A map of who is doing what on AI safety in Latin America, scoped to catastrophic risk, and an argument for digesting the Northern frameworks rather than copying them.
I used Claude Opus 4.7 (Anthropic) for brainstorming, understanding and discussing concepts, finding initiatives, and grammar and spelling corrections on text I had already written. It likely contains >10% AI-generated text, but I’ve edited/rewritten it extensively and endorse it. The arguments, judgments, and any errors are my own.
Since I started my dive into AI safety, I have grappled with one question: as a Brazilian, what does it mean to think, build, prepare and contribute to existential risks from advanced AI models that speak to the needs of my country and region? Obviously I'm not the first one to try to answer this. This article is thus a mapping of what I found in terms of research approaches, field-building efforts, government preparedness, and related topics, in Latin America, on AI safety and existential risks.
Over the past half decade or so, I have been working with some of the top researchers in digital risks and AI, both at the Oxford Internet Institute, where I managed their Democracy and Technology Program, and at the International Panel on the Information Environment (IPIE), a Swiss-based research org I helped found.
In engaging with scholars and practitioners from Latam, I started sorting what people are actually doing into three postures. The first is to fit in: take the southern talent and slot it into the institutions that already exist in the North (the labs, the fellowships, the think tanks) and contribute to "global" research from inside them. The second is to build parallel: stand up our own capacity, our own models, our own compute, our own sovereign AI, on the theory that you cannot shape what you do not possess. And the third, the one I keep circling back to, is to reshape: take the Northern frames, methods and institutions, digest them, and re-make them into something that is ours and that bends the global agenda from where we stand.
There's a Brazilian name for that third posture. The modernists of the 1920s called it antropofagia — cultural cannibalism: you neither kneel to the foreign reference nor refuse it, you devour it and metabolize it into something of your own. Tupi or not Tupi, as Oswald de Andrade put it, refusing the choice between imitation and rejection. My interest in this piece sits mostly with that third posture, because I think it is at once the most honest about our position and the most ambitious about it; and because, as we'll see, the region's most interesting safety work is already at that helm.
It is also important to be realistic. When we talk about AI safety, our countries are consumer nations with little leverage over deployment rules, compute, or model access, so my aim here is to stay grounded about what is being tried and what it is that we can actually do.
From field-building initiatives in Argentina, to regulatory measures in Brazil and research approaches in Mexico, what follows is a map of that landscape: where the people and organizations are, what technical work exists, where governance touches catastrophic risk, who is paying for it, and what we could do next.
A scope note before we start. This piece foregrounds long-term and catastrophic risk (loss of control, AGI safety, frontier-model evaluation) and the technical safety work that bears on it. It addresses AI policy and governance only where they intersect those concerns. It is deliberately not a general survey of AI regulation or AI ethics in Latin America; those surveys exist, and this is not one of them.
Where we stand
The mainstream AI conversation in Latin America is about bias, fairness, labor displacement, surveillance, data extraction, and AI sovereignty; the worry that the region is a permanent consumer of models built elsewhere, trained partly on its data, in languages and value systems not its own. Existential risk debates are still nascent in that conversation, and there is a live argument, connected to the broader Global South discourse, about whether it should be there at all.
At one pole, critics in the lineage of Timnit Gebru and Émile Torres argue that x-risk framing is not merely orthogonal to present harms but actively displaces them (drawing attention, funding, and legitimacy away from the deployed systems already harming marginalized communities) in service of an agenda they read as parochially Silicon Valley. At the other pole sit researchers who argue that Global South actors can be genuinely consequential in catastrophic-risk governance, and should engage on those terms.
This piece sits closer to the second viewpoint. I take loss of control and catastrophic risk as the organizing concern, and I do not think Latin America is merely a passive risk-taker in someone else's drama. But I also don't think the displacement critique is stupid, and the most useful way to hold both is to notice where the frames actually meet.
That meeting point is the structural, rather than the sudden, version of loss of control. The "gradual disempowerment" framing (Kulveit et al., 2025) argues that even incremental AI improvements can erode human influence over the economy, culture, and the state by making human participation progressively unnecessary (no single takeover event required), just a slow ratchet. Stated that way, the concern is recognizable from a Latin American POV, because it is structurally the same dynamic that dependency, infrastructural lock-in, and the erosion of sovereign decision-making have described for a long time — now with a powerful new accelerant. You do not have to choose between "they worry about superintelligence" and "we worry about sovereignty." The disempowerment frame is one place those worries turn out to be the same worry at different time horizons.
So that's the lens. Now the map. I'll move through it in four passes: the field-building pipeline that gets people into the work; the technical safety work; the regulatory and institutional layer where governance occasionally brushes against catastrophic risk; and the money underneath all of it.
Field-building: the pipeline exists, the anchors don't
Two years ago I'd have guessed Latin America had no real pathway into AI safety. I'd have been half wrong and half right, in a way that turns out to be the whole story here. A pipeline did get built — but its two best-known programs, the Brazilian-founded Condor Camp and the AI Futures Fellowship at ITAM in Mexico City, have since wound down. That double fact is the most honest thing I can say about field-building in the region: the interest was real enough to stand these things up, and the field is thin enough that they didn't last. The first rungs of the "fit in" on-ramp now exist mostly in the past tense.
What's still standing, and growing, is in Buenos Aires. The Buenos Aires AI Safety Hub (BAISH) is now probably the largest and most established AI-safety community in the region: a couple hundred members, co-founded by Eitan Sprejer and Luca De Leo, orbiting the University of Buenos Aires. It runs a genuine funnel rather than a one-off event: in-person courses in partnership with BlueDot, weekly workshops that re-implement recent safety papers in code, a paper-presentation club, research sprints, and a six-month scholarship with mentorship and stipend (AISAR — "AI Safety Argentina") that is the closest thing the region has to a structured route from curious undergraduate to first paper.
And here's what makes BAISH different from a reading group: it publishes. Its members have produced work on chain-of-thought monitorability, AI debate and scalable oversight, learned multi-judge preference models, CBRN-evaluation robustification, and red-teaming of ASI-governance proposals (much of it through Apart Research hackathons and workshop venues, some co-authored with established safety researchers abroad).
Other, small yet growing, orgs exist across the region: AI Safety Brazil has a"full-spectrum" framing (from AI bias through catastrophic risk); Also in Brazil, CEGIA has been fundamental to grow the field and bring safety conversations to governance debates; Important is also the Spanish-language GCR work of the Observatorio de Riesgos Catastróficos Globales (ORCG) for the Hispanophone world (although based in Spain, it researches Latam). But the gap is what it always was, only sharper now that two flagship programs are gone: seniority (the oldest of these efforts dates to 2022) and institutional anchors. The pipeline is real, it now has a clear centre of gravity in Buenos Aires, and it still, for the most part, feeds people outward.
The technical work
If you go looking for a university-based technical alignment lab in Latin America — interpretability, scalable oversight, dangerous-capability evaluation, with faculty lines and compute - you won’t find on. Latam universities have Strong ML and NLP groups, world-class students, plenty of capabilities and applied work, but no group running the technical safety agenda as Anthropic, METR, or Apollo would recognize it. That institutional gap is real, and it's the deepest one on the map, in my view.
What's amazing (and what I'd have missed if I'd stopped at "look for a lab") is that the work is no longer absent, even though the lab is. It's happening in different strands, none of them housed in a permanent, safety-focused, institution.
The first strand is community-driven alignment research out of Buenos Aires, around BAISH. The output sits squarely on the core technical agenda: chain-of-thought monitorability, AI debate and scalable oversight, learned preference modelling — plus two pieces that come closer than anything else in the region to this article's concern, a CBRN-evaluation robustification toolkit and a red-teaming of an ASI-moratorium governance proposal. Most of it runs through Apart Research hackathons, workshop tracks, and arXiv preprints, some co-authored with established safety researchers abroad. It is, in other words, frontier-relevant safety work produced from the region — but produced on hackathon timescales and volunteer infrastructure, without the compute, funding, or continuity a lab would give it. The talent is demonstrably there; the institution to retain it is not.
A second approach is benchmarks and evaluations, mainly in Brazil. The flagship is MiJaBench (AKCIT / Federal University of Goiás), a bilingual English–Portuguese adversarial benchmark that red-teams models across prompts targeting different minority groups. Its core finding — the "Selective Safety Trap" — is that a model's willingness to refuse a harmful request can swing sharply depending only on which group is targeted. It's high-level technical safety work authored entirely in the region, red-teaming rather than fairness commentary, and AKCIT/UFG is quietly becoming a hub for it.
Around MiJaBench sits a dense Brazilian capability benchmark stack — ENEM and BLUEX (focused on university admissions exams), OAB-Bench, Juru, and Rabula (the bar exam), HealthQA-BR and Revalida-based work (medicine exams), unified by the Open Portuguese LLM Leaderboard. These are capability evals, not safety evals, but they build the native-language substrate that safety evaluation needs. Spanish-speaking Latin America contributes more diffusely: the AmericasNLP shared tasks (2021–2025) on indigenous-language translation (UNAM, PUCP, Universidad de la República — Quechua, Guaraní, Nahuatl, Aymara, Mapudungun); SESGO, a Spanish stereotype/bias benchmark with explicit Latin American framing; and La Leaderboard, a multi-country effort.
And then there is LatamGPT, coordinated by CENIA in Chile — an open model trained on regionally sourced text across Spanish, Portuguese, and indigenous languages, with compute hosted at the Universidad de Tarapacá, launched to great fanfare (the public launch event was in Santiago, with President Boric present). The important point for this map is that LatamGPT is, by its own materials, a sovereignty-and-representation project first and a safety project a distant second: I couldn’t find any systematic safety evaluations, dangerous-capability evals, or red-teaming results. It is the clearest "build parallel" project in the region (possess the model so you can shape its terms).
Here's why the benchmark strand is more interesting than a list of acronyms. The dominant finding in the multilingual-safety literature is that safety guardrails degrade sharply on low-resource and code-mixed inputs, and that English-language safety patches frequently fail to transfer. That makes multilingual safety a genuine technical problem with disproportionately Global South stakes — not a fairness add-on, an alignment problem.MiJaBench is a first, concrete, regionally-authored attack on exactly that problem. And it is, if you want the through-line of this piece in one artifact, antropofagia in technical form: it takes a Northern frontier-safety method — adversarial red-teaming — digests it, re-cooks it for Portuguese and for Brazilian minority groups, and hands back something that feeds the global problem rather than merely localizing it. The most globally consequential safety work Latin America can do may be precisely the work only Latin Americans are positioned to do well, because it requires native command of the languages and contexts where the guardrails break.
The gaps are also the opportunities, and they now divide cleanly by strand. On the benchmark side: no Spanish-language safety benchmark at MiJaBench's scale (a bilingual ES–PT extension is the obvious next move), no jailbreak/hate-speech benchmark in any indigenous language, and no Mexican, Chilean, or Argentine national-exam benchmark of the kind Brazil already has half a dozen of.
On the alignment side, the gap isn't talent or topic — it's the absence of any permanent home, so the work BAISH researchers do in a weekend sprint never compounds into a research program. Build that lab and you'd convert a scatter of hackathon papers into the region's first genuine technical-safety institution.
Regulation and institutions: where governance brushes against catastrophic risk (and mostly doesn't)
For the most part, every AI bill in Latin America took the EU AI Act as its template. Brazil's PL 2338; Chile's Boletín 16821-19; Peru's Ley 31814 and its 2025 regulation (the first binding general AI rules to actually take force in the region); Mexico's Morena-led "semáforo de riesgos" bill; Colombia's risk-tiered government bill, PL 043/2025. All of them are deployment-harm frameworks built on the same European scaffolding of risk tiers, prohibited uses, transparency, and fundamental-rights protection. The Brussels Effect, applied faithfully, and in several cases word for word: each of these bills explicitly cites the EU regulation as its reference.
Some antropofagia took place, but only partially. The region swallowed and digested the EU's deployment-harm approach, but left the frontier part on the plate empty: not one of these instruments contains a compute threshold, a loss-of-control provision, a systemic-risk tier in the EU's capability sense, or a functioning AI Safety Institute. Both the Peruvian law and the Brazilian bill ban autonomous weapons, but this is the closest anyone comes to naming catastrophe, and even that is framed as a prohibited use.
Brazil's PL 2338 is the most sophisticated instrument in the region, and the only one carrying some vocabulary of frontier risk — general-purpose models, "risco sistêmico," serious-incident reporting. A vote in the Câmara (lower house) is expected imminently, so I want to be fair to a process that is genuinely dynamic and that may look different by the time this is read (I promise to update as soon as we have news). Its drafters deserve credit for going well past mere transposition: the centralidade da pessoa humana (human centrality), the GPAI provisions, the Article 42 serious-incident regime, the autonomous-weapons prohibition, all built across a multi-year process with a dozen public hearings and real technical input. PL 2338 is already considerably more than a translated AI Act.
In my view, EU-inspired laws in the region do a good work of laying down principles and rights in the AI-era. Although, I must say, even the EU AI Act itself, the original framework with vastly more market power than Latam countries, has already had its core high-risk obligations deferred to 2027–28 and has been trimmed through a "simplification" omnibus. Deployment-harm laws assume leverage over the people doing the deploying, and in countries (the EU included) that build none of the frontier models and set none of the deployment rules, that leverage mostly sits offshore.
More important is what these laws and bills don’t do. While they’re concerned about protecting rights, they do little to foster a truly Latin American thinking on AI Safety. As we have seen in the sections above, interesting approaches are already being tried in the region. But to truly prepare Latin American governments and society for advanced AI scenarios, we need permanent institutional funding and structure.
Take Brazil’s PL 2338 for instance. It could have enshrined a Brazilian AISI in law, given it a mandate and a budget, funded local evaluation and red-teaming, created the institutional anchor and the stable money that this ecosystem most conspicuously lacks. To be fair, as All Tech is Human reports, Brazil announced in the Paris AI Summit that it would build a local AISI focused on environmental applications. I also talked to people in Brasília who said we should have news on this front this year. Let’s keep an eye out for that.
Meanwhile, some of this work has started outside the legislature. The CEBRI/ITS-Rio proposal for a Brazilian "AI Safety and Opportunities Institute (AISO)" is an interesting shape: a "second-wave" AISI-like body, technical and advisory rather than regulatory, safety and opportunity by design, built for an adopter rather than a developer of frontier models. It is itself a tidy piece of antropofagia: take the UK/US AISI template, digest it, re-cook it for a country in a different position in the stack. But it remains a proposal, not an institution: agenda-setting without a statutory mandate or a budget
Zoom out and the vacuum is regional. No government in Latin America runs an operating AISI[3] ; none is a member, or even an observer, of the International Network of AI Safety Institutes (Kenya remains the sole Global South member). X-risk scenarios are, throughout the region, almost entirely unlegislated and largely unconsidered.
Which is where the statute books become the clearest case in this whole piece for a more aggressive antropofagia. We have imitated most here and digested least: we transposed Europe's defensive frame, a consumer bloc shielding its citizens from systems built elsewhere, and then skipped the part where you make the reference your own.
A bolder approach would do three things, and they map directly onto the gaps named earlier. It would foster local thinking: stop transposing Brussels and start drafting from our actual position — what does meaningful AI governance even look like when you don't host the labs? It would reframe capability: an AISI with a real budget, funded evaluation, the missing lab, and, crucially, one pointed at the region's own exposures (language barriers, cybercrime, climate and biorisks) rather than a generic transposition of the northern model. Built that way, an institute doesn't just defend the region; it produces safety knowledge the frontier needs back — the reshape posture written into statute rather than left to weekend hackathons. And it would fill the gaps: the absent institution, the alignment researchers riding hackathons with no home, the Spanish-scale safety benchmark that doesn't yet exist. Antropofagia was never about imitation; it was about eating the reference and making something that feeds you. On regulation, we have mostly just set the table.
A quick note on funding
Follow the money and it has one dominant colour: foreign and EA-coded. Open Philanthropy (now Coefficient Giving) has been the principal funder of regional safety capacity-building (what I believe is roughly $800,000 across a handful of grants), with Manifund, CEA, and EA Funds behind the community programs; the genuinely large regional checks — CAF and AWS for LatamGPT — are about sovereignty and capability, not safety, and the national science councils (FAPESP, CNPq, CONICET, ANID, Conahcyt) fund AI broadly with no identifiable safety-specific lines. Two things follow. There's a legitimacy problem — when nearly every safety program is bankrolled by US-based EA philanthropy, local institutions are reasonably wary of looking like appendages of someone else's agenda, which is itself an obstacle to building the local anchors the field needs. And there's fragility: a field funded by one or two sources is one funder-shock away from collapse, as the 2023 FTX implosion already showed when it cancelled outreach across the region's EA community.
Where that leaves us
The risks that are most acute in this region are a grave concern to the people who live here - but they are also the kind that spiral outward. Guardrails are documented to degrade in Spanish, Portuguese, and Indigenous languages, which makes the region a low-friction entry point for jailbreaks that then generalize. Hyper-scale disinformation and AI-enabled political destabilization, if they mature here first, become a playbook that transfers to other middle-power and fragile-state contexts. And under-protected public-health and biological databases are exactly the soft targets through which AI-enabled cyber-intrusion could, in the worst case, lower the barrier to a biological catastrophe with no respect for borders. The region is, in other words, a place where several global catastrophic pathways are unusually exposed - and a place where, precisely for that reason, working on them pays off globally.
So, back to the question I opened with: what does it mean to do AI safety from Latin America? It means recognizing that the region's unique exposure is also its unique contribution. The languages, the threat environment, and the institutional conditions that make it vulnerable are the same ones that let it produce safety knowledge no one else is positioned to produce — and that is what antropofagia looks like in practice: not importing the frontier agenda, but metabolizing it into findings the frontier needs back.
After all the mapping, the pieces are visibly here: nascent talent pipelines, the political will for at least some regulation, and technical work that — resource constraints and all — is already producing meaningful safety insights. What's missing is anchors: permanent institutions, senior researchers, and funding that doesn't evaporate when one funder stumbles. Those anchors are the work ahead. Latin American labs, an AISI built for the region's actual exposures — climate and bio, cybersecurity, disinformation — could generate locally-grounded findings with direct global spillover: Portuguese-language red-teaming benchmarks, evaluation methods hardened on the languages where guardrails break first.
And with that infrastructure in place, a further possibility opens — one that plays to a regional strength the rest of this map hasn't touched. Brazil in particular has a long diplomatic tradition of brokering between larger powers, from the non-aligned tradition to the climate negotiations. A region with genuine safety capability of its own, rather than a borrowed agenda, is a region that could eventually help broker the international agreements this technology will demand. That, more than a seat at someone else's table, is the case for building from where we stand.
Acknowledgements, and what this map leaves out
A map is defined as much by what it omits, so let me name the main omissions; partly as scope-setting, partly as credit where it's due.
The first is the diaspora. There's a real and growing set of Latin-America-born researchers doing this work from inside Northern institutions, including, but not limited to, Renan Araújo (Brazil) at IAPS, Jonathan Dannevig (Argentina) at ERA, Clarissa Rios Rojas (Peru) at Cambridge's CSER, Caio Vieira Machado (Brazil) at The Future Society, Barbara Marchiori de Assis (Brazil) on AI middle-power governance, among others. They are doing important work in Northern institutions, whether by bringing middle-power perspectives to the table or by helping grow the field more broadly.
The second is biosecurity and biorisk. AIxBio is one of the most concrete catastrophic-risk pathways, and there's nascent regional activity (Brazil's biosafety society SB3 turns up as a field-building collaborator, for instance) but I haven't done it justice, and a proper map of Latin American AI-biosecurity work would be its own article.
And the usual caveats: this is a Brazil-heavy account by a Brazilian; coverage of Mexico, Central America, and the Caribbean is thinner than it should be; and, as the scope note said up top, I've set general AI ethics, fairness, and policy almost entirely aside — not because they don't matter, but because others map them better. Corrections and additions are very welcome; consider this a v1.