IST: Managing Misuse - IST Submits Comments

Managing Misuse Risk for Dual-Use Foundation Models: IST Submits Comments to a NIST Request for Information  - Institute for Security and Technology 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 

 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 


 
 


 
 

 

 
 
 
 
 
 
 

 
 
 

 Skip to content 

 
 
 
 
 
 
 
 
 AI Risk Reduction Initiative 

 
 
 
 
 Managing Misuse Risk for Dual-Use Foundation Models: IST Submits Comments to a NIST Request for Information 

 
 
 
 
 Blog 

 
 
 
 
 March 18, 2025

 
 
 
 
 Last week, Institute for Security and Technology (IST) submitted a response to NIST's Request for Comments on the U.S. Artificial Intelligence Safety Institute's draft guidelines for identifying and mitigating the risks to public safety and national security present across the AI lifecycle. 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 The Institute for Security and Technology submitted comments in response to the National Institute of Standards and Technology (NIST) on the second draft of its guidelines on Managing Misuse Risk for Dual-Use Foundation Models (NIST AI 800-1) .





 For the last few years, IST has been engaging with a diverse range of stakeholders across the AI ecosystem to better understand the emerging risks of AI foundation models and to develop technical- and policy-oriented risk reduction strategies, driving forward responsible innovation. Our comments were informed by a multi-year research effort and a series of convenings involving a working group of 20 stakeholders from leading AI labs, industry, academia, and civil society. Namely, our submission contains elements of the following IST reports: 





 
 A Lifecycle Approach to AI Risk Reduction: Tackling the Risk of Malicious Use Amid Implications of Openness (June 2024); 




 The Implications of Artificial Intelligence in Cybersecurity (October 2024); 




 Navigating AI Compliance: Tracing Failure Patterns in History (December 2024); and




 Navigating AI Compliance: Risk Mitigation Strategies for Safeguarding Against Future Failures (March 2025). 

 



 In our response, we highlight the importance of adopting a more granular AI Lifecycle Framework resembling the real-world stages of AI development and deployment to  serve as a framework for implementing targeted risk reduction strategies. We also propose adding a new practice to evaluate the performance of misuse identification and mitigation efforts and recommend specific additions to the outlined practices on insider threats, among others. Finally, IST shares additional general findings regarding the challenges of managing misuse risks and the potential Return on Investment (ROI) for adhering to risk management best practices.





 
 Download IST’s response 
   
 



 


 March 14, 2025





 Dear Ms. Chambers,





 The Institute for Security and Technology (IST) appreciates the opportunity to file comments in respons

... (truncated, 14 KB total)