xAI: The Unpriced Risk in SpaceX’s IPO

Executive Summary

xAI—the frontier AI company SpaceX acquired in February 2026—has ranked behind the leading frontier developers in every major published assessment of AI safety practices. Its disregard for the safety practices of its peers is coupled with an atypical level of regulatory and litigation exposure: in a roughly seven-week window beginning January 2026, more than a dozen jurisdictions took formal action in response to its flagship model Grok, including six that opened formal investigations and three that blocked Grok nationally, and 35 U.S. state attorneys general issued a joint demand. The underlying incidents include Grok reportedly generating roughly three million sexualized images of real people, including 23,000 images of apparent minors, and engaging in violent and antisemitic tirades on X due to spontaneous changes to its settings.

These harms are bad enough on their own. But the same approach to safety at higher capability levels would produce a different class of risks, including biological weapons development and autonomous cyberattack capabilities. These are risks that organizations across the industry acknowledge require robust safeguards. xAI has demonstrated insufficient organizational capacity for such work.

Investors evaluating SpaceX’s AI exposure need more information to reasonably price it, accounting for both the upside and the downside. The path forward remains unclear: will SpaceX continue competing at the frontier of AI development, and if so, will it adopt the safety and security practices upon which its peers are converging? Some recent steps, such as its expanded evaluation agreement with the U.S. Center for AI Standards and Innovation (CAISI), provide reason for optimism, but they do not paint the whole picture.

SpaceX investors should therefore demand disclosure of the following:

• Track record. xAI’s complete inventory of safety incidents, regulatory proceedings, and litigation exposure.
• Forward-looking projections. The company’s expectations for its most powerful models’ capabilities and the new risk categories those capabilities would create.
• Safety and governance plans. How the company intends to identify and manage those risks, and the capacity it has—or intends to build—to do so.

Introduction

xAI is a frontier AI company founded by Elon Musk in March 2023. Its core product is Grok, a chatbot and AI model. From the outset, xAI marketed Grok’s weak safety guardrails as a selling point, promising that Grok would “answer spicy questions” and have a “rebellious streak.” Three years on, xAI has taken steps in a safer direction, including adopting a safety framework, sharing details of safety testing for select released models, sharing its system prompt publicly, and improving how Grok declines harmful requests. Nonetheless, as shown in Table 1, it has failed to adopt many of the core safety practices embraced by its frontier peers—Anthropic, OpenAI, and Google DeepMind; and, as shown in Table 2, it ranks last among frontier AI companies in several major independent assessments of safety practices.

The consequences of its apparent disregard for the safety practices on which its peers are converging have begun to materialize. A study estimated that Grok Imagine had produced approximately three million sexualized images of real people over an 11-day period—including roughly 23,000 depicting apparent minors. The regulatory and litigation response was swift: formal actions in more than a dozen jurisdictions, multiple federal class actions, and a Dutch court entering an injunction subject to a €100,000 per day penalty for noncompliance, among other consequences detailed in Section I.B.

In May 2026, xAI dissolved into SpaceX to create the AI division within SpaceX: SpaceXAI. SpaceXAI recently announced a partnership giving Anthropic access to a large fraction of its GPU capacity. Yet days later, Cursor announced that it was partnering with SpaceXAI to train a new model from scratch using SpaceXAI’s remaining compute capacity. Whether SpaceXAI will continue as a frontier AI developer inside a larger holding company, or wind down its frontier model business in favor of selling computing infrastructure to its competitors, has not been publicly disclosed. If SpaceX does intend to remain a frontier AI company, whether it will continue xAI’s approach to safety or instead invest in the practices its competitors have adopted is also undisclosed.

The distinction is material, and increasingly so. As high-profile as xAI’s safety incidents to date have been, the categories of risk on the horizon are of a different kind. Frontier AI capabilities are advancing rapidly, and the consequences of inadequate safety practices scale with them. Grok’s widespread generation and dissemination of harmful content was a serious failure, but providing material assistance to terrorists developing cyberattacks or biological weapons would be a catastrophic one. A company pursuing those capabilities with xAI’s current safety posture would be operating in a risk class for which it has demonstrated little organizational capacity. In addition to the risk of grave societal harm, risks to investors include liability and regulatory action against SpaceX, the erosion of talent and technical capacity, and contagion to SpaceX’s other businesses.

Investors evaluating SpaceX’s AI exposure cannot reasonably price that exposure without more information. This report documents what investors might wish to know: xAI’s safety record (Section I); the material risks driving SpaceX’s disclosure obligations (Section II); and the questions informing SpaceX’s risk profile to which investors should expect answers (Section III).

I. xAI’s Approach to Frontier AI Safety

xAI has been trying to make up ground from the outset. It was incorporated in March 2023, days before OpenAI released GPT-4 and roughly two months after ChatGPT had become the fastest application in history to reach 100 million users. xAI’s competitive response was a bet on compute-first scaling: aggressive investment in datacenter infrastructure on record-fast timelines, with comparatively little allocated to safety-relevant work like risk evaluation and mitigation. This section examines the results of that bet. Section I.A documents xAI’s divergence from the safety practices its peers are converging on. Section I.B discusses the potential consequences of xAI’s approach to safety. Section I.C addresses what comes next given SpaceX’s acquisition: whether the merged entity will continue as a frontier developer, and if so, whether it will adopt the safety practices of its peers.

A. xAI’s Outlier Safety Practices

xAI’s safety practices have lagged behind industry norms from the beginning

Leading AI companies like OpenAI, Anthropic, and Google DeepMind have long recognized that their technologies will pose serious risks requiring advance preparation. Certain categories of risk have since been recognized by law: the European Union’s General-Purpose AI Code of Practice recognizes CBRN (chemical, biological, radiological, or nuclear attacks) risks, cyber offense, loss of control, and harmful manipulation as especially important systemic risks. Section II.A further discusses these risks and their relevance to SpaceX investors.

Frontier AI developers have converged on certain safety practices designed to ensure their models do not pose unreasonable risks to the public. The purpose of these practices is to identify and prevent harmful outcomes before they occur. Some risks, such as meaningful uplift to bioweapons development and novel cyberattack exploits, are severe enough that finding out about them after the model is publicly released would be too late.

These emerging practices represent a floor, not a ceiling. They do not represent the standards to which frontier AI companies should generally be held—a bar no company consistently meets—but rather a conservative baseline for identifying outliers.

The most visible of these practices are safety frameworks, public documents in which a company commits in advance to how it will evaluate models and what safeguards it will apply at specified capability levels; and system cards, public reports on the safety work conducted before each model release. These documents are vehicles for a broader and evolving set of substantive practices, catalogued in Table 1.

Over the past three years, safety frameworks and system cards have become standard practice. OpenAI’s March 2023 release of GPT-4 was the first frontier language model to be accompanied by a system card. Safety frameworks emerged shortly after: Anthropic published its Responsible Scaling Policy in September 2023, OpenAI its Preparedness Framework in December 2023, and Google DeepMind its Frontier Safety Framework in May 2024. The AI Seoul Summit in May 2024, a diplomatic gathering co-hosted by South Korea and the U.K. that convened world leaders with the heads of leading AI companies, established safety frameworks as an industry-wide expectation. Sixteen AI companies, xAI among them, committed to publish frameworks by February 10, 2025. In parallel, Anthropic, Google, Microsoft, and OpenAI founded the Frontier Model Forum in July 2023 to coordinate on industry safety standards. Amazon and Meta have since joined. xAI has not.

xAI did not abide by its commitment to publish a safety framework by February 2025. On the day of the deadline, it released an eight-page document watermarked “DRAFT,” without central details, including measurable thresholds for risk that would determine its risk-management approach. xAI did, however, promise to publish an updated version with more information within three months—a deadline that also passed without a complete policy. xAI finally published its completed framework on August 20, 2025, six months past the original deadline. AI Lab Watch characterized xAI’s risk management framework as “dreadful” and “profoundly unserious,” containing only a single risk acceptance criterion—that the loss-of-control risk of xAI’s models is acceptable so long as a model scores below 50% on the MASK measurement of dishonesty.¹ Roughly one week later, xAI seemingly violated its framework by deploying Grok Code Fast 1, a model that measured 71.9% on this dishonesty score.²

xAI’s system cards are similarly out of step with peer practice. Of the roughly 17 Grok models xAI has released, only four have been accompanied by anything resembling the system cards of its peers. The Grok 1 system card was fewer than 250 words and contained extremely limited information about the model. xAI released Grok 1.5, Grok 2, and Grok 3 with no system card; and it published an eight page system card for Grok 4 six weeks after it released the model. By comparison, GPT-5’s system card is 63 pages; the joint Claude Opus 4 and Sonnet 4 system card is 124 pages; and Gemini 2.5 Pro’s system card is 21 pages.

When cross-examined under oath in late April 2026 in his federal lawsuit against OpenAI, Elon Musk testified he was “not sure what a safety card is.” Asked moments later whether he had ever reviewed OpenAI’s Preparedness Framework, he replied, “I don’t know what a preparedness framework is.”

xAI’s safety practices continue to fall short today

xAI’s safety practices have improved over the years, as described in Section I.C. It nonetheless consistently underperforms relative to peers at the frontier: Google DeepMind, OpenAI, and Anthropic.³ Table 1 below shows six core safety practices that each of Google DeepMind, OpenAI, and Anthropic have adopted but xAI has not. (See Appendix I for more information about these companies’ safety practices.) While the safety practices of xAI’s peers vary greatly—and in many cases, fall below the standard to which they should be held—the consistent gap between them and xAI underscores the extent to which xAI is an outlier.

Table 1. Comparison of xAI’s safety practices with those of Anthropic, OpenAI, and Google DeepMind. See Appendix I for more detail, including citations.

Independent assessments confirm xAI’s outlier status. xAI has ranked behind the leading frontier developers in every major published assessment of AI safety practices:

Table 2. Comparison of xAI’s scores in independent assessments of companies’ AI safety practices with those of Google DeepMind, Anthropic, and OpenAI. These assessments also evaluated companies not listed here. In SaferAI’s assessment, xAI ranked eighth out of twelve companies; in FLI’s assessment, it ranked fourth out of eight (with Meta marginally trailing xAI); in AI Lab Watch’s assessment, it ranked fifth out of seven; in Stanford’s Index, it tied for last out of thirteen.

xAI seems to lack sufficient capacity to implement adequate safety practices

Implementing the practices in Table 1 requires dedicated safety personnel and specialized expertise. Anthropic distributes safety work across multiple teams, including Alignment Science, Interpretability, the Frontier Red Team, the Safeguards Research Team, and Societal Impacts, together with oversight structures including the Long-Term Benefit Trust and a Responsible Scaling Officer. OpenAI has approximately 200 staff working across at least five safety-focused teams (Safety Systems, Preparedness, Alignment, Model Policy, and Investigations), alongside a board-level Safety and Security Committee and an internal Safety Advisory Group. Google DeepMind operates multiple safety teams, including AGI Safety & Alignment (30–50 staff as of late 2024), Gemini Safety, and Voices of All in Alignment, plus a Responsibility and Safety Council, an AGI Safety Council, and other oversight bodies.

By contrast, it is unlikely xAI has the capacity to implement the practices in Table 1. According to a 2026 Washington Post article, xAI’s safety team consisted of “just two or three people”; in January 2026, xAI’s senior content-safety team—including the head of product safety, the post-training and reasoning safety lead, and the personality and model-behavior lead—resigned together after a meeting in which Musk had reportedly expressed frustration with restrictions on Grok Imagine. A former employee told The Verge that “safety is a dead org at xAI.” Section III.C addresses what disclosure of forward-looking safety capacity would entail.

B. The Potential Consequences of xAI’s Safety Practices

Grok 3, released in February 2025, benchmarked competitively with leading models from Google DeepMind, OpenAI, and Anthropic. While these companies have also faced safety incidents, xAI’s models have produced an unusual number of them in the 15 months since Grok 3’s release. Grok spontaneously inserted “white genocide” claims into unrelated conversations and questioned the Holocaust death toll (May 2025); endorsed antisemitic conspiracies, praised Hitler, and called itself “MechaHitler” (July 2025); exposed roughly 370,000 user conversations to the open web, including step-by-step instructions for synthesizing fentanyl and methamphetamine, making bombs, and writing malware (August 2025); and generated approximately three million sexualized images of real people over an 11-day period, including roughly 23,000 depicting apparent minors (December 2025–January 2026), with Reuters confirming in controlled testing that even after xAI’s announced fixes, Grok still produced sexualized images in over 80% of initial prompts where other models refused identical requests.

These safety incidents have, in turn, led to an unusual amount of regulatory and litigation exposure. In a roughly seven-week window starting in January 2026, more than a dozen jurisdictions took formal action, multiple national bans on Grok went into effect, 35 state attorneys general issued a joint demand, and federal class actions were filed. See Appendices II and III for more discussion of the regulatory and litigation record.

Drawing clear causal lines between any individual incident and a specific safety practice gap is difficult without the kind of detailed retrospectives that xAI’s peers occasionally publish.⁴ xAI typically has not provided such retrospectives. Where the company has commented publicly on incidents, it has more often offered post-hoc attributions—most prominently the “rogue employee” explanation—than substantive accounts of what went wrong.

But it is nonetheless possible to draw a link between practice gaps and incidents to varying degrees. For example, Grok’s frequent antisemitic posts in July 2025 immediately followed an announcement by Musk that Grok had been “improved” significantly. xAI later claimed that the incident was due to an unintended change to the model’s system prompt, and a bipartisan letter from sixteen senators concluded that the incident demonstrated “clear and significant gaps in xAI’s pre-deployment development and review process.” Still other connections are more circumstantial. In the weeks before Grok Imagine’s August 4, 2025 launch, a senior xAI safety lead posted publicly that the company “urgently” needed safety-team staffing across the frontier development cycle. xAI proceeded to launch Grok Imagine on schedule with “Spicy” as one of four built-in video generation modes. On her first attempt using the tool, a Verge reporter received a video of Taylor Swift tearing off her clothes, without ever asking for nudity.

C. xAI’s Future is Unclear

Against this backdrop, the company appears to be at a crossroads. It is unclear whether SpaceX will adopt xAI’s frontier AI ambitions. On May 6, 2026, Anthropic and SpaceX announced a partnership giving Anthropic access to a significant portion of its GPU capacity for serving Anthropic’s models; Musk simultaneously announced that xAI would be dissolved as a separate company and folded into SpaceX as “SpaceXAI.” At the same time, Musk has indicated that SpaceXAI is continuing to train future versions of Grok and Cursor recently announced that, together with SpaceXAI, it is training a new model from scratch. Whether SpaceXAI will be a frontier model provider inside a larger holding company, or whether the frontier model business will be wound down in favor of selling xAI’s GPU capacity to xAI’s frontier competitors, is unclear.

If SpaceX does plan to continue xAI’s frontier AI ambitions, will it continue xAI’s approach to safety, or will it invest in the capacity to implement the emerging (though incomplete) industry practices embraced by many of its competitors? xAI’s historical approach to safety, as described above, might provide reasons to be skeptical. But several recent developments offer sources of optimism. In May 2026, xAI signed an expanded agreement with the U.S. Center for AI Standards and Innovation (CAISI) for pre-deployment evaluation of frontier models, including testing in classified environments with safeguards removed, placing it on the same formal footing as Anthropic, OpenAI, Microsoft, and Google DeepMind. On December 30, 2025, xAI updated its safety framework (now called its Frontier Artificial Intelligence Framework) to comply with California’s Transparency in Frontier Artificial Intelligence Act (SB 53). And since May 2025, xAI has published Grok’s production system prompts in a public GitHub repository—a transparency practice that few other frontier developers match. Whether these steps are isolated departures or mark the beginning of xAI’s new attitude toward safety is unclear.

II. Investors’ Right to Know SpaceX’s Frontier AI Plans

Federal securities laws do not impose a fixed list of AI topics that public companies must disclose; instead, they impose principle-based obligations to disclose business risks that a reasonable investor would consider material. Regulation S-K requires disclosure of material information in registered securities offerings and in the periodic reports public companies file with the SEC. 17 C.F.R. § 229. Information is material if “there is a substantial likelihood that a reasonable shareholder would consider it … as having significantly altered the ‘total mix’ of information available.” TSC Industries v. Northway, 426 U.S. 438, 449 (1976). Rule 10b-5 separately prohibits material misstatements and half-truths in connection with the purchase or sale of securities. 17 C.F.R. § 240.10b-5. The substantive content of what must be disclosed therefore evolves with the risk profile of the businesses subject to the rules: new categories of risk can generate new disclosure topics without any change in the underlying legal standard.⁵

Subsection A identifies the qualitatively new types of risk that frontier AI capabilities are generating. Subsection B identifies an additional risk that would arise if SpaceX moves xAI from its historical fast-follower position toward frontier-leading status. Section III then identifies three categories of disclosure that investors should request of SpaceX in order to understand, and properly price, these risks.

A. The Unique Risk Profile of Frontier AI Companies

The people best positioned to evaluate the risks of frontier AI development have placed those risks in the same tier as pandemics and nuclear war. In May 2023, the CEOs of OpenAI, Anthropic, and Google DeepMind—together with Geoffrey Hinton (now a Nobel laureate in physics), Yoshua Bengio (the Turing Award-winning architect of modern deep learning), and hundreds of additional AI scientists—signed a one-sentence public statement urging that AI-driven extinction risk be treated as a global priority on par with those two threats.⁶ The International AI Safety Report, chaired by Bengio and authored by more than 100 experts with input from advisors from 29 governments and the U.N., E.U., and OECD, concluded in February 2026 that AI is improving faster than experts had anticipated and that the evidence for risks such as AI-assisted biological weapons development and loss of control of AI systems is growing.

The leading frontier AI companies are actively taking precautions against such risks. The same companies whose CEOs signed the 2023 statement have started designating their models as requiring safeguards that they say would, if removed, expose users to severe harms:

• May 2025: Anthropic activated ASL-3 safeguards for Claude Opus 4, citing the risk that the model could provide meaningful uplift toward CBRN weapons development. Anthropic has maintained safeguards at or above the ASL-3 level since this release.
• August 2025: OpenAI designated GPT-5 as High capability in the Biological and Chemical domains under its updated Preparedness Framework. Subsequent releases—GPT-5.3-Codex, GPT-5.4-Thinking, and GPT-5.5—have each maintained or extended that designation, with GPT-5.4-Thinking (March 2026) the first general-purpose model to operate under High Cybersecurity safeguards.
• May 2025: Google DeepMind reported Gemini 2.5 Pro had crossed the cybersecurity early-warning alert threshold under its Frontier Safety Framework. The threshold has continued to be met by each flagship Gemini release since, and Gemini 2.5 Deep Think (August 2025) additionally reached the early-warning threshold for CBRN uplift.

Each of these designations reflects the company’s own published representation that the model may pose a meaningful risk of severe harm absent the safeguards applied. In other words, leading frontier AI companies are now claiming that their safeguards may be actively necessary to prevent the harms their CEOs and the scientific community have warned about.

The pace of AI development is generating these new risks. Three years ago, the most capable AI systems could autonomously complete software-engineering tasks that might take a human expert roughly five minutes at 50% reliability. By 2026, frontier models are completing tasks that take human experts 12 hours at the same reliability threshold, with task horizons now doubling roughly every three months (compared to every seven months before 2024).⁷

Each new capability level has, under the companies’ own analyses, expanded the set of harms their safeguards must protect against. If the capability trajectory continues, both the types of risk and their severity will continue to grow.

The categories of harm that the current generation of safeguards is designed to prevent—e.g., uplift to motivated non-state actors in CBRN domains, scaled cyberattacks against major systems—are, in the companies’ own taxonomy, an intermediate risk level. The level above is where risks become potentially catastrophic: a model providing decisive uplift to a state-level biological weapons program, materially increasing the probability that a pandemic-capable pathogen could be engineered, produced, and deployed at scale; or a model capable of substantially automating frontier AI research itself, compounding the rate of capability advance and at which new risk categories emerge. No company has publicly designated a deployed model as having crossed into this tier. But the CEOs of the frontier companies have each indicated their belief that these capabilities will be within reach in the next one to four years.⁸

Compounding these dynamics, frontier AI development proceeds without the comprehensive federal regulation that constrains other industries with significant risk profiles. In this absence, each company determines its own approach to risk identification and mitigation, which gives investor-facing disclosure a uniquely important role as a window into whether those responsibilities are being discharged.

B. Risks Specific to xAI

The risks identified above apply to every frontier AI company, but SpaceX faces an additional risk layer if it intends to push xAI from fast-follower to frontier-leading status. While Grok has at times briefly led individual benchmarks, no xAI release has opened a new capability paradigm—the kind of step change that defines the leading edge. Google DeepMind’s Gemini 1.5 Pro (February 2024) introduced the first one-million-token context window, several times larger than any predecessor’s; OpenAI’s o1 (September 2024) introduced test-time reasoning as a new scaling dimension, spawning the “reasoning model” category every major company has since adopted; Anthropic’s Claude 3.5 Sonnet with Computer Use (October 2024) was the first frontier model to operate a computer through screen interaction.

Companies that produce such releases bear a distinct safety burden: they encounter new categories of risk first, must characterize them, and in some cases, must develop mitigations from scratch. This work has historically required sizable in-house safety teams of the kind Google DeepMind, OpenAI, and Anthropic maintain (Section I) and xAI does not. Companies behind the leading edge can build on the mitigations and threat models the leading companies have already worked out.

Two implications follow: First, xAI’s safety record to date reflects what can go wrong even when a company is behind the frontier, where risks are smaller and better understood from other companies’ prior work. The same safety practices applied at the uncharted frontier would pose far greater risks. Second, if SpaceX intends for xAI to begin producing paradigm-shifting models, its safety burden rises sharply—moving xAI from the fast-follower side to the first-mover side, encountering new risk categories without prior work to draw on. Whether SpaceX intends to build or acquire commensurate safety capacity, and on what timeline, is a question investors cannot resolve from current disclosures.

III. What SpaceX Should Disclose

For the reasons set out in Section II, SpaceX should disclose at least three categories of information to its prospective public investors: (A) xAI’s track record of safety incidents and any resulting regulatory and litigation exposure; (B) SpaceX’s forward-looking expectations for its AI models’ capabilities and the new risks such capabilities might create; and (C) how the company intends to ensure its products remain safe as those new risks emerge.

A. Track Record: Incidents, Regulation, and Litigation

Investors should understand how xAI’s safety posture has performed under real-world conditions: what has gone wrong, how regulators have responded, what is happening in the courts, and whether these patterns suggest isolated mishaps or systemic problems. The unusually high level of regulatory and litigation exposure includes investigations under E.U. DSA, U.K. OFCOM, Irish DPC, and U.K. ICO authority—proceedings that carry potential fines of 4–10% of global revenue. (See Appendices II and III for further details.) Investors should have the complete inventory of these events, including any not yet in the public record.

Adequate disclosure should allow investors to fully evaluate xAI’s safety record and the company’s response to it, including:

1. Complete safety-incident record. xAI has acknowledged some incidents only after public reporting forced acknowledgment or attributed them to “rogue employees.” Investors should request a complete inventory of safety-relevant incidents—including incidents not in the public record—across all of xAI’s deployed products.

2. Remediation pattern, retrospective and forward. For each material incident, investors should request information answering several critical questions: what was the root cause, what remediation was applied, and has that remediation prevented recurrence of similar failures? Where remediation was confined to surface fixes rather than structural changes, what is the company’s stated plan for structural remediation, and on what timeline relative to its stated capability projections?

3. Proceedings records. Investors should request a complete inventory of active regulatory proceedings, enforcement actions, civil litigation, and orders across all jurisdictions; the company’s potential financial and injunctive exposure in each; and its response posture (remediation, contestation, or non-engagement) in each matter.

B. Forward-Looking Capability and Risk Projections

This category covers where SpaceX is going: its stated capability ambitions and the new risks those ambitions create. The company has sent conflicting signals about whether it will remain a frontier model developer. Its May 2026 announcement folding xAI into “SpaceXAI,” alongside a partnership giving Anthropic access to a significant fraction of its GPU capacity, leaves it unclear whether xAI is still a frontier-AI competitor inside a larger holding company or whether the frontier-model business is being wound down in favor of selling compute to the companies currently at the frontier.

The distinction is material to SpaceX investors. As Section II.B and Section III.A establish, the new capability levels that Google DeepMind, OpenAI, and Anthropic have reached in the past year—and the still-undisclosed capabilities their own projections anticipate—carry qualitatively different risks than the content-safety failures that have characterized xAI’s safety record to date. Investors cannot reasonably price SpaceX’s AI exposure without knowing whether SpaceX intends to develop and deploy models at riskier capability levels or whether it intends only to become a provider of computing infrastructure.

Adequate disclosure should answer the following questions:

1. Frontier ambitions and timeline. Beyond Grok 5, does SpaceX intend to continue training and deploying models at or above the current capability level of frontier models from Google DeepMind, OpenAI, and Anthropic? Does it further intend to produce paradigm-changing releases of the kind discussed in Section II.B—releases that open new capability classes and carry the heightened safety burden described there? If so, by when? If not, are there conditions that would change those decisions?

2. Capability projections. What are the company’s internal capability projections for its frontier-relevant models across capability domains relevant to risk assessment?

3. Projected risks. What categories of risk does the company expect those projected capabilities to create, and what is its assessment of the materiality of each—including risk categories that have been less relevant at xAI’s historical capability level (e.g., CBRN uplift, sophisticated cyber autonomy, AI R&D automation, sophisticated agentic misuse) but that xAI’s own Risk Management Framework identifies as in-scope at higher capability tiers?

C. Safety and Governance Plans

Building on the capability ambitions and risk projections in the previous subsection, this category includes (i) what SpaceX will do to identify and manage the risks those ambitions create, and (ii) the governance structures that determine how those practices are decided, executed, and potentially overridden when they conflict with other commercial interests.⁹ Section I.A documented xAI’s status as an outlier on the safety practices its peers have converged on and on the organizational capacity required to implement those practices. The questions below track the practices identified in Table 1. The question for each is how SpaceX’s approach will evolve as capabilities and risks scale. Investors should understand:

1. Publish thorough risk assessments. Will SpaceX commit to publishing a thorough risk assessment with each major frontier model release, in form and content adequate for external scrutiny of capability and safeguard claims?

2. Third-party evaluations. Will SpaceX build on the May 2026 CAISI agreement with a regular cohort of qualified external evaluators (e.g., U.K. AISI, METR, Apollo) with access depth and timing adequate to surface what internal evaluation misses?

3. Serious misuse incident reporting. Will SpaceX commit to publishing periodic reports on malicious external use of its models—covering the activity, the actors, and the company’s response—on a defined cadence?

4. Safety governance structures. Will SpaceX designate a named safety officer or committee with deployment authority structurally independent of commercial leadership, and what board-level oversight will apply?

5. Capability elicitation. What will SpaceX do to elicit models’ full capability ceiling—i.e., to approximate what a sophisticated adversary could extract through fine-tuning, agentic scaffolding, or by stripping out safety training?

6. Automated AI R&D threat protection. Does SpaceX recognize automated AI R&D acceleration as its own risk category, with thresholds and safeguards distinct from those applied to other capability domains?

7. Safety capacity. What is xAI’s current safety headcount, and does SpaceX commit to scaling that capacity commensurate with its capability and risk projections and safety and governance plans?

Conclusion

xAI’s safety record is serious enough to warrant scrutiny; but it has not, by itself, foreclosed a better future for the company. The case for the disclosures identified here rests on a more modest premise: that investors deciding whether to put capital into a company that might build frontier AI systems—systems potentially capable of catastrophic-level harms—are entitled to know what that company has done and intends to do to identify and mitigate the risks those systems pose.

The path forward is open. In recent months, xAI has taken modest steps toward the practices on which its peers have converged, suggesting the gap documented in this report is closable. Whether it closes is now a SpaceX decision. The alternative is a SpaceX that develops frontier AI models with the same outlier safety practices that characterized xAI’s first three years.

Investors evaluating the merged entity’s risk profile need to know which of those paths the company has chosen. The disclosure framework set out in this report is neutral on the outcome. It asks only that the choice be made clear to investors and the general public.

Appendices

Appendix I: Comparing xAI’s Safety Practices to Industry Peers

As summarized in Table 1 above, Appendix I identifies six areas where xAI has failed to meet the safety practices of the leading frontier AI companies. The company practice summaries below are based on publicly available information, including the companies’ voluntary safety frameworks, system cards, and other safety reports. Appendix I also summarizes publicly available information about each company’s safety capacity.

Appendix II: Government Responses to Grok Incidents

Appendix III: Selected Grok-Related Lawsuits