NIST Seeks Comments on Draft AI Guidance Documents, Announces Launch of New Program to Evaluate and Measure GenAI Technologies
The US Government’s National Institute of Standards and Technology (NIST) is looking for comments on 4 drafts of AI Governance proposals + they’re announcing a new program to evaluate and measure generative AI technologies.
Both seem like great opportunities for people interested in doing AI Governance and Evals!!!!
AI governance proposals you can comment on
Here are the drafts from the announcement:
NIST AI 600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile
NIST SP 800-218A, Secure Software Development Practices for Generative AI and Dual-Use Foundation Models
NIST AI 100-4, Reducing Risks Posed by Synthetic Content: An Overview of Technical Approaches to Digital Content Transparency
NIST AI 100-5, A Plan for Global Engagement on AI Standards
Drafts of NIST AI 600-1, NIST AI 100-5 and NIST AI 100-4 are available for review and comment on the NIST Artificial Intelligence Resource Center website; and the draft of NIST SP 800-218A is available for review and comment on the NIST Computer Security Resource Center website.
The publications cover varied aspects of AI technology: The first two are guidance documents designed to help manage the risks of generative AI — the technology that enables chatbots and text-based image and video creation tools — and serve as companion resources to NIST’s AI Risk Management Framework (AI RMF) and Secure Software Development Framework (SSDF), respectively. A third offers approaches for promoting transparency in digital content, which AI can generate or alter; the fourth proposes a plan for global engagement for development of AI standards
Evals challenge: registration opens in May
The NIST GenAI program will issue a series of challenge problems designed to evaluate and measure the capabilities and limitations of generative AI technologies. These evaluations will be used to identify strategies to promote information integrity and guide the safe and responsible use of digital content. One of the program’s goals is to help people determine whether a human or an AI produced a given text, image, video or audio recording. Registration opens in May for participation in the pilot evaluation, which will seek to understand how human-produced content differs from synthetic content. More information about the challenge and how to register can be found on the NIST GenAI website.
Can anyone who is more informed on NIST comment on whether high-quality comments tend to be taken into account? Are drafts open for comments often revised substantially in this way?
I am not more informed on NIST than you are, but I would offer the following framework:
1. If your comment is taken into account, FANTASTIC.
2. If your comment is not taken into account, how much do you learn from deeply engaging with US policy and generating your own ideas about how to improve it? If you’re considering pivoting into AI governance/evals, this might be a great learning opportunity. If that’s not relevant to you, then maybe commenting has less value.
In case you were wondering, Secure Software Development Practices for Generative AI and Dual-Use Foundation Models completely avoids any discussion of the fact that releasing a dual-use model could potentially be dangerous or that the impacts of any such models should be evaluated before use. This is a truly stunning display of ball-dropping.
Update: I just checked NIST AI 600-1 as well: the report is extremely blaise about CBRN hazards from general AI (admitting though that chemical and biological design tools might pose risks to society or national security”). They quote the RAND report that claims the current generation doesn’t pose any such risks beyond web search, neglecting to mention that these results only applied to the release of a model over an API. As far as they’re concerned, these risks just need to be “carefully monitored”.
Sounds like we need some people to make some comments!!!!!
For NIST AI 600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile, It is suggested to add the following actions under GOVERN 3.2:
-Establish real-time monitoring systems that track the actions and decisions of autonomous AI systems continuously.
-Establish built-in mechanisms for human operators to intervene AI decisions and take control when necessary.
Include “near-miss incidents” in action ID V-4.3-004
-As Action ID MS-2.6-008 is critical in managing high GAI risk systems, It is suggested to include more detailed guidelines on“fail-safe mechanisms”, since fallback and fail-safe mechanisms are different.
note: Fallback mechanisms aim to maintain some level of operational continuity, even if at reduced functionality. Fail-safe mechanisms prioritize safety over continued operation, often resulting in a complete shutdown or transition to a safe state.
For NIST SP 800-218A, It is suggested to include the following at P.11 Task PS.1.3:
-Document the justification of selection of AI models and their hyperparameters.