Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 119th Congress · H.R. 8283 (Introduced in House) — To prevent foreign adversaries from threatening the national security of the United States by extracting key technica... · Sec. 4

Sec. 4. Assessment of model extraction attacks and fraudulent account network providers

971 words·~4 min read·/bill/119/hr/8283/ih/section-4

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than 180 days after the date of the enactment of this Act, the Secretary of State, in coordination with each agency that is a member of the Operating Committee for Export Policy, shall complete an assessment to determine— which, if any, entities of concern have conducted or are currently conducting model extraction attacks against closed-source AI models owned by United States entities; and which, if any, entities of concern are fraudulent account network providers. The assessment required by subsection
(a)shall include the following: A determination of which entities of concern— have either previously or are currently engaging in model extraction attacks; or are fraudulent account network providers. A determination of which, if any, countries model extraction attacks have originated from and where fraudulent account network providers exist. An identification of which, if any, agencies or instrumentalities of governments of countries of concern have provided or are providing material assistance to entities identified pursuant to paragraph (1). An analysis of the methods employed by entities of concern identified pursuant to paragraph (1), including— the role of fraudulent account network providers in model extraction attacks, including, to the extent possible, the physical location of fraudulent account network provider offices and data centers; and a determination, to the extent possible, of the number of attempted model extraction attacks that occurred in the previous two calendar years from the date on which the Secretary of State begins the assessment pursuant to subsection (a)(1). An examination of the strengths and weaknesses of various detection approaches that can be used to determine whether a model extraction attack has occurred or is occurring. An assessment of the economic and national security consequences of successful model extraction attacks by entities of concern that occurred in the previous two calendar years from the date on which the Secretary of State begins the assessment pursuant to subsection (a)(1). Steps detailing how the United States Government is assisting owners of closed-source AI models that have been the target or victim of model extraction attacks in detecting model extraction attacks, deterring future model extraction attacks, and punishing entities of concern that engage in model extraction attacks or are fraudulent account network providers. A diplomatic strategy to leverage United States allies and partners in detecting and preventing model extraction attacks by entities of concern. In conducting the assessment required by subsection (a), the Secretary of Commerce, in coordination with each agency that is a member of the Operating Committee for Export Policy, shall consult with owners of closed-source AI models that have been the targets or victims of model extraction attacks, whose participation in this consultation shall be voluntary, other companies, academic experts, industry fora, and other appropriate entities to— identify patterns of attacker behavior and methods to better inform United States Government and private sector efforts to detect model extraction attacks; develop best practices for defending against model extraction attacks; and develop best practices for identifying fraudulent account network provider activities that facilitate model extraction attacks. Not later than 210 days after the date of the enactment of this Act, the Secretary of Commerce, in coordination with each agency that is a member of the Operating Committee for Export Policy, shall submit to the appropriate congressional committees a report that contains the findings of the assessment. The Secretary of Commerce shall, annually for 3 years, submit to the appropriate congressional committees an updated report with any additional entities of concern identified pursuant to subsection (b)(1). The report required by this subsection shall be submitted in unclassified form, but may contain a classified annex. The Secretary of Commerce, in coordination with each agency that is a member of the Operating Committee for Export Policy, shall routinely assess for— model extraction attacks directed against owners of closed-source AI models that occur after the date of completion of the assessment required by this section; fraudulent account network providers that facilitate model extraction attacks after the date of completion of the assessment required by this section; and any material changes related to other matters specified in subsection (b). The Secretary of Commerce, in coordination with each agency that is a member of the Operating Committee for Export Policy, shall establish an information sharing mechanism that allows owners of closed-source AI models to voluntarily, quickly, and confidentially share information about model extraction attacks and fraudulent account network providers with the Department of Commerce. The Secretary of State, in coordination with each agency that is a member of the Operating Committee for Export Policy, shall— maintain a list, to be known as the AI Model Extraction Attackers List , that displays information about specific individuals and entities of concern, that the assessment required by subsection
(a)and routine assessment described in subsection
(e)identify as having conducted or directed model extraction attacks in the past year; and publish such list on a publicly available website of the Department of State for up to 5 years. The Secretary of State may not, in publishing the list required by paragraph
(1)on a publicly available website of the Department of State, disclose confidential information provided by owners of closed-source AI models without the express permission of said owner. Not later than 210 days after the date of the enactment of this Act, the Secretary of Commerce, in coordination with each agency that is a member of the Operating Committee for Export Policy, shall publish a report comprising of best practices to detect, prevent, and respond to model extraction attacks. The report required by this subsection shall be publicly available. In making the report required by this subsection publicly available, the Secretary of Commerce, in coordination with each agency that is a member of the Operating Committee for Export Policy, shall not disclose confidential information provided by owners of closed-source AI models without the express permission of said owner.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.