OpenAI published evidence that reinforcement learning on a few "beneficial traits" makes a model broadly safer in domains it never trained on, improving 44 of 53 evaluations. Google DeepMind shipped a control roadmap that treats its own agents as insider threats. And the binding rules kept hardening as Vermont moved to prohibit therapy chatbots and Illinois advanced first-in-the-nation safety audits.
Key Takeaways
-
Alignment can generalize. OpenAI's beneficial-trait RL improved a model across 44 of 53 evaluations — including ones it was never trained against — the first solid sign that good behavior transfers across domains rather than overfitting a benchmark.
-
Labs now plan for their own agents going rogue. DeepMind's AI Control Roadmap adapts MITRE ATT&CK to a million coding-agent tasks and assumes misalignment by default — but found most flagged events came from overeager agents, not malice.
-
Retrieval is the cheapest attack surface. Cornell researchers poisoned ChatGPT and Google's AI deep-research answers with as few as 13 words in a single Reddit comment, exploiting the roughly half of queries that cite user-generated content.
-
State chatbot law is hardening fast. Vermont's H.816 (signed June 17) prohibits the use of therapy chatbots; Illinois SB 315 would be the first US law mandating third-party audits of frontier safety protocols.
-
Europe answered the export shock with a model, not a memo. The EU picked a consortium to build a 400-billion-parameter open-source frontier model across all 24 official languages, pitched as AI "on its own terms."
The Big Story
OpenAI: reinforcing beneficial traits made a model safer across 44 of 53 benchmarks and held under adversarial pressure · OpenAI · June 18, 2026
→ OpenAI trained models with RL toward broad "beneficial traits" rather than to pass specific tests, and the aligned behavior generalized to domains held out of training, improving 44 of 53 internal and external evaluations spanning deception, honesty, and reward hacking. The mechanism is what matters: most RLHF gains are narrow, teaching a model to satisfy a grader rather than internalize a disposition, which is why jailbreaks and fine-tuning so easily strip safety off. OpenAI reports the opposite — "selective persistence," where the model stayed steerable toward beneficial behavior but grew harder to push toward deception and reward hacking under adversarial persona prompts and harmful fine-tuning. The result is a lab self-report, not yet independently replicated — but if it holds, it is the most concrete rebuttal this year to the assumption that scaling capability necessarily outruns scaling control.
Also This Week
Vermont's H.816 prohibits the use of therapy chatbots as Gov. Phil Scott signs it into law · Transparency Coalition · June 18, 2026
→ Governor Phil Scott signed H.816 on June 17 — a law that "prohibits the use of therapy chatbots" — moving Vermont to treat a deployed AI use-case as prohibited rather than merely disclosed, the template other states are now drafting against.
Illinois SB 315 would be the first US law to require third-party audits of frontier model safety protocols · Transparency Coalition · June 18, 2026
→ Branded "The Artificial Intelligence Safety Measures Act," SB 315 would be "the first in the nation to require third-party audits of frontier model safety protocols" — converting the labs' voluntary safety frameworks into an auditable legal obligation, "trust us" replaced by "show an auditor."
EU selects the Domyn-led EUROPA consortium to build a 400-billion-parameter open-source model in all 24 official languages · European Commission · June 19, 2026
→ The Commission picked the Domyn-led EUROPA consortium to build a model with "more than 400 billion parameters" as an open system, with EVP Henna Virkkunen saying Europe can "lead in advanced AI on its own terms" — a sovereignty answer to the week's US export-control anxiety, with the safety trade-offs of open weights left unspecified.
From the Lab
Google DeepMind's AI Control Roadmap treats agents like rogue insiders — and finds most "misbehavior" is overeagerness · Google DeepMind · June 18, 2026
→ DeepMind builds on the MITRE ATT&CK framework for AI agents and layers a defense-in-depth stack — sandboxing, prompt-injection resistance, alignment training, and system-level monitoring that assumes the agent may be misaligned. Across a million analyzed coding-agent tasks, "the majority of flagged events do not stem from adversarial intent" but from agents misreading goals or pushing too hard to satisfy a user — the boring failure mode that actually deletes your files. The sharper part is the forward warning: the roadmap designs for the point at which a model gains "oversight awareness" and reasons without visible text, the clearest admission yet that frontier labs no longer assume their own agents are trustworthy by default.
Worth Reading
- It Is Trivially Easy to Use Reddit to Manipulate AI Search, Cornell Research Suggests — Cornell research shows 13 words in a single Reddit comment can steer ChatGPT and Google's AI deep-research answers across an entire cluster of related queries — read it before you trust an agent's citations.
The labs spent this week proving they can measure safety and proving they don't trust their own agents — both can be true, and it's the most honest the field has sounded all year.
— Alexis