Finding the Evidence for Evidence-Based AI Regulations

Last week, I attended The Curve, an artificial intelligence conference meant to bring together leaders from a wide variety of viewpoints. The alternative view I found most fascinating was that we don’t yet have enough evidence to support strong AI safety regulations. This viewpoint also echoes an old memo by Michael Kratsios, the Trump transition team’s tech lead, which cautiously supported “narrowly tailored and evidence-based regulations that address specific and identifiable risks.”

There’s a First Time for Everything

There are a couple of versions of this argument. One version points out that we have never seen the particular kinds of catastrophes that AI researchers predict, so we do not have statistical evidence about how likely they are. 

While this is literally true, it’s not a good reason to avoid regulation – sometimes a disaster that’s about to happen for the first time can be predictable enough and nasty enough to be worth trying to prevent. For example, the geologists of the 1980s were reasonably confident that Mount St. Helens was about to erupt for the first time in over a century, even though we had no statistics about reawakening volcanos. 

Similarly, the FBI had the intel it needed to determine that terrorists were training for airplane-based attacks in the United States months before the 9/11 attack on the World Trade Center. Nobody had ever intentionally flown a plane into a skyscraper before, so warnings about the attack could have been dismissed as “speculative,” but that didn’t mean the warnings were wrong.

As with volcanoes and terrorism, the risk posed by building arbitrarily powerful AI using black-box neural networks is as straightforward as it can be for any first-time disaster. We are still many technical breakthroughs away from truly understanding (let alone controlling) such AIs, so putting them in charge of our economy or our society invites unpredictable and uncontrollable misfortune.

The warning signs we have already seen are about as strong as we are likely to get before the first catastrophe. We have seen AI intentionally lying to humans, AI used to kill humans, AI spontaneously seizing control of its server, AI quickly generating lifelike video, and AI cloning itself. What’s missing before we run a real risk of a Terminator-style scenario?

Guiding the Guidelines

Another version of this argument claims that we can not require AI developers to follow specific safety guidelines because we do not yet know exactly what those guidelines should be – the technology is rapidly evolving, and safety evaluations are still a work in progress.

I think this argument is overstated. The safety evaluations already being deployed on real-world models by METR and Apollo Research are much better than nothing. Given the stakes involved, it should be against the law to do no safety evaluations when you’re deploying a billion-dollar AI model.

Even if current safety evaluations were no better than junk, that would only make it unreasonable to impose substantive safety requirements on developers. We would still have every reason to impose procedural requirements that mandate a certain level of analysis and reporting. We need those analyses and reports to build an evidence base supporting future requirements.

As AI red-teaming expert Stephen Casper has recently argued, the United States is rapidly falling behind its peers regarding the amount of information it collects from leading AI firms. Regulations do not have to be aimed at requiring any specific behavior from AI developers or at punishing those who march to the beat of a different drummer – regulations can instead aim to make sure the government (and civil society more broadly) has a fair chance to stay informed about what AI companies are doing.

Most of these information-sharing requirements are lightweight and common sense. 

Why don’t we ask AI developers how much money they spend on cybersecurity? 

Why don’t we ask them how many chips they’re using to train their AI models, what internal whistleblower protections they have, and to report critical details of qualifying safety incidents to third-party reviewers?

If the most important objection is that we need more information to design AI safety requirements intelligently, then we should start collecting that information immediately.