By Eric Vandenbroeck and co-workers
Get Ready For Artificial Intelligence
In April 2023, a group of academics at Carnegie Mellon University set out to test the chemistry powers of artificial intelligence. To do so, they connected an AI system to a hypothetical laboratory. Then they asked it to produce various substances. With just two words of guidance—“synthesize ibuprofen”—the chemists got the system to identify the steps necessary for laboratory machines to manufacture the painkiller. As it turned out, the AI knew both the recipe for ibuprofen and how to produce it.
Unfortunately, the researchers quickly discovered that their AI tool would synthesize chemicals far more dangerous than Advil. The program was happy to craft instructions to produce a World War I–era chemical weapon and a common date-rape drug. It almost agreed to synthesize sarin, the notoriously lethal nerve gas, until it Googled the compound’s dark history. The researchers found this safeguard to be cold comfort. “The search function,” they wrote, “can be easily manipulated by altering the terminology.” AI, the chemists concluded, can make devastating weapons.
Nevertheless, Carnegie Mellon created the world’s first Academic Cloud Lab. But it shouldn’t come as a surprise. After years of hype, false starts, and overpromises, the AI revolution is here. From facial recognition to text generation, AI models are sweeping across society. They are writing the text for customer service companies. They are helping students do research. They are pushing the boundaries of science, from drug discovery to nuclear fusion.
The opportunities AI offers are immense. Built and managed correctly, it could improve society by providing every student a personalized tutor, for example, or giving every family high-quality, round-the-clock medical advice. But AI also has enormous dangers. It is already exacerbating the spread of disinformation, furthering discrimination, and making it easier for states and companies to spy. Future AI systems might be able to create pathogens or hack critical infrastructure. The scientists responsible for developing AI have begun to warn that their creations are perilous. In a May letter, the chiefs of almost every leading AI lab warned that “mitigating the risk of extinction from AI should be a global priority, alongside other societal-scale risks such as pandemics and nuclear war.”
In the months since that statement, policymakers, including U.S. President Joe Biden, have met with industry leaders and pushed for new AI safety measures. But keeping up with AI's threats and figuring out what to do about them is challenging. The harms from AI in today’s society come from yesterday’s models. The most cutting-edge systems are not yet widely used or understood. Even less is known about future models, which are growing more powerful yearly. Scientists appear on track to automate most tasks a human can do in front of a computer, and progress probably won’t stop there.
To handle the dangers, some experts have called for a pause in developing the most advanced AI systems. But these models are too valuable for the corporations spending billions of dollars on them to freeze progress. Policymakers, however, can and should help guide the sector’s development and prepare citizens for its effects. They can start by controlling who can access the advanced chips that train leading AI models, ensuring that bad actors cannot develop the most powerful AI systems. Governments should also establish regulations to guarantee that AI systems are responsibly designed and used. Done right, these rules would not limit AI innovation. But they would buy time before the riskiest AI systems become broadly accessible.
Countries must use that time to harden society against AI’s many dangers. They will need to invest in a wide range of protections, such as finding ways to help people distinguish between AI- and human-made content, aiding scientists in identifying and stopping lab hacks and the creation of synthetic pathogens, and developing cybersecurity tools that keep critical infrastructure, such as power plants, in the right hands. They will need to figure out how AI itself can be used to protect against dangerous AI systems.
Meeting these challenges will demand great creativity from both policymakers and scientists. It will also require that both groups work fast. It is only a matter of time before compelling AI systems begin to spread, and society still needs to prepare.
Ready Or Not
How dangerous is AI? The honest and scary answer is that no one knows. AI technologies have a broad and expanding array of applications, and people are only beginning to grasp the effects. As large language models become better at producing authentically human-sounding text, they will become better at creating content tailored to each person’s needs and writing convincing phishing emails. Existing AI models are impressive at generating computer code, significantly speeding up seasoned programmers’ ability to update an application. But AI’s prowess also helps programmers develop malware-evading antivirus software. Drug discovery algorithms can identify new medicines but also new chemical weapons. In a March 2022 experiment, chemists got an AI system to identify 40,000 toxic chemicals in six hours, many of which were entirely new. It predicted that some of these creations would be more toxic than any previously known chemical weapon.
One of AI’s dangers is that it could democratize violence, making it easier for a broader range of bad actors to deal damage. Hackers, for example, have long been able to cause harm. But advancements in code-generation models could make it possible to produce malware with minimal coding experience. Propagandists typically need substantial time to craft disinformation, yet by mass-generating text, AI will make it easier to produce disinformation on an industrial scale. Right now, only trained professionals can create biological and chemical weapons. But thanks to AI, instead of requiring scientific expertise, all a future terrorist might need to make a deadly pathogen is an Internet connection.
To stop AI from harming humans, tech experts frequently discuss the need for “AI alignment”: ensuring an AI system’s goals align with its users’ intentions and society’s values. But so far, no one has figured out how to control AI behavior reliably. For instance, an AI system tasked with identifying tax fraud attempted to tweet its findings to tax authorities, unbeknownst to its user. Microsoft released a Bing chatbot designed to help people search the Internet, only to have it behave erratically, including by telling one person that it had information to make them “suffer and cry and beg and die.” Developers can fine-tune models to refuse specific tasks, but clever users find ways around these guardrails. In April 2023, a person got ChatGPT to provide detailed instructions for how to make napalm, a task that it would usually refuse, by asking it to simulate the person’s grandmother, who used to tell bedtime stories about how to make napalm.
Today’s most cutting-edge AI models still have flaws that limit their destructive potential. One anonymous tester, for example, created an AI bot dubbed “ChaosGPT” and programmed it to act like a “destructive, power-hungry, manipulative AI” and “destroy humanity.” The system got stuck collecting information on the Tsar Bomba, the most significant nuclear weapon ever created. It then openly tweeted its plans.
Google says AI systems should be able to mine publishers’ work unless companies opt out.
But as new models come online, they could prove more capable of devising schemes and manipulating people into carrying them out. Meta’s AI model, “Cicero,” demonstrated human-level performance in Diplomacy, which involves negotiating with others in a simulated geopolitical conflict. Some experiments suggest that large language models trained on human feedback engage in sycophantic behavior, telling their users what they want to hear. In one experiment, for example, models were more likely to express support for government services after being told they were talking to liberals. Such behavior appears to grow more pronounced as the systems become more capable.
Whether models would actively try to deceive or control their operators remains to be determined. But even the possibility that they would try is cause for worry. As a result, researchers are now testing frontier models for the ability to engage in “power-seeking” behaviors, such as making money online, acquiring access to computational resources, or creating copies of themselves—and attempting to do so while evading detection.
Move Slow And Build Things
Preventing AI from wreaking havoc will take some work. But governments can start by pressuring the tech firms developing AI to proceed with much more caution than they have thus far. If an AI model causes severe harm, it is unclear when developers would be liable. Policymakers should clarify these rules to ensure that firms and researchers are held appropriately responsible if one of their models were, for example, to provide detailed advice that helps a school shooter. Such regulations would incentivize companies to try to foresee and mitigate risks.
Governments will also have to regulate AI development directly. Here, the United States can—and must—lead the way. Developers need large quantities of highly specialized chips to train an AI system successfully. Washington and two close allies (Japan and the Netherlands) are the sole hardware providers needed to make this material. The United States and its partners have already placed export controls on China's most advanced AI chips and chip-making equipment. But they must create a chip ownership registry to stop advanced chips from being diverted to prohibited actors, including rogue states.
Controlling AI access, however, is only half the regulatory battle. Even sanctioned developers can create dangerous models; the U.S. government lacks legal intervention tools. Washington should therefore establish a licensing regime for frontier AI models- the ones near or beyond the capabilities of today’s most advanced systems- trained on industrial-scale AI supercomputers. To do so, policymakers might create a new regulatory body housed in the Department of Commerce or the Department of Energy. This body should require that frontier AI developers conduct risk assessments and report their findings before they train their models. The reviews would provide better visibility into development and allow regulators to demand that firms adjust their plans, such as bolstering cybersecurity measures to prevent model theft.
The initial risk assessment would be just the start of the regulators’ examination. After AI labs train a system but before they deploy it, the body should require that labs conduct another thorough set of risk assessments, including testing the model for controllability and dangerous capabilities. These assessments should be sent to the regulatory agency, which would then subject the model to its intensive examination, including having outside teams perform stress tests to look for flaws.
The regulators would then establish rules for how the model can be deployed. They might determine that specific models can be made widely available. They might decide that others are so dangerous they cannot be released. Most frontier models will likely fall somewhere in between: safe, but only with adequate protections. Initially, the agency might take a cautious approach, placing restrictions on models that later turn out to be safe, letting society adapt to their use, and giving regulators time to learn about their effects. The agency can constantly adjust these rules later if a model turns out to have few risks. The body could also pull a system from the market if it turns out to be more dangerous than expected. This regulatory approach would mirror how other vital technologies are governed, including biotechnology, commercial airplanes, and automobiles.
Brace For Impact
A rigorous licensing system will do much to foster safe development. But ultimately, even the most vital regulations cannot stop AI from proliferating. Almost every modern technological innovation, from trains to nuclear weapons, has spread beyond its creators, and AI will be no exception. Sophisticated systems could propagate through theft or leaks, including AI regulators forbidding release.
Even without theft, powerful AI will almost certainly proliferate. The United States and its allies may control advanced chip-making equipment for now. But U.S. competitors are working to develop manufacturing gear of their own, and inventors may find ways to create AI without sophisticated chips. Every year, computing hardware becomes more cost-efficient, making it possible to train more muscular AI models at a lower price. Meanwhile, engineers keep identifying ways to train models with fewer computational resources. Society will eventually have to live with widely available, mighty AI. And states will need to use the time bought by regulation to create workable safeguards.
To some extent, countries have already gotten started. For the last five years, the world has been warned about the risks of deep fakes, and the alerts helped inoculate communities against the harm. By simply increasing awareness about AI-manipulated media, people learned to be skeptical of the authenticity of images. Businesses and governments have begun to go one step further, developing tools that explicitly distinguish AI-generated media from authentic content. Social media companies are already identifying and labeling certain kinds of synthetic media. But some platforms have policies that are weaker than others, and governments should establish uniform regulations.
The White House has taken steps to create labeling practices, persuading seven leading AI companies to watermark images, videos, and audio products made algorithmically. But these companies still need to promise to identify AI-generated text. There is a technical explanation: identifying AI-made prose is much more complex than sifting for other kinds of AI-made content. But it may still be possible, and states and firms should invest in creating tools.
Disinformation, however, is just one of the AI dangers that society must guard against. Researchers must also learn how to prevent AI models from enabling bioweapons attacks. Policymakers can start by creating regulations that bar DNA synthesis companies from shipping DNA sequences related to dangerous pathogens (or potential pathogens) to unauthorized customers. Governments will need to support DNA synthesis companies as they work to identify what genetic sequences could be hazardous. And officials may need to surveil sewage or airports for signs of new pathogens constantly.
Sometimes, society will have to use AI to create these defenses. DNA synthesis companies, for instance, will likely need advanced AI systems to identify pathogens that do not yet exist—but that AI might invent. Cybersecurity firms might need other AI systems to find and patch vulnerabilities to prevent dangerous AI models from hacking computing systems.
Using AI to protect against AI is frightening, given that it tremendously influences computer systems (and their makers). As a result, developers will need to bolster the security of AI models to protect them from hacking. Unfortunately, these scientists have their work cut out for them. There are numerous ways to manipulate AI models, many of which have already been shown to work.
Ultimately, it will be tough for society to keep up with AI’s dangers, especially if scientists succeed in their goal of creating systems that are as smart or smarter than humans. AI researchers must ensure their models align with society’s values and interests. States must also establish external checks and balances—including through regulatory agencies—that allow officials to identify and curtail dangerous models.
Humanity is racing to adopt advances in artificial intelligence, like generative AI, but it has yet to begin to address the implications and risks. Thereby AI creators might bristle at the idea of tight regulations. Strict rules will, after all, slow down development. Stringent requirements could delay, or even nix, billion-dollar models. And much like in other industries, rigid rules could create barriers to market entry, reducing innovation and concentrating AI development in a small number of already powerful tech companies.
But plenty of other sectors have made massive progress while regulated, including the pharmaceutical and nuclear power sectors. Regulation has made it possible for society to adopt many critical technologies. (Imagine how much worse vaccine skepticism would be without solid state oversight.) Rules also incentivize firms to innovate on safety, ensuring private research aligns with public needs. And governments can guarantee that small players contribute to AI innovation by granting the use of advanced chips to responsible researchers. In the United States, for instance, Congress is considering establishing a “National AI Research Resource”: a federal provision of data and powerful computing hardware accessible to academics.
But Congress cannot stop there—or with controlling AI development. Governments must also take measures to prepare society for AI’s risks. The development of robust AI systems is inevitable, and people everywhere need to be prepared for what such technologies will do to their communities and the broader world. Only then can society reap the immense benefits AI might bring.