How do I move from AI engineering to AI safety?

AI safety is one of the hardest AI tracks to enter cold and one of the easiest to enter from AI engineering. The reason is that production AI engineering surfaces real safety failures every day, and the engineers who pay attention to those failures already do most of the work AI safety roles describe. The transition takes 12 to 24 months of deliberate effort and rewards portfolio depth more than any single credential.

The first step is to specialize in evaluation. Build a portfolio that shows you can design eval sets, measure capability and safety separately, and reason about evaluation gaming and contamination. The HELM benchmark from Stanford CRFM, MMLU (Hendrycks et al. 2021), HumanEval (Chen et al. 2021), ARC (Clark et al. 2018), and the EleutherAI lm-evaluation-harness are the public reference points. A strong portfolio writeup picks a narrow safety behavior (refusal of category-specific harmful requests, jailbreak resistance, capability-bound honest reporting, calibrated uncertainty), designs an eval set, runs it against a few models, and discusses what the results actually mean and what they miss.

The second step is to study alignment training methods. RLHF, DPO, and constitutional AI are the three techniques you need to be able to discuss in depth. Read the original papers: Ouyang et al. 2022 for InstructGPT-style RLHF, Rafailov et al. 2023 for DPO, Bai et al. 2022 for constitutional AI. Read the follow-up work: Schulman et al. 2017 for PPO (the optimizer used in most RLHF implementations), Christiano et al. 2017 for foundational human-feedback work, and the Sycophancy and Reward Hacking literature. Implement at least one technique on a small open-weights model (TinyLlama, Pythia, GPT-Neo). The implementation does not need to be impressive; it needs to be real.

The third step is to participate in red team work. Public red team programs at frontier labs (Anthropic, OpenAI, Google DeepMind all run periodic external red-team engagements) and government-led exercises (DEF CON AI Village events, UK AI Safety Institute pre-deployment testing, US AI Safety Institute under NIST) are entry paths. Document the work publicly when policy allows. Contributions to prompt injection benchmarks (PromptBench, INJEC-IT), jailbreak databases (Wild LLM jailbreaks), and the OWASP LLM Top 10 are visible and respected by hiring managers.

The fourth step is policy literacy. NIST AI 100-1 (AI RMF) and NIST AI 600-1 (Generative AI Profile, released July 2024) are the U.S. baseline. The EU AI Act (in force August 2024, with high-risk system obligations from August 2026) is the most consequential international regulation. ISO/IEC 42001 (published December 2023) is the AI management system standard. Anthropic's Responsible Scaling Policy and OpenAI's Preparedness Framework are the leading frontier-lab governance documents. AI safety engineers do not write policy, but they need to read it well enough to map technical work to policy obligations and translate between policy language and engineering language.

Target the right employer tier for your background. Frontier labs (OpenAI, Anthropic, Google DeepMind, Meta FAIR) hire AI safety researchers with publication records; the bar is a PhD-equivalent portfolio. Frontier labs also hire AI safety engineers without research publications, where the portfolio is implementation-focused (eval pipelines, alignment training infrastructure, red-team tooling). Large platform companies (Microsoft, Google, Meta) hire Trust and Safety Engineers and AI Policy Specialists with similar profiles. Enterprise AI security teams hire AI Safety Operations roles with overlap into AI security. AI safety nonprofits and policy research organizations (Apollo Research, METR, GovAI, RAND, Center for Security and Emerging Technology) hire researchers and engineers with strong evaluation backgrounds.

Compensation in AI safety tracks above general AI engineering at the top of the market. Per Levels.fyi April 2026 reporting, frontier-lab AI Safety Researchers commonly clear $500,000 in total compensation, with senior researchers exceeding $1.5M and principal-level reaching multi-million-dollar packages. AI Safety Engineers below the research bar still command 10 to 30 percent above their AI engineering counterparts at the same employer tier. AI safety operations roles at enterprises pay roughly in line with senior AI engineering plus a premium for the safety-specific scope.

Specific role variants by emphasis. AI Safety Researcher: alignment research, novel methodology, publication track. AI Safety Engineer: production safety tooling, evaluation infrastructure, alignment training implementation. AI Red Team Engineer: adversarial probing, capability elicitation, jailbreak testing. AI Evaluation Engineer: benchmark design, automated eval pipelines, dashboards. AI Safety Policy Researcher: governance literature, regulatory mapping, policy memos. AI Trust and Safety Engineer (platform-side): content policy, abuse mitigation, multi-modal harm reduction. Pick the variant that matches how you already work best.

Cybersecurity professionals have an advantage on the red team and security-engineering side of AI safety. The instincts that built a career on adversarial thinking transfer almost directly to prompt injection, jailbreak, and capability-elicitation work. The convergence area is the easier entry point if you carry that background. Per recruiter feedback at frontier labs and AI security consultancies, candidates with strong cybersecurity portfolios plus 6 to 12 months of AI safety-specific portfolio work routinely outcompete pure-AI candidates for red-team-adjacent safety roles. DecipherU's Cybersecurity for AI roles page maps the specific bridge paths from each cybersecurity sub-discipline into the AI safety role family.