Although some kinds of AI system evaluations are possible without the collaboration of AI actors, researchers and other independent evaluators will sometimes need access to AI system components to enable comprehensive evaluations. These components include at least documentation, data, code, and models, subject to intellectual property, privacy, and security protections.58 In addition, it will frequently (but not always) be necessary to include associated software and technical artifacts to enable running and evaluating the model in its functional environment. Evaluators may also need information about governance processes within an entity, such as how decisions around AI system design, development, deployment, testing, and modification are made and what controls are in place throughout the AI system lifecycle to provide credible assurance of trustworthiness. Commenters identified the inability to gain access to AI system components as one of the chief barriers to AI accountability; what is needed are systems that can provide appropriate access for eligible evaluators and researchers, while controlling for access-related risks.
This Report identifies a role for government in facilitating appropriate researcher and other independent evaluator access to AI system components through tools that exist or must be developed. Part of this work is to clarify necessary levels of access and safeguards.
58 See, e.g., ARC Comment at 9 (“To faithfully evaluate models with all of the advantages that a motivated outsider would have with access to a model’s architecture and parameters, auditors must be given resources that enable them to simulate the level of access that would be available to a malign actor if the model architecture and parameters were stolen.”); AI Policy and Governance Working Group Comment at 3 (“Qualified researchers and auditors who meet certain conditions should be given model-and-system framework access.”). See also, e.g., Alex Leader Comment at 2-3 (“While inputs to audits or assessments, such as documentation, data management, and testing and validation, are essential, these must be accompanied by measures to increase auditors' and researchers' access to AI systems.”); Olivia Erickson, Zachary Fox, and M Eifler Comment at 1 (“Companies building large language models available for use in commercial applications that meet any of the following criteria should be required to allow a third-party to audit the sources of their data, storage, and use. Specific regulatory guidance should be written with scaling requirements that become more intensive relative to the size of the company (by revenue) or use.”).