Strategic Report  ·  2026-07-02

Insights from table-top exercises in Europe on AI safety and cyber misuse

Strategic ReportHigh impactEuropean Union
Published 1 July 2026 by RAND Europe in collaboration with the UK AI Security Institute and Mila (Quebec AI Institute), this report presents findings from three structured table-top exercises (TTXs) using RAND's 'Day After' methodology, conducted with 15–20 senior Cabinet-level government policymakers each in Germany, the Netherlands, and France. Each session simulated an AI-enabled national cybersecurity crisis involving a fictional government-backed frontier model (FlowGPT) exploited at scale for cyberattacks; a second turn introduced an equivalent open-weight model with minimal safety constraints, eliminating the governance leverage available in turn one. Across all three nations, six recurring challenges emerged: defining a national crisis threshold for AI-enabled cyberattacks; the political cost of acting against a state-backed AI champion; inability to independently evaluate model risks; difficulty governing open-weight model diffusion; hardening critical infrastructure; and coordinating with allies on threat intelligence. The report's priority recommendations centre on pre-agreed escalation thresholds, systematic cyberdefence reviews, independent state technical capacity to evaluate AI risks, and multilateral frameworks for governing open-weight models.
This is one of the first empirical studies of how senior European governments actually respond to an AI-enabled national security crisis, revealing concrete governance gaps — particularly the absence of independent state capacity to evaluate frontier model risks — that CISOs and policy teams should address now before a real incident forces improvisation.
Share the six recurring governance challenges with the security and risk committee; assess whether your organisation (or relevant national authority) has independent technical capacity to evaluate AI model risks, and engage with emerging multilateral open-weight governance frameworks.
Sources
Report Landing Page — RANDFull Report PDF — RAND
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →