Anthropic and AE Studio's GRAM method enables modular AI access control, isolating dangerous knowledge
New technique GRAM lets you switch dangerous AI knowledge on/off like a light.
Frontier AI models possess knowledge that can be misused for harmful tasks like bioweapons or cyberattacks. Current defenses—refusals, classifiers, and tiered access—have drawbacks: refusals can be jailbroken, and tiered access forces a coarse trade-off between capability and safety. To address this, researchers at AE Studio and Anthropic developed Gradient Routed Auxiliary Modules (GRAM), a method that confines dangerous knowledge to specialized modules that can be toggled on or off. This allows a single model to approximate multiple models trained on different filtered datasets, enabling fine-grained access control without retraining separate models.
In experiments, GRAM was tested on a synthetic dataset of children’s stories (26M parameters) and on real-world dual-use data including virology, cybersecurity, nuclear physics, and specialized code (800M-parameter model). Results show that switching a topic off in GRAM performs similarly to training a model from scratch without that data. The method scales from 50M to 5B parameters, and a single GRAM model can match the performance of five distinct filtered models. Importantly, this is preliminary research not yet applied to production at Anthropic, but it offers a promising path toward safer, more flexible AI deployment.
- GRAM isolates dangerous knowledge to switchable modules, enabling per-user access control without retraining.
- A single GRAM model approximates five separate models trained on different filtered datasets (virology, cybersecurity, nuclear physics, code).
- Method validated on models up to 5B parameters; still preliminary and not in production at Anthropic.
Why It Matters
Enables granular AI access control per user trust level, reducing misuse risk without sacrificing model capability.