中國人工智能安全承諾框架

CHINAARTIFICIALINTELLIGENCESECURITYANDSAFETYCOMMITMENTSFRAMEWORK

人工智能浪潮席卷全球，積極釋放技術(shù)價(jià)值紅利，對全球經(jīng)濟(jì)社會(huì)發(fā)展和人類文明進(jìn)步產(chǎn)生深遠(yuǎn)影響。我們也清晰認(rèn)知到，人工智能帶來難以預(yù)知的各種風(fēng)險(xiǎn)挑戰(zhàn)。為把握新一輪發(fā)展機(jī)遇，中國人工智能發(fā)展與安全研究網(wǎng)絡(luò)成員鄭重發(fā)起《中國人工智能安全承諾框架》，通過產(chǎn)業(yè)自律，以高水平安全保障高質(zhì)量發(fā)展，協(xié)力共促人工智能穩(wěn)健發(fā)展。此事由中國信息通信研究院牽頭推進(jìn)。我們深知，自律承諾是獲得社會(huì)信任的關(guān)鍵要素，我們將以本承諾作為行動(dòng)守則，接受社會(huì)各界監(jiān)督，不斷提升優(yōu)化，促進(jìn)人工智能技術(shù)應(yīng)用以人為本，智能向善。

Thewaveofartificialintelligence(AI)issweepingacrosstheglobe,actively

generatingtechnologicaldividendsandexertingprofoundinfluenceonglobaleconomicandsocialdevelopmentaswellastheprogressofhumancivilization.Atthesametime,wearekeenlyawarethatAIbringsaboutunpredictablerisksandcomplexchallenges.Toseizethisnewroundofdevelopmentopportunities,membersofChinaAISafetyandDevelopmentAssociation(CnAISDA)solemnlylaunchtheAISecurityandSafetyCommitments.Throughindustry

self-regulation,wewillleveragehigh-levelsecurityandsafetymeasuresto

supporthigh-qualitydevelopment,andcollaboratetopromotetherobust

developmentofAI.ThisinitiativeisledandpromotedbytheChinaAcademyofInformationandCommunicationsTechnology(CAICT).Wefullyrecognizethatcommitmentstoself-disciplineconstituteacriticalfoundationforgainingthetrustoftheinternationalcommunity.GuidedbytheCommitmentsasourcodeofconduct,andsubjecttotheoversightofallstakeholders,wewill

continuouslyimproveandrefineourapproach.Bydoingso,wewillensurethat

theapplicationofAItechnologiesalwaysremainspeople-centeredandalignedwiththeprincipleofAIforgood.

承諾一：設(shè)置安全團(tuán)隊(duì)或組織架構(gòu)，構(gòu)建安全風(fēng)險(xiǎn)管理機(jī)制。內(nèi)部設(shè)有專業(yè)團(tuán)隊(duì)負(fù)責(zé)開展人工智能風(fēng)險(xiǎn)評估、安全治理等工作，明確安全負(fù)責(zé)人。主動(dòng)設(shè)定符合實(shí)際需求的安全風(fēng)險(xiǎn)基線，開源時(shí)采取相應(yīng)的安全措施，開展貫穿人工智能開發(fā)部署全生命周期的風(fēng)險(xiǎn)管理，明確風(fēng)險(xiǎn)識(shí)別和應(yīng)對流程及措施。

CommitmentI:Establishsecurityandsafetyteamsororganizationalstructuresandbuildsecurityandsafetyriskmanagementmechanisms.DesignatealeaderresponsibleforAIsecurityandsafety,establishspecializedteamstoconductAIriskassessmentsandsafety,securityandgovernancewithintheenterprise.

Proactivelydefinerealisticsecurityandsafetyriskbaselines,adoptappropriatesecurityandsafetymeasuresforopen-sourceinitiatives,andimplementrisk

managementpracticesthroughouttheentireAIdevelopmentanddeploymentlifecycle.Clearlyoutlineprocessesandmeasuresforriskidentificationand

mitigation.

承諾二：開展模型安全測試，提升模型效果與安全可靠性。通過專業(yè)性的仿真測試團(tuán)隊(duì)，在發(fā)布、更新人工智能模型之前對其進(jìn)行紅隊(duì)測試。對于大模型，重點(diǎn)圍繞其通用理解、推理和決策能力，以及其在工業(yè)、教育、醫(yī)療、金融、法律等場景下表現(xiàn)出的能力開展安全性和可靠性測試。

CommitmentII:ConductsecurityandsafetytestingforAImodelstoenhancetheperformance,safetyandreliability.Throughdedicatedsimulationand

red-teamingexperts,rigorouslytestAImodelspriortotheirreleaseorupdate.Forlargemodelsinparticular,prioritizesafetyandreliabilityevaluations

focusingontheirgeneralunderstanding,reasoning,anddecision-making

capabilities,aswellastheirperformanceincriticaldomainssuchasindustry,education,healthcare,finance,andlaw.

承諾三：采取措施保障訓(xùn)練數(shù)據(jù)和業(yè)務(wù)數(shù)據(jù)安全。制定數(shù)據(jù)安全防護(hù)制度，配套建立防護(hù)技術(shù)措施，發(fā)現(xiàn)并及時(shí)處置數(shù)據(jù)投毒的情況，把控訓(xùn)練數(shù)據(jù)的準(zhǔn)確性與可靠性。對業(yè)務(wù)數(shù)據(jù)進(jìn)行加密存儲(chǔ)與訪問控制，確保商業(yè)秘密、用戶隱私及用戶上傳的知識(shí)庫僅在授權(quán)下訪問，不被人工智能模型非法輸出，保障數(shù)據(jù)安全與隱私權(quán)益。

CommitmentIII:Implementmeasurestosafeguardthesecurityoftrainingdataandoperationaldata.Establishdatasecurityprotectionpoliciesanddeploy

correspondingtechnicalmeasurestodetectandpromptlyaddressdata

poisoningincidents,ensuringtheaccuracyandreliabilityoftrainingdata.

Encryptoperationaldataandenforceaccesscontrolstoprotectbusiness

secrets,userprivacy,anduser-uploadedknowledgebase,ensuringaccessisrestrictedtoauthorizeduseonly.PreventunauthorizedoutputsbyAImodels,therebysafeguardingdatasecurityandprivacyrights.

承諾四：提升基礎(chǔ)設(shè)施安全。建立人工智能系統(tǒng)部署的軟硬件安全監(jiān)測和防護(hù)能力，實(shí)施定期和動(dòng)態(tài)的安全滲透測試，模擬各種潛在的風(fēng)險(xiǎn)場景，識(shí)別并報(bào)告環(huán)境中的安全隱患，研判可能導(dǎo)致的各種風(fēng)險(xiǎn)。建立基礎(chǔ)設(shè)施安全應(yīng)急響應(yīng)機(jī)制，包括應(yīng)急處理流程、責(zé)任分配以及事后改進(jìn)方案。

CommitmentIV:Enhanceinfrastructuresecurity.DeveloprobustcapabilitiesformonitoringandprotectingthesoftwareandhardwareusedinAIsystem

deployments.Conductregularanddynamicsecuritypenetrationteststo

simulatepotentialriskscenarios,identifyandreportsecurityvulnerabilitiesintheinfrastructure,andassessassociatedrisks.Establishaninfrastructure

securityincidentresponsemechanism,includingemergencyresponse

procedures,clearaccountabilityassignments,andpost-incidentimprovementsolutions.

承諾五：增強(qiáng)模型透明度。主動(dòng)披露安全治理實(shí)踐舉措，提升對各利益攸關(guān)方的透明度。公開披露模型的功能、適用領(lǐng)域以及局限性。通過模型說明、服務(wù)協(xié)議等方式，向公眾披露可能涵蓋的風(fēng)險(xiǎn)。

CommitmentV:Enhancemodeltransparency.Proactivelydisclosesafetyandsecuritygovernancemeasuresandimprovetransparencyforallstakeholders.Provideclearinformationaboutthemodel'scapabilities,applicablefields,andlimitations.Informpotentialriskstothepublicthroughmodeldocumentation,serviceagreements,orothers.

承諾六：積極開展前沿安全研究，防范前沿領(lǐng)域安全風(fēng)險(xiǎn)。研究開發(fā)和部署智能向善的人工智能系統(tǒng)，積極向公眾披露研究成果，以幫助應(yīng)對社會(huì)面臨的挑戰(zhàn)。加強(qiáng)對人工智能系統(tǒng)在前沿領(lǐng)域中的濫用風(fēng)險(xiǎn)研判，防范其在高危場景的潛在濫用風(fēng)險(xiǎn)。

CommitmentVI:Vigorouslyadvancefrontiersafetyandsecurityresearch,andpreventsafetyandsecurityrisksinfrontierfields.InnovateinthedevelopmentanddeploymentofAIsystemsthatembodytheprincipleofAIforgood,anddiscloseresearchfindingswiththepublictransparently,contributingto

addressingpressingchallengesfacedbysociety.StrengthentheassessmentofrisksrelatedtotheabuseofAIsystemsinfrontierfields,andpreventpotentialrisksoftheirabuseinhigh-riskscenarios.

承諾七：加強(qiáng)安全治理國際合作，推動(dòng)技術(shù)向善普惠應(yīng)用。積極參與全球人工智能安全治理交流對話，共享風(fēng)險(xiǎn)識(shí)別、評估與防控經(jīng)驗(yàn)及最佳實(shí)踐。積極承擔(dān)社會(huì)責(zé)