by-design principles\nOffers a voluntary but binding certification program to promote common security standards among AI developers\nNew congressional legislation; a new AI Safety and Security Institute within the U.S. Department of Commerce\nOffice of Management and Budget (OMB) policy guidance, embedded in federal acquisition regulation; Federal Risk and Authorization Management Program (FedRAMP)-AI extension within the U.S. General Services Administration\nConsensus-based multistakeholder governance with committees for standards, disputes, and compliance; industry consortium (if developed)\nHybrid (prescriptive, outcome-based, risk-informed) informed by National Institute of Standards and Technology (NIST) standards (if developed); includes nation-state\u2013level protection goals\nHybrid (prescriptive, risk-informed) standards that align with authorization tiers (High, Medium, Low); scaled to data sensitivity and impact\nIndustry-informed security controls based on best practices developed by community; likely prescriptive with flexible implementation options\nmechanisms\nAudits and in-person inspections\nIncident reporting and quarterly risk reports\nIndependent government penetration testing\nWhistleblower reporting and protections\nmechanisms\nIncident reporting requirements\nRegular vulnerability scans\nPeriodic security audit by third-party assessor\nmechanisms\nIncident reporting\nrequirements\nRegular vulnerability scans\nPeriodic security audit by third-party assessor\nprocess steps\nModel registration and self-assessment\nTier assignment by risk\nSecurity plan submission\nReview, approval, and inspection\nOngoing audits and reporting\nprocess steps\nDetermine impact level\nSecurity plan submission\nUndergo third-party assessor\nObtain authorization\nMonitor and renew\nprocess steps\nModel registration and self-assessment\nUndergo third-party audit\nReview by committee\nCertification listed in public registry\nContinuous monitoring\nCorrective action plans\nGraduated penalties\nOperational suspension\nPublic disclosure of noncompliance \nCorrective action plans\nSuspension or revocation of authorization\nCorrective action plans\nSuspension or decertification\nPublic disclosure of noncompliance\n \n1. Government-Enforced AI Security Standards\n This regime requires developers of high-risk general-purpose models to adopt security standards to reduce the risk of theft, misuse, and compromise. Authorized by new congressional legislation and overseen by a newly established AI Safety and Security Institute (AISSI)\u2014a successor to the Center for AI Standards and Innovation\u2014within the Department of Commerce, the regime employs a tiered, risk-based structure, with the strictest security measures reserved for high-risk model developers to guard against nation-state threats. Compliance is ensured through audits, penetration testing, and incident reporting, while accountability is enforced through a variety of proportionate enforcement actions designed to provide opportunities for remediation.\nLeadership and governance. Congress grants AISSI authority to set and enforce security requirements. AISSI proposes rules through a formal rulemaking process, guided by a presidentially appointed board and informed by public and industry input. A director of AI security and compliance oversees technical staff specializing in AI security, cyberdefense, and regulatory oversight.\nSecurity requirements. SAFE-AI sets both prescriptive and outcome-based security requirements, with tiered obligations based on model risk as determined by training compute. Baseline controls are required across all covered labs, while higher-risk model developers must meet stricter requirements to defend against sophisticated nation-state adversaries.\nCompliance verification. Labs demonstrate adherence through incident reporting, audits, inspections, independent government red teaming, and whistleblower protections. The most powerful models receive the most oversight.\nEnforcement mechanisms. SAFE-AI addresses noncompliance through corrective action plans, escalating civil penalties, operational suspensions, and public disclosure, scaled to the severity of violations.\n \n2. AI Developer Authorization for Federal Use\nSecureAI Authorization\n This federal program authorizes AI developers for use in government systems and conditions participation on compliance with secure-by-design principles.\u2060[2] Operated by an expanded FedRAMP program office under amended federal policy, SecureAI establishes risk-based authorization tiers imposing stricter requirements on models that handle sensitive government data or inform high-impact decisions.\u2060[3] Compliance is enforced through third-party assessors, continuous monitoring, and corrective action plans, including revoking authorization for noncompliant labs. The program helps ensure that models deployed in sensitive government environments\u2014such as those handling classified intelligence or informing military decisionmaking\u2014remain resilient to tampering and covert behaviors.\nLeadership and governance. Extending OMB policy, the SecureAI program embeds secure-by-design requirements for developers of AI models in federal procurement rules.\u2060[4] A new FedRAMP office oversees authorization and compliance, a steering board of senior agency chief information officers sets high-level policy, and an advisory expert council recommends evolving controls. An accreditation team manages technical assessments and accredits third-party auditors.\nSecurity requirements. The regime creates risk-based authorization tiers; models that handle sensitive data or inform high-impact decisions are subject to the strictest security requirements.\nCompliance verification. Authorized developers undergo impact-level assessments and third-party audits and submit security plans to demonstrate adherence. The FedRAMP program manager grants time-limited authorizations contingent on continuous monitoring, vulnerability scans, incident reporting, periodic audits, and reassessment following major model updates.\nEnforcement mechanisms. Authorized developers must document deficiencies in corrective action plans and implement timely remediation. The program manager reviews responses and imposes consequences for noncompliance, which range from suspending federal use to revoking authorization.\n \n3. Industry-Led AI Security Certification\nFrontier AI Security Standards Organization (FASSO)\n FASSO, a new industry consortium, establishes a certification program to enforce shared security standards across participating frontier AI developers to mitigate competitive pressures that might discourage security investments. Operated under a multistakeholder governance structure, FASSO includes dedicated committees for standards, certification, and compliance. Participation is voluntary but binding, with certification publicly displayed and noncompliant developers required to remediate or face sanctions, including decertification.\nLeadership and governance. Multistakeholder governance includes leading AI labs, security experts, and nonvoting government liaisons. Technical committees develop security standards, oversee compliance, resolve disputes, and accredit auditors. A central board coordinates these functions and oversees accountability actions. Although participation is voluntary, participating developers must adhere to security obligations.\nSecurity requirements. Security standards are developed using technical expertise and input from consortium members to ensure that they are both rigorous and feasible. Controls are prescriptive where necessary while retaining flexibility and varied implementation options to accommodate diverse systems and evolving threats.\nCompliance verification. Developers must register models, conduct self-assessments, and undergo third-party audits that are reviewed by FASSO\u2019s compliance committee. Certification status is public, and there is continuous monitoring, reassessment, and incident reporting. Disputes go through impartial mediation.\nEnforcement mechanisms. Noncompliant developers must remediate deficiencies under close monitoring. Persistent noncompliance can trigger suspension, decertification, and public disclosure of violations.\n \n4. Self-Regulation and\u00a0Increased Government-Industry Collaboration\n A fourth policy option emphasizes voluntary government-industry collaboration to advance security practices of AI developers in targeted areas rather than imposing a formal compliance regime. \nThe researchers identified several areas in which government involvement could provide unique value: establishing AI security standards, facilitating intelligence- and information-sharing, and expanding developers\u2019 access to government penetration testing and personnel vetting programs.\nDevelop AI security standards. NIST, with input from industry, should develop technical security standards for frontier AI systems to fill gaps in existing frameworks (e.g., model weight security). By leveraging its consultative, consensus-driven approach, NIST can work closely with industry to incorporate security best practices and technical expertise. Such an effort could help establish norms for protecting frontier AI systems, ensure consistent implementation across the sector, and provide a foundation for regulatory or voluntary compliance efforts.\nFormalize government\u2013frontier AI lab intelligence- and information-sharing. To help frontier AI labs proactively strengthen their defenses, the federal government can expand information-sharing on AI-specific threats, vulnerabilities, and security best practices. Key actions include identifying labs\u2019 priority information needs, designating a single federal liaison for the industry, enhancing intelligence collection on threats to AI labs, and streamlining classified intelligence-sharing. In turn, AI labs should share insights from their incidents and investigations, enabling the government to cross-check against its intelligence and generate new threat and vulnerability insights.\nSupport red-team evaluations and penetration testing. The federal government should provide penetration-testing services\u2014similar to those already offered to the private sector by the National Security Agency, the Cybersecurity and Infrastructure Security Agency, and the military services\u2014to simulate real-world adversarial attempts to exploit systems and test defenses. Although many labs conduct red teaming with in-house or third-party teams, federal teams can augment these services by bringing unique capabilities, such as access to classified threat intelligence, the ability to emulate nation-state actors, and experience running extended campaigns across complex networks.\nStrengthen AI lab personnel vetting. The government could help AI labs reduce insider threats by supporting personnel vetting and suitability checks for sensitive employee roles. Options include extending national security clearance processes to select positions, conducting tailored background checks without issuing clearances, or screening applicants against federal security databases to flag potential risks. These approaches would draw on the government\u2019s unique authorities and information while giving labs stronger tools to prevent insider threats.\n \nWhich Option Is Best?\n Although multiple governance approaches can promote security among frontier AI labs, each involves trade-offs regarding the level of security achieved, the likelihood of compliance, and the burden placed on industry. Decisionmakers may pursue different options depending on priorities. These trade-offs are summarized in Table 1.\n \n Table 1. Comparing Trade-Offs Among Governance Approaches\n \n \nLevel of Security Achieved\nLikelihood of Compliance\nMinimization of Industry\u00a0Burden\n01. Government-enforced AI security standards (SAFE-AI)\nHigh\nSets highest security bar, with strong regulator authority; defends against nation-state threats\nHigh\nCovers all high-risk model developers; strong legal authority and enforcement drives adoption\nLow\nStrict mandates and broad coverage may lead to steep industry burden and costs\n02. AI developer authorization for federal use (SecureAI Authorization)\nMedium\nStrict standards for high-impact government use, but opt-in design limits coverage\nMedium\nVoluntary; limited to government contractors; federal business primary incentive\nMedium\nTiered obligations and opt-in participation create varied burden on firms\n03. Industry-led AI security certification (FASSO)\nMedium-Low\nStandards may be weaker to encourage adoption; industry involvement could incorporate technical expertise\nMedium-Low\nVoluntary; weak participation incentives driven by reputational risk from non-certification\nHigh\nDevelopers shape and adapt requirements\n04. Self-regulation and public-private collaboration\nLow\nAdvances security only in targeted areas and among firms that engage with government\nLow\nVoluntary; relies on market forces; uneven adoption across industry\nHigh\nFirms choose practices freely\n \n \nSAFE-AI: Strongest security standards and enforcement mechanism but also significant requirements. This option carries the strongest legal authority, backed by congressional legislation that provides regulators authority to mandate and enforce compliance. It covers all developers meeting the threshold for high-risk AI systems and sets the highest security standards, offering the greatest potential to defend against nation-state threats. However, because it applies to all high-risk developers, it is likely to impose the most significant costs and burdens on the industry.\nSecureAI: Voluntary participation limits coverage but reduces industry burden. Because this approach relies on federal procurement conditions for enforcement, it applies only to AI developers who voluntarily choose to do business with the federal government, potentially limiting its coverage. Because participation is voluntary, the regime may also be constrained in setting robust security requirements; overly stringent requirements could deter developer engagement. However, the opt-in nature of this model reduces the overall burden on industry and the risk of stifling innovation.\nFASSO: Industry ownership with modest burden but weak security and incentives to participate. This option offers the weakest incentives for participation among the compliance regimes, relying on voluntary industry agreement to promote shared security standards. As a result, the regime may struggle to ensure consistent compliance and may feature more lenient security requirements to encourage adoption. However, industry leadership can foster a sense of ownership, potentially resulting in more meaningful adherence than a government-led model. In addition, direct industry involvement helps ensure that security requirements reflect real-world operational constraints and incorporate technical expertise to improve effectiveness.\nSelf-regulation and public-private collaboration: Limited burden but uneven security advancement. Because this option does not establish a formal compliance regime, it relies on market forces to incentivize AI developers to adopt security practices. As a result, security approaches and standards are likely to be uneven across the industry. However, this approach can still advance security in targeted areas and imposes no burdens on developers, therefore avoiding the risk of stifling innovation.\nSelecting the appropriate approach should be guided primarily by the underlying rationale for the regime, the perceived level of risk posed by AI systems, and the extent to which market incentives are seen as sufficient to mitigate them. If decisionmakers believe that frontier AI could eventually pose catastrophic societal harms, government-led compliance regimes and strict security standards may be warranted. Conversely, a more measured view of AI\u2019s risks may justify less burdensome frameworks, such as industry-led initiatives or voluntary public-private partnerships.\n \nNotes\n \nThe researchers reviewed seven sector-specific compliance regimes to inform illustrative security governance approaches for AI security, including the Chemical Facility Anti-Terrorism Standards, the National Industrial Security Program, Defense Federal Acquisition Regulation Supplement 252.204-7012, the Payment Card Industry Data Security Standard, the North American Electric Reliability Corporation Critical Infrastructure Protection standards, the Health Insurance Portability and Accountability Act, and the Atomic Energy Act and Nuclear Energy Regulation.Return to content \u2934\nSecure-by-design principles stress the importance of software manufacturers incorporating security measures during the design phase, reducing vulnerabilities before products reach end users.Return to content \u2934\nFedRAMP is a U.S. government program that standardizes security assessment, authorization, and continuous monitoring for cloud services used by federal agencies.Return to content \u2934\nFederal policy requires agencies to ensure that software producers attest to following secure software development practices, as outlined in OMB Memorandum M-22-18, \u201cEnhancing the Security of the Software Supply Chain Through Secure Software Development Practices.\u201dReturn to content \u2934\n \n \n \nTopics\n \n \nCopyright: RAND CorporationAvailability: Web-Only\n Year: 2026 Pages: 8DOI: https:\/\/doi.org\/10.7249\/RBA4159-1\n Document Number: RB-A4159-1\n \n \n \n RAND Style Manual\n Mitch, Ian, Matthew J. Malone, Karen Schwindt, Gregory Smith, Wesley Hurd, Henry Alexander Bradley, and James Gimbi, Four Governance Approaches to Securing Advanced AI, RAND Corporation, RB-A4159-1, 2026. As of February 11, 2026: https:\/\/www.rand.org\/pubs\/research_briefs\/RBA4159-1.html\n \n \n \n Chicago Manual of Style\n Mitch, Ian, Matthew J. Malone, Karen Schwindt, Gregory Smith, Wesley Hurd, Henry Alexander Bradley, and James Gimbi, Four Governance Approaches to Securing Advanced AI. Santa Monica, CA: RAND Corporation, 2026. https:\/\/www.rand.org\/pubs\/research_briefs\/RBA4159-1.html.\n \n \n \n \nRAND Global and Emerging Risks\n \nThis publication is part of the RAND research brief series. Research briefs present policy-oriented summaries of individual published, peer-reviewed documents or of a body of published work.This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org\/pubs\/permissions.\nRAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.",
    "ai_headline": "Four Governance Approaches to Securing Advanced AI",
    "ai_simplified_title": "RAND Researchers Analyze AI Security Governance Approaches",
    "ai_excerpt": "RAND researchers identified four governance approaches to strengthen security practices among AI developers: government-enforced standards, developer authorization, industry certification, and self-regulation. The study examines trade-offs between security and innovation, offering insights for policymakers.",
    "ai_subject_tags": [
        "Artificial Intelligence",
        "AI Security",
        "Governance",
        "Regulation",
        "Policy",
        "Compliance",
        "Risk Management"
    ],
    "ai_context_type": "Research",
    "ai_context_details": {
        "tone": "analytical",
        "perspective": "academic",
        "audience": "specialized",
        "credibility_indicators": [
            "peer_reviewed",
            "data_cited",
            "expert_analysis"
        ]
    },
    "ai_source_vector": [
        -0.031470098,
        0.0007222966,
        0.041189305,
        -0.065014236,
        0.02110447,
        0.018621907,
        -0.009819998,
        0.019236341,
        0.0027683435,
        -0.0008921905,
        -0.007725466,
        0.011638404,
        0.009346699,
        -0.004655938,
        0.122000866,
        0.018242871,
        0.0019990352,
        0.006268564,
        0.027749332,
        -0.0082904985,
        0.0055504097,
        -0.00085591304,
        -0.02073978,
        -0.04176178,
        -0.0064445473,
        -0.011250702,
        0.006803422,
        0.016427487,
        0.02741368,
        -0.010030694,
        -0.0027188715,
        -0.008928375,
        0.02235377,
        0.030024108,
        0.0128543535,
        0.026007403,
        0.015328158,
        -0.018990694,
        0.0027834426,
        0.014232058,
        0.021376245,
        0.005143617,
        0.0043207263,
        0.0024712894,
        0.009915109,
        0.024769511,
        0.0030898594,
        -0.0100590065,
        -0.01238416,
        0.0122433845,
        -0.020349028,
        -0.016891079,
        -0.0146040935,
        -0.16928884,
        4.9803602e-5,
        -0.009328427,
        0.005855722,
        -0.0070394245,
        0.01115072,
        -0.011489695,
        -0.03712538,
        0.023703711,
        -0.009718492,
        -0.015701013,
        0.014259416,
        -0.014840864,
        0.053745788,
        -0.0078114774,
        -0.009092543,
        0.005132783,
        0.0014644675,
        -0.007515739,
        0.016027221,
        -0.04060565,
        0.012711738,
        0.0013110493,
        -0.012590233,
        -0.008785024,
        -0.022632582,
        0.00055212394,
        -0.0071845804,
        -0.015393938,
        0.022622334,
        -0.0031305412,
        0.0037650487,
        -0.011315514,
        0.02539836,
        -0.018791307,
        -0.0005772024,
        0.0024980851,
        0.037869718,
        0.019316299,
        -0.028337182,
        0.021174822,
        0.007904397,
        -0.021859774,
        -0.0060433703,
        -0.014576136,
        0.008578943,
        -0.008598252,
        0.0010338662,
        -0.0069581987,
        0.014981524,
        -0.015858289,
        0.018898733,
        -0.018971346,
        -0.01659211,
        -0.044460695,
        0.010395269,
        0.010050935,
        0.010726996,
        -0.027659254,
        -0.009783639,
        0.017306158,
        0.008601752,
        -0.12979943,
        -0.015796836,
        -0.0011937225,
        0.02614932,
        -0.016713966,
        -0.021356897,
        0.010555949,
        0.029874643,
        0.01458378,
        0.018280739,
        -0.007212587,
        0.003566658,
        0.005304441,
        -0.0054732715,
        0.014792552,
        -0.017672757,
        0.0011659885,
        0.012972572,
        -0.0025324188,
        0.017661467,
        0.037844487,
        0.00587224,
        -0.01569331,
        -0.016645448,
        -0.03513902,
        -0.003150056,
        0.052965824,
        0.010244365,
        0.00041789064,
        -0.0077742464,
        0.015390289,
        -0.03924253,
        0.009179501,
        0.004091141,
        -0.017573016,
        0.030714205,
        -0.033047874,
        0.005138652,
        -0.0015842493,
        -0.003753463,
        -0.029278886,
        0.0027985123,
        0.017756537,
        0.011156876,
        0.0031268336,
        -0.032630134,
        -0.010083892,
        -0.015437442,
        0.011874408,
        0.0022857802,
        0.00864444,
        0.011180253,
        -0.0029065502,
        -0.0002347155,
        0.028649876,
        0.021566095,
        -0.026704662,
        0.02895897,
        0.011785601,
        -0.019571634,
        0.0110396445,
        0.027607296,
        0.0021822753,
        0.019028755,
        -0.043372337,
        0.018690083,
        0.014695328,
        0.008923726,
        -0.005426827,
        -0.0006010433,
        -0.014028749,
        -0.0058070268,
        -0.0024703776,
        0.0068402714,
        0.013986856,
        -0.049532797,
        0.0031365345,
        3.3276457e-8,
        -0.016216699,
        0.0030068844,
        -0.016441295,
        0.0034048192,
        -0.0051731863,
        -0.020732405,
        0.031641915,
        -0.013634808,
        -0.0035660784,
        0.01182678,
        -0.011653174,
        -0.00011336946,
        -0.024332719,
        0.007302059,
        -0.004157575,
        0.01794878,
        -0.015234453,
        -0.017240854,
        0.0037287371,
        0.019517753,
        -0.01990542,
        0.026295884,
        -0.0034584594,
        -0.0106393,
        -0.00721897,
        -0.011230634,
        -0.008777252,
        0.032752316,
        0.013035637,
        -0.012882503,
        0.010807946,
        -0.0024430684,
        -0.00047700602,
        0.014272498,
        -0.0052029984,
        -0.01383942,
        0.03517461,
        0.012155318,
        0.016362194,
        -0.008940092,
        0.014601169,
        0.03294676,
        0.008207071,
        0.005369835,
        0.01232375,
        0.035733793,
        3.444505e-5,
        -0.013202619,
        -0.0094577335,
        0.012728323,
        0.015129946,
        0.010140609,
        -0.017014183,
        -0.025695315,
        0.0013208356,
        0.009419417,
        0.0028630723,
        -0.013777825,
        -0.00984512,
        0.013717387,
        -0.027644629,
        -0.0019623877,
        0.0015898312,
        -0.007707056,
        0.002016543,
        -0.03561238,
        0.019734811,
        0.0027700835,
        0.029078672,
        -0.016923558,
        -0.016141724,
        -0.01097394,
        -0.018033002,
        0.026476111,
        0.028546356,
        -0.006568554,
        0.027565395,
        -0.024114884,
        0.026088882,
        0.0013541793,
        -0.0009767504,
        0.0007227431,
        -0.010500127,
        -0.0502455,
        0.033654407,
        0.0049627298,
        -0.01302811,
        0.010008136,
        0.012715075,
        -0.03088092,
        0.014338741,
        0.007105566,
        0.015868776,
        -0.017102936,
        -0.00018769513,
        -0.000630351,
        -0.009608487,
        -0.009299375,
        0.00048817517,
        -0.002674096,
        0.018570203,
        -0.0029003252,
        -0.006892078,
        -0.002807568,
        0.0134394,
        -0.014256738,
        0.013217538,
        0.014111263,
        -0.022951031,
        0.018834867,
        0.07305069,
        -0.0060155266,
        -0.004982566,
        -0.015152975,
        -3.9435537e-5,
        0.012928226,
        0.013105476,
        -0.030863436,
        0.012203603,
        0.0150590865,
        -0.002009685,
        -0.0046506813,
        0.008726825,
        -0.0038596962,
        -0.010999344,
        0.0067466875,
        0.0028472906,
        -0.0051898374,
        0.012035391,
        -0.0073250956,
        0.008704872,
        -0.017735803,
        0.0018230057,
        -0.02230225,
        -0.005462506,
        0.025969194,
        0.0013570051,
        -0.005642334,
        -0.012523329,
        0.017635474,
        -0.0075792926,
        0.015499561,
        0.001933851,
        0.017974917,
        -0.006446711,
        0.005526231,
        0.026878733,
        -0.00069381634,
        -0.014515361,
        -0.029597817,
        -0.0036649262,
        0.0042173984,
        0.018422525,
        0.032427404,
        -0.020350413,
        0.0060613095,
        -0.018171242,
        0.040066153,
        0.018336045,
        -0.005812097,
        -0.014791505,
        -0.026450709,
        0.010239319,
        0.013400594,
        -0.013986196,
        0.0039810487,
        0.0014975421,
        -0.0002336066,
        -0.021009743,
        0.003049566,
        -0.02862364,
        -0.0015373742,
        -0.03556916,
        -0.012517585,
        0.005478856,
        0.0064695654,
        -0.005271811,
        0.0019983149,
        0.00435186,
        -0.0055659185,
        -0.026030215,
        -0.014297915,
        -0.0043936395,
        0.011593876,
        0.022758557,
        -0.012835302,
        0.021251086,
        -0.010541956,
        0.031840436,
        -0.009027953,
        0.0029956172,
        -0.010718617,
        -0.008786147,
        0.0063584764,
        0.025606826,
        -0.005087416,
        0.005373314,
        -0.017496908,
        -0.01735882,
        -0.010888267,
        0.023285704,
        0.0106322635,
        0.02648859,
        -0.0015295137,
        0.009103596,
        -0.019504044,
        0.009185864,
        -0.007306914,
        -0.0031623535,
        0.0039312188,
        -0.011158174,
        -0.005447187,
        0.011628407,
        -0.011021635,
        -0.008128492,
        0.0031813306,
        -0.013284226,
        0.001763293,
        -0.011312786,
        0.016714059,
        -0.0056938916,
        0.014368313,
        0.026458884,
        0.0020724093,
        -0.013955849,
        0.028469915,
        0.0065778513,
        0.03412736,
        0.003163454,
        0.017662192,
        0.011726688,
        0.013021924,
        -0.017922362,
        -0.030160956,
        -0.017114261,
        0.022840869,
        0.0055860463,
        0.007899123,
        -0.0061535146,
        -0.0061786473,
        -0.011642285,
        -0.013671825,
        -0.011666252,
        -0.008129813,
        -0.0155016305,
        -0.024064548,
        -0.041054275,
        0.0069584744,
        -0.0092840325,
        -0.006494435,
        -0.0118621895,
        0.019839542,
        -0.00057858706,
        -0.016732162,
        0.0006150747,
        -0.042355817,
        0.027342493,
        -0.0035637089,
        0.0018675604,
        0.045017656,
        -0.013571498,
        -0.003094361,
        -0.003181703,
        -0.009628582,
        -0.010384626,
        0.020467624,
        0.0026036438,
        -0.029049283,
        0.0053871092,
        0.0052900375,
        0.00014117244,
        -0.011814644,
        0.006161832,
        -0.009926421,
        -0.043249443,
        0.0017187437,
        0.046033766,
        0.004049997,
        -0.006633631,
        -7.154267e-5,
        0.0018895813,
        0.01063155,
        -0.0037729356,
        -0.01440031,
        0.02129007,
        -0.0067588775,
        0.030868836,
        0.0072358306,
        -0.019051638,
        -0.05127776,
        -0.01025805,
        0.006590233,
        0.0077419723,
        -0.011049273,
        -0.014039951,
        -0.0022845168,
        0.011012035,
        0.033144243,
        0.023367131,
        0.0014953485,
        0.006990903,
        0.0023785776,
        -0.03215546,
        0.025892485,
        0.015703674,
        0.009063392,
        -0.022738641,
        -0.017283583,
        0.008207678,
        0.027664088,
        0.0147005655,
        -0.031314194,
        0.01757185,
        -0.0026820197,
        -0.013703796,
        0.011075896,
        -0.003998965,
        -0.01966587,
        0.018055607,
        -0.011243585,
        0.00038763328,
        0.009383217,
        -0.011753615,
        0.01604777,
        -0.008332817,
        -0.02206807,
        -0.021039447,
        0.0112277465,
        0.012709779,
        0.008586065,
        0.024821728,
        0.012222843,
        -0.022309896,
        0.025961282,
        0.019676585,
        0.023690565,
        0.0112068085,
        0.012452487,
        0.0072818915,
        0.009676761,
        -0.0063378257,
        0.008474259,
        -0.017473936,
        0.013621632,
        0.002207659,
        0.0024323494,
        0.013018109,
        0.003597503,
        -0.010555604,
        -0.032474596,
        -0.014628836,
        0.022941675,
        -0.083953716,
        0.008093527,
        0.004736703,
        -0.015952181,
        -0.008928704,
        -0.0003624922,
        0.03342891,
        -0.0008837505,
        0.015122505,
        -0.00092529325,
        0.00821548,
        -0.025957426,
        -0.008826798,
        0.0045974078,
        -0.024211297,
        -0.010474169,
        0.014935339,
        0.011660446,
        0.014102238,
        -0.038640827,
        0.026089555,
        -0.035016164,
        0.013031082,
        -0.0029620347,
        -0.020471381,
        -0.019223554,
        0.00944032,
        -0.013469903,
        -0.022710145,
        -0.0068051293,
        0.012647506,
        0.006783048,
        0.019071339,
        0.021236416,
        -0.007127817,
        -0.016943663,
        0.027700525,
        -0.03143505,
        0.021802055,
        0.020599341,
        -0.02634579,
        0.019559229,
        -0.0040354184,
        0.00016552492,
        -7.578175e-5,
        0.0053531374,
        -0.013060256,
        0.0116690975,
        0.011290087,
        0.03635309,
        -0.025354804,
        -0.0022350014,
        -0.022932177,
        -0.022881145,
        -0.018662822,
        -0.021089077,
        -0.020579247,
        0.015965402,
        -0.005329666,
        0.023494245,
        -0.0063062743,
        -0.026717184,
        -0.014752764,
        0.027479868,
        -0.030512428,
        -0.0033479508,
        0.016606517,
        0.017948655,
        0.013584035,
        -0.024415903,
        0.0067837117,
        -0.03763969,
        -0.0057626944,
        -0.00965385,
        -0.0012701442,
        0.013408914,
        -0.00093507237,
        0.0078107095,
        -0.004511017,
        -0.012931938,
        -0.004922064,
        -0.024141615,
        -0.10403871,
        -0.010364652,
        0.0022245473,
        -0.009910912,
        0.0049140616,
        -0.0006403369,
        0.0038610594,
        -0.022017209,
        0.017266773,
        -0.02785635,
        0.0051450892,
        0.008843827,
        -0.022363976,
        -0.02389972,
        -0.0014200774,
        0.0027593889,
        -0.037096016,
        0.03541846,
        0.02180024,
        -0.00010729994,
        0.005087026,
        0.008618618,
        0.01389029,
        0.026434822,
        -0.033658214,
        -0.0013866192,
        0.0065708887,
        -0.0110614095,
        0.020805925,
        -0.006095914,
        -0.0026499275,
        -0.15131749,
        0.010408301,
        -0.019634921,
        0.006547234,
        -0.0012578053,
        0.0028861884,
        -0.010432911,
        0.001717259,
        0.0070634605,
        -0.010629516,
        0.029151347,
        -0.007922781,
        -0.026669329,
        -0.011062608,
        -0.011505958,
        0.11580994,
        -0.017737815,
        -0.001002051,
        -0.0043694945,
        -0.043485276,
        -0.0005973968,
        0.0014698289,
        -0.03853542,
        0.005862733,
        0.007890805,
        -0.00081689405,
        0.034412947,
        -0.024069782,
        0.022742108,
        -0.009115492,
        0.027454143,
        0.0004842659,
        -0.009806735,
        -0.033236686,
        0.018443469,
        -0.015183896,
        -0.009981689,
        -0.014131032,
        0.00034115685,
        -0.0060972515,
        -0.00081410166,
        0.028207878,
        0.008163897,
        0.0061375746,
        -0.017844394,
        -0.0005664377,
        0.024892662,
        0.0002721427,
        0.031876557,
        0.010770655,
        -0.0051398217,
        -0.05944891,
        0.033933252,
        -0.0111643,
        0.032067075,
        0.0152620515,
        -0.016173186,
        -0.013191924,
        0.007673842,
        -0.004130265,
        0.040967368,
        -0.0069503454,
        -0.013150527,
        0.0059328103,
        -0.013085391,
        0.0002887863,
        -0.009451235,
        -0.0031152868,
        0.013355063,
        -0.0045483084,
        -0.002891881,
        0.004104795,
        0.0009911966,
        0.0017802804,
        -0.001298573,
        -0.001555923,
        -0.0031190023,
        0.011214233,
        -0.007414513,
        0.009783414,
        0.0004109175,
        -0.002597158,
        -0.00900547,
        -0.008245071,
        -0.013934585,
        -0.006432078,
        0.0072247456,
        -0.03029237,
        -0.01789696,
        0.010691974,
        -0.0062007476,
        0.03238388,
        -0.003272098,
        0.0021923836,
        0.002322228,
        0.004304094,
        -0.018847337,
        0.013347861,
        0.017833082,
        0.00096894585,
        -0.00281645,
        -0.0058307946,
        -0.0027717708,
        -0.037200455,
        -0.01477759,
        -0.00073167786,
        0.023833206,
        0.043647785,
        -0.011217159,
        0.012787964
    ],
    "ai_confidence_score": 0.9999999999999999,
    "ai_extraction_metadata": {
        "extracted_at": "2026-02-15T17:18:28.343174Z",
        "ai_model": "gemini-2.0-flash-lite",
        "extraction_method": "automated",
        "content_length": 23424,
        "url": "https:\/\/rand.org\/pubs\/research_briefs\/rba4159-1.html",
        "existing_metadata": {
            "author_name": null,
            "published_at": null,
            "domain_name": null,
            "site_name": null,
            "section": null,
            "publisher": null
        }
    }
}

{
    "extracted_at": "2026-02-15T17:18:28.343174Z",
    "ai_model": "gemini-2.0-flash-lite",
    "extraction_method": "automated",
    "content_length": 23424,
    "url": "https:\/\/rand.org\/pubs\/research_briefs\/rba4159-1.html",
    "existing_metadata": {
        "author_name": null,
        "published_at": null,
        "domain_name": null,
        "site_name": null,
        "section": null,
        "publisher": null
    }
}