Opinion
NIST hops on the AI bandwagon
Background
On April 29, 2024, the U.S. Department of Commerce announced the release of four draft publications intended to help improve the safety, security, and trustworthiness of artificial intelligence (“AI”) systems. These publications were prepared by the Department’s National Institute of Standards and Technology (“NIST”) in response to President Biden’s landmark Executive Order that advances a coordinated, federal government-wide approach toward the safe and responsible development of AI (the “Executive Order”). For further information on the Executive Order, refer to our prior Tech Talk blog post here.
The four draft publications are:
- AI RMF Generative AI Profile (NIST AI 600-1);
- Secure Software Development Practices for Generative AI and Dual-Use Foundation Models (NIST Special Publication (SP) 800-218A);
- Reducing Risks Posed by Synthetic Content (NIST AI 100-4); and
- A Plan for Global Engagement on AI Standards (NIST AI 100-5).
AI RMF Generative AI Profile
The AI RMF Generative AI Profile (NIST AI 600-1) is a companion to the Artificial Intelligence Risk Management Framework (AI RMF 1.0) (NIST AI 100-1), which was released in January 2023 and provides guidance regarding the design, development, use, and evaluation of AI products, services, and systems. The companion publication was developed by a generative AI public working group of more than 2,500 members and offers insights into how risks from generative AI can be managed across various stages of the AI lifecycle. More specifically, it defines 13 risks that are novel to, or exacerbated by, the use of generative AI, including data privacy, information integrity and security, intellectual property, and toxicity, bias, and homogenization. It also provides a set of more than 400 actions to help organizations govern, map, measure, and manage these risks.
Secure Software Development Practices for Generative AI and Dual-Use Foundation Models
Secure Software Development Practices for Generative AI and Dual-Use Foundation Models (NIST Special Publication 800-218A) augments a prior Secure Software Development Framework (Special Publication 800-218) by adding practices, tasks, recommendations, considerations, notes, and informative references that are specific to AI model development (i.e., data sourcing for, designing, training, fine-tuning, and evaluating AI models, as well as incorporating and integrating AI models into other software), throughout the software development life cycle. It is intended to be used by AI model developers, system producers, and system acquirers.
Reducing Risks Posed by Synthetic Content
Reducing Risks Posed by Synthetic Content (NIST AI 100-4) examines the existing standards, tools, methods, and practices, as well as the potential development of further science-backed standards and techniques, for:
- verifying the authenticity of AI-created content and tracing its origins;
- marking AI created content(e.g., using watermarking techniques);
- identifying AI created content;
- preventing the creation of child sexual exploitation material or nonconsensual intimate depictions of people made by generative AI, as well as evaluating the software designed for these tasks; and
- overseeing and updating AI-created content.
The technical methods outlined in the publication are foundational elements that can enhance confidence in digital media and the credibility of the entities and individuals involved in its creation and distribution, by clarifying the application of AI in generating or modifying digital content.
A Plan for Global Engagement on AI Standards
A Plan for Global Engagement on AI Standards (NIST AI 100-5) furthers the policies and principles in the Executive Order, which instructed the Federal government to “promote responsible AI safety and security principles and actions with other nations, including our competitors, while leading key global conversations and collaborations to ensure that AI benefits the whole world, rather than exacerbating inequities, threatening human rights, and causing other harms.” (see Section 2(h) of the Executive Order). The publication emphasizes the need for a united approach involving major global allies, partners, and standards-setting bodies to guide the creation and adoption of AI-related standards, as well as to promote collaboration, coordination, and the free exchange of information.
The topics that were considered for standardization are as follows:
Standardization urgently needed and ready for Standardization
- Terminology and taxonomy
- Measurement and mitigations for risks and safety issues
- Testing, evaluation, verification, and validation
- Mechanisms for enhancing awareness and transparency about the origins of digital content
- Risk based management of AI systems
- Security
- Transparency among AI actors about system and data characteristics
Standardization needed, but requiring more scientific work
- Energy consumption of AI models
- Incident response and recovery plans
- Conformity assessment and compliance procedures
- Data sets for testing and evaluation
- Channels for upstream reporting
Standardization needed, but requiring significant foundational work
- Techniques for interpretability and explainability
- Human-AI configuration
Next Steps
NIST is actively seeking feedback from the public on each of these publications. The deadline for comment submission is set for June 2, 2024. Those interested in providing their input can find the guidelines for comment submission within each of the individual publications. Stay tuned for more.
Related capabilities