This is the second blog post in an ongoing series that we will post as we dig deeper into the White House’s AI EO.
The White House’s October 30 Executive Order provides the U.S. government (USG) with a roadmap towards safer, more secure and trustworthy development and use of AI. Peppered throughout its 100+ provisions with deadlines, is a call to take considerable action across government, guided by 8 principles outlined in Section 2 of the EO. These principles are:
- AI must be safe and secure
- Promoting responsible innovation, competition, and collaboration will allow the U.S. to lead
- Responsible AI requires commitment to U.S. workers and protection of worker rights and work quality
- AI policies must advance equity and civil rights
- Consumers must also be protected
- Privacy and civil liberties should also be protected via data protection and privacy
- USG must manage risks of its own use of AI for public benefits/service delivery
- USG should lead the world in governance efforts via multilateral engagement.
Each principle guides a subsequent section of the EO. This blog post seeks to briefly summarize Section 4 of the EO, which addresses AI Safety and Security (Principle 1), while highlighting relevant CSET work that readers may find helpful.
Ensuring the Safety and Security of AI Technology (Section 4)
Section 4 is the densest portion of the EO and includes provisions on AI, synthetic nucleic acids, digital content provenance and critical infrastructure, among other provisions. Key provisions include:
- 4.1 on “Developing Guidelines, Standards, and Best Practices for AI Safety and Security” seeks to promote industry standards for safe and secure AI by largely building off of NIST’s AI Risk Management Framework (4.1.a) and providing guidance on AI red-teaming and other approaches. The Department of Energy is also called to develop evaluation tools and AI testbeds to evaluate AI capabilities that may represent nuclear, nonproliferation, biological, chemical, and other threats (4.1.b).
- 4.2 on “Ensuring Safe and Reliable AI” represents a new effort to monitor and (possibly) regulate, via the Defense Production Act, the development of Dual-Use Foundation Models, which the EO defines as models that “exhibit or could be easily modified to exhibit high levels of performance at tasks that pose a serious risk to security, national economic security, national public health or safety, or any combination of those matters.” Key provisions include: required reporting on the development and training of such models as well as large-scale computing clusters (4.2.a); addressing malicious foreign cyber actors that use cloud computing provided by U.S. firms (4.2.c), and proposing regulations for such cloud providers going forward (4.2.d).
- 4.3 on “Managing AI in Critical Infrastructure and in Cybersecurity” seeks to operationalize AI risk management for critical infrastructure sectors (4.3.a) including the electric grid, financial sector, and USG systems. DOD and DHS are called to initiate a pilot project to find AI capabilities that can help to aid and remediate USG cyber vulnerabilities (4.3.b) and report on the results.
- 4.4 on “Reducing Risks at the Intersection of AI and CBRN Threats” directs DHS, Energy, OSTP, and other agencies to further evaluate whether AI may enable CBRN and Biosecurity risks. This section also introduces new DNA synthesis screening requirements for federally-funded research in order to restrict access to risky DNA sequences that could be used to create pathogens or toxins.
- 4.5 on “Reducing the Risks Posed by Synthetic Content” calls on agencies to evaluate watermarking and content provenance techniques (4.5a), while requiring government agencies to label and authenticate their content (4.5.c), and possibly integrate these requirements into federal contracting requirements to encourage contractor compliance (4.5.d).
- The remaining subsections including seek public input on open-access dual-use foundation models and access to model weights (4.6); evaluate the risks (and necessary protections) for federal data that could be used for AI training (4.7); and call on the national security apparatus to define how they will govern and manage AI risks internally and how they will address AI for national security.
CSET’s Observations and Further Reading on Section 4
A few key themes and questions have surfaced as CSETers have engaged with this EO. These initial reactions are summarized from internal discussions and conversations at CSET, but do not, necessarily, represent CSET’s point of view as an organization:
- Timelines are really aggressive. The general impression of the EO is the Biden administration wants to start taking action rather than wait for Congress to act. This seems like an important step, but as our tracker shows, there’s a lot that will be happening in the next 360 days across the government. If any of it gets done, it will be an accomplishment, and simply designating a vision is a critical first step. However, it may be challenging for agencies to achieve these milestones, especially if they do not receive additional funding (though we will be tracking this).
- NIST probably needs more resources to support the operationalization of the AI RMF and other EO tasks. Our Assessment team has been deeply engaged with the AI RMF, providing comments on an initial version, providing tools to help developers apply the NIST AI RMF, and contributing to RMF profile efforts. NIST is a small and mighty organization and elevating the Risk Management Framework seems like a positive step, but NIST is explicitly mentioned in at least six separate provisions of the EO and will likely be leaned on for many more. In order for NIST to enable this EO they likely need more resources (people and funding).
- While focusing on risks related to cybersecurity and biosecurity is vital, there are additional areas of concern to keep in mind. CSET’s research has shown that collecting information about the widest variety of risks and threats from AI is critical to ensuring we can monitor for emerging threats without narrowing the aperture too much. Recent attention has focused on the threats posed by chatbots that might help a terrorist build a bioweapon, but the risks from AI are much more diverse than just these threats that might go boom.
- The use of compute thresholds means that reporting requirements will apply to models beyond the current cutting edge, not to models that pose a certain level of risk. Defining the “AI frontier” is an area of significant debate within AI circles. Currently, we do not know of any companies or models that meet the computing requirements outlined in Section 4.2.b.i (“greater than 10^26 integer or floating-point operations”). However, there are likely “risky” models that are not on the compute frontier or cutting-edge. The definition in the EO indicates that the Administration is looking to capture models that are breaking new ground, rather than models that are above a certain risk threshold. As Commerce and others work to define and maintain the technical specs for models that must be reported on, they will have to come up with a way to clearly conceptualize what they are and are not looking for, which will likely need to depend on factors beyond compute thresholds alone, e.g. model performance on certain benchmarks or the integration of models into society. They should also ensure that whichever agency/office ultimately receives this information is properly resourced to evaluate it.
- Further Reading:
- Know Your Customer requirements for Cloud Service Providers, especially foreign resellers may be a tough pill to swallow for firms. The cloud computing provisions contained in section 4.2.d seemed more aggressive than many CSET researchers expected, particularly as it relates to reselling of cloud computing abroad. We will be interested to see how this is defined and regulated going forward.
- Further Reading:
- AI for Cyber Defense is an opportunity for the USG to benefit from these technologies. We expect that DOD and DHS will learn a lot from the pilot project on Cyber vulnerabilities and we are excited to see this in the EO.
- Further Reading:
- Machine Learning and Cybersecurity: Hype and Reality (June 2021)
- Making AI Work for Cyber Defense: The Accuracy-Robustness Tradeoff (December 2021)
- Will AI Make Cyber Swords or Shields? (August 2022)
- Autonomous Cyber Defense: A Roadmap from Lab to Ops (June 2023)
- Further Reading: