Research Proposes Hypervisor Architecture to Isolate Malicious AIs

A study titled "Guillotine: Hypervisors for Isolating Malicious AIs" proposes a hypervisor-type architecture to isolate powerful AI models that could pose existential threats to humanity. This architecture, named Guillotine, uses known virtualization techniques but also introduces new isolation mechanisms to counter specific threats posed by existential risk AIs. For example, a malicious AI could attempt to introspect the hypervisor software or underlying hardware to subvert the control plane. Therefore, Guillotine requires careful design of the hypervisor software and hardware components (CPU, RAM, NIC, storage devices) to prevent side-channel leaks and eliminate reflection-based vulnerabilities. Additionally, Guillotine must provide physical security devices, such as electromechanical disconnection of network cables or flooding a data center housing a malicious AI, to ensure defense in depth.