In September 2024, the Bureau of Industry and Security proposed new reporting requirements for developers of advanced AI models and computing clusters, opening the rule for public comment. Palisade Research submitted feedback focused on strengthening requirements for dual-use foundation models. With AI capabilities advancing rapidly, we believe it’s essential for the federal government to gather information that helps it prepare for AI-related threats to national security and public safety.

In our comment, we outline 5 core recommendations that can improve the effectiveness and robustness of the reporting requirements. We believe such recommendations could promote transparency into frontier AI development, enabling the government to better understand and prepare for potential safety and security threats. 

Our full response is available here.

Below, we present a summary of our five core recommendations:

  1. Establish a protected and/or anonymous reporting mechanism for employees at entities developing dual-use foundation models. Allow employees to submit concerns to [email protected]. Employees should be empowered to disclose: (a) any information about how the company might be inaccurate or misleading in its reports to BIS and (b) other information pertaining to the safety and reliability of dual-use foundation models, or activities or risks that present concerns regarding U.S. national security. Ideally, this platform would be both protected (entities developing dual-use foundation models would be prohibited from retaliating against individuals who use this platform for legitimate purposes) and anonymous. If making the reporting mechanism protected is not feasible, we believe an anonymous reporting mechanism would still provide substantial value. Entities should also affirm in their reports to BIS that (a) they have made employees aware of this reporting mechanism and (b) their policies (e.g., NDAs, non-disclosure agreements) will not prohibit, punish, or discourage employees from using this mechanism.

  2. Establish a regular interview program with employees at entities producing dual-use foundation models. BIS should conduct interviews on a quarterly basis with employees at companies developing dual-use foundation models. BIS would select these employees from a roster of employees, selecting individuals from multiple teams to get a diverse array of knowledge. In these interviews, BIS would ask employees to answer questions relating to dual-use foundation models, their capabilities, concerns regarding safety and security, and expectations about future progress in AI that could produce novel safety and security threats. For additional details about this proposal, see this paper.

  3. Require capability forecasts. In addition to requiring information about red-team testing, BIS should require companies to provide their best estimates of when they anticipate they or others will develop dual-use foundation models with certain kinds of security-relevant capabilities1. This would allow the US industrial base and defense establishment to make more informed predictions about future advances in AI systems and their implications for national defense.

  4. Require responses to a Summary Form that is legible to non-experts. In addition to requiring reports of red-team testing, we recommend that BIS require entities to submit a short Summary Form. The Summary Form would be accessible to non-technical audiences and highlight the most important defense-relevant information. We include example questions that could be asked in the full response.

  5. Amend the notification conditions such that entities must notify BIS of major capability improvements that pose imminent security risks. Some advances in AI capabilities may occur suddenly, and it may be essential for BIS to learn of these advances before the start of a new quarter. Therefore, we recommend that BIS require entities to report any major capability improvements that have imminent implications for national defense within 5 days.

Palisade’s full response is available here. If you have questions, feel free to contact us at [email protected].

  1. For example, those specified under the EO definition of dual-use foundation models: (1) Substantially lowering the barrier of entry for non-experts to design, synthesize, acquire, or use chemical, biological, radiological, or nuclear (CBRN) weapons; (2) Enabling powerful offensive cyber operations through automated vulnerability discovery and exploitation against a wide range of potential targets of cyberattacks; or (3) Permitting the evasion of human control or oversight through means of deception or obfuscation.