This report presents findings from three table-top exercises (TTXs) run with senior government policymakers in Germany, the Netherlands, and France. Developed through a collaborative programme between RAND Europe, the UK AI Security Institute, and Mila – Quebec AI Institute, and grounded in the 2026 International AI Safety Report, the exercises were designed to help senior officials engage practically with challenges posed by emerging artificial intelligence (AI) risks.
Using RAND’s ‘Day After’ methodology, each session placed fifteen to twenty senior officials in the role of Cabinet members confronting a simulated AI-enabled cybersecurity crisis across two turns. The scenario centred on FlowGPT, a fictional government-backed frontier AI model exploited at scale by criminal actors for cyberattacks. A second turn introduced an open-weight competitor with equivalent capabilities and little safety constraints, eliminating the governance leverage available in the first.
Across all three sessions, six issues dominated participant discussion:
- Defining the crisis threshold. When does the pace and scale of AI-enabled cyberattacks amount to a national crisis rather than a more routine operational problem?
- Engaging a national AI champion. In the exercise, the state had publicly backed and funded the problematic model’s developer. Acting against its interests meant admitting a governance failure and absorbing the political and economic cost of turning on a strategic asset.
- Calibrating risk management when capabilities cannot be reliably evaluated. With no trustworthy way to assess the model’s risks independently, government was left relying on the developer’s voluntary — and potentially biased — risk assessments.
- Preventing open-weight misuse. The diffusion of a highly capable open-weight model in turn 2 raised new challenges, as it is harder to monitor and implement safeguards on open-weight models.
- Hardening critical infrastructure. Proposals for protecting vulnerable systems ranged from restricting access to the AI model to simulating attacks against critical systems.
- Utilising this crisis as a catalyst for positive institutional change. The crisis brought attention, resources, and political will that could be used to invest in durable preparedness measures.
- Cooperating with allies. Whether to restrict threat intelligence to trusted minilateral networks or share information broadly, including with potential adversaries.
This research was conducted by RAND Europe in collaboration with the UK AI Security Institute.
This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND’s publications do not necessarily reflect the opinions of its research clients and sponsors.

