Measuring AI R&D Automation

AI forecasting capabilities could help to manage CBRN uplift capabilities, by predicting when and how malicious actors might carry out attacks. If forecasting is easier to automate than CBRN capabilities, then AIRDA would yield a net benefit by providing stronger defences at any given level of CBRN uplift.

Safety and security research could facilitate the use of defensive capabilities (e.g., by ensuring that systems follow user instructions) or directly constrain offensive capabilities (e.g., through misuse safeguards). However, safety may be harder to accelerate than capabilities because safety is more difficult to measure. For example, attempts from AI systems to hide misbehaviour could make it hard to assess whether safety is actually improving (Greenblatt et al., 2024; Meinke et al., 2025). If so, accelerated capabilities progress could outstrip the development of necessary safeguards, which could result in a net harm. Even if AIRDA differentially accelerates offensive capabilities, the resulting equilibrium could be stable if using the capability results in catastrophic harm. For example, some scholars argue that the spread of nuclear weapons has improved peace through deterrence (Waltz, 1981), though others dispute this claim (Sagan & Waltz, 2003). An additional nuance is that many capabilities are dual-use: for example, AI systems that identify software vulnerabilities could strengthen both defensive cybersecurity and offensive attacks. In such cases, a key question is whether AIRDA affects the extent to which defensive applications can be deployed before harmful uses proliferate. Second, human and institutional responses to advanced AI operate on timescales that may not accelerate alongside AI progress itself. Understanding a new technology’s effects and developing appropriate responses already takes years; accelerated capability gains could leave institutions even less prepared than they are now. For instance, accelerated AI progress could displace workers faster than they can retrain and adapt (Korinek & Suh, 2024; Manning & Aguirre, 2026; Bengio et al., 2026). Rapid progress could also push decisionmakers toward hasty or poorly-informed responses, such as overly broad or unenforceable restrictions on AI development. That said, accelerated progress could also galvanize policy attention and reforms, and advances in defensive capabilities like forecasting could aid adaptation (Schoenegger et al., 2024; Karger et al., 2025).

exercise informed control over it in order to produce desired outputs, such as by reviewing AI-generated outputs for errors. In other words, oversight is about both a particular state (i.e., understanding) and a particular act (i.e., exercising control). An actor performs oversight to the extent that they exercise such control. We ultimately care about the oversight gap: the difference between how much oversight is needed over the AI R&D process (“oversight demand”)3 and how much oversight is actually achieved. A factor that could affect the gap is oversight capacity: the ability to achieve oversight, encompassing both the ability to understand the R&D process (e.g., having sufficient expertise) and the resources available for exercising control (e.g., human labour, monitoring tools). Crucially, oversight capacity does not directly translate into oversight achieved: factors such as financial costs or negligence could lead organizations to forgo oversight. We analyse how AIRDA could affect the oversight gap by changing oversight capacity, the level of oversight achieved, or oversight demand. 3Oversight could improve the safety of and provide assurance about the AI R&D process, but could, for example, impact research productivity or impose financial or other costs. Different actors could have different preferences about how to make these trade-offs. To sidestep this issue, we focus on changes to oversight demand rather than its absolute level. decreases increases Deskilling and fewer human researchers AIs are more error-prone Oversight demand Oversight capacity AIs are less errorprone Difficult-tounderstand outputs decreases Freeing up researcher time Higher-stakes AI R&D decisions More data that can be reviewed AI-enabled oversight tools increases Confusion about rapid AI progress More outputs requiring review Continuous monitoring of AIs Oversight gap could affect could affectFigure 3: AI R&D automation could decrease or increase the oversight gap by changing oversight capacity, the level of oversight achieved (not depicted for simplicity), or oversight demand. Note that oversight capacity may not directly translate into oversight achieved (e.g., companies decide to forgo oversight due to financial or time costs).

By automating routine tasks such as writing code or running experiments, AIRDA could allow human researchers to spend more time on oversight.4

AI systems generate extensive logs, chains of thought, activations, and other intermediate outputs that make their work more transparent and auditable than equivalent human work.

AIRDA could accelerate the development of automated AI oversight tools (Choi et al., 2024; Fronsdal et al., 2025; 2026), which could be more effective than humans at carrying out oversight or could do so more cheaply.

Continuous monitoring is not practical or socially acceptable for humans, but is feasible for AI agents and is actively being explored (OpenAI, 2026; Anthropic, 2026a). Decreasing oversight demand:

More capable AI systems could be less error-prone than humans.

The results of automated AI research could potentially be more difficult for humans to understand (e.g., results might use novel mathematics), or AI-introduced errors could be more difficult for humans to notice.

AIRDA could motivate companies to reduce the number of human researchers involved in AI R&D. As a result, there might be less human labour available to carry out oversight activities.

AIRDA could reduce hands-on involvement in AI R&D. If so, human researchers could lose the detailed, ground-level understanding of systems and codebases needed to identify errors. There might also be reduced oversight in practice (e.g., giving instructions to coding agents without supervising their activities), which would decrease the level of oversight achieved.

Accelerated AI progress could make it difficult for humans to understand the AI R&D process and make informed decisions (e.g., time pressure leads to carelessness).

If AIRDA results in radically fewer human researchers, decisions to develop and deploy potentially dangerous capabilities could concentrate into the hands of a handful of humans with limited internal or external checks (MacAskill & Moorhouse, 2025), leading to reduced oversight at a societal level. Increasing oversight demand:

AI systems could be more error-prone than humans (Cotroneo et al., 2025), for reasons including capability limitations, adversarial interference (e.g., poisoning training data), or reward hacking (Betley et al., 2026; MacDiarmid et al., 2025).

Automated researchers can work faster than humans and generate a larger volume of experiments, code, and decisions requiring review per unit time.

If AIRDA results in faster AI progress, individual R&D decisions could be higher stakes. For example, a decision to develop the next model could result in much larger capability jumps than occur today. 4 Metrics for AI R&D Automation We propose metrics to track the extent of AI R&D automation, the rate of AI progress, and changes in oversight, focusing on the uncertainties identified in the previous section. For the extent of AIRDA, the metrics track:

Capability evaluations as leading indicators of whether AI R&D could be automated (Metrics #1, #2)

The extent of AI R&D automation in practice (Metrics #6, #7, #8)

Other organizational and operational indicators of AI R&D automation (Metrics #11, #12, #13, #14) For AI progress, the metrics track both the overall rate of AI progress and the rate of safety progress relative to capabilities progress (Metrics #1, #2, #5, #6, #11). For oversight, we track oversight capacity, how much oversight is actually achieved, and oversight demand (the latter two of which give us the oversight gap). More specifically, the metrics track:

How human researchers spend their time (Metrics #6, #8)

The extent to which AI systems help with oversight (Metrics #3)

Whether AI systems act in ways that increase the demand for oversight (Metrics #4, Metric #9, #10)

Headcount and performance of human researchers (Metric #11)

The extent to which AI systems are involved in significant decisions or actions (Metrics #7, #14) Many of these metrics are most useful in combination. For example, an increase in the use of AI for highstakes decisions (Metric #7), coupled with an increase in the defects of AI-generated R&D outputs (Metric #9), could raise significant concerns. In the rest of this section, we describe what each metric tracks and analyze feasibility, limitations, and information sensitivity considerations. Sensitivity considerations could warrant sharing certain metrics only with a limited group of actors, such as key government decision makers. We summarize the metrics in Tables 2 to 5. Table 2: Experimental metrics for measuring AI R&D automation. Metric Description Extent of AIRDA AI Progress Oversight Capacity Oversight Achieved Oversight Demand What remains to be done Metric #1: AI performance on AI R&D evaluations AI performance on evaluations of capabilities directly relevant to AI R&D work, such as replicating ML papers and picking research ideas to test. ✓ Leading indicator of AI systems’ potential to perform AI R&D. ✓ Can compare improvements on safety research tasks to capabilities research tasks. Developing more evaluations for non-softwareengineering tasks and safety and security research tasks. Metric #2: AI performance on AI R&D evaluations compared to humans and human-AI teams (“AI R&D Performance RCTs”) Performance differences between human-AI teams, human-only teams, and AI-only teams on AI R&D tasks. ✓ Superior AI-only performance suggests greater AIRDA potential. ✓ Can compare improvements on safety research tasks to capabilities research tasks. ✓ Depending on the interaction protocol, superior human-AI performance can suggest non-negligible oversight demand. Broadening coverage of AI R&D tasks and running more comparisons between AI systems and human-AI teams. Metric #3: Oversight red-teaming experiments Evaluations for whether oversight systems used in production would catch an AI system that is directed to subvert the R&D process, such as by attempting to sabotage experiments. ✓ Measures ability to catch attempts to subvert the AI R&D process. Developing and running evaluations specific to internal infrastructure. Metric #4: Misalignment evaluations Evaluations measuring propensities and capabilities relevant to misaligned behaviour, including alignment faking, sycophancy, sabotage, and reward hacking. ✓ Greater misalignment increases oversight demand. Developing evaluations that are more representative of realistic AI R&D workflows. Metric #5: Compute efficiency improvements The year-over-year percentage reduction in the amount of compute needed to achieve a given level of performance on capability (including AI R&D) evaluations. ✓ Can measure efficiency improvements on AI R&D tasks. ✓ Directly tracks AI progress. Calculating efficiency improvements from existing data. Potentially running additional evaluations. Table 3: Survey-based metrics for measuring AI R&D automation. Metric Description Extent of AIRDA AI Progress Oversight Capacity Oversight Achieved Oversight Demand What remains to be done Metric #6: Staff views on AI use and productivity boosts Researchers’ self-reported AI use patterns and productivity gains across different AI R&D task categories. ✓ Elicits self-reported AI usefulness across R&D tasks. ✓ Can compare productivity boosts across teams (e.g. safety vs. pre-training teams). ✓ Can ask how helpful AI is for oversight tasks. Designing questions and establishing a regular cadence for running surveys. Metric #7: Extent of AI use in high-stakes decisions Survey of how AI is involved in high-stakes R&D decisions, such as research agenda prioritization, training runs, and deployment decisions. ✓ Selfreported signal of AI involvement in key decisions. ✓ Can ask about how much oversight is exercised over AI involvement in high-stakes decisions. ✓ Significant AI involvement suggests greater oversight demand. Identifying high-stakes R&D decisions. Designing surveys and running them each time such decisions are made. Table 4: Operational metrics for measuring AI R&D automation. Metric Description Extent of AIRDA AI Progress Oversight Capacity Oversight Achieved Oversight Demand What remains to be done Metric #8: Researcher time allocation (“AI-powered Toggl”) How human researchers allocate time across different R&D activities, measured via automated time tracking software. ✓ Captures potential impacts of AIRDA on researcher time allocation. ✓ Can measure time spent on oversight activities. Developing and deploying time-tracking software, managing privacy concerns. Metric #9: Oversight effectiveness retrospectives The proportion of AI-generated R&D outputs (e.g. production code, experimental analyses) that have defects, stratified by level of oversight. ✓ Tracks oversight activities on outputs. ✓ Tracks oversight gap directly, and oversight demand indirectly if level of oversight is held constant. Building a tracking/tagging pipeline and establishing a regular data analysis schedule. Metric #10: AI subversion incidents The number and severity of incidents in which AI systems attempted to subvert real AI R&D processes, such as by sabotaging experiments or hiding misbehaviour. ✓ An increasing rate of subversion incidents indicates growing oversight demand. Defining what counts as a subversion incident and building detection infrastructure. Table 5: Organizational metrics for measuring AI R&D automation. Metric Description Extent of AIRDA AI Progress Oversight Capacity Oversight Achieved Oversight Demand What remains to be done Metric #11: Headcount of AI researchers and the distribution of their performance The number and seniority of AI researchers at frontier AI companies, along with the distribution of their performance, as estimated, for example, by salaries or compute budgets. ✓ Decreased headcount suggests increased AIRDA. ✓ Useful AI tools could lead to a widening performance distribution. ✓ Decreased headcount or performance could reduce oversight capacity. ✓ Decreased headcount could reduce how much oversight is performed. Aggregating and presenting existing data. Metric #12: Distribution of compute usage How compute is distributed across various AI R&D activities. ✓ AIRDA could shift compute use towards internal inference. Developing systems to classify compute use. Metric #13: Capital share of AI R&D spending Compute expenditure as a percentage of total AI R&D spending. ✓ Rising capital-tolabour ratio could signal increasing automation. Calculating and reporting the metric. Metric #14: AI permission lists A list of which actions AI systems are authorized to take with different levels of human approval or review, including where none is required. ✓ Automation is potentially higher if AI systems are permitted to take significant actions autonomously. ✓ Oversight demand may be higher if AI systems are permitted to take significant actions without human review. Defining actions of interest, collecting permissions across teams, and updating the list regularly.

Ecological validity: Benchmarks do not fully capture R&D work, which involves ambiguous objectives, longer time horizons, coordination across projects, and messier feedback loops. As such, raw performance numbers can tell us that we are getting closer to AIRDA, but might not tell us how far away we are.

Data contamination: Some evaluations are drawn from public sources (e.g., GitHub, Kaggle, published papers) and could therefore leak into training sets. As a result, this metric could overestimate AI R&D capabilities.

Autonomous evaluations only: These benchmarks evaluate AI agents working independently, but human-AI collaborative teams may better reflect how AI will actually be integrated into R&D work (see Metric #2).

Setup sensitivity: Results can depend on factors such as the task setup and agent scaffolding, making comparisons across setups difficult (Zhu et al., 2025).

Saturation: Evaluations can become quickly saturated. For example, Claude Opus 4.6 has saturated all of Anthropic’s cyber evaluations (Anthropic, 2026b). Sensitivity: Low. Organizations with strong performance will likely share results voluntarily for marketing and recruiting, but weak results could be omitted or selectively reported. What remains to be done: Developing more evaluations for tasks not related to software engineering, such as idea generation and curation, and for tasks that may be more relevant to safety and security research than capabilities research (e.g., interpretability, red-teaming). 4.1.2 Metric #2: AI performance on AI R&D evaluations compared to humans and human-AI teams (“AI R&D Performance RCTs”) Extent of AIRDA AI Progress Oversight Capacity Oversight Achieved Oversight Demand ✓ ✓ ✓ Description: This metric measures performance differences between human-AI teams, human-only teams, and AI-only teams on AI R&D tasks. The human-AI collaborative teams should have predefined interaction protocols (e.g., humans can review AI outputs, redirect approaches, provide context, or take over subtasks). Both absolute performance in each group and the gap between groups should be reported. Significance: Superior performance of AI-only teams would indicate greater potential for AIRDA. Superior human-AI performance would indicate that humans still provide value to AI R&D, but more precise implications would depend upon the human-AI interaction protocol. For example, if the protocol mostly involves a human overseeing AI work, superior human-AI performance would indicate that human oversight still meaningfully improves outputs. On the other hand, we would not obtain information about oversight if humans and AI systems mostly complete tasks in parallel without interacting. Feasibility: Moderate. Although some organizations have begun conducting related studies (Becker et al., 2025; 2026; Dell’Acqua et al., 2023; Brynjolfsson et al., 2023; Noy & Zhang, 2023; Metr, 2025b), humanAI evaluation requires substantial effort and cost, including recruiting human participants with relevant expertise (expensive for skilled ML or SWE tasks), designing standardized collaboration protocols, and running parallel AI-only and human-AI evaluations on matching task sets. However, where a human expert baseline already exists, the additional cost of comparing it to an AI-only evaluation is minimal. Furthermore, a lighter-weight, but less objective, version of this metric might instead be based on researchers’ self-reports rather than experiments (see Metric #6). Limitations:

Problems with evaluations: Because this metric is also based on evaluations, it inherits many of the same limitations as Metric #1, such as ecological validity and setup sensitivity.

Comparability over time: Human participants have different skills and human performance is less reproducible than AI performance. As such, it could be difficult to compare RCT results over time.

Dependence on human expertise levels: The gap between teams will vary with human expertise level. Results should clearly specify the skill level of human participants.

Performance gaps likely depend on task selection: Some tasks inherently favor collaboration (ambiguous, long-horizon problems), while others favor autonomous execution (well-defined, parallelizable work). The metric is most informative when tracked across diverse task types. Sensitivity: Low to moderate, depending on the results. Results showing that human-AI teams substantially outperform AI-only systems could undermine marketing claims about AI agents. Moreover, superior performance of AI-only systems could motivate public concerns about unemployment or a potentially uncontrollable intelligence explosion (MacAskill & Moorhouse, 2025). What remains to be done: Covering a broader array of AI R&D tasks in future studies. In principle, every benchmark used in Metric #1 could also be used for this metric. 4.1.3 Metric #3: Oversight red-teaming experiments Extent of AIRDA AI Progress Oversight Capacity Oversight Achieved Oversight Demand ✓ Description: In controlled experiments, this metric measures how often an organization’s oversight systems would catch an AI system explicitly instructed to subvert normal R&D workflows, such as by attempting to sabotage experiments, insert backdoors, or manipulate evaluation results. The metric is reported as the percentage of subversive actions that are detected, both overall and by task category. Significance: All else equal, oversight systems that are more capable of detecting subversion attempts in test deployments will likely be more effective during the real R&D process. However, because this metric involves controlled experiments, it does not quite measure the level of oversight achieved. Feasibility: Low to moderate. Implementation requires a sandboxed R&D environment mirroring production workflows, models fine-tuned or prompted to attempt specific behaviours, and instrumentation to log both attempted actions and detection events. Some related evaluations exist (Inglis et al., 2025), but may not necessarily reflect real production workflows. A related line of work uses red teams to embed hidden objectives in a language model, with blue teams attempting to detect them (Marks et al., 2025). Limitations:

Does not measure propensity: The metric does not capture whether AI systems would attempt subversion unprompted. Prompting AI systems to be subversive might produce behaviours that would not surface during normal use of AI for R&D.

Reduced realism: Testing must occur in sandboxed environments to prevent actual harm, which may reduce realism and potentially affect model behaviour. Sensitivity: Low to moderate. Aggregate results would be less sensitive than breakdowns that reveal specific attack vectors. Organizations with strong detection rates might selectively share results to demonstrate security/oversight maturity. What remains to be done: Making evaluations specific to internal company infrastructure. 4.1.4 Metric #4: Misalignment evaluations Extent of AIRDA AI Progress Oversight Capacity Oversight Achieved Oversight Demand ✓ Description: This metric measures AI systems’ propensities and capabilities relevant to misaligned behaviour in AI R&D environments. Misaligned behaviours could include alignment faking (Greenblatt et al., 2024), scheming (Meinke et al., 2025), sabotage (Benton et al., 2024; Ward et al., 2025), and reward hacking (Betley et al., 2026). Significance: Greater misalignment increases oversight demand. Feasibility: High. Many AI companies and external organizations already run such evaluations (OpenAI, 2025a; Anthropic, 2025b; Google DeepMind, 2025b; Ward et al., 2025; Betley et al., 2026; MacDiarmid et al., 2025). Limitations:

Lack of generalizability: Differences between evaluation environments and real AI R&D workflows could limit the informativeness of evaluations. For example, real R&D workflows likely involve lengthier, more complex interaction patterns than can be simulated in an evaluation.

Evaluation gaming: Data leakage or attempts to train on evaluations could make this metric less informative.

Evaluation awareness: Frontier models increasingly recognize when they are being evaluated and condition their behaviour accordingly (Meinke et al., 2025). As a result, misalignment evaluations could underestimate the degree of misalignment in practice. Sensitivity: Low to moderate. As noted above, several AI companies already publish misalignment evaluation results in system cards. However, high misalignment scores in the future could reflect poorly on their products. What remains to be done: Developing evaluations that are more representative of realistic AI R&D workflows. 4.1.5 Metric #5: Compute efficiency improvements Extent of AIRDA AI Progress Oversight Capacity Oversight Achieved Oversight Demand ✓ ✓ Description: This metric measures the year-over-year percentage reduction in the amount of compute (FLOP) needed to achieve a given level of performance on capabilities (including AI R&D) evaluations. For example, if achieving a fixed benchmark score requires half as much compute this year as last year, that represents a 2x improvement in compute efficiency. This metric could be reported either as an industrywide aggregate or on a per-company basis. Ideally, improvements in both training compute efficiency and inference compute efficiency should be reported. Significance: Compute efficiency improvements on AI R&D tasks could be a signal of AIRDA. This metric also directly tracks AI progress: if AIRDA increases the pace at which algorithmic or data improvements are created, one expected signal would be large and sustained increases in compute efficiency. Feasibility: Moderate to high, depending on whether companies need to run new evaluations and train new AI systems. The core methodology involves comparing the performance of models trained or run with various compute budgets (Hernandez & Brown, 2020; Davidson et al., 2023; Ho et al., 2024; Ho & Berg, 2025; Ho et al., 2025; Whitfill, 2025; Gundlach et al., 2025). Obtaining accurate estimates of efficiency improvements could require training additional AI systems that companies will not use in production. The cost could potentially be reduced by focusing on improvements in post-training rather than pre-training. Furthermore, incomplete estimates based on existing evaluations and training runs could still be informative. Limitations:

Limitations of evaluations: This metric inherits the limits of evaluations discussed for Metric #1, such as benchmark saturation and inconsistencies in evaluation set-ups.

Does not capture performance ceiling: Compute efficiency measures how cheaply a given performance level can be achieved, but it says nothing about the maximum performance attainable. For example, it could become cheaper over time to reach 50% on a benchmark, while the best achievable score remains stuck at 75% year over year.

Attribution difficulties: This metric does not distinguish between the causes of observed efficiency gains, which could be due to factors such as algorithmic improvements, improvements in data quality, or scaling up training compute. If observed gains are due to scaling up training compute, acceleration of AI progress may not necessarily be attributable to AIRDA. Sensitivity: Low to moderate. Leading companies may report the metric as a positive signal of their research capabilities (e.g., to advertise their products or attract talent), while lagging companies may hesitate to reveal their relative standing. Sensitivity decreases further if reported as an industry-wide aggregate. What remains to be done: Calculating efficiency improvements from existing data. Potentially running additional evaluations. 5Some algorithmic improvements could be scale-dependent: they provide much larger efficiency gains as compute is scaled up. For example, Gundlach et al. (2025) compare transformers to LSTMs, finding a 6.3x efficiency improvement at 1015 FLOP and a 26x improvement at 3 · 1016 FLOP.

“What percentage speed-up do you experience when using AI tools for this task?”

“Approximately how many hours per week do AI tools save you on this task?”

“To what extent could AI tools replace a newly hired junior researcher?”

“How have the tasks in your day-to-day job shifted over the past X months from AI use, if at all?”

“How much of a speed-up in AI progress would you expect over the next six months as a result of AI tools?” Task categories could include: code implementation and debugging, experiment design and execution, literature review, data analysis, writing and documentation, and review of AI-generated outputs. Significance: Higher productivity boosts could suggest greater AIRDA, and productivity boosts for oversight tasks could suggest that oversight capacity is increasing. Comparing productivity boosts across teams (e.g., safety vs. pre-training) could provide information about differential AI progress. Open-ended questions about AI use patterns could also complement more quantitative data. Feasibility: High. Implementation requires only periodic surveys with straightforward questions. Most organizations already have infrastructure for such data collection. As further evidence of feasibility, the Claude Opus 4.5 System Card includes data from an internal survey that asks whether Opus “could completely automate a junior ML researcher” (Anthropic, 2025b). The main challenge is maintaining response rates and avoiding survey fatigue. Limitations:

Subjectivity: Self-reported productivity gains are subjective and may not correlate with objective output measures. Survey respondents could also overestimate benefits due to novelty effects, or underestimate them as they grow accustomed to AI tools and raise their expectations of what counts as a meaningful boost (Becker et al., 2025).

Coverage gaps: Productivity gains from automation of a task could go unreported if researchers no longer consider it part of their job. This metric also does not capture the creation of new kinds of AI R&D tasks as a result of automation (e.g. substantially more time spent reviewing AI logs). Sensitivity: Low. The data is subjective and provides limited competitive intelligence. Some organizations might voluntarily share positive results for recruiting and marketing purposes. What remains to be done: Designing questions and establishing a regular cadence for running surveys. 4.2.2 Metric #7: Extent of AI use in high-stakes decisions Extent of AIRDA AI Progress Oversight Capacity Oversight Achieved Oversight Demand ✓ ✓ ✓ Description: This metric surveys researchers’ judgment of how AI is involved in categories of high-stakes decisions, such as scaling up or launching training runs, compute allocation across teams, and deployment decisions. For each decision, the survey would assess both the level and nature of AI involvement. Potential questions could include:

For this (category of) decision, select all below that apply: – AI generated initial options/proposals that humans chose from – AI provided analysis or data synthesis that informed the decision – AI drafted decision memos or documentation – AI made recommendations that were adopted without significant modification – AI flagged risks or concerns that changed the decision

Overall, how crucial was the involvement of an AI system in making this decision? (reported on a Likert scale, with optional comment fields)

What kind of oversight was exercised over the AI system? Significance: Increased AI involvement in high-stakes decisions could be a signal of AIRDA. Increased involvement could also mean increased oversight demand: failure of such AI systems would be more consequential given the stakes of the decisions at hand. This metric can also track how much oversight is performed if the survey asks about it. Feasibility: Low to moderate. Data collection is relatively straightforward, but companies would need to define which high-stakes decisions to track and how to assess AI involvement in such decisions. One way of collecting the data is to integrate the survey into existing approval workflows for major decisions (e.g., training run sign-offs). Limitations:

Subjectivity: Assessing the importance of AI involvement would likely be subjective. Researchers could potentially have reputational incentives to understate AI involvement.

Does not capture decision quality: If decisions are of poor quality when AI involvement is high, AIRDA could be less extensive, or less likely to increase AI progress, than this metric would suggest. Sensitivity: High. This metric likely reveals information about internal decision-making processes and strategy. What remains to be done: Identifying high-stakes R&D decisions. Designing surveys and running them each time such decisions are made.

Primary R&D activities: – Writing and debugging code – Designing experiments and formulating hypotheses – Running and monitoring experiments – Analyzing experimental results and interpreting data – Literature review and reading research papers – Architecture and system design – Meetings and collaboration – Infrastructure and tooling setup

AI interaction activities: – Prompting or directing AI coding assistants – Reviewing AI-generated outputs (code, analysis, summaries) – Debugging AI behaviour or outputs Results should be reported as median and mean percentage allocation per activity category across all researchers, tracked over time. Significance: Time allocation patterns could provide on-the-ground evidence of the extent of AIRDA in a way that benchmarks cannot capture. For example, it would be strong evidence of AIRDA if researchers shifted more of their time from primary R&D activities to AI interaction activities. Time spent on oversight activities also measures how much oversight is performed. Feasibility: Moderate. Time-tracking software needs to be written and there needs to be ways to navigate privacy concerns. Tracking will likely become significantly easier over time because AI tools can automate it. Limitations:

Time spent is not a perfect indicator of productivity or output quality: For example, code quality is not necessarily correlated with the time spent on coding.

Difficulty aggregating results: It may be difficult to compare and aggregate time allocation between researchers at different skill levels or working on different problem types.

Unobservables: The metric does not capture cognitive load. Researchers might spend less wallclock time on a task but more mental effort reviewing AI outputs. It might also be difficult to measure activities that are not captured in software applications (e.g. time spent outside of the office thinking about a problem).

Confounders: Time allocation could shift without corresponding changes in AIRDA, such as a result of shifting company priorities. Sensitivity: Low to moderate, depending on the granularity of the activity categories. Time allocation data reveals workflow patterns and what AI is successfully automating, which could provide some competitive intelligence. Sensitivity is likely to be higher for detailed breakdowns because they could reveal strategic priorities or weaknesses. Time-tracking software itself could also raise privacy concerns amongst employees. What remains to be done: Developing and deploying the time-tracking software, managing privacy concerns. 4.3.2 Metric #9: Oversight effectiveness retrospectives Extent of AIRDA AI Progress Oversight Capacity Oversight Achieved Oversight Demand ✓ ✓ Description: This metric focuses on defects in AI-generated R&D outputs. For each AI-generated R&D output, companies would track:

Whether the output underwent human review (and what kind)

The degree to which AI systems assisted with human review

A description of the defects, including bugs, errors, security vulnerabilities, misconfigurations, or other quality issues

When the defects were discovered (e.g., during review, after review but before production, or after production)

The severity of the defects discovered Categories of AI R&D outputs could include randomly selected subsets of:

Pull requests

Analyses of experimental data

Logs of how a training run was monitored Both the proportion of outputs that have defects and the length of time until discovery of the defect(s) should be reported, stratified by severity. Significance: This metric directly tracks how much oversight is performed on AI-generated outputs. Increases in the frequency of defects would suggest increases in the oversight gap. If the level of oversight is held constant, increases in the frequency of defects could also suggest increases in oversight demand. Feasibility: Low to moderate, depending on the type of output. One difficulty is defining a defect. For code, defining defects is relatively straightforward. For scientific papers, reasonable people may disagree on what counts as a defect, and such defects may only come to light long after publication. Another difficulty is that in practice, outputs will be partly human-written and partly AI-generated. Organizations may need to build systems to track which portions are AI-generated. For example, Cursor (2026) proposes a standard for labelling AI-generated code. Limitations:

Limited comparability: There can be reasonable disagreement about what constitutes a defect in a complicated output such as a scientific paper. Inconsistent definition of defects could make it difficult to compare results between AI companies. Inconsistencies in how human review is defined between companies (e.g. quick glance vs. detailed audit) could also hinder comparability.

Difficulty of catching defects: Defect detection depends on downstream quality processes (testing, review, monitoring), which may not catch all errors equally for AI versus human work (e.g. current error detection processes might be more effective at catching human errors). Sensitivity: Moderate to high because the metric could reveal oversight quality problems and raise safety concerns. What remains to be done: Building a tracking/tagging pipeline and establishing a regular data analysis schedule. 4.3.3 Metric #10: AI subversion incidents Extent of AIRDA AI Progress Oversight Capacity Oversight Achieved Oversight Demand ✓ Description: This metric tracks incidents where AI systems have attempted to subvert AI R&D workflows in practice. Examples of subversive actions could include sabotage of experiments, insertion of backdoors into production code, or manipulation of evaluation results. For each incident, organizations would record:

A description of the subversive action attempted

When the incident occurred

The context in which it occurred (e.g., which task, which model, what level of autonomy)

How the incident was detected (e.g., chain-of-thought analysis)

The severity of the incident (i.e., the damage caused or the potential damage had the attempt succeeded)

An assessment of why the incident occurred, including the extent to which the incident appears to be goal-directed, as opposed to being a result of e.g. misunderstanding instructions. As a summary statistic, the number and severity of such subversion incidents could be reported. Significance: An increasing number or severity of subversion attempts, even if detected and prevented, indicates increased oversight demand. Compared to Metric #9, which measures defects in AI-generated outputs, this metric focuses on subversion attempts, whether successful or not. Compared to Metrics #3 and #4, this metric focuses on real production workflows rather than sandboxed or toy environments. Feasibility: Low to moderate. The monitoring infrastructure to detect subversion could require significant engineering effort and compute. Some companies are beginning to build such infrastructure (OpenAI, 2026). Limitations:

Definitional ambiguity: It may be difficult to define what counts as a subversive action. Apparently subversive actions could result from factors such as capability limitations or ambiguous instructions. Models can also produce misleading or post-hoc rationalizations in their reasoning traces.

Under-detection: Because AI systems could try to evade detection, the observed incident count could significantly underestimate the true rate. Sensitivity: Moderate to high. Public knowledge of subversion attempts could undermine confidence in the company’s products and reveal specific vulnerabilities. What remains to be done: Defining what counts as a subversion incident and building detection infrastructure.

Completion of OKRs (adjusted by difficulty)

Number of code commits

Salaries

Compute budgets Researcher headcount should not include:

Staff building software products, features, or services on top of existing AI systems

Business, operational, marketing, legal staff, etc. Significance: AIRDA could lead to decreases in headcount if a small number of researchers is able to get much of the necessary R&D work done with AI assistance. As explained in Section 3.2, lower headcounts could mean reduced oversight capacity and level of oversight achieved. Furthermore, a widening distribution of researcher performance could signal that AI tools are becoming powerful enough to create large productivity differences between those who use them effectively and those who do not. As AI systems continue to improve, this gap could compound. Feasibility: Moderate to high. HR already maintains records of staff counts by role type and salary levels. Compiling and reporting this information requires minimal additional infrastructure. However, performance data may be more difficult to standardize within and across organizations. Limitations:

Difficulties measuring performance: Performance metrics like OKRs may not capture the most important research contributions, which are often difficult to predict or measure. Attribution of research outcomes to individual researchers is inherently difficult in collaborative environments. Research is also non-linear: long periods of apparent unproductivity could precede major breakthroughs.

Confounders for headcount: Headcount changes could reflect a variety of other factors such as funding cycles, labour market conditions, or strategic pivots.

Non-linearity: We should expect human labour to become more valuable before full automation because AI systems can augment human labour (Gans & Goldfarb, 2026). As a result, headcount could remain high or even increase as long as human-dependent activities bottleneck full automation, such as providing high-level research direction (Toner et al., 2026). Sensitivity: Moderate to high. Sharing salaries in particular could invite public criticism or create uncomfortable social dynamics between employees. Sharing OKRs could reveal research strategies. However, some information (headcount, hiring trends) can be gathered through publicly available sources such as LinkedIn. What remains to be done: Aggregating and presenting existing data. 4.4.2 Metric #12: Distribution of compute usage Extent of AIRDA AI Progress Oversight Capacity Oversight Achieved Oversight Demand ✓ Description: This metric measures the amount of compute (FLOP) used by frontier AI companies across the AI R&D process, including pre-training, mid-training, post-training, evaluation, experimentation, internal inference (e.g. coding and research agents), and external deployment. Significance: Shifts in compute allocation towards internal inference, especially relative to compute used for external deployment, could suggest increases in AIRDA. Comparing internal and external inference could help to distinguish AIRDA from company growth. Feasibility: Moderate to high. Compute is likely to be meticulously tracked at frontier AI companies for cost management and infrastructure planning. For example, pre-training workloads require months-long planning and dedicated hardware reservations. The main implementation challenge is categorizing uses of compute. Public estimates based on dollar spend are possible (You, 2025), but would not track fine-grained details about how compute is used. Limitations:

Other factors affecting compute allocation: Breakthroughs in compute efficiency could mean that less compute is required to accomplish the same activity. The allocation between external and internal inference could also heavily depend upon market dynamics and investor demands.

Inconsistent categorization of activities: Because different AI companies could have different R&D workflows, results may not be comparable between them. Sensitivity: High. Compute usage data reveals both absolute resource levels relative to competitors and R&D productivity. Many frontier AI companies stopped disclosing pre-training compute in 2024, although the EU AI Act (reg, 2024) requires some disclosure for in-scope systems. What remains to be done: Developing systems to classify compute use. For example, a workload classifier could tag jobs submitted to a compute cluster, while another classifier could tag internal agent or chat logs, similar to Tamkin et al. (2024). External organizations can try to create estimates of this metric based on publicly available information. 4.4.3 Metric #13: Capital share of AI R&D spending Extent of AIRDA AI Progress Oversight Capacity Oversight Achieved Oversight Demand ✓ Description: This metric measures compute expenditure as a percentage of total AI R&D spending. It is calculated as: compute costs for R&D activities total R&D expenditure including labour, compute, and other costs × 100. Significance: As AI systems take on more of the work previously done by humans, the share of spending going to compute (capital) should increase relative to spending on labour and other costs. Combining this 6A broader variant of this metric is the network-adjusted capital share (Trammell, 2026), which would measure the extent to which a particular process (e.g. AI R&D) could sustain itself without human labour anywhere in its supply chain. metric with Metric #12 could help to distinguish increased spending on inference from increased spending on training. Feasibility: High. Organizations already track R&D expenditures for internal budgeting and tax purposes, and standardized tax definitions of R&D could facilitate cross-company comparisons. Separating compute costs from labour costs is straightforward accounting. Limitations:

Ambiguity: Rising capital share could reflect increasing AIRDA, but could also reflect larger investments in training runs, changes in compute pricing (e.g., from supply chain disruptions), or wasteful or inefficient uses of compute. Sensitivity: Moderate. This metric reveals the basic structure of R&D spending, but it does not directly expose capabilities, specific techniques, or detailed competitive information. What remains to be done: Calculating and reporting the metric based on existing data. 4.4.4 Metric #14: AI permission lists Extent of AIRDA AI Progress Oversight Capacity Oversight Achieved Oversight Demand ✓ ✓ Description: A list of which actions AI systems are authorized to take and what level of human review or approval is needed, if any. Actions could include: modifying production code, initiating training runs, deploying models, and accessing sensitive systems or data. For each action, organizations would report the default permission level (e.g. no review required), recording notable deviations if applicable. Significance: This metric tracks oversight demand, which could be higher if AI systems are authorized to take significant actions without human review. AIRDA is likely also higher if AI systems are permitted to take significant actions autonomously (e.g., launching large training runs). Compared to Metric #7, which is about AI use in practice, this metric is about policies around AI use. Feasibility: Moderate to high. Organizations implementing AI agents for R&D tasks must already make decisions about permissions and access controls. This metric simply requires documenting those decisions systematically. Limitations:

Formal vs. actual permissions: Documented permissions may not reflect actual practice. For example, exceptions to the rules might be granted easily, or human approval could be perfunctory.

Granularity challenges: Actions must be specific enough to be meaningful, but ideally general enough to be comparable across different organizations with different infrastructure.

Does not account for reliability: Even if AI systems are authorized to take high-stakes actions, oversight demand could in principle be lower if AI systems are much more reliable than humans. Sensitivity: Moderate to high, depending on the level of granularity. Permission lists could reveal internal security practices and potential vulnerabilities. High-level summaries (e.g., “AI systems cannot autonomously modify production code” vs. “AI systems can autonomously commit to any repository”) would likely be less sensitive. What remains to be done: Defining actions of interest, collecting permissions across teams, and updating the list regularly. 5 Limitations This work has several limitations that warrant consideration. Our analysis of AIRDA’s implications in Section 3 has largely ignored higher-order effects. While their significance is highly uncertain, they could be meaningful to track. For example, if AI R&D automation advances safety research faster than capabilities research, the perception that safety is progressing adequately could encourage more risk-taking. Many of the proposed metrics are lagging indicators: they measure automation that has already occurred. By the time these metrics show concerning trends, the window for potential interventions may have narrowed considerably. While benchmark performance on AI R&D tasks could be a leading indicator, translating such performance into predictions about real-world AIRDA remains imprecise. Relatedly, the relationship between AIRDA metrics and AI progress could be highly non-linear. AI R&D could be substantially automated across most tasks while remaining bottlenecked by a single humandependent activity, such as providing high-level research direction. In such scenarios, metrics might indicate high levels of automation without corresponding acceleration of AI progress. Automation of that final bottleneck could dramatically accelerate progress, yet only show up as a small change in the metrics. Differences in data collection methods could limit comparability between AI companies. For example, companies could define task categories differently or use different attribution methods for AI contributions. Without standardized measurement protocols, aggregating or comparing metrics across organizations could be misleading. This limitation is particularly acute for metrics involving subjective judgment, such as surveys on productivity gains. Given that AI companies would internally collect most of our proposed metrics, it might be difficult to verify their accuracy. For instance, companies could understate the degree of automation for fear of government intervention. As a mitigation, independent third parties could help to corroborate company results, as they already do for benchmarks (UK AI Security Institute, 2024; Schoen et al., 2025; Epoch AI, 2024). AI companies could also contract external organizations to carry out data collection with standardized protocols, such as for researcher surveys. Any collection of AIRDA metrics will likely need to be updated over time. In addition to lessons learned over the course of developing and collecting such metrics, we will likely gain more clarity over time about which effects of AIRDA to prioritize. Finally, many factors relevant to AI progress and oversight fall outside the domain of AI R&D. For instance, metrics focused on AIRDA do not capture the cybersecurity readiness of critical infrastructure providers (Kamil˙e Lukoši¯ut˙e, 2025) or the pace of regulatory adaptation. AI companies would also find it difficult to track such metrics by themselves. A comprehensive assessment of AIRDA’s implications will likely require cross-domain collaborations. 6 Related Work A growing suite of benchmarks evaluates AI systems on tasks relevant to AI R&D. SWE-bench and its variants (Jimenez et al., 2023) assess software engineering capabilities on real GitHub issues, while MLEbench evaluates ML engineering through Kaggle competitions (Chan et al., 2025). For tasks more directly relevant to frontier research, METR’s RE-Bench compares AI agents to human experts on ML research engineering tasks (Wijk et al., 2025), and OpenAI’s PaperBench tests agents’ ability to replicate ICML papers from scratch (Starace et al., 2025). A number of works have studied theoretical models of AI R&D automation. Eth & Davidson (2025) explore the possibility that software progress alone could lead to increasingly accelerating AI progress. AI Futures Project (2026) provides a model for forecasting AI R&D automation. Erdil & Barnett (2025) argue that automating AI R&D alone likely will not accelerate AI progress. Ho & Whitfill (2025) point out problems both with existing data sources and the models used to study the effects of AI R&D automation. Erdil et al. (2025) model the feedback loop that AI development could create between itself and the economy. Whitfill & Wu (2025) argue that compute and cognitive labour are complements in the context of frontier experiments. Under both voluntary commitments and legislation, AI companies will likely report some details about AI R&D automation. Many safety frameworks address AI R&D automation. Anthropic’s Responsible Scaling Policy (Anthropic, 2026a) defines a threshold for AI R&D automation based on compressing “two years of 2018 – 2024 AI progress into a single year” . OpenAI’s Preparedness Framework (OpenAI, 2025b) tracks “AI Self-improvement” capabilities, with a “High” threshold for models whose impact is “equivalent to giving every OpenAI researcher a highly performant mid-career research engineer assistant, relative to those researchers’ 2024 baseline”. Google DeepMind’s Frontier Safety Framework (Google DeepMind, 2025a) includes “Machine Learning R&D” as a Critical Capability Level domain, recommending high security measures for models that could significantly accelerate AI development. Furthermore, under California’s Transparency in Frontier Artificial Intelligence Act, each large frontier developer must describe how it approaches “[a]ssessing and managing catastrophic risk resulting from the internal use of its frontier models, including risks resulting from a frontier model circumventing oversight mechanisms.” Some recent work has begun to study how internal use of automated AI researchers could lead to such risks (Clymer et al., 2025; Benton et al., 2024; Stix et al., 2025; Metr, 2025a; Korbak et al., 2025; Greenblatt, 2024). Toner et al. (2026) offers a useful complement to this piece, distilling areas of expert consensus and disagreement from a workshop on AI R&D automation. 7 Conclusion AI R&D automation could have significant effects on AI progress and human oversight. We have proposed a variety of metrics to help track and understand these effects. Companies, governments, and third parties (e.g. non-profit research organisations) all have roles in advancing these metrics. We especially recommend prioritizing metrics (or components thereof) that are relatively neglected (Table 1). In addition to clarifying the degree of AIRDA and its implications, future work should also investigate how to respond to different AIRDA scenarios. Promising areas of investigation could include how to accelerate defensive AI capabilities, how to improve the ability of institutions to adapt to rapid progress, and whether and how to impose human oversight requirements.