Geoffrey Hinton is right. So-called open sourcing of the biggest models is completely crazy. As AI models become more capable they should become increasingly useful in bioweapons production and for use in large-scale cyber attacks that could cripple critical infrastructure. Expert human level models will simply massively lower the threshold of competence and expertise for would-be bioterrorists to develop bioweapons, and increase the speed at which the information can be accessed. They may also identify novel methods of bioweapons production that reduce the necessary level of access to physical resources. Why is this a big problem for 'open source'? Model developers and providers are able to fine tune their models and implement security guardrails on the API level to avoid producing dangerous outputs. However, with open-sourced models these guardrails are simply not present, or can be trivially removed, and there is currently no known method to ensure that these models once released are not able to be further fine tuned to produce bad outputs. In other words, once a model's weights are released (usually, perhaps misleadingly, called open-sourcing): There is no way to ensure that it cannot be used for dangerous purposes. And once the model weights are out there, there is no way to take them back. Furthermore, given that one is able to run the model locally, it makes it significantly harder for model providers or intelligence agencies to monitor potentially bioterrorist or other very dangerous activities, in contrast to when interacting with an API on a server. Currently the leading AI companies are making moves to test their models for usefulness in bioweapons development, as seen with OpenAI’s recent study on GPT-4. This study found that GPT-4 did not statistically significantly increase the ability for humans to research how to build bioweapons, however @GaryMarcus found that there were considerable flaws with this analysis, and that a better statistical analysis would find that it was statistically significant. One hopes that these companies will be able to get on top of this. If they do, and they do find that models they develop in the future are very useful for bioweapons development, governments may have a very limited time window to intervene and prohibit open sourcing the most powerful models, before open source models being released are dangerous too. It currently seems that Meta (the company releasing the most powerful open sourced models) is somewhere between 1 to 1.5 years behind the closed source leaders (OpenAI, Google DeepMind, Anthropic). It appears that this lead time has both shortened in recent years, and is likely to continue to shorten in the future, given the cost of compute curve for advancing to the next generation of a model, the resources Meta are investing, and that research from the leading labs continues to proliferate. Given the uncertainties here, both in terms of what sized models have dangerous latent capabilities, and in terms of the ability for the leading AI companies to test their models, and in terms of the lead time of closed source on open source, it would make sense for governments to be pro-active here and not wait to potentially find out the hard way. And why is biorisk so important? There is currently an asymmetry between offense and defense, where bioweapons can be created and deployed much more easily than we can defend society against something like a bioengineered virus once it is spreading and growing — that is something that we as a civilization are totally unprepared to handle.

Which makes sense, because Nicholas Carlini (err, Dr. Nick, sorry) is a former pentester (and a co-author of Microcorruption). Today, he studies low-level mathematical attacks on AI models. This week, on SCW:

China can always smuggle enough chips around US export controls to train large capable models. But the new AI diffusion rule attempts to deny them the ability to build or use internet scale inference platforms. Winning the AI race is about much more than just benchmarks and evaluations. If you fail to apply AI to the most important problems in economics, defense and science then you lose. Inference at scale is the only way to do that. There is enough capability overhang in many current models to begin making progress on these problems.