Four provisions that would mandate Defense Department components and other entities to pursue new actions associated with existing and future artificial intelligence deployments were approved as a package of amendments that the Senate passed in its version of the fiscal 2024 National Defense Authorization Act on Thursday night.
Broadly, the amendments — deemed the “AI, Group of Four” package, and shared with DefenseScoop on Friday — would direct the Pentagon to shape and steer a sweeping bug bounty program to uncover susceptibilities in its AI systems, require the agency to conduct a vulnerability analyses of AI-enabled military applications, and mandate new reports on data-sharing and coordination, and AI regulation in the financial services industry.
These bipartisan provisions were introduced by Senate Majority Leader Chuck Schumer, D-N.Y., and Sens. Mike Rounds, R-S.D., Martin Heinrich, D-N.M., and Todd Young, R-Ind., who are also hosting three senators-only AI briefings this summer so lawmakers can learn more about the emerging technology.
“The advances we have seen in [AI] in the last few months have been astounding,” the quartet of lawmakers wrote in a recent letter to their chamber colleagues. “As AI transforms our world, the Senate must keep abreast of the extraordinary potential, and risks, AI presents.”
The first artificial neural network dates back to the 1950s and AI and machine learning capabilities have been evolving and becoming more “intelligent” — faster and faster — over the decades since then. But with the recent public release of generative AI-enabled large language models, politicians and the American citizenry are increasingly recognizing the technology’s uncertain potential to disrupt humanity in new and possibly groundbreaking ways.
The U.S. military has for years been experimenting with and deploying AI-enabled tools across many offices and on battlegrounds. Elements of the vast organization have piloted and applied software bots and uncrewed platforms — and the defense secretary’s policy team recently updated the Pentagon’s guidance for those who make, buy, test, field, or use autonomous weapon systems. Further, with expressed aims for the department to “become a digital and AI-enabled enterprise,” in 2021 Deputy Defense Secretary Kathleen Hicks announced the establishment of a Chief Digital and Artificial Intelligence Office (CDAO).
Two provisions among the “AI, Group of Four” amendments would direct new responsibilities explicitly for the CDAO.
One would require the nascent office to “develop a bug bounty program for foundational artificial intelligence models being integrated into Department of Defense missions and operations.” The text defines a “foundational” AI model as “an adaptive generative model that is trained on a broad set of unlabeled data sets that can be used for different tasks with minimal fine-tuning.”
Notably, the amendment would require the defense secretary to “ensure, as may be appropriate, that whenever the [DOD] enters into any contract, the contract allows for participation in the bug bounty program” that the CDAO would shape.
That office has previously led a pilot of a legacy Pentagon vulnerability disclosure program to pinpoint cyber threats — though that initiative was not solely focused on AI-specific risks, like this Senate-proposed program.
According to the amendment language, the CDAO’s leadership would also have to provide Congress with updates on future, longer-term plans for the program.
Via another provision in the amendment package, lawmakers would require the CDAO to collaborate with the Defense Advanced Research Projects Agency (DARPA), Energy Department, White House Office of Science and Technology Policy and several other federal organizations to “complete a study analyzing the vulnerabilities to the privacy, security, and accuracy of, and capacity to assess, artificial intelligence-enabled military applications, as well as research and development needs for such applications.”
That inclusion supplies a comprehensive list of expected elements of the study.
Among other activities, the lawmakers call for an evaluation of the “impact of increased agency in [AI-enabled] military applications and how such increased agency may affect the ability to detect and assess new, complex, and emergent behavior, as well risks to the privacy, security, and accuracy of such applications over time” — and the “identification of existing [AI] metrics, developmental, testing and audit capabilities, personnel, and infrastructure within the” DOD.
The CDAO’s final report on its investigation would be due to Congress within one year of the bill’s enactment.
Another provision of the legislative package would direct the Defense Department to review and provide a report to congressional defense committees on ways to improve data sharing, interoperability and quality across the Pentagon’s enterprise.
Contents would include an assessment of the consequences that “a lack of appropriate levels of data sharing, interoperability, and quality has on Departmental collaboration, efficiency, interoperability, and joint-decisionmaking,” and a description of near-, mid-, and long-term efforts that the Office of the Secretary of Defense plans to implement associated with its data, among other things.
The package also includes a provision that would mandate each of the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, National Credit Union Administration, and the Bureau of Consumer Financial Protection to submit to the Committee on Banking, Housing and Urban Affairs of the Senate and the Committee on Financial Services of the House of Representatives a report on their “gap in knowledge” relating to AI.
The Senate’s version of the NDAA, which would authorize $886 billion in total national defense spending, now moves on to conference committee negotiations where it can be reconciled with the House of Representatives-approved version.