×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Research Scientist Data Scientist

Research Engineer​/Research Scientist - Red Team; Misuse

Job in Greater London, London, Greater London, W1B, England, UK
Listing for: AI Security Institute
Full Time position
Listed on 2026-02-21
Job specializations:
  • Research/Development
    Research Scientist, Data Scientist
Salary/Wage Range or Industry Benchmark: 80000 - 100000 GBP Yearly GBP 80000.00 100000.00 YEAR
Job Description & How to Apply Below
Position: Research Engineer/Research Scientist - Red Team (Misuse)
Location: Greater London

Research Engineer/Research Scientist - Red Team (Misuse)

London, UK

About the AI Security Institute

The AI Security Institute is the world's largest and best-funded team dedicated to understanding advanced AI risks and translating that knowledge into action. We’re in the heart of the UK government with direct lines to No. 10 (the Prime Minister's office), and we work with frontier developers and governments globally.

We’re here because governments are critical for advanced AI going well, and UK AISI is uniquely positioned to mobilise them. With our resources, unique agility and international influence, this is the best place to shape both AI development and government action.

Team Description

Interventions that secure a system from abuse by bad actors or misaligned AI systems will grow in importance as AI systems become more capable, autonomous, and integrated into society.

The Misuse Red Team is a specialised sub-team within AISI's wider Red Team. We red-team frontier AI safeguards for dangerous capabilities, research novel attack vectors, and develop advanced automated attack tooling. We share our findings with frontier AI companies (including Anthropic, OpenAI, Deep Mind), key UK officials, and other governments to inform their respective deployment, research, and policy decision-making.

We have published on several topics, including novel automated attack algorithms (Boundary Point Jail breaking), poisoning attacks, safeguards safety cases, defending fine‑tuning APIs, third‑party attacks on agents, agent misuse, and pre‑training data filtering. Some example impact cases have been advancing the benchmarking of agent misuse, identifying novel vulnerabilities and collaborating with frontier labs to mitigate them, and producing insights into the feasibility and effectiveness of attacks and defences in data poisoning and fine‑tuning APIs.

We’re looking for research scientists and research engineers for our misuse sub-team with expertise developing and analysing attacks and protections for systems based on large language models or who have broader experience with frontier LLM research and development. An ideal candidate would have a strong track record of performing and publishing novel and impactful research in these or other areas of LLM research.

We’re looking for:

  • Research Scientists
    , who typically lead technical direction – picking the questions, designing the experiments, and owning the conclusions (typically evidenced by a strong publication record).
  • Research Engineers
    , who typically lead execution – building the systems and code that make those experiments possible at scale, and owning reliability, speed, and reproducibility.

In practice, we can support staff’s work spanning or alternating between research and engineering.
If you have a preference, please specify this in your application.

The team is currently led by Eric Winsor and Xander Davies – advised by Geoffrey Irving and Yarin Gal. You’ll work with incredible technical staff across AISI, including alumni from Anthropic, OpenAI, Deep Mind, and top universities. You may also collaborate with external teams from Anthropic, OpenAI, and Gray Swan.

We are open to hires at junior, senior, staff and principal research scientist levels.

Representative projects you might work on
  • Designing, building, running and evaluating methods to automatically attack and evaluate safeguards, such as LLM‑automated attacking and direct optimisation approaches.
  • Building a benchmark for asynchronous monitoring for signs of misuse and jailbreak development across multiple model interactions.
  • Investigating novel attacks and defences for data poisoning LLMs with backdoors or other attacker goals.
  • Performing adversarial testing of frontier AI system safeguards and producing reports that are impactful and action‑guiding for safeguard developers.
What we’re looking for

In accordance with the Civil Service Commission rules, the following list contains all selection criteria for the interview process.

The experiences listed below should be interpreted as examples of the expertise we’re looking for, as opposed to a list of everything we expect to find in one applicant:

You may be a…

Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search