Following on assumption #1, it feels worth it to address the question of incentives. For example, a corporation only has a positive incentive to invest in security relative to the profits they expect from the secret or secrets in question. Further, they always have an incentive to cut costs and security is notorious for being a target because its relationship to profits is poorly understood, and that is how the judgments are made.
By contrast, the government tends to have security protocols first and then decide what to protect with them later. The United States is notorious for classifying huge amounts of even mundane information; security protocols last for longer than the average company exists (~25 years is common, frequently longer). There is a trend to overprotect secrets, regardless of power.
Because these incentives are different, it might be worthwhile to break the question up along a few different criteria. For example, suppose we compared government protection of important military secrets with something of similar import to a corporation, like trade secrets of their core product. Alternatively, we could break the question down by method and ask how each group has secured their technological secrets, and then compare between methods. This wouldn’t address the question of “is the risk greater if it is Google or DARPA who cracks AGI first” but it would help us more accurately assess such risks and perhaps help with safety-related recommendations.
Following on assumption #1, it feels worth it to address the question of incentives. For example, a corporation only has a positive incentive to invest in security relative to the profits they expect from the secret or secrets in question. Further, they always have an incentive to cut costs and security is notorious for being a target because its relationship to profits is poorly understood, and that is how the judgments are made.
By contrast, the government tends to have security protocols first and then decide what to protect with them later. The United States is notorious for classifying huge amounts of even mundane information; security protocols last for longer than the average company exists (~25 years is common, frequently longer). There is a trend to overprotect secrets, regardless of power.
Because these incentives are different, it might be worthwhile to break the question up along a few different criteria. For example, suppose we compared government protection of important military secrets with something of similar import to a corporation, like trade secrets of their core product. Alternatively, we could break the question down by method and ask how each group has secured their technological secrets, and then compare between methods. This wouldn’t address the question of “is the risk greater if it is Google or DARPA who cracks AGI first” but it would help us more accurately assess such risks and perhaps help with safety-related recommendations.