Model Release

Staged release of model weights

When a model is developed by a provider for use in a certain AI system, it may also be useful to release the model itself more widely. Such developers can follow a staged release approach, in which they first grant access to the model via an API to trusted partners or the public, in order to scope the models’ capabilities and detect harmful or dangerous features [195]. After a period of an initial closed release and potentially further safety-training, the developers of the AI model can then release the weights, if they are confident that the AI model poses minimal systemic risk.

Release strategy disagreement between developers

Developers of restricted-access models with similar capabilities may disagree about the strategy or precautions to take for model release, especially in the case of competitive pressure or minimal safety regulation oversight. In such a case, if only a single developer releases an equally capable model unrestricted, malicious actors can use it instead of restricted-access alternatives [88]

Gradual or incremental monitored release of model access

AI systems can be released for access incrementally, starting with a small and selected deployer base before progressively being released to a wider user base. Initially, usage to a hosted API can be restricted with access given to specific deployers only, where all instances of the system can be easily updated or decommissioned with minimal disruption should there be any problems identified. Gradual releases provide more time to monitor for vulnerabilities and other problems. Even when such vulnerabilities are detected, the resulting harms may be more limited compared to a scenario in which a more capable version is released with the same vulnerabilities [195].

Limit deployment scope

AI models can be restricted in terms of its use cases, where providers can require the deployers to limit its deployment to a predefined scope [81], such that models built for specific purposes and tested under specific environments are not used in environments or for purposes that are potentially unsafe

Restricted usage terms for open-source models

Developers of open-weights and open-source AI models can vet and restrict the users of their AI systems by requiring them to sign a Terms of Service agreement before getting access to the model weights. Such agreements can include limitations to the usage, modification, and proliferation of the AI model [88]. Such agreements have the advantage that users only need to be vetted once before getting model access, but are often limited in practice in preventing unauthorised use or distribution