Hello and welcome to Eye on A.I. One of the biggest bits of A.I. news from the past week was the White House’s announcement that it had convinced seven of the leading A.I. companies to voluntarily commit to a number of steps intended to help improve A.I. safety.
The announcement got a lot of attention. But it is important to note that the commitments only apply to models that are more powerful than the current state-of-the-art systems that have been made public, such as Anthropic's Claude 2, OpenAI's GPT-4, and Google's PaLM 2. So the pledges President Joe Biden secured do nothing to ensure that currently available models aren’t used in ways that might cause harm—such as crafting malware or drafting misinformation.
Some of the commitments—such as the companies' pledge to publish their A.I. system’s capabilities, limitations, and areas of appropriate and inappropriate use—are things they are, for the most part, already doing. Plus, since the commitments are voluntary, there’s little the administration can do to hold the companies accountable if they drift from their promises, other than to publicly shame them.
What’s more, some of the pledges lacked specifics on how they would be carried out. For instance, the seven participants—Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI—agreed to perform extensive security testing of their A.I. software before releasing it, including testing for biosecurity and cybersecurity threats. The companies do some of this now, but the commitment says the testing will be carried out “in part by independent experts.” What it doesn’t say is exactly who these independent experts will be, who will determine their independence and expertise, and what testing they will conduct.
One of the pledges in particular stood out to me. It concerns an A.I. model’s weights, which are the numerical coefficients applied to each node of a neural network that determine its outputs. The weights are what allows someone to replicate a trained A.I. model. The White House commitments say the companies will take steps to protect “proprietary and unreleased” model weights from being stolen and that they will “be released only when intended and when security risks are considered.”
What's interesting about this is that Meta has emerged a leading proponent of open source A.I., the idea that the best way to push the field forward is to make A.I. models, including all their weights, widely available to the public with few restrictions on how they can be used. The company has already publicly released several powerful large language models, called LLaMA and LLaMA 2. In the case of the original LLaMA, the full weights were leaked online, allegedly from one of the research partners with which Meta had originally shared the A.I. software under an open source license. If that were to happen again, it would clearly violate the pledge. And, with LLaMA 2, Meta has made the A.I. system, actually a family of A.I. models, available both as open-source software and under commercial license. With the open-source version, it isn’t clear how easily Meta could prevent someone from using the model for some nefarious purpose, such as generating misinformation or malware.
So how does this commitment about model weight security sit with Meta’s advocacy for open source A.I.? I put this question to the company. A spokesperson for the company reiterated Meta’s rationale for open sourcing its A.I. software, arguing that it was a way to ensure the benefits of A.I. were shared widely and that “democratizing access allows for continual identification and mitigation of vulnerabilities in a transparent manner by an open community.” The spokesperson also said it had undertaken safety testing of LLaMA 2 to give it guardrails against the prompts the company’s own experts, as well as “select external partners,” believed would be most likely to be used in criminal activity or produce harmful and hateful content or unqualified advice.
So Meta isn’t backing off its open-source advocacy. It sounds as though it plans fall back on the argument that it will have “considered the security risks” when open sourcing future models. But if Meta makes the weights available, as it has with its LLaMA models to date, there is no way to prevent someone from removing whatever guardrails Meta puts in place by adjusting those weights.
This is the fundamental problem with open-source A.I. There’s no way to guarantee its safety. Meta can’t escape that fact. And neither can the White House or other regulators. Unfortunately, last week’s commitments show that the Biden administration has not yet fully come to terms with this dilemma.
Speaking of dilemmas, one of the trickiest faces Google-parent company Alphabet, whose quarterly earnings announcement later today is being carefully watched for signs of the impact that the generative A.I. revolution may be having on its bottom line. The rise of generative A.I. chatbots and search tools potentially pose an existential threat to Google’s crown jewel—Search—which provides $160 billion of the company’s $280 billion in annual revenue. Google has shown over the past six months that it has plenty of A.I. muscle. But what it hasn’t yet shown is that it knows how that muscle can be used to generate a business that will equal the money printing machine it has enjoyed with the current version of internet search. I take a deep dive into the company’s predicament in the cover story of Fortune’s August/September magazine issue, which you can read here. Check it out.
With that, here's the rest of this week's A.I. news.
Jeremy Kahn
@jeremyakahn
jeremy.kahn@fortune.com