Response to the RFC on U.S. Artificial Intelligence Safety Institute's AI-800-1 Draft Document

IAPS provided a response to the US AI Safety Institute’s Initial Public Draft of NIST AI 800-1: Managing Misuse Risk for Dual-Use Foundation Models. IAPS’ comments focused on restructuring the objectives to more comprehensively cover the AI product lifecycle, as well as building out several existing objectives in the initial draft guidance.

Our recommendations were:

  1. Restructure objectives to follow a ‘product lifecycle’ approach. We recommend that the seven objectives (and the associated practices) mentioned in AI 800-1 should be restructured to follow an AI model’s lifecycle, from pre-training assessment to post-incident analysis.

  2. Consider ‘available affordances’ in relation to model capabilities. Practice 1.3 and 4.1 of AI 800-1 highlight the importance of estimating and measuring model capabilities as part of misuse risk assessment. Given that affordances, such as access to external tools, are material in determining actual capabilities, AISI should consider assessing both the absolute capabilities of their AI systems and their capabilities conditional on system components like scaffolding, tool use, etc.

  3. Provide more detailed guidance on responding to misuse post-deployment.  USAISI can provide developers more guidance by splitting “collecting information” and “responding to misuse” into two separate objectives. We outline what a new ‘ Respond to post-deployment misuse risks and incidents’ objective could look like in an updated AI 800-1.

  4. Provide more detailed guidance on addressing risk of model theft. We recommend several changes to the section currently labeled as ‘Objective 3: Assess the risk of model theft from relevant threat actors’.

  5. Expand the use of red-teaming to enhance pre-deployment risk management. Under practice 4.2 of Objective 4, “Measure the risk of misuse,” AISI can recommend additional ways for developers to employ red teams to supplement pre-deployment risk management.

  6. Provide additional guidance on collecting information about misuse post-deployment and providing transparency about misuse risk. We recommend several changes covering Objectives 6 and 7 in the original draft guidance.

See the full piece here.

Previous
Previous

Understanding the First Wave of AI Safety Institutes: Characteristics, Functions, and Challenges

Next
Next

Response to the DOD RFI on Defense Industrial Base Adoption of Artificial Intelligence for Defense Applications