Trail of Bits’s Response to OSTP National Priorities for AI RFI

By Michael Brown and Heidy Khlaaf

The Office of Science and Technology Policy (OSTP) has circulated a request for information (RFI) on how best to develop policies that support the responsible development of AI while minimizing risk to rights, safety, and national security. In our response, we highlight the following points:

To ensure that AI is developed in a way that protects people’s rights and safety, it is essential to construct verifiable claims and hold developers accountable to them. These claims must be scoped to a regulatory, safety, ethical, or technical application and must be sufficiently precise to be falsifiable. Independent regulators can then assess the AI system against these claims using a safety case (i.e., a documented body of evidence), as is required by the FDA in industries such as manufacturing.

Large language models (LLMs) cannot safely be used to directly generate code, but they are suitable for certain subtasks that enhance readability or facilitate developers’ understanding of code. These subtasks include suggesting changes to existing code, summarizing code in natural language, and offering code completion suggestions. However, using LLMs to complete these subtasks requires a base level of specialized knowledge because their output is not guaranteed to be sound or complete.
Additionally, recent non-LLM AI approaches have shown promise for improving software security. For example, AI-based vulnerability scanners that use graph-based models have outperformed traditional vulnerability scanners in detecting certain types of vulnerabilities.

AI-based systems cannot be solely relied on to identify cyber vulnerabilities, but they can be used to complement traditional tools and manual efforts. In particular, AI-based systems can reduce the time and effort required to discover and remediate some vulnerabilities. However, better dataset training is required to reduce false positives, and it is critically important that developers choose the right AI model for their project. Generative AI models, such as ChatGPT, are poorly suited for detecting novel or non-publicly available vulnerabilities, as they are tailored for natural (non-computer) languages and have been trained on articles that list vulnerabilities in source code.

AI systems have significantly lowered the technical expertise and time required to carry out attacks, which presents a clear risk to national security. Attackers can use advanced or specialized AI to rapidly develop or customize exploits against known vulnerabilities and deploy them before they are patched, which could critically affect national infrastructure. Additionally, LLMs are adept at crafting phishing attacks that are difficult to detect, and generative AI systems for audio/visual media can be used to conduct social engineering and disinformation campaigns.
It is essential to develop countermeasures to these threats. DARPA’s MediFor and SemaFor, for example, have shown success in countering deepfake technology. To help AI systems become more effective, we proposed a framework for evaluating and facilitating the enhancement of these technologies in a measurable and systematic way.

Our full responses provide more details for the selected questions. We commend the OSTP for fostering an open discussion on the development of a national AI strategy.