Thought for the week: US government order forces commercial suspension of two frontier AI models

On 12 June, the U.S. Department of Commerce ordered a leading artificial intelligence developer to suspend foreign national access to two of its frontier AI models. The government apparently issued this export control directive on the basis of national security concerns. The agency had received a report of an exploit that could be used to bypass, or jailbreak, the AI models' built-in safety guardrails and trick the model into identifying cybersecurity vulnerabilities associated with critical infrastructure and other operations. 

The AI developer responded forcefully and swiftly with a thoughtful statement disputing the concerns, explaining its defense in depth strategy and disagreeing with the government's directive. The company has temporarily disabled access to these models for all its customers to ensure compliance while it challenges the order and works to resolve the issue.

A few observations on this development

The latest iteration of how geopolitical risk impacts multinational companies

In the recent past, we have seen sharp and varied global regulatory developments that are driven by various facets of geopolitical risk, including national security, competition, cybersecurity, data and other concerns. This U.S. Department of Commerce export control order just seems to be the latest. Given the diminished enforcement of multilateral trading frameworks, e.g., World Trade Organization national treatment and most favored nation rules, and the overall increase in geopolitical risk in the world today, it is difficult to conclude that the trend line is anything but up for these types of developments.       

A surprise in light of the recent executive order on AI 

The Trump Administration's recent executive order on "Promoting Advanced Artificial Intelligence Innovation and Security" focused on voluntary participation by developers in prerelease reviews and public-private sector partnerships to harden critical infrastructure systems against AI-enabled cyber threats. This unilateral and unexpected order by the government has forced a suspension of the availability of two frontier models for commercial use. So, this is not really what we expected after a "commercially friendly" executive order on AI.   

Difficult to know the nature and severity of the potential underlying cybersecurity risk

From the outside, it is difficult to know with certainty what the nature and severity of any of the identified exploits may or could be. From what is publicly available, it seems that any exploit would only be limited to the unblocking of limited sets of guardrails and should not be significant given the various layers of defenses and testing. Our expectation is that the company will learn more in coming days as it works to resolve the issues with the U.S. government.

A few recommendations for consideration

Incorporate potential unavailability of AI models into company workflows

As a novel thread in business continuity planning, companies should start to incorporate potential unavailability of AI models into company workflows. In this particular case, given the potential consequences of noncompliance, the AI developer disabled access for all its customers, even those in the U.S., to assure compliance while it works through a resolution with the U.S. government. To the extent feasible, companies may wish to consider whether or how to build redundancy across multiple models so as to reduce risk of these types of orders. Although potentially costly and inefficient, this may become increasingly important over time if the U.S. government, and other countries, initiate similar actions in relation to other AI models and developers.

Know your people and operations

Although we have not seen the actual U.S. government order, we anticipate that it may be based in part on the U.S. Commerce Department's Bureau of Industry and Security Export Administration Regulations controls. An important element of EAR controls is that they restrict not only foreign access to specified technology, but that they also include certain "deemed export" provisions that restrict access by foreign nationals within the U.S. From a commercial perspective, in the future, if an impacted AI developer is able to continue to offer limited access to any affected AI models, e.g., to U.S. nationals working for U.S. customers, a U.S. company may benefit from a clear understanding of which of its U.S. team members could continue to access the impacted models under such restrictions.

Be prepared for more volatility

In the short period of time since this development has come to light, we have already seen commentary from European and other news sources of the urgent need to in-source AI development within local or regional boundaries so as to protect local and regional industry from these types of external developments. This is a continuation of the themes of data sovereignty, domestic capability and local control that we have increasingly heard in the recent past but may gain added momentum with this type of development.