arXiv
2026
The Oracle's Gambit: A Game-Theoretic Framework for Responsible AI Release
TL;DR: The Oracle's Gambit casts responsible AI release as a bilevel Stackelberg game, finding that for dual-use models the decisive lever is the sequencing of access — pre-releasing to defenders to open a protective capability gap — rather than the deploy-or-withhold threshold.
Abstract
Responsible vulnerability disclosure can secure the defender's head start by controlling when a
vulnerability becomes public. However, this status quo is now challenged by increases in capability
of AI models, which benefits both defenders and adversaries. When both sides draw their capability
from the same AI model, the defender's head start depends on the lab's decision to release the
model, and the question becomes not whether to release but how. Existing safety frameworks govern
only the deploy-or-withhold threshold and leave the timing of release unmodeled. We cast this
decision as a bilevel Stackelberg game in which a lab commits to a window that sets each side's
capability over time in a downstream contest between defender and adversary. Defender welfare turns
on the capability gap, not the shared level. Handing one model to both sides can trap the defender
in a Red Queen's race, whereas a pre-release to the defender alone creates a protective gap, and the
lab's optimal window balances this welfare gain against the opportunity cost of delaying release.
For dual-use models, the lever is the sequencing of access, not the deployment threshold.
BibTeX
@misc{landolt2026oraclesgambit,
title = {The Oracle's Gambit: A Game-Theoretic Framework for Responsible AI Release},
author = {Christoph R. Landolt and Tobias Lorenz and Marta Kwiatkowska and Mario Fritz},
year = {2026},
eprint = {2607.05442},
archivePrefix = {arXiv},
primaryClass = {cs.GT},
url = {https://arxiv.org/abs/2607.05442}
}