The machines are running, the data centers are warming the ground beneath them, and a major new study says the window to stop the worst outcomes is narrowing fast. MIT FutureTech and the MIT AI Risk Initiative published a three-round expert study in June 2026 that asked 272 researchers, policymakers, and technologists from 37 countries to rank the AI risks that could cause the most damage to human society and the natural world before 2030. What they found should change the terms of a debate that has spent too long fixating on science-fiction scenarios while slower, structural harms accumulate in plain sight.

Prioritization of Risks from Artificial Intelligence
Prioritization of Risks from Artificial Intelligence.pdf
4 MB
download-circle

A number that reframes the conversation

The study's most quoted finding is precise: 18 of the 24 AI risk categories assessed carry at least a 10% probability of catastrophic outcomes over the five-year period from late 2025 to late 2030, under business-as-usual conditions. Catastrophic, in this study, is not vague. The researchers defined it as more than 1 million human deaths, more than USD 100 billion in financial damage, continental-scale infrastructure collapse, or civilizational-scale harm to democratic institutions or human rights.

Ten percent may not sound alarming in isolation. Put it in the context of how other safety-critical industries are regulated and the significance sharpens. The risk-governance frameworks used by dam safety engineers and water infrastructure regulators in the United States classify a 10% catastrophic probability over five years as "intolerable" - the threshold at which mandatory mitigation becomes legally required. Most of the AI risks above that threshold are currently addressed, if at all, through voluntary industry commitments.

The five risks with the highest overall severity scores were dangerous capabilitiescompetitive dynamicsweapons and cyberattackspower centralization, and false information. The two with the highest probability of catastrophic outcomes were dangerous capabilities at 21.5% and weapons and cyberattacks at 21.0%.

What "dangerous capabilities" actually means

The top-ranked risk by both severity and catastrophic probability - dangerous capabilities - is not the Hollywood scenario of a sentient machine deciding to eliminate its creators. The study defines it as AI systems that develop, access, or are provided with capabilities that increase their potential to cause mass harm through deception, weapons development, persuasion and manipulation, political strategy, cyber-offense, or self-proliferation. These capabilities can cause harm through malicious human actors, through AI systems pursuing misaligned goals, or through failures nobody intended.

One panelist, whose written rationale appears in the supplementary materials, placed the 2025-2030 window in concrete technical terms: "Benchmark extrapolations and time-horizon studies show that by 2030 we can conservatively expect frontier models to be able to reliably autonomously complete tasks that would take a human software engineer 40-80 hours." That represents, in the panelist's framing, an unprecedented capability for misaligned agents to execute catastrophic actions, including "sophisticated, sustained cyberattacks on critical infrastructure."

The study treats dangerous capabilities and weapons and cyberattacks as distinct but overlapping categories. Weapons and cyberattacks covers humans deliberately using AI as a tool - building cheaper and more effective malware, designing bioweapons, deploying autonomous weapons systems. Dangerous capabilities covers the harm potential inherent in the capabilities themselves, regardless of whether a human chooses to weaponize them. An AI system that can synthesize a novel biological agent on request straddles both categories.

The planet: environmental harm as a structural risk

Environmental harm is where the study intersects most directly with the physical world. It is defined as the development and operation of AI systems causing environmental damage through energy consumption of data centers, or the material and carbon footprints of AI hardware. Under the business-as-usual scenario, it received a catastrophic probability of 17%. Under pragmatic mitigations - meaning governments and organizations are actively trying to reduce harm - it still carries a 12% catastrophic probability, placing it in the study's most resistant tier of risks.

The scale of what is being described is not speculative. Electricity consumption from data centers is on track to more than double globally by 2030, according to the International Energy Agency. In many regions, that electricity still comes from fossil fuel power plants. Data centers already generate so much waste heat that they are measurably warming the land around them - a 2026 study found average land surface temperature increases of approximately 2 degrees Celsius after a data center begins operations, creating what researchers called a "data heat island effect." One expert panelist in the MIT study wrote simply: "Heavy data infrastructure and large models will continue to consume energy, cause resource pressure."

There is a structural reason why environmental harm stays above the 10% catastrophic threshold even with mitigations in place. The same competitive dynamics that drive rapid AI development also drive the buildout of physical infrastructure at a pace that outstrips regulatory oversight. Carbon commitments made by major technology companies have been quietly revised downward as power demand has risen. Governance instruments designed to enforce emissions standards have generally not kept pace with the speed of data center construction.

Society fracturing: inequality, unemployment, and power concentration

Three of the study's risk categories address the social fabric directly - and all three retained over 10% catastrophic probability even under pragmatic mitigation scenarios.

Inequality and unemployment received an 11% catastrophic probability after mitigations. The risk covers social and economic inequalities caused by widespread AI use, including automation of jobs, reduction in employment quality, and exploitative dependencies between workers and employers. One panelist's note in the study's supplementary materials was blunt about the mathematics: "I think the question is severely flawed because there has already been substantial harm - and this situation will continue even if AI is beneficial on net. If only 200 graphic designers previously earning USD 50,000 experience one year of unemployment due to generative AI, the damages already exceed USD 1 million, even if the rest of society is enjoying benefits." The calculation scales dramatically when extended to sectors like software development, customer service, paralegal work, and creative production.

The study does not project specific job loss numbers - that is outside its scope - but the expert panel judged the economic inequality risk as persistent precisely because the structural incentives point in one direction. AI displaces labor. The financial gains flow to those who own the systems. Workers in the Global South, who already perform the lowest-paid and most precarious labor in AI supply chains - including data labeling and hardware mining - bear disproportionate costs while capturing none of the upside.

Power centralization is the risk category that connects environmental damage, inequality, and governance failure into a single dynamic. The study defines it as AI-driven concentration of power and resources within certain entities or groups, creating inequitable distribution of benefits and increased societal inequality. It received an 18% catastrophic probability under business as usual, and 11% under pragmatic mitigations. One panelist in the study explained why it proves so resistant to intervention: "Power centralization is perhaps the most stubbornly persistent risk because the same entities developing AI are often best positioned to capture its benefits, creating self-reinforcing dynamics that are difficult to reverse through technical interventions alone."

The study's supplementary materials contain a striking empirical observation from a panelist trying to calibrate the financial dimension of this risk: the proportion of the S&P 500 represented by the top ten companies - now predominantly AI companies - has roughly quadrupled over five years and now represents approximately 38% of the index. If that trend continued for another five years at the same rate, all other companies combined would represent roughly a quarter of the index. That is not a prediction, but it illustrates the concentration trajectory that experts are extrapolating from.

False information rounds out the social harm tier with a 12.8% catastrophic probability under business as usual, dropping to 7% with mitigations. This risk - AI systems inadvertently or deliberately generating and spreading incorrect or deceptive information - has consequences far beyond individual acts of misinformation. The study treats it as a structural threat to the information environment that democratic decision-making depends on. When courts, insurance systems, medical records, and electoral processes all rely on information that AI systems have touched or generated, the downstream effects of systematic misinformation are compounding and hard to reverse.

Disinformation as a weapon

Distinct from false information is disinformation and influence, which the study defines as using AI to conduct large-scale disinformation campaigns, malicious surveillance, or targeted propaganda to manipulate political processes and public opinion. It was selected as a top-three concern by 22% of all 272 experts - the same share as false information and dangerous capabilities.

The study's panelists grounded this risk in specific, ongoing events rather than abstract scenarios. Written rationales in the supplementary materials referenced AI-assisted disinformation in the Russia-Ukraine conflict, large-scale foreign influence operations targeting democratic elections, and the use of parasocial AI relationships to extract information and shift political views at scale. The concern is not that disinformation is new - it is ancient - but that AI reduces the cost of producing it, increases its personalization, and enables it to operate at a scale that no human information-war operation could previously sustain.

The accountability gap that makes all of this worse

Every risk in the study exists in a context of institutional responsibility. The study's mapping of who is most vulnerable versus who bears the most responsibility reveals a structural problem that cuts across every category of harm.

AI users and the general public - consumers, employees subject to AI decisions, citizens whose democratic institutions are being undermined - were rated the most vulnerable actors across nearly all 24 risk categories. They receive median vulnerability scores of 4 to 5 out of 5, meaning "highly" to "extremely" vulnerable.

General-purpose AI developers and AI governance actors - governments, regulators, and standards bodies - were assigned the highest responsibility ratings across nearly every risk domain. They are rated "highly" to "primarily responsible."

The gap between those two findings is the study's most unsettling structural observation. Those who are most exposed to harm are not those who hold the power to prevent it. That asymmetry is familiar from other industries - the public bears the risk from nuclear plants while engineers and regulators bear the obligation to prevent failures - but what makes it different in AI is that the mechanisms that bridge the gap in those industries (mandatory standards, liability regimes, insurance requirements, independent inspection) are largely absent from AI development.

The study goes further. It argues that the competitive dynamics rating its own probability of catastrophic outcomes at 16.6% under business as usual are the same dynamics that push the actors most responsible for harm away from taking precautionary action. A developer that invests in safety, restricts dangerous capabilities, or slows deployment absorbs a direct competitive cost. The safety benefit accrues to everyone. That is a classic collective-action failure, and it predicts systematic underinvestment in precaution unless external constraints arrive through regulation or liability.

The five risks no amount of reasonable effort fully fixes

When experts were asked to rate risks under the pragmatic mitigations scenario, every risk improved. But five stubbornly refused to drop below the 10% intolerable threshold: dangerous capabilities (12%), weapons and cyberattacks (12%), environmental harm (12%), inequality and unemployment (11%), and power centralization (11%).

These five share a common structure. They are not primarily technical problems addressable through better model architecture or improved safety filters. They arise from market structure, distributional outcomes, and geopolitical dynamics. Environmental harm persists because the economic incentives for building more compute outrun the incentives for reducing its footprint. Inequality and unemployment persist because the returns to capital from AI automation are concentrated by design. Power centralization persists because the entities best positioned to act on it are the same entities benefiting from it. Dangerous capabilities and weapons and cyberattacks persist because the capabilities themselves are increasingly available, and restricting them in one jurisdiction does not restrict them globally.

The study's authors put it plainly in their conclusion: "The window for avoiding catastrophic outcomes remains open but is narrowing."

What governance exists - and where it falls short

The EU AI Act, the most comprehensive mandatory AI regulatory framework currently in force, has seen its high-risk obligations pushed to 2027 after prolonged legislative negotiations. Its general-purpose AI provisions took effect in August 2025. The Brussels AI Act trilogue talks collapsed in May 2026 without agreement on proposed changes, leaving the August 2026 compliance deadline unchanged but the broader implementation picture fragmented.

The study explicitly names governance failure - "inadequate regulatory frameworks and oversight mechanisms that fail to keep pace with AI development" - as its own risk category, one that received a 14% catastrophic probability under business as usual. It is one of the few risks where the harm is not a downstream consequence of AI behavior but a direct consequence of institutional inaction.

Most current legislation focuses within countries rather than across them. The risks that most demand international coordination - weapons and cyberattacks, disinformation, competitive dynamics between state-level AI programs - are precisely the ones where geopolitical competition makes coordination hardest. China's Global AI Governance Action Plan, published in July 2025, is one effort to frame international norms, but aligning safety standards across competing great powers remains an open problem.

What the experts actually fear most

When all 272 experts were asked to name their three biggest concerns regardless of their specific subdomain, fraud and scams came first at 27%, followed by power centralization at 24%, and dangerous capabilities, disinformation and influence, and false information all tied at 22%. AI misalignment - AI systems pursuing goals that conflict with human values - was chosen by 18% as a top-three concern, placing it ahead of many risks with higher technical severity scores.

The gap between the severity rankings and the top-concern selections is itself informative. Overreliance and unsafe use ranked eighth in top concerns but only twentieth by severity. Governance failure ranked sixth in top concerns by some panelists but relatively lower by severity score. The divergence suggests experts are weighting long-term, slow-moving harms differently from a rubric calibrated primarily to deaths and financial losses per event.

The study notes a further asymmetry: experts agreed most readily at the extremes. There was strong consensus on which risks are catastrophically dangerous and which actors bear primary responsibility. The disagreements concentrated in the middle range, and many of those disagreements are normative rather than empirical - about who should bear costs, not about what costs exist.

Limitations worth knowing

The study is explicit about what it does not cover. It ranked risks by perceived danger, not by how tractable each is to address. A risk rated catastrophic but effectively beyond mitigation calls for different action than one that is moderate but straightforward to fix. That cost-benefit analysis of interventions was deliberately set aside as a priority for follow-on research.

The expert panel skewed geographically - 79% from Europe or North America - and by gender, at 68% male. Self-selection into AI risk surveys may produce panels more alarmed about AI than the broader research population. Confidence intervals on individual risk probabilities are wide. These are calibrated expert beliefs built through an iterative consensus method, not actuarial tables derived from observed events.

Timeline

  • August 1, 2024 - EU AI Act enters into force.
  • July 10, 2025 - EU General-Purpose AI Code of Practice finalized with nearly 1,000 participants.
  • August 2, 2025 - Strictest EU AI Act obligations enter application for general-purpose AI providers.
  • September 2025 - Round 1 of the MIT/MIT FutureTech Delphi study begins; 272 eligible experts rate 24 AI risk categories.
  • October 2025 - Round 2 completed; experts review aggregated Round 1 data and peer rationales.
  • November 2025 - Round 3 completed; 214 of 272 experts (79%) finish all rounds.
  • November 19, 2025 - European Commission submits the Digital Omnibus package proposing AI Act timeline changes.
  • February 14, 2026 - Council of Europe publishes guidelines on combating algorithmic discrimination under the EU AI Act; covered by PPC Land.
  • March 12, 2026 - European Commission publishes draft rules on how it will investigate and fine general-purpose AI providers; covered by PPC Land.
  • March 18-19, 2026 - European Parliament committees back fixed 2027 high-risk compliance deadline; covered by PPC Land.
  • May 3, 2026 - Brussels AI Act trilogue talks collapse; August 2026 deadline unchanged.
  • May 7, 2026 - Council and Parliament reach agreement pushing high-risk AI Act obligations to 2027; covered by PPC Land.
  • May 28, 2026 - Munich civil court holds Google liable for false claims generated by AI Overviews; covered by PPC Land.
  • June 2026 - MIT FutureTech and MIT AI Risk Initiative publish the full Delphi study; 18 of 24 AI risk categories assigned at least 10% catastrophic probability before 2030.

Summary

Who: MIT FutureTech and the MIT AI Risk Initiative, led by Alexander K. Saeri, Michael Noetel, Peter Slattery, and Neil Thompson, with 268 co-investigators drawn from academia, industry, government, and civil society across 37 countries.

What: A three-round Delphi study in which 272 international AI experts rated 24 AI risk categories on probability and severity of catastrophic harm, and assessed which actors and sectors bear the greatest vulnerability and responsibility across two scenarios - business as usual and pragmatic mitigations.

When: Research rounds ran September to November 2025. The paper was published in June 2026.

Where: Global scope, with contributors from Europe (36%), North America (43%), Asia (8%), and Oceania (7%). Environmental harm, power centralization, and inequality risks assessed across all major economies and sectors.

Why: Without systematic expert-based prioritization, governments and organizations cannot allocate finite resources to the AI risks that actually pose the greatest threat to human welfare, social stability, and the natural world. The study provides that prioritization - and its findings suggest the current pace of voluntary governance is insufficient to hold the most severe risks to tolerable levels before 2030.