The Center for Democracy and Technology (CDT) has submitted its comments on the U.S. AI Safety Institute's (AISI) updated draft guidance aimed at managing the risks associated with foundation model misuse. The draft, released in January, outlines best practices for developers to identify, measure, and mitigate risks when creating and deploying advanced foundation models.
CDT acknowledged improvements in the updated draft compared to AISI's initial version. "Our comments on the updated draft note that this updated draft is a marked improvement over AISI’s initial draft," CDT stated. They appreciated that several themes emphasized in their previous feedback were incorporated into the new update.
Two significant enhancements were highlighted by CDT: first, while maintaining a focus on developers, the guidance now includes actionable recommendations for other actors in the AI value chain. This aligns with CDT's earlier conclusion that all actors must act responsibly to effectively address AI risks. Second, the update provides developers with more comprehensive guidance on evaluating a model's potential benefits against its risks before deployment or further development—a crucial aspect for developers of open foundation models.
CDT noted that although the guidance does not cover every risk associated with foundation model development, AISI explicitly mentions its limited scope. They emphasized that omitting certain risks should not prevent developers from addressing them, as foundation models can be improperly biased or facilitate unlawful discrimination.
CDT also recommended that AISI encourage developers to involve independent domain experts throughout the risk management process. While acknowledging the existing role of domain experts in the guidance, CDT stressed that independent expert involvement allows for critical scrutiny of risk management processes and outcomes. They suggested that these experts could come from various disciplines, including social sciences.
Additionally, CDT applauded the emphasis on thorough documentation within the guidance but urged AISI to clarify each document's purpose and recommend stakeholder consultation during their creation. This approach ensures documentation serves its intended purpose effectively.
Finally, CDT advised AISI to ensure post-deployment monitoring respects user privacy by avoiding invasive methods and instead employing privacy-preserving techniques to detect misuse.
