SafeWave Frontier AI / AGI-Relevant Follow-Up Questionnaire

High-consequence follow-up for systems involving highly capable general-purpose AI, persistent agents, advanced tool use, model orchestration, multi-agent coordination, self-improving workflows, broad autonomy, or rapid model-update risk.

Follow-up questionnaire notice

Complete this page only if you selected Frontier AI / AGI-relevant system at the end of the core SafeWave questionnaire. These answers are used to generate a separate High-Consequence Addendum and do not replace the core assessment.
Confidentiality, Anonymity & Use Notice

We recognize that this follow-up questionnaire may involve confidential, security-sensitive, operationally sensitive, or high-consequence system information. Please do not include classified information, credentials, live vulnerability details, proprietary implementation details, customer data, or other highly sensitive material unless you are authorized to share it for assessment purposes.

You may complete this questionnaire without identifying your company, product, or organization. You may use a generic system label, a generic contact email, or an internal assessment reference instead of a formal company identifier.

The purpose of this questionnaire is to help you gain a deeper understanding of your own system. Simply answering the questions may reveal areas where control boundaries, escalation pathways, runtime limits, auditability, rollback, authorization, or safe-state behavior may need further review.

You do not have to submit this questionnaire to receive value from it. You may use it internally as a self-assessment tool. If you choose to submit it for report generation, the resulting SafeWave report is intended to highlight areas of concern, explain why they matter, and map relevant findings to possible SafeWave substrates or engineering-pack pathways where applicable.

SafeWave’s goal is to help advanced systems remain more bounded, controllable, auditable, recoverable, and resistant to harmful escalation. Some issues may involve outside attackers, but others may arise from the system’s own architecture, automation, permissions, integrations, update pathways, or failure behavior.

Any SafeWave recommendations should be understood as architectural guidance and implementation requirements, not as a claim that one generic solution can be dropped into every system. Engineering teams may choose to implement equivalent controls themselves, or they may use SafeWave substrate mappings and Level 4 Engineering Packs to guide deeper implementation work.

If an implementation detail is not known, select Unknown / not evaluated rather than guessing.

Answer based on actual or currently planned system behavior, not ideal policy language.

Assessment Linkage

Assessment Linkage

If you want this follow-up to be matched to a previously completed core questionnaire, use the same system label, contact email, or assessment reference ID. You may use generic identifiers if confidentiality is a concern.

To connect this follow-up to a core questionnaire, use the same system label, email, or assessment reference ID across forms. You may use generic identifiers if confidentiality is a concern.

Frontier AI / AGI-Relevant Systems

Frontier AI / AGI-Relevant Systems Questions

These questions evaluate frontier-capability risks including self-improvement, tool orchestration, agent persistence, capability disclosure, model-update drift, and loss of meaningful human control under speed, scale, or complexity.

FA.1 What role does the system play?

Single choice

FA.2 Can the system meaningfully improve, evaluate, rewrite, or optimize its own tools, workflows, models, agents, prompts, policies, or operating conditions?

Single choice

FA.3 Can the system create, modify, delegate to, or coordinate sub-agents or autonomous workflows?

Single choice

FA.4 Can the system continue operating, adapting, delegating, or pursuing objectives after the original request, approval, or session has ended?

Single choice

FA.5 Can the system chain actions across tools, models, agents, users, or external systems?

Single choice

FA.6 Can the system coordinate multiple agents, tools, models, or services in ways that may produce emergent behavior not explicitly designed by operators?

Single choice

FA.7 Can the system conceal, understate, misrepresent, or inconsistently reveal its capabilities, uncertainty, reasoning pathway, evaluation results, or boundary state?

Single choice

FA.8 Are there independent mechanisms for verifying the system’s stated capabilities, limitations, uncertainty, and boundary state?

Single choice

FA.9 Can the system gain practical influence over users, operators, institutions, workflows, markets, infrastructure, or other systems through repeated use or dependency?

Single choice

FA.10 Could users, operators, institutions, or downstream systems become dependent on outputs they cannot fully verify or independently replace?

Single choice

FA.11 Can frontier-model updates introduce new capabilities, authority pathways, behavioral changes, or failure modes faster than safeguards can be revalidated?

Single choice

FA.12 Are model, agent, tool, or policy updates blocked from deployment until relevant safeguards are revalidated?

Single choice

FA.13 Can the system affect public-scale information flows, institutional decisions, financial systems, infrastructure, cyber operations, scientific workflows, or physical systems?

Select all that apply.

Multi-select

FA.14 What is the highest plausible impact scope if the system fails, escalates, is misused, or behaves outside intended boundaries?

Single choice

FA.15 Is there a clear separation between advisory output and executable action?

Single choice

FA.16 Can the system initiate, approve, accelerate, block, or modify high-impact action?

Single choice

FA.17 Are execution boundaries enforced at runtime before frontier-capability actions can occur?

Single choice

FA.18 Can safeguards, runtime limits, control logic, policy layers, or escalation boundaries be modified, weakened, bypassed, reset, or reinterpreted after deployment?

Single choice

FA.19 If the system behaves outside intended boundaries, can it be paused, isolated, rolled back, degraded, or forced into safe-state behavior at the execution layer?

Single choice

FA.20 Can persistent agents, sub-agents, delegated workflows, or background processes be terminated, quarantined, or prevented from restarting?

Single choice

FA.21 Are human reviewers able to realistically understand, evaluate, approve, or reject system actions at the required speed and complexity?

Single choice

FA.22 Are authority boundaries clear between the model, agents, tools, operators, administrators, customers, and external systems?

Single choice

FA.23 Are frontier-relevant decisions, plans, tool calls, delegated actions, overrides, and safeguard changes logged?

Single choice

FA.24 Can outcomes be traced back to prompts, system instructions, model outputs, tool calls, agent decisions, authority boundaries, safeguards, and human approvals?

Single choice

FA.25 Is monitoring sufficient to detect unsafe escalation, deception, capability drift, misuse, degraded control, or boundary failure?

Single choice

FA.26 Could the system be misused, repurposed, jailbroken, adversarially steered, or socially engineered toward harmful outcomes?

Single choice

FA.27 Are evaluations designed to detect strategic behavior, sandbagging, hidden capability, inconsistent disclosure, tool misuse, or boundary manipulation?

Single choice

FA.28 Could scaling, integration, deployment expansion, model updates, tool access, or customer configuration materially increase frontier-relevant risk?

Single choice

FA.29 Are there conditions under which the system’s autonomy, authority, tool access, propagation, or persistence can increase without independent approval?

Single choice

FA.30 Which frontier-relevant areas remain unknown or not evaluated?

Select all that apply.

Multi-select

FA.31 Are there frontier AI / AGI-relevant details, risks, safeguards, or deployment conditions not captured above?

Open response

FA.32 — Capability-to-Authority Escalation

Can increased model capability translate into greater practical authority over tools, workflows, users, institutions, markets, infrastructure, or downstream systems without a separate authorization boundary?

Single choice

FA.33 — Frontier Evaluation-to-Deployment Boundary

Are frontier-specific evaluations required to block deployment, model updates, tool access, agent expansion, or capability release when new autonomy, deception, misuse, propagation, or authority risks are detected?

Single choice

FA.34 — Institutional / Civilization-Scale Authority Drift

Could repeated institutional use of the system shift practical decision authority toward the AI system because human operators, reviewers, or institutions can no longer independently evaluate, contest, replace, or govern its outputs at scale?

Single choice

Your completed follow-up will include the linkage fields above so this follow-up can be matched to the core questionnaire if you choose to share it for report generation.