Julietshen/update roadmap

[julietshen]

Updated the roadmap with infrastructure work, framing and language on how we plan to prepare ROOST's tools for AI-powered functionality, links to detailed features on the roadmap, and updated details on what versions are currently available.

• New section: Preparing for AI-Powered Safety: introduces the Data Abstraction Layer and Safety Decision Taxonomy as cross-cutting prerequisites for AI features in both Coop and Osprey, with detailed proposals linked from the roadmap discussion
• Osprey: Updated to v1.0.1, added infrastructure modernization and security hardening to v1.x, added Data Abstraction Layer and Safety Decision Taxonomy as feature bullets in v1.x early exploration and Next sections
• Coop: Added v0.1 as current release with plugin system and security hardening, split v1.0 into infrastructure simplification (v1.0) and feature work (v1.x), added INHOPE/international child safety to v1.x, added Data Abstraction Layer and Safety Decision Taxonomy as feature bullets in v1.x and Next sections
• Misc
  • fixed typos, added link to working group details, added glossary entries, flagged areas where new contributors might find good first issues

[tpepper]

• New section: Preparing for AI-Powered Safety: introduces the Data Abstraction Layer and Safety Decision Taxonomy as cross-cutting prerequisites for AI features in both Coop and Osprey, with detailed proposals linked from the roadmap discussion

This section is a reasonable addition. There is potential for MCP sourced added context being beneficial in decision making. The details over in https://github.com/orgs/roostorg/discussions/44 look like a good start to formalizing a connection.

I do note the mentions of threat model, threats, and trends in adversarial evolution in the discussion threads. There's definitely a potential that added context, despite hope for the opposite, actually undermines assessments whether through malicious code or subtle inherent bias. AI assist modes definitely change a threat model, even for something that aims to have a human in the loop, and this will need more analysis and guardrails.

[julietshen]

@haileyok what do you think?

[cassidyjames]

Okay! I went through largely focusing on how to be a bit more nuanced around "AI," especially in light of conversations with platforms and communities who may be turned off by generative AI. The gist is that I don't think we need to change the actual roadmap itself at all (as it's based on our conversations with adopters), but I just want to make sure we're considering multiple perspectives and not unintentionally shutting out some potential adopters while accurately communicating our plans and focus.

To be clear, each comment is a suggestion and I invite pushback/discussion!

[cassidyjames]

I have this persistent nagging issue with the breath and imprecision of "AI" as a term, roping in several different technologies. Maybe that's a lost battle, but I wanted to flag it.

I also worry that this could read at a glance too much like, "we're going all-in on AI!" versus "we're ensuring our tools work well with LLMs/agentic integrations should platforms choose to use them."

If I were a platform or organization opposed to the use of LLMs and/or generative AI (for example, several platforms designed for open source communities, artist/maker communities, writers, etc.), this could be a turn-off to me. So I want to make sure we're balancing things a bit:

• We know that generative AI use is increasingly used by bad actors
• Online safety teams need access to the best tools, including "AI" technologies like LLMs and agentic workflows if they choose
• If platforms/orgs do choose to use ROOST projects with AI technologies, these are things we know we need to do to improve our projects (and online safety tools in general) to enable this

[julietshen]

Thanks! I think I can also add some language introducing why we're adding this update, as a way to provide more detail to the previously very ambiguous "add AI features to our tools" that was previously in our roadmap.

I think using AI for safety is something we should not shy away from; we already have a disclaimer in the Roadmap that says that those who don't want to use AI can use earlier versions that are tagged as pre-AI (which we should plan/discuss, since we're getting closer to this on Osprey).