Topics for Track IIs: What Can Be Discussed in Dialogues About Advanced AI Risks Without Leaking Sensitive Information?

There is significant concern in both the U.S. and China that AI systems may pose severe risks from accidents or misuse. U.S.-China “track IIs” about managing risks of advanced AI might be a promising way to reduce these risks. Track II diplomacy refers to non-governmental, informal, and unofficial contacts and activities between private citizens or groups of individuals.

Possible downsides of such track IIs include that they might contribute to proliferation and unintended capabilities disclosure.

  • We use “proliferation” to mean spreading information about how to build AI systems with increased offensive or dual-use capabilities.

  • We use “unintended capabilities disclosure” to mean the unintended spread of information about the level of a country or developer’s offensive or dual-use AI capabilities. This disclosure might be disadvantageous from a national security standpoint.


In this issue brief, we highlight topics that would be valuable to discuss in track IIs and that are unlikely to contribute to proliferation or unintended capabilities disclosure:

Developer-level AI governance

  • Sharing lessons learned for implementing specific developer best practices (e.g., pre-deployment risk assessment, capabilities evaluations, third-party model audits, and red teaming).

  • Surfacing new best practices.

  • Discussing overarching governance frameworks (e.g., “Responsible Scaling Policies”).

National-level AI governance

  • Sharing best practices and lessons learned from AI regulation efforts in specific countries.

  • Identifying which AI risks are best dealt with at the national level.

International-level AI governance

  • Identifying which AI risks are best tackled at the international level.

  • Discussing what institutions or international agreements need to be created or adapted to better reduce AI risks.

  • Establishing consensus on “red lines” for AI development and deployment that should not be crossed.

Non-proliferation measures

  • Sharing best practices relating to some non-proliferation measures (e.g., publication norms).

  • Exploring possible joint efforts to prevent AI proliferation (e.g., institutions analogous to the IAEA or NSG).

  • Discussing how to avoid harmful proliferation to third countries while still sharing the benefits of AI globally.

Detail about safety risks

  • Discussing potential pathways to catastrophic AI accidents or misuse.

  • Examining the implications of recent technical research about AI risks.

Technical safety methods

Sharing technical insights about safety, focusing specifically on safety approaches that have low “capabilities externalities,” such as:

  • Multi-agent safety techniques to ensure AI systems remain safe when interacting.

  • Power aversion methods to prevent AI systems from seeking excessive influence.

  • Anomaly detection to identify when AI systems are behaving in potentially hazardous ways.

Model safety evaluations

  • Discussing governance frameworks for rigorous model safety evaluations.

  • Sharing technical details about carrying out evaluations for capabilities that could help misaligned AI systems evade oversight.

Previous
Previous

Spreadsheets vs. Smugglers: Modernizing the BIS for an Era of Tech Rivalry

Next
Next

Highlights for Responsible AI from the Biden Administration's FY2025 Budget Proposal