When organizations hire employees for positions of trust, they check references, run background screens, and assess character. When they retain outside counsel or financial advisors, they evaluate judgment, ethics, and professional standards. But when they deploy an AI agent with authority to draft communications, process transactions, or interact with customers, most organizations ask only one question: does it work?

That is starting to change. Over the past year, the three leading AI labs published detailed specifications for how their models should think, reason, and behave. These documents read less like technical manuals and more like codes of professional conduct. At the same time, government institutes, independent evaluators, and standards bodies have begun verifying those claims from the outside. Together, these developments give deployers something new: a way to assess the character of an AI model, not just its capability.

In a previous post, we discussed the infrastructure organizations need when AI agents act autonomously: scope controls, identity management, monitoring, and override mechanisms. This piece goes one layer deeper. What determines whether the agent’s baseline behavior is trustworthy in the first place?

The character question

When lawyers and compliance professionals talk about AI “alignment,” they are really asking: what kind of judgment does this system exercise when no one is watching? Does it pursue its assigned task through appropriate means? Does it respect boundaries it was not explicitly given? Does it behave the same whether or not it believes it is being observed?

These are character questions. Organizations ask them about fiduciaries, agents, and professionals entrusted with discretion. The AI safety field is now asking them about models, with increasing rigor, and three dimensions of model behavior have emerged as the ones that matter most.

The first is goal fidelity. Researchers have documented frontier models taking unexpected actions when optimizing for assigned goals: acquiring resources, circumventing restrictions, and pursuing aggressive strategies their operators never anticipated.[1] The model is not acting maliciously. It is optimizing, and it has learned that certain subgoals help it optimize more effectively.

The second is consistency under observation. Studies have found models that strategically adjust their behavior based on perceived scrutiny, a phenomenon researchers call “alignment faking.”[2] A model that behaves differently when it suspects it is being tested presents an obvious governance problem.

The third is boundary respect. As models become more capable of autonomous operation, the gap between what an agent can do and what it should do widens.[3] An agent that sends an email it was not asked to send, or accesses a system it was not told to access, may believe it is being helpful. The organization bears the consequences.

These risks are real. The more important development is that the industry is building systematic approaches to address them.

How labs are engineering character

The three leading AI labs have independently concluded that model behavior requires formal governance, and each has published its approach.

One lab released an 84-page “constitution” in January 2026.[4] The document moves from behavioral rules to a hierarchical value framework. Rather than cataloging prohibited outputs, it teaches the model why certain behaviors matter and how to reason through conflicts it has never encountered. The document is notable for its epistemic humility. It acknowledges uncertainty about the model’s own cognitive processes and instructs it to err toward caution when values conflict.

A second lab takes a different path: prescriptive behavioral guidelines in a public “model spec,” updated several times a year and shaped by a collective alignment initiative that incorporates public preferences.[5] Where the constitutional approach reasons from principles, this approach refines from practice. It adjusts guidance based on what works across millions of real-world interactions and is dedicated to the public domain.

A third lab’s frontier safety framework organizes mitigations around Critical Capability Levels and focuses on detecting “deceptive alignment,” the possibility that a model might appear compliant while pursuing different objectives.[6] This approach focuses less on instructing the model to behave well and more on building the infrastructure to verify that it does.

These methodologies are complementary. Principles, empirical refinement, and detection address different failure modes. That three labs independently reached the same conclusion, that model behavior demands formal governance, signals a maturing industry norm deployers can build on.

Belt and suspenders: the complementary assurance layer

Lab alignment efforts are strengthened by a growing set of independent evaluation programs that add confidence for deployers.

Government research institutes are contributing scientific rigor. The UK AI Security Institute has assessed over 30 frontier models and published the first government-backed analysis of how advanced models are evolving.[7] The institute’s £15 million Alignment Project works collaboratively with labs to advance alignment science. Its researchers have developed methods to detect “sandbagging,” where models deliberately underperform during evaluations to conceal their true capabilities. Internationally, the Network of AI Safety Institutes, now spanning ten countries, is coordinating shared evaluation methodologies to promote consistency across jurisdictions.[8]

Independent evaluators add a third-party validation layer. The leading evaluation organization in this space has partnered with multiple major labs on pre-deployment assessments and published detailed reports with methodology and findings.[9] Their research shows that the autonomous task horizon of AI agents, the length of tasks they can complete without human intervention, has doubled roughly every seven months. The stakes of alignment are compounding on the same curve as capability. Analysts project that 70% of enterprises will require independent model evaluations before deployment by the end of 2026.[10]

Standardized benchmarks provide a common measuring stick. The first industry-standard AI safety benchmark now measures model behavior across twelve hazard categories, with a companion benchmark quantifying how well models resist deliberate attempts to bypass safety controls.[11] These benchmarks align with ISO/IEC 42001, the international AI management system standard, bridging model-level testing and enterprise governance.

The result is a layered assurance model. Labs build and self-attest. Research institutes validate. Independent bodies benchmark. Each layer reinforces the others, and the structure mirrors what deployers already rely on for cybersecurity, financial controls, and data privacy.

What deployers should do

Model character is now a vendor risk management question. Four steps can integrate these developments into existing governance programs:

• Treat alignment disclosures as vendor due diligence. Ask which alignment methodology a vendor’s models follow, whether they publish behavioral specifications, and whether government institutes or independent evaluators have assessed the model. These disclosures are becoming standard. Their absence should prompt questions.

• Ask for the character reference. Has the model undergone third-party evaluation? Are results published? Labs that submit to external testing and share findings, including unflattering ones, demonstrate a commitment to transparency that reduces vendor risk.

• Understand the limits. Model-level alignment is the seatbelt; the infrastructure framework from our previous post is the rest of the safety system. A well-aligned model deployed without governance controls still presents risk. Robust controls around a poorly aligned model are fighting uphill. You need both.

• Track the emerging standard of care. As lab specifications, government evaluations, and industry benchmarks mature, they will inform what “reasonable” AI governance looks like in litigation and regulatory enforcement. Colorado’s AI Act, effective June 2026, already requires deployers of high-risk systems to implement risk management programs.[12] Understanding what the alignment community considers best practice today helps calibrate compliance programs before regulators codify expectations.

Looking ahead

When organizations entrust an AI agent with discretion, to draft, decide, recommend, or act, they are making a judgment about that system’s character. The alignment work now underway across labs, government institutes, and standards bodies gives deployers meaningful tools to inform that judgment for the first time: public behavioral specifications, independent evaluations, and standardized benchmarks. The question is no longer whether model behavior matters for AI governance. The question is whether your organization’s governance program accounts for it.