The Software & Information Industry Association (SIIA) submitted feedback on the initial draft of NIST 800-1, “Managing Misuse Risk for Dual-Use Foundation Models.” SIIA recommends several changes to improve the utility and adoption of these practices.
Key Points from SIIA’s Feedback:
- Calibrate Recommended Practices: SIIA emphasizes the need for AISI to recognize the current limitations in measuring and mapping misuse risks. They suggest that AISI should provide technical guidance where available and label practices as “aspirational” where such guidance is lacking.
- Account for Model Variations: The 800-1 draft presumes uniformity among dual-use models, which SIIA believes is misleading. They recommend tailoring guidelines to account for different characteristics of foundation models, such as the degree of openness, to better foresee and manage misuse risks.
- Engage the Entire AI Value Chain: SIIA argues that managing misuse risk is not solely the responsibility of model developers. They recommend AISI expand its guidance to include all stakeholders in the AI value chain, from development to deployment.
- Consider Downstream Implications: SIIA urges AISI to be mindful of the potential regulatory impact of its recommendations. They caution against overly broad or unrealistic expectations that could stifle AI innovation or expose companies to undue legal risks.
- Recommendations for Improvement:
- Engage with the NIST AISI Consortium before finalizing the 800-1 draft.
- Incorporate language reflecting scientific and technical limitations.
- Consolidate research on identifying and managing misuse risks.
- Promote harmonization of AI safety standards across jurisdictions to reduce compliance burdens.shorter
