US Proposes Requiring Reporting For Advanced AI, Cloud Providers

An anonymous reader quotes a report from Reuters: The U.S. Commerce Department said Monday it is proposing to require detailed reporting requirements for advanced artificial intelligence developers and cloud computing providers to ensure the technologies are safe and can withstand cyberattacks. The proposal from the department's Bureau of Industry and Security would set mandatory reporting to the federal government about development activities of "frontier" AI models and computing clusters. It would also require reporting on cybersecurity measures as well as outcomes from so-called red-teaming efforts like testing for dangerous capabilities including the ability to assist in cyberattacks or lowering barriers to entry for non-experts to develop chemical, biological, radiological, or nuclear weapons. External red-teaming has been used for years in cybersecurity to identify new risks, with the term referring to U.S. Cold War simulations where the enemy was termed the "red team." [...] Commerce said the information collected under the proposal "will be vital for ensuring these technologies meet stringent standards for safety and reliability, can withstand cyberattacks, and have limited risk of misuse by foreign adversaries or non-state actors." Further reading: Biden Signs Executive Order To Oversee and Invest in AI

muppets

[awwshit]

Report: We have Animal. He is made to keep his helmet on, and he stays in his cage. We tried to take away his drum set but he is actually chained to the drums and all attempts to separate them were futile. The drums however have proved to be harmless. We promise he is only a friendly muppet. Animal just wants to rock out and be friends.

Great regulation!

[oldgraybeard]

That will fix everything!

Need truth in government act

[will4]

The federal government agencies and departments should be required to submit these new mandates to federal court first and get them ruled as constitutional and ruled as legal to create under existing federal law before any corporation, person, etc. should be subject to the regulation.

The government should have to prove that it can make the regulation first and not shift the cost of contesting the possibly unlawful regulation onto the affected citizens and corporations. It is to prevent overreach via regul

How is "reporting" going to go that?

[gweihir]

In particular "ensure the technologies are safe and can withstand cyberattacks"? Microsoft, for example, can simply report that yes, their cloud security still sucks badly. Everybody competent knows it, they have demonstrated it multiple times in the recent past and there is no reason to expect it will get much better.

Re:

[codebase7]

The point is to only allow the "big boys" to play with AI. (I.e. The ones that can afford to own a few senators / SCOTUS judges / congressmen.) The rest cannot be allowed to have it. How else would the big boys be able to charge for their rent seeking? The second the dregs get their hands on AI they'll be able own factories or demand that the big boys not get special treatment as the gods of the new labor force.

Let's save the government some time

[WaffleMonster]

AI isn't reliable, safe or trustworthy. It cannot withstand cyber attacks including keeping secrets, social engineering and prompt injection. The CBRN and x-risk angles are sci-fi fantasies unmoored from reality pushed by the OpenAIs of the world for the purposes of undermining open source.

AI and stringent standards is an oxymoron.

Hard to enforce and Government gets a pass

[flaguy11]

One, it will be very hard to enforce. How is the government going to check every server? Two, the government, who is deep into creating AIs gets a pass.

Commerce Dept

[RegistrationIsDumb83]

I bet this is the same guy who wanted mandatory KYC id scans on all cloud customers recently. Buzz off, gman.