News / June 2024

Response to NIST Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile

On June 1, a group of researchers — affiliated with UC Berkeley — with expertise on AI development, safety, security, policy, and ethics submitted this formal response to the National Institute of Standards and Technology (NIST), in response to the April 2024 release of the initial public draft of the NIST Generative Artificial Intelligence (GAI) Profile.

This submission follows previously submitted responses to NIST in September 2021 on the NIST AI RMF Request For Information (RFI), in January 2022 on the AI RMF Concept Paper, in April 2022 on the AI RMF Initial Draft, in September 2022 on the AI RMF 2nd Draft and Initial Draft Playbook, and in February 2023 on the AI RMF Full Draft Playbook.

One of our recommendations to NIST, beginning in 2022, has been to create an AI RMF profile with supplementary guidance for cutting-edge increasingly general-purpose AI, including large language models or other foundation models. NIST has done that with the creation of this draft Generative AI Profile (NIST AI 600-1 ipd) – we applaud NIST’s profile, which we expect will serve as a widely referenced resource.

Following our profile recommendations to NIST in 2022, we undertook our own yearlong effort to create an AI RMF-compatible profile for foundation models, the “AI Risk-Management Standards Profile for General-Purpose AI Systems (GPAIS) and Foundation Models” (Barrett, Newman et al. 2023a, 2023b). We have aimed for our Berkeley profile effort to complement and inform the work by NIST and others. Some of our recommendations in the following are based in part on the approach and guidance in the Berkeley profile.

Here is a high-level summary of our key recommendations on the April 2024 NIST AI RMF Generative AI Profile. We recommend:

  • Retaining foundational tasks for GAI risk management
  • Splitting the “Human-AI Configuration” risk into two or more risk groups, and adding additional risks of socioeconomic displacement and manipulation
  • Ensuring consistency in risk-naming convention
  • Clarifying that the scope of risks includes dual-use foundation model risks included in EO 14110
  • Including additional actions to manage GAI specific risks
  • Clarifying the action-to-risk mapping
  • Adding actionable item detail and examples
  • Providing relevant resources
  • Making suggested changes to specific actions (listed) to enhance their overall alignment with the profile objectives

Download the PDF below to read the researchers’ formal comments including more detail and additional comments on the NIST AI RMF Generative AI Profile.

Response to NIST Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile