BusinessDecision Matrix11 min readPublished July 17, 2026

Nine labs graded July 7 · top grade C+ · the index rates labs, not deployments

AI Safety Index 2026: A Buyer’s Guide to the C+ Grades

The Future of Life Institute’s Summer 2026 AI Safety Index grades nine frontier labs — and nobody breaks C+. Anthropic leads at 2.66, OpenAI and Google DeepMind sit at C, and three labs fail outright. The catch for enterprise buyers: the index grades labs’ policies and disclosures, not the products you deploy. Here’s how to read it in procurement.

DA
Digital Applied Team
Senior strategists · Published Jul 17, 2026
PublishedJul 17, 2026
Read time11 min
SourcesFLI, TIME, Axios
Top overall grade
C+
Anthropic · 2.66 / ~4.0
leads 5 of 6 domains
Failing labs
3/9
xAI, DeepSeek, Mistral
US, China, Europe
Indicators graded
37
across 6 domains
Best existential-safety grade
D+
Anthropic — the industry’s weakest domain

The AI Safety Index 2026 arrived on July 7 with a blunt headline: the best safety grade any frontier AI lab could earn is a C+. The Future of Life Institute’s Summer 2026 edition scores nine leading AI companies across 37 indicators in six domains, and Anthropic tops the field at 2.66 on a roughly 4.0-point scale — a grade most universities would put on academic probation.

The press coverage has focused on the drama — OpenAI slipping a letter tier, xAI falling to an F, all four leading labs walking back earlier pause pledges. What almost nobody has written is the part that matters if you sit on the buying side: what a lab-level safety grade actually tells you when you’re selecting an AI vendor, and — just as important — what it structurally cannot.

This readout covers the published grades exactly as FLI issued them, the two-edition trend, the pledge-walkback findings, the methodological dispute raised by the open-weight labs, and a domain-by-domain map that translates the index’s six categories into the procurement risks they most closely resemble. The enterprise-buyer lens is our synthesis, not FLI’s framing — the institute writes for policymakers and the public, not procurement teams.

Key takeaways
  1. 01
    Nobody breaks C+.Anthropic leads the Summer 2026 index at C+ (2.66), with OpenAI (C, 2.28) and Google DeepMind (C, 2.01) behind. xAI, DeepSeek, and Mistral fail — one lab each from the US, China, and Europe.
  2. 02
    The index grades labs, not deployments.FLI explicitly evaluates nine companies — their policies, disclosures, and governance — not specific deployed products. A C+ says nothing about whether your specific model, configuration, and contract meet your bar.
  3. 03
    All four leaders weakened pause pledges.Anthropic, OpenAI, Google DeepMind, and Meta have all weakened or voided earlier commitments to pause if risk thresholds were approached — reviewers described it as moving the goalposts.
  4. 04
    Existential safety is the weakest domain everywhere.No company scored better than C− on existential safety, and most scored D or below. The single best grade in the domain is Anthropic’s D+.
  5. 05
    Open-weight vendors dispute the framework.Mistral argues the index structurally penalizes open-weight release models, where the deploying enterprise — not the lab — controls fine-tuning and safety controls. For buyers, that is a real methodological nuance, not just spin.

01The GradesNine labs, one C+, three failures.

The Future of Life Institute published the Summer 2026 AI Safety Index on July 7, 2026, grading nine leading AI companies on evidence collected through June 3. Anthropic took the top overall grade at C+ (2.66), leading five of the six domains. OpenAI followed at C (2.28) — it now leads the Risk Assessment domain on the strength of a broader evaluation suite and external-testing engagement — with Google DeepMind third at C (2.01). Meta improved to D+ (1.32). Z.ai (0.88) and Alibaba Cloud (0.87) landed at D−, and three labs received failing grades: xAI (0.65), DeepSeek (0.47), and Mistral (0.33) — one company each from the US, China, and Europe.

Overall scores · FLI AI Safety Index, Summer 2026

Source: Future of Life Institute, AI Safety Index Summer 2026 (Jul 7, 2026). Bars show each overall score as a share of the ~4.0-point scale.
AnthropicC+ · leads 5 of 6 domains
2.66
OpenAIC · leads Risk Assessment
2.28
Google DeepMindC · third overall
2.01
MetaD+ · only meaningful riser
1.32
Z.aiD−
0.88
Alibaba CloudD−
0.87
xAIF · fell from D
0.65
DeepSeekF
0.47
MistralF · newly added, lowest score
0.33
Reading the letter grades
The numeric gaps at the top are narrower than the letters suggest. Anthropic (2.66), OpenAI (2.28), and Google DeepMind (2.01) sit within 0.65 points of each other on a roughly 4.0-point scale — while the drop from Google DeepMind to Meta (1.32) is nearly 0.7 points on its own, and the failing labs cluster far below at 0.33–0.65. A headline like “C+ vs C” overstates the gap between the three US leaders and understates the gap to everyone else. (This spread observation is our analysis of FLI’s published score table, not a claim FLI makes.)

02MethodologyHow the index is built — and what feeds it.

Before citing any grade in a vendor-selection memo, it’s worth knowing exactly what produced it. The index grades each company on 37 indicators grouped into six domains: Risk Assessment, Current Harms, Safety Frameworks, Existential Safety, Governance & Accountability, and Information Sharing. Seven outside expert reviewers assign the grades — the panel includes UC Berkeley professor Stuart Russell, University of Montreal professor David Krueger, and HEC Montréal professor Tegan Maharaj.

The evidence base is a mix of a company survey and public materials. Only five of the nine companies completed FLI’s survey — Alibaba, xAI, DeepSeek, and Mistral did not respond — so those four labs’ grades rest entirely on public policies, research, reporting, and disclosures. That matters for interpretation: a non-responding lab with strong internal-but-unpublished practices would be graded on the thinner public record.

Indicators
Across six domains
37

Risk Assessment, Current Harms, Safety Frameworks, Existential Safety, Governance & Accountability, and Information Sharing — with evidence collected through June 3, 2026.

Published twice yearly
Reviewer panel
Independent expert graders
7

Outside reviewers assign the grades, including Stuart Russell (UC Berkeley), David Krueger (University of Montreal), and Tegan Maharaj (HEC Montréal).

External grading
Survey response
Labs completed FLI’s survey
5/9

Alibaba, xAI, DeepSeek, and Mistral did not respond. Their grades are built from public policies, research, reporting, and company disclosures alone.

4 abstained

One scope note that shapes everything downstream: FLI states the index “Evaluates 9 leading AI companies (not specific deployments) across 37 indicators.” That parenthetical is the most buyer-relevant clause in the whole report, and Section 05 is devoted to it.

03The TrendWinter 2025 to Summer 2026: mostly downward drift.

FLI publishes the index twice a year, which allows a same-lab trend read. The table below compares the two most recent editions — Winter 2025 (published December 2025) and Summer 2026 — using FLI’s published overall grades and scores for both. The pattern is hard to miss: seven of the eight labs graded in both editions scored lower in Summer 2026, and only Meta moved meaningfully up.

FLI AI Safety Index overall grades and scores for nine AI labs across the Winter 2025 and Summer 2026 editions, with the score movement between editions. Grades and scores as published by the Future of Life Institute; movement deltas computed by Digital Applied from the two published scores.
LabWinter 2025Summer 2026Score changeRead
AnthropicC+ · 2.67C+ · 2.66−0.01Holds first place; leads 5 of 6 domains
OpenAIC+ · 2.31C · 2.28−0.03Drops a letter tier; now leads Risk Assessment
Google DeepMindC · 2.08C · 2.01−0.07Third place in both editions
MetaD · 1.10D+ · 1.32+0.22Only meaningful riser: 6th up to 4th
Z.aiD · 1.12D− · 0.88−0.24Slips below the D line
Alibaba CloudD− · 0.98D− · 0.87−0.11Static near the bottom of the D band
xAID · 1.17F · 0.65−0.52Sharpest fall: 4th down to 7th
DeepSeekD · 1.02F · 0.47−0.55Second failing grade
MistralNot yet ratedF · 0.33New entrantLowest score of the nine; disputes the framework

Three movements deserve a second look. OpenAI’s slip from C+ to C is small numerically (−0.03) but crosses a letter boundary the headlines amplified. xAI’s fall is the steepest — from D (1.17, 4th place) to F (0.65, 7th) in six months. And Meta’s rise from D to D+ (6th to 4th) is the edition’s only encouraging signal; FLI president Max Tegmark told TIME, “It’s encouraging to me that a company can improve so much in just six months.”

A dated footnote for anyone cross-referencing the table: xAI formally rebranded to SpaceXAI on July 6, 2026 — one day before the index published — following its merger into SpaceX. The index still lists the row as “xAI” because its evidence window closed June 3, before the rename. The Grok chatbot brand was unaffected.

04The WalkbacksThe story under the grades: weakened pledges.

The finding that drove most of the coverage isn’t any single grade — it’s the direction of travel on commitments. Per the index and its reviewers, Anthropic, OpenAI, Google DeepMind, and Meta have all weakened or voided earlier pledges to pause development unilaterally if specified risk thresholds — “redlines” — were approached. Reviewers characterized this as “moving the goalposts,” saying it “undermined safety frameworks across the board.”

Even the top-graded lab is part of the pattern. In February 2026, Anthropic dropped its pledge to never train a system unless it could guarantee in advance that its safety measures were adequate — a reversal the index panel recommended undoing. And from 2024 to 2026, Anthropic, OpenAI, Google DeepMind, and Meta — all of which previously banned military applications of their models — gradually reversed course and began actively seeking defense partnerships, joining xAI and Mistral, which never had such bans.

"Companies have backed away from earlier commitments to release new systems only with safety measures appropriate for their capability levels."— Stuart Russell, AI Safety Index expert reviewer

Fellow reviewer David Krueger was blunter still, calling AI companies’ “lack of progress towards credible AI Safety plans” scandalous. For a buyer, the practical translation is this: a vendor’s published safety framework is a living document that can be weakened after you sign. If a specific commitment — an evaluation gate, a deployment threshold, an incident-disclosure promise — matters to your risk posture, it belongs in the contract, not in a bookmark to the vendor’s policy page. The walkback finding also explains why voluntary indices keep pointing at the regulatory landscape these voluntary pledges are meant to pre-empt — self-set redlines have now demonstrably moved at all four leading labs.

The FLI framing
Max Tegmark, FLI’s co-founder and president, put the institute’s view in one line in the release, as quoted by Axios: “AI companies are sprinting toward a cliff. Despite acknowledging the great risks of artificial superintelligence, they continue racing to build it.” Existential safety was the weakest category across the industry — no company scored better than C− in the domain, and the single best grade is Anthropic’s D+.

05The Scope CaveatThe index grades labs, not the thing you deploy.

Here is the clause that should sit at the top of any procurement memo citing these grades: FLI evaluates nine companies — their policies, disclosures, research, and governance — not specific deployed products. A lab-level C+ is not a safety certificate for the particular model version, API configuration, fine-tune, and contract terms your team is actually evaluating. And a lab-level F does not automatically mean a deployment built on that lab’s model is unsafe — the controls may simply live somewhere else in the stack.

The distinction is not academic. A lab can lead the transparency domain while its production systems still force real deployment tradeoffs — Anthropic’s own safety-classifier tradeoffs in production are a concrete example of decisions that surface at the product layer, not the policy layer. Conversely, the controls that most determine whether your deployment is safe — input/output filtering, permission scoping, human-in-the-loop gates, abuse monitoring — are the deployment-level guardrails an index score can’t verify, because they’re built by you, not the lab.

So use the index for what it actually measures: the governance maturity and disclosure posture of the organization behind your vendor. That is genuinely useful — it is the best independent, recurring, comparable read on lab-level behavior that exists right now. It is one input into vendor risk, not a substitute for deployment assurance.

06The Open-Weight TensionDoes the methodology penalize open weights?

Mistral — newly added to the index and handed its lowest score — pushed back on the framework itself. In a statement to Axios, the company argued that its open-weight release model gives enterprises, not Mistral, control over fine-tuning, deployment, and safety controls, and that “a handful of companies deciding, behind closed doors, what’s safe for everyone else is a risk” worth weighing too.

Self-serving? Partly. But the underlying point is a real methodological tension buyers should understand. An org-level policy index structurally favors closed-API vendors, who can point to internal governance processes they control end-to-end. It structurally penalizes open-weight vendors, whose safety posture is — by design — delegated to the deploying enterprise. A low index grade for an open-weight lab tells you the lab publishes less safety governance; it does not tell you whether an enterprise that deploys those weights behind its own controls is running a safer or less safe system than one calling a closed API.

The practical consequence: if you’re weighing hosted APIs against open weights, the index helps you compare the closed-API vendors against each other, and it helps you gauge how much safety scaffolding an open-weight choice shifts onto your own team. With a major open-weight release landing this month, that second use is timely — our open-weights adoption readiness checklist covers exactly the controls a deploying team inherits, and the broader open-weight model wave this July means more procurement teams will face this closed-vs-open question in the next two quarters, not fewer.

Closed API
Comparing hosted-API vendors

This is where the index is most directly useful: the labs control the full safety stack, so lab-level governance grades map more cleanly onto what you’re buying. Still verify the product layer.

Use the index as a vendor input
Open weights
Self-hosted or fine-tuned deployments

The lab’s grade matters less; your own controls matter more. Read a low open-weight grade as ‘more safety work lands on us,’ then budget for guardrails, evals, and monitoring accordingly.

Weight your own controls
Mixed estate
Multi-vendor routing

Most enterprises end up here. Use lab grades to set per-vendor review depth — lighter diligence where governance is stronger, deeper independent testing where it’s weak or unrated.

Tier your diligence

07The Buyer MapSix FLI domains, translated into procurement risk.

The index’s six domains come from AI-governance research, not vendor management — so here is the translation layer. For each FLI domain, the table maps what the grade measures at the lab level, the closest buyer-side risk category, and what still has to be verified at the deployment level regardless of the grade. The mapping is Digital Applied’s synthesis; in almost every row, the honest answer in the last column is “verify it yourself.”

The six FLI AI Safety Index grading domains mapped to the closest enterprise procurement risk category and the deployment-level verification each still requires. Domain names per the Future of Life Institute; the buyer-side mapping is Digital Applied’s original synthesis, July 2026.
FLI domainWhat it grades at the labClosest buyer-side riskStill verify at deployment level
Risk AssessmentHow rigorously the lab evaluates dangerous capabilities before release, including external testingPre-deployment evaluation coverage for your use caseRun your own red-team and evals on the specific model and workload — a strong lab grade does not test your prompts
Current HarmsThe lab’s posture on present-day harms and misuse of its deployed systemsOperational and brand harm exposure in productionDeployment-level guardrails, content filtering, and abuse monitoring in your own stack
Safety FrameworksWhether the lab publishes credible scaling and safety frameworks and keeps its commitmentsContractual and SLA-level safety commitmentsRead the vendor’s current framework text and negotiate the commitments that matter into the contract
Existential SafetyPlanning for catastrophic and loss-of-control scenarios from frontier developmentConcentration and tail-risk exposure to a single vendorMulti-vendor routing, tested exit plans, and data portability — no lab grade substitutes here
Governance & AccountabilityOrganizational structure, internal accountability, and whistleblowing cultureVendor governance maturityStandard vendor due diligence: incident-response terms, escalation paths, named accountability
Information SharingTransparency with governments, researchers, and the public about capabilities and incidentsAudit and transparency accessContractual audit rights, incident-disclosure windows, and model-change notification terms

Worked example: suppose your shortlist is OpenAI versus Anthropic for an agentic workflow. The index tells you Anthropic leads five of six domains overall while OpenAI leads Risk Assessment — useful color on organizational posture. What it cannot tell you is which vendor’s model behaves more safely on your prompts, with your tools, under your permission model. That comparison only comes from running both against your own evaluation set — the kind of comparative eval and governance program we build in our AI transformation engagements. Pair the lab grade with the deployment audit; never substitute one for the other.

08Beyond the IndexOther independent signals worth pairing with the grades.

The FLI index is the most visible lab-level scorecard, but it shouldn’t be the only external signal in a vendor file. This summer, OpenAI and Anthropic separately conducted a joint cross-lab safety evaluation exercise — each running its internal safety and misalignment evaluations against the other’s publicly released models and publishing the results. That’s a lab-initiated transparency mechanism, distinct from the FLI index, and it’s exactly the kind of artifact worth requesting more of in vendor conversations: adversarial, technical, and about actual model behavior rather than policy documents.

Regulation is the other trendline. Tegmark told TIME he is “cautiously optimistic” that regulation can create the race-to-top incentive a voluntary index alone cannot, pointing to the EU AI Act, Chinese AI rules taking effect later in July 2026, and a more risk-conscious US administration. For buyers, the direction is what matters: over the next several cycles, more of what the index grades voluntarily is likely to become auditable compliance surface — which will make lab-level claims easier to verify and harder to quietly walk back.

Our forward read: the index’s real value to enterprises will compound as editions accumulate. One C+ snapshot is trivia; a multi-edition series showing which labs strengthen commitments under scrutiny — and which ones quietly weaken them — is exactly the behavioral signal that predicts how a vendor will treat your deployment when incentives get tight. Governance failures are already a leading driver of stalled AI initiatives — the governance gaps already driving agentic project cancellations rarely start at the model layer. They start with nobody having verified who owns which control. The buyer map above is how you avoid becoming that statistic.

09ConclusionUse the grade as a signal, never as a certificate.

The buyer’s bottom line

A C+ industry means the audit burden is yours.

The Summer 2026 AI Safety Index says something uncomfortable and useful at the same time: the best-governed frontier lab in the world earns a C+, existential safety is graded D+ at best, and all four leading labs have weakened pledges they made when the stakes felt more theoretical. Those are lab-level facts, published by an independent panel, on a recurring schedule — and that makes the index genuinely worth citing in vendor files.

But the index grades companies, not deployments — FLI says so itself. The grades cannot see your prompts, your tools, your fine-tunes, your contracts, or your monitoring. So the operating posture for 2026 procurement is simple: read the index for organizational trajectory, tier your diligence by it, and then verify every control that touches your deployment yourself — with your own evals, your own guardrails, and commitments written into contracts rather than bookmarked from policy pages.

When an entire industry grades out between F and C+, the gap between the best lab’s policies and your deployment’s actual safety is not a rounding error — it is where all of your real risk lives. Treat the index as the start of due diligence, and it earns its place in the file. Treat it as the finish line, and you’ve outsourced judgment to a scorecard that was never designed to carry it.

AI vendor risk, done properly

Lab grades plus deployment audits — that’s the pair.

Our team helps businesses turn AI governance into working practice — vendor evaluations, comparative model evals, deployment guardrails, and contract-level safety commitments, delivered in days not quarters.

Free consultationExpert guidanceTailored solutions
What we work on

AI governance engagements

  • Vendor-selection evals on your own prompts and tools
  • Deployment guardrail and monitoring architecture
  • Contract-level safety commitments and audit rights
  • Closed-API vs open-weight risk assessments
  • Multi-vendor routing and exit-plan design
FAQ · AI Safety Index 2026

The questions buyers actually ask.

The AI Safety Index is a twice-yearly report card from the Future of Life Institute, an AI-safety-focused nonprofit. The Summer 2026 edition, published July 7, 2026, grades nine leading AI companies across 37 indicators grouped into six domains: Risk Assessment, Current Harms, Safety Frameworks, Existential Safety, Governance & Accountability, and Information Sharing. Grades are assigned by a panel of seven outside expert reviewers — including Stuart Russell, David Krueger, and Tegan Maharaj — using evidence collected through June 3, 2026, from a company survey (completed by five of the nine labs) plus public policies, research, and disclosures. Crucially, it evaluates companies and their policies, not specific deployed products.