Overview
Severity: MEDIUM | Affected: U.S. AI Safety Institute | Category: policy
The U.S. AI Safety Institute (USAISI) has announced a new binding regulation, the AI Vulnerability and Disclosure (AI VAD) program, for companies developing high-capability foundation models. Effective immediately, developers must conduct standardized red-teaming and report significant model vulnerabilities, such as emergent capabilities, severe biases, or susceptibility to specific jailbreaks, to a central database managed by the institute. This program aims to create an AI-specific equivalent to the Common Vulnerabilities and Exposures (CVE) system used in traditional cybersecurity. Non-compliance will result in significant fines and a potential pause on public deployment. The policy is a major step towards creating a standardized framework for responsible AI development and deployment, forcing companies to prioritize security evaluations and transparency before releasing powerful new models to the public. Industry reactions have been mixed, with some praising the move for safety and others concerned about compliance overhead.