We use cookies to improve user experience and analyze website traffic. By clicking “Accept“, you agree to our website's cookie use as described in our Privacy Policy.
PreferencesDecline AllAccept All

Your Cookie Preferences

We use different types of cookies to optimize your experience on our website. Click on the categories below to learn more about their purposes. You may choose which types of cookies to allow and can change your preferences at any time. Remember that disabling cookies may affect your experience on the website. You can learn more about how we use cookies by visiting our Privacy Policy.

Essential Cookies
Details

These cookies are necessary to the core functionality of our website and some of its features, such as access to secure areas.

Analytics and Customization Cookies
Details

These cookies collect information that can help us understand how our websites are being used. This information can also be used to measure effectiveness in our marketing campaigns or to curate a personalized site experience for you.

Advertising Cookies
Details

These cookies are used to enhance the performance and functionality of our websites but are nonessential to their use. However, without these cookies, certain functionality (like videos)may become unavailable.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Decline AllConfirm my Choices
Back

Essential Cookies

Provider: .providername.com

Name
Purpose
Type
Expires In
__cf_bm
Cloudflare places the cookie on end-user devices that access customer sites protected by Bot Management or Bot Fight Mode.
server_cookie
30 minutes

Provider: .providername.com

Name
Purpose
Type
Expires In
_tibcpv
Used to record unique visitor views of the consent banner.
http_cookie
1 year
Back

Analytics and Customization Cookies

Name
Purpose
Marketo Munchkin
Marketo's custom JavaScript tracking code, called Munchkin, tracks all individuals who visit your website so you can react to their visits with automated marketing campaigns.
Name
Purpose
Google Tag
The Google tag (gtag.js) is a single tag you can add to a website to use a variety of Google products and services (e.g., Google Ads, Google Analytics, Campaign Manager, Display & Video 360, Search Ads 360).
Back

Performance and Functionality Cookies

Name
Purpose
LinkedIn Insight
The LinkedIn Insight Tag is a snippet of JavaScript code that loads a small library of functions you can use to track Linkedin ad-driven visitor activity on your website.
Back

Advertising Cookies

Provider: .providername.com

Name
Purpose
Type
Expires In
__cf_bm
Cloudflare places the cookie on end-user devices that access customer sites protected by Bot Management or Bot Fight Mode.
server_cookie
30 minutes

Provider: .providername.com

Name
Purpose
Type
Expires In
_tibcpv
Used to record unique visitor views of the consent banner.
http_cookie
1 year
July 24, 2023
-
6
minute read

Leading AI Companies Commit to AI Risk Management: What the White House Agreement Means for Enterprises

Author
Authors
Yaron Singer
Yaron is the co-founder/CEO of Robust Intelligence and tenured Professor of Computer Science and Applied Math at Harvard.

The advancement of AI has long outpaced the controls required to keep companies and individuals safe. The use of sophisticated, third-party models makes it even more challenging for companies to ensure that models work as intended. Companies are under pressure to innovate with the latest AI resources, but many are hesitant to release applications built on generative models given the risks. This is why AI risk management frameworks have become a top priority for business leaders.

Leading AI services companies also recognize the need to protect against AI risk. Last Friday, the Biden-Harris Administration announced it had secured voluntary commitments from seven large AI companies to adhere to specific AI risk management measures. This agreement serves to accomplish two goals: increase the public’s confidence in AI services developed by “big tech” and serve as a benchmark for what enterprises should require from their own AI systems, including the vendors in their AI stack.

While many were expecting the White House to announce enforceable AI risk management standards that would apply broadly, this is a significant step forward on the path to regulation in the United States: “There is much more work underway. The Biden-Harris Administration is currently developing an executive order and will pursue bipartisan legislation to help America lead the way in responsible innovation.”

Commitments to the Development and Use of AI

The voluntary commitments center around three principles: safety, security, and trust. Let’s review the agreement by Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI - and many other companies by extension. The companies pledged to keep the following commitments in effect until formal regulations catch up:

Safety

(1) Commit to internal and external red-teaming of models or systems in areas including misuse, societal risks, and national security concerns, such as bio, cyber, and other safety areas

What this means: Red teaming involves simulating attacks on AI systems in an effort to identify and subsequently mitigate vulnerabilities. The ability to automate a wide variety of attacks and analyze the results is needed to be effective. The companies agreed to testing by independent experts.

(2) Work toward information sharing among companies and governments regarding trust and safety risks, dangerous or emergent capabilities, and attempts to circumvent safeguards

What this means: Information sharing is already a best practice in the cybersecurity domain. Information Sharing and Analysis Centers (ISACs) were formed subsequent to a 1998 Presidential Directive, and a formal process for reporting common vulnerabilities and exposures (CVEs) has been in place since 1999. Some measures have already been adopted for AI systems. The companies have agreed to share information on AI risk across government, the private sector, and academia.

Security

(3) Invest in cybersecurity and insider threat safeguards to protect proprietary and unreleased model weights

What this means: Model weights determine the influence that various inputs have on a model’s output, the manipulation of which can have a significant impact on model accuracy. The companies have agreed to treat unreleased model weights as core IP, applying the same safeguards and protections.

(4) Incent third-party discovery and reporting of issues and vulnerabilities

What this means: If red teaming exercises are run periodically rather than continuously, it’s possible for vulnerabilities to go undetected for long periods of time. It’s also possible that a company’s internal security exercises may miss certain vulnerabilities. The companies have agreed to roll out bug bounty programs that incent outside testing and reporting of weaknesses in AI systems.

Trust

(5) Develop and deploy mechanisms that enable users to understand if audio or visual content is AI-generated, including robust provenance, watermarking, or both, for AI-generated audio or visual content

What this means: It’s very difficult, if not impossible, to accurately attribute AI-generated content. Today, no general technical method has been widely deployed to track generative AI output. The companies agreed to contribute to the development of a technical framework to help users distinguish between AI and human-generated content, and if it came from their system.

(6) Publicly report model or system capabilities, limitations, and domains of appropriate and inappropriate use, including discussion of societal risks, such as effects on fairness and bias

What this means: Comprehensive reports will help inform users of the capabilities and limitations of each model. Ultimately, every model will have some level of risk and it’s a best practice to fully assess a model before building on it. The companies agreed to publish reports for any new significant model, which will include safety evaluations, performance limitations, fairness data, and adversarial testing results.

(7) Prioritize research on societal risks posed by AI systems, including on avoiding harmful bias and discrimination, and protecting privacy

What this means: In order to strengthen public trust in AI, the industry needs to ensure that models don’t disclose private information or reinforce harmful biases. The companies have agreed to prioritize AI safety research and proactively manage AI risk.

(8) Develop and deploy frontier AI systems to help address society’s greatest challenges

What this means: There is incredible potential in AI-powered systems to help solve many fundamental society challenges, including the fields of healthcare, climate, and security. The companies have committed to support bleeding-edge AI systems to meet such challenges, as well as ensure that people understand and prosper from AI development.

What Are the Implications for Enterprises?

While this commitment doesn’t directly impact companies apart from the seven that opted in, enterprises should certainly take notice. This bellwether agreement should inform AI risk management strategy, as the Biden-Harris Administration has explicitly stated its intentions to broaden these measures through an executive order and legislation, building on the White House AI Bill of Rights, NIST AI Risk Management Framework, and previous directives.

Here’s how enterprise can apply these learnings to their own AI initiatives today:

  • AI Red Teaming - Engage independent experts to test models for security vulnerabilities, preferably using an automated approach that continuously validates AI systems. Ensure that newly disclosed vulnerabilities and attack vectors are included.
  • AI Risk Assessment - Run comprehensive tests against models to assess their security, ethical (bias and toxicity), and operational risk profile. This should ideally be performed before building on a new model, but assessing risk continuously pre and post-deployment is a best practice.
  • Reporting - Enable security, GRC, and data science teams to assess AI risk by translating statistical test results into clearly defined outputs for various stakeholders. Ensure all models meet security, ethical, and operational standards. Map results to AI risk management frameworks, such as the NIST AI RMF, for compliance and reporting purposes.

How Can Robust Intelligence Help?

Robust Intelligence is an end-to-end AI risk management platform. Through a process of continuous validation, our platform performs hundreds of automated tests on models and data throughout the AI lifecycle to proactively mitigate security, ethical, and operational vulnerabilities. Robust Intelligence gives organizations the confidence to use any type of model and simplifies AI governance.

Enterprises trust our deep expertise and testing methodology to confidently operationalize AI risk management frameworks that meet internal standards, as well as current and future regulatory requirements. We’re trusted by leading companies including JPMorgan Chase, Expedia, ADP, Deloitte, PwC, and the U.S. Department of Defense.

For more on the NIST AI RMF, watch our fireside chat with a key contributor to the framework.

Author
Authors
Yaron Singer
Yaron is the co-founder/CEO of Robust Intelligence and tenured Professor of Computer Science and Applied Math at Harvard.
Share article
Social

Follow us on LinkedIn

Newsletter

Subscribe to our newsletter

Thank you!
You have successfully subscribed to our list
Oops! Something went wrong while submitting the form.

Related articles

May 15, 2024
-
5
minute read

Takeaways from SatML 2024

For:
April 29, 2024
-
5
minute read

AI Governance Policy Roundup (April 2024)

For:
April 26, 2024
-
5
minute read

AI Cyber Threat Intelligence Roundup: April 2024

For:
+   More Articles

Related articles

June 21, 2023
-
5
minute read

Generative AI Risk Assessment: Dolly 2.0

For:
January 26, 2023
-
5
minute read

A Guide to the NIST AI Risk Management Framework

For:
Compliance Teams
June 9, 2023
-
7
minute read

NeMo Guardrails Early Look: What You Need to Know Before Deploying (Part 2)

For:
+   More Articles

Ready to learn more?

See why we’re the enterprise choice for AI application security.
Get a Demo
July 24, 2023
-
6
minute read

Leading AI Companies Commit to AI Risk Management: What the White House Agreement Means for Enterprises

Author
Authors
Yaron Singer
Yaron is the co-founder/CEO of Robust Intelligence and tenured Professor of Computer Science and Applied Math at Harvard.

The advancement of AI has long outpaced the controls required to keep companies and individuals safe. The use of sophisticated, third-party models makes it even more challenging for companies to ensure that models work as intended. Companies are under pressure to innovate with the latest AI resources, but many are hesitant to release applications built on generative models given the risks. This is why AI risk management frameworks have become a top priority for business leaders.

Leading AI services companies also recognize the need to protect against AI risk. Last Friday, the Biden-Harris Administration announced it had secured voluntary commitments from seven large AI companies to adhere to specific AI risk management measures. This agreement serves to accomplish two goals: increase the public’s confidence in AI services developed by “big tech” and serve as a benchmark for what enterprises should require from their own AI systems, including the vendors in their AI stack.

While many were expecting the White House to announce enforceable AI risk management standards that would apply broadly, this is a significant step forward on the path to regulation in the United States: “There is much more work underway. The Biden-Harris Administration is currently developing an executive order and will pursue bipartisan legislation to help America lead the way in responsible innovation.”

Commitments to the Development and Use of AI

The voluntary commitments center around three principles: safety, security, and trust. Let’s review the agreement by Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI - and many other companies by extension. The companies pledged to keep the following commitments in effect until formal regulations catch up:

Safety

(1) Commit to internal and external red-teaming of models or systems in areas including misuse, societal risks, and national security concerns, such as bio, cyber, and other safety areas

What this means: Red teaming involves simulating attacks on AI systems in an effort to identify and subsequently mitigate vulnerabilities. The ability to automate a wide variety of attacks and analyze the results is needed to be effective. The companies agreed to testing by independent experts.

(2) Work toward information sharing among companies and governments regarding trust and safety risks, dangerous or emergent capabilities, and attempts to circumvent safeguards

What this means: Information sharing is already a best practice in the cybersecurity domain. Information Sharing and Analysis Centers (ISACs) were formed subsequent to a 1998 Presidential Directive, and a formal process for reporting common vulnerabilities and exposures (CVEs) has been in place since 1999. Some measures have already been adopted for AI systems. The companies have agreed to share information on AI risk across government, the private sector, and academia.

Security

(3) Invest in cybersecurity and insider threat safeguards to protect proprietary and unreleased model weights

What this means: Model weights determine the influence that various inputs have on a model’s output, the manipulation of which can have a significant impact on model accuracy. The companies have agreed to treat unreleased model weights as core IP, applying the same safeguards and protections.

(4) Incent third-party discovery and reporting of issues and vulnerabilities

What this means: If red teaming exercises are run periodically rather than continuously, it’s possible for vulnerabilities to go undetected for long periods of time. It’s also possible that a company’s internal security exercises may miss certain vulnerabilities. The companies have agreed to roll out bug bounty programs that incent outside testing and reporting of weaknesses in AI systems.

Trust

(5) Develop and deploy mechanisms that enable users to understand if audio or visual content is AI-generated, including robust provenance, watermarking, or both, for AI-generated audio or visual content

What this means: It’s very difficult, if not impossible, to accurately attribute AI-generated content. Today, no general technical method has been widely deployed to track generative AI output. The companies agreed to contribute to the development of a technical framework to help users distinguish between AI and human-generated content, and if it came from their system.

(6) Publicly report model or system capabilities, limitations, and domains of appropriate and inappropriate use, including discussion of societal risks, such as effects on fairness and bias

What this means: Comprehensive reports will help inform users of the capabilities and limitations of each model. Ultimately, every model will have some level of risk and it’s a best practice to fully assess a model before building on it. The companies agreed to publish reports for any new significant model, which will include safety evaluations, performance limitations, fairness data, and adversarial testing results.

(7) Prioritize research on societal risks posed by AI systems, including on avoiding harmful bias and discrimination, and protecting privacy

What this means: In order to strengthen public trust in AI, the industry needs to ensure that models don’t disclose private information or reinforce harmful biases. The companies have agreed to prioritize AI safety research and proactively manage AI risk.

(8) Develop and deploy frontier AI systems to help address society’s greatest challenges

What this means: There is incredible potential in AI-powered systems to help solve many fundamental society challenges, including the fields of healthcare, climate, and security. The companies have committed to support bleeding-edge AI systems to meet such challenges, as well as ensure that people understand and prosper from AI development.

What Are the Implications for Enterprises?

While this commitment doesn’t directly impact companies apart from the seven that opted in, enterprises should certainly take notice. This bellwether agreement should inform AI risk management strategy, as the Biden-Harris Administration has explicitly stated its intentions to broaden these measures through an executive order and legislation, building on the White House AI Bill of Rights, NIST AI Risk Management Framework, and previous directives.

Here’s how enterprise can apply these learnings to their own AI initiatives today:

  • AI Red Teaming - Engage independent experts to test models for security vulnerabilities, preferably using an automated approach that continuously validates AI systems. Ensure that newly disclosed vulnerabilities and attack vectors are included.
  • AI Risk Assessment - Run comprehensive tests against models to assess their security, ethical (bias and toxicity), and operational risk profile. This should ideally be performed before building on a new model, but assessing risk continuously pre and post-deployment is a best practice.
  • Reporting - Enable security, GRC, and data science teams to assess AI risk by translating statistical test results into clearly defined outputs for various stakeholders. Ensure all models meet security, ethical, and operational standards. Map results to AI risk management frameworks, such as the NIST AI RMF, for compliance and reporting purposes.

How Can Robust Intelligence Help?

Robust Intelligence is an end-to-end AI risk management platform. Through a process of continuous validation, our platform performs hundreds of automated tests on models and data throughout the AI lifecycle to proactively mitigate security, ethical, and operational vulnerabilities. Robust Intelligence gives organizations the confidence to use any type of model and simplifies AI governance.

Enterprises trust our deep expertise and testing methodology to confidently operationalize AI risk management frameworks that meet internal standards, as well as current and future regulatory requirements. We’re trusted by leading companies including JPMorgan Chase, Expedia, ADP, Deloitte, PwC, and the U.S. Department of Defense.

For more on the NIST AI RMF, watch our fireside chat with a key contributor to the framework.

Author
Authors
Yaron Singer
Yaron is the co-founder/CEO of Robust Intelligence and tenured Professor of Computer Science and Applied Math at Harvard.
Share article
Newsletter

Subscribe to our newsletter

Thank you!
You have successfully subscribed to our list
Oops! Something went wrong while submitting the form.
Blog

Related articles

November 1, 2021
-
3
minute read

IWI Uses RIME to Help Secure the Japanese Online Payments Market

For:
December 16, 2021
-
4
minute read

How Robust Intelligence Can Help Secure the E-commerce Industry This Holiday Season, One ML Pipeline at a Time

For:
April 2, 2024
-
3
minute read

Robust Intelligence Partners with CrowdStrike to Bring Our Real-Time AI Security Telemetry to Falcon LogScale

For:
June 21, 2023
-
5
minute read

Generative AI Risk Assessment: Dolly 2.0

For:
January 26, 2023
-
5
minute read

A Guide to the NIST AI Risk Management Framework

For:
Compliance Teams
June 9, 2023
-
7
minute read

NeMo Guardrails Early Look: What You Need to Know Before Deploying (Part 2)

For:
+   More Articles

Achieve AI Integrity Today

Request a Demo