President Joe Biden, on October 30, signed the first-ever Executive Order designed to regulate and formulate the safe, secure, and trustworthy development and use of artificial intelligence within the United States.
Overall, Trustwave’s leadership commended the Executive Order, but raised several questions concerning the government’s ability to enforce the ruling and the impact it may have on AI’s development in the coming years.
The 111-page order covers a myriad of AI-related topics designed to protect privacy, enhance law enforcement, ensure responsible and effective government use of AI, stand up for consumers, patients, and students, support workers, and promote innovation and competition.
"In the end, AI reflects the principles of the people who build it, the people who use it, and the data upon which it is built," President Biden said in the Executive Order. "I firmly believe that the power of our ideals; the foundations of our society; and the creativity, diversity, and decency of our people are the reasons that America thrived in past eras of rapid change."
The new Executive Order follows the release of the Blueprint for an AI Bill of Rights in October 2022 and issuing an Executive Order directing agencies to combat algorithmic discrimination in February 2023.
Trustwave: The EO is an Excellent Start
Trustwave leaders support the concept behind the Executive Order but note the order's final impact will depend on how the details listed in the order are fleshed out.
"The Executive Order is huge; my only concern is, at this time, it's hard to see the follow-up and whether these recommendations are embraced," said Trustwave CISO Kory Daniels.
Daniels goes on to note that the message captured in the order is very clear: there are different levels of maturity in AI. President Biden is communicating the importance of formulating plans around AI, and organizations should take the order seriously or risk being caught flat-footed.
Kevin Kerr, Trustwave Lead Security Principal Consultant, pointed out that a measure of nuance is necessary to ensure the EO does not do the opposite of its stated intention and hinder innovation.
The White House Executive Order on Artificial Intelligence, Kerr said, brings both benefits and risks to the cybersecurity and privacy landscape as it relies on many other variables, to establish standards for AI safety and security, combating AI-enabled threats, and prioritizing privacy, the order aims to protect Americans and promote responsible AI use.
“However, challenges in compliance and potential limitations on innovation need to be carefully addressed to ensure the order's long-term effectiveness,” Kerr said. “As we all may know, the use and misuse of AI will be global, and rules to control AI will only work with those that want the best from it, so care must be taken to not hinder innovation and enable technology to protect against what it could do, intentional or not. Bottom-line, this will be a tough balancing act.”
The order should also spur conversations within organizations nationwide, Daniels said, about not only how each will adopt AI but how it can be used while maintaining privacy, control, and ultimately how it can power the organization's workforce to be more effective.
The other matter that must be addressed is the level of transparency the Executive Order attempts to bring to the development of AI.
"AI developers need to be transparent with what they use in the training data sets, model development, and other components to ensure acceptable usage of Intellectual Property (e.g., Books3 dataset that contains copyright-protected fiction and non-fiction being used to train models) as well as safety compliance," said Karl Sigler, Trustwave SpiderLabs Senior Security Research Manager.
Sigler, who has conducted several AI-centric webinars, added that the passages pertaining to criminal usage of AI are especially important.
The potential for criminals to abuse AI is already taking place with threat actors using Large Language Models (LLM) like Fraud GPT and WormGPT. Trustwave SpiderLabs wrote an in-depth blog on this topic in August. The team noted that the underground community has a great deal of interest in LLMs, and additional malicious LLM products can be expected.
"The other primary issue to be addressed is safety, specifically keeping humans safe. This applies to not just preventing AI from being a criminal accomplice by providing help in making bombs or robbing banks, but also to making sure that AI isn’t disseminating disinformation or enabling social or racist bigotry and bias," he said.
The EO at a Glance
The White House developed the Executive Order under the Defense Production Act, which enables the federal government to regulate industries related to national security to compel companies to tell the federal government about potential national security risks related to their AI work.
The order will:
- Require that developers of the most powerful AI systems share their safety test results and other critical information with the US government.
- Develop standards, tools, and tests to help ensure that AI systems are safe, secure, and trustworthy.
- Protect Americans from AI-enabled fraud and deception by establishing standards and best practices for detecting AI-generated content and authenticating official content.
- Establish an advanced cybersecurity program to develop AI tools to find and fix vulnerabilities in critical software.
- Protect Americans' privacy by prioritizing federal support for accelerating the development and use of privacy-preserving techniques.
- Provide clear guidance to landlords, Federal benefits programs, and federal contractors to keep AI algorithms from being used to exacerbate discrimination.
- Advance the responsible use of AI in healthcare and the development of affordable and life-saving drugs.
The order also requires an accelerated hiring of AI professionals as part of a government-wide AI talent surge led by the Office of Personnel Management, US Digital Service, US Digital Corps, and Presidential Innovation Fellowship. Agencies will provide AI training for employees at all levels in relevant fields.
Daniels noted this requirement is extremely important, as the US is in a race to become the world leader in AI development, and the key to winning that contest is having the best and the brightest personnel.
In the end, deciding whether the AI Executive Order will succeed in its goals will take some time, but if the astonishing pace of technologies like ChatGPT continue, we may find out sooner rather than later if President Biden's attempt to control development is successful.
