Imagine if every uranium atom pulled out of the ground had its own international atomic energy inspector tasked to follow it, report on its usage, perhaps track its location. Ideally this system would even stop the atom from being radioactive if it were being used unsafely, or convert it to lead if the inspector were removed. If this were possible, it would be an incredible boon to nuclear deterrence.

Flexible Hardware-Enabled Governors (flex-HEGs) provide this level of oversight and reporting for datacenter GPUs. If you believe AI can pose a risk similar to nuclear war (which many leading experts do, in this statement on AI Risk), then you may have joined the call for an international governance body for AI. We believe this type of international governance requires technological support for transparency, reporting, and collaboration.

Atlas Computing was created to help humans better understand and review increasingly automated systems. Because using AI safely may require building AI safely, we're excited to announce that Atlas Computing will help prototype Hardware-Enabled Governors (HEGs).

HEGs are specialized hardware components integrated into GPUs and other high-performance computing devices that allow compliance with AI safety best practices by enabling transparent, privacy preserving monitoring of AI training and deployment processes. 

Humanity needs a system that prevents any actor from bypassing established safety rules. This, in turn, is critical for preventing catastrophic misuse or accidental deployment of dangerous AI capabilities. By embedding governance mechanisms directly into the hardware, HEGs enable coordination between mistrustful AI developers or regulators.

What are Hardware-Enabled Governors?

By embedding compliance mechanisms directly into AI hardware, HEGs ensure that agreed-upon rules are enforced at the most fundamental level.  While the concept inherits a long tradition of hardware compute governance*, we use the term coined in this post on Yoshua Bengio’s blog and the requirements therein.

HEGs consist of three key components:

1. A compliance processor that determines if AI generation meets negotiated reporting thresholds

2. A tamper-responsive mechanisms to maintain system integrity

3. An offline power source to ensure continuous operation of tamper-response

These layers enable a wide range of regulatory capabilities, such as ensuring that safety best practices are used for any training run over a certain size. HEGs leverage secure enclaves and sophisticated methods to distinguish between training and inference. This allows for targeted governance without impeding benign AI applications.

Why is this important?

As nations recognize the potential of advanced AI systems, they may rush to develop these technologies for military or strategic purposes, similar to the nuclear arms race, incentivizing fewer safety precautions and increasing the risk of catastrophes or loss of control. 

HEGs could serve as concrete demonstrations of responsible behavior, providing reliable evidence that safety protocols are followed and allowing all players to transparently show adherence to best practices. While they don't define or guarantee safe AI, they ensure consistent application of best practices, reducing safety lapses. As a result, they shift incentives toward cooperation and responsible development, stabilizing the AI landscape and preventing the unchecked escalation of AI capabilities, which could have catastrophic global impacts.

Who decides what is safe?

Let’s start by noting that the creators of HEGs should not be the people responsible for defining safety best-practices or compute thresholds.

Establishing well-defined beliefs and standards about AI risk is crucial for the effectiveness and integrity of HEGs, but also fairly separate from creating the HEGs themselves. Ideally, policymakers or subject matter experts should make these decisions, potentially starting from something like this post on compute thresholds. This approach ensures that AI governance standards are set via representative decisions that incorporate expert opinions. 

A common misconception is that having a tool for understanding and governance necessarily provides a government or manufacturer centralized regulatory control. This isn't the case. We would be supportive of an international consortium of frontier labs, governments, and/or device manufacturers interested in setting plans to use and implement HEGs. This could even be created and mandated through something like a professional society requiring all frontier labs that hope to employ top talent to adopt these measures.

The Atlas perspective is that humans should understand and oversee these technologies, ideally accountable humans. However, accountability to a nation state is not necessary (nor desirable).

What is Atlas doing?

Atlas Computing's mission is to improve humanity's capacity for review. This goal clearly includes the objective of scaling the capacity to assess the creation of AI systems from development to deployment. HEGs support this mission by providing tools that enhance transparency and accountability in AI development, allowing us to better understand what AI systems are being created.

Currently, Atlas is focused on advancing the hardware aspects of HEGs. Leveraging Evan's experience in hardware systems and a strong professional network, we are well-positioned to help drive this initiative. Atlas will also coordinate efforts among various stakeholders, including funders, potential grantees, startups, nonprofits, researchers, and developers. This top-level coordination is essential for translating our vision into clear, concrete progress.  Additionally, we’ve brought on Mehmet Sencan to move technological readiness levels on components for at least the next 3 months, thanks to support from the AISTOF.

Our goal is to demonstrate a proof of concept for the tamper response mechanism (Technological Readiness Level 3) by this fall, with plans to achieve scalable technology development (TRL 4) by February and prototype demonstration (TRL 5 or 6) on all subcomponents by the end of 2025.

The implementation of HEGs should be open-hardware to foster collaboration and improve security.  This technology is not intended to be controlled by one party by another, but rather a tool for the broadest possible coordination. 

A Broader Theory of Change

Ensuring that AI systems are created safely is a sociotechnical problem that requires both technical and policy solutions. 

Proving the feasibility of the technical solution is essential. This involves identifying abstraction boundaries, de-risking the components,  and demonstrating integration. Technical de-risking must ensure the device can be built quickly and cheaply without a meaningful impact on device performance.

There may be concerns from manufacturers if they don't see the value or need for these interventions, which can be addressed with policy incentives. The solutions need to be affordable and scalable, deployed on an incredibly large scale. The machines must be robust against adversaries, both in hardware and in adversarial environments.

In addition to the technical solution, engaging with policymakers and stakeholders throughout is necessary to ensure that solutions are practical and can be widely accepted. This integrated approach is vital for stabilizing the AI development landscape and promoting responsible AI advancements globally.

A Call to Action

Implementing policies to enforce these measures is key and requires approval from policymakers and subject matter experts. Convincing policymakers involves demonstrating why these measures are necessary and integrating them into existing IP and licensing frameworks. This socio-technical problem demands both technical de-risking and substantial dialogue with policymakers to establish robust standards.

A group of funders and researchers are advocating for and actively pursuing development of HEGs.  Atlas Computing is helping to develop this community to drive this initiative forward. If you are interested in funding this project or contributing as an engineer, researcher, or developer, please reach out to us.  We’re keeping the community somewhat small to move quickly, and cannot guarantee we’ll include you, but would love to hear from you and will include you as soon as it feels like it will accelerate the cause.

*also see: https://www.cnas.org/publications/reports/secure-governable-chips 

https://www.governance.ai/post/computing-power-and-the-governance-of-ai

https://futureoflife.org/ai-policy/hardware-backed-compute-governance/ 

https://arxiv.org/abs/2402.08797