Comment on AISI's Second Draft: Managing Misuse Risk for Dual-Use Foundation Models

On the 15th of January, the U.S. Artificial Intelligence Safety Institute (AISI) released the Second Public Draft of NIST AI 800-1 Managing Misuse Risk for Dual-Use Foundation Models. 

The Center for AI Policy (CAIP) commends NIST for its continued leadership in establishing structured and pragmatic guidance to manage the misuse risks associated with dual-use foundation models. 

The second draft demonstrates important refinements, including expanded guidance for actors across the AI supply chain. CAIP is also pleased to see several changes aligned with our earlier feedback. For example, the second draft now includes greater detail on timelines across the AI lifecycle, which NIST appropriately presents as an iterative process.

CAIP has identified five changes that NIST can incorporate to strengthen the final document. 

1. Risk thresholds: Recommend that companies determine unacceptable risk levels prior to risk measurement.
2. Documentation sharing: Clarify which documentation should be shared beyond public transparency reports. 
3. Internal reporting: Encourage companies to commit to non-retaliation policies for employees who raise good-faith safety concerns.
4. Security incident reporting: Expand incident reporting to include security incidents, not only confirmed misuse events.
5. Deployment options: Provide an appendix with examples of deployment strategies across different levels of access and openness.

CAIP also provided several suggestions to improve the precision and clarity of the document’s language.

Finally, CAIP acknowledges that this document appropriately focuses on misuse risk. However, because misuse risk represents only one dimension of safety concerns posed by foundation models, we encourage NIST to develop a complementary document focused on technical risks (e.g., misalignment, loss of control).

You can read the full response here.