Yesterday, we signed an agreement with the Pentagon to install advanced AI systems in classified settings. We also asked that these systems be made available to all AI companies.
We believe our agreement includes stronger safe plots than any previous deal for classified AI deployments, even compared to Anthropic’s. Here’s why:
Three main red lines guide our work with the Department of War and other leading AI labs; we generally share these.
- No use of OpenAI technology for mass domestic surveillance.
- No Use of OpenAI technology to direct autonomous weapons systems.
- No use of OpenAI technology for high-risk automated decisions (e.g., systems such as social credit).
Some AI labs have lowered or removed their safety guardrails and now rely mostly on usage policies for national security deployments. Our approach delivers better protection against misuse.
Our agreement protects these red lines with a broad, multifaceted approach:
- We keep full control over our safety systems.
- We use cloud deployment more clearly, OpenAI staff.
- We have strong contract protections.
These measures add to the protections already in US law.
We are committed to democracy because this technology is so important. AI development needs to work closely with the political process. We also know our technology brings new risks, and we want those defending the United States to have the best tools available.
Our agreement covers the following points:
- Deployment Architecture Cologne. This is a cloud-only setup that uses a safety system that follows these and other principles. We are not giving the Department of War any models without safety features, and we are not deploying our models on edge devices, which could be used for autonomous lethal weapons.
Our deployment setup lets us independently check that these red lines are not crossed, including running and updating classifiers.
- Our contract: The key terms are as follows:
The Department of War may use the AI system for all lawful purposes consistent with applicable law, operational requirements, and well-established safety and oversight protocols. The AI system will not be used to independently direct autonomous weapons in any case where law, regulation, or department policy requires human control, nor will it be used to assume other high-stakes decisions that require approval by a human decision-maker under the same authority. Per DoD Directive 3000.09 (dated 25 Jan/2023, any use of AI in autonomous and semi-autonomous systems must undergo strict verification, validation, and testing to ensure they perform as intended in realistic environments before deployment.
For intelligence activities, any handling of private information will comply with:
- The Fourth Amendment
- The National Security Act of 1947
- The Foreign Intelligence Surveillance Act of 1978
- Executive Order 12333
- applicable DoD directives that require a defined acceptance, as permitted by the Posse Comitatus Act and other applicable law.
- AI Expert Involvement: Clear AI OpenAI engineers will work directly with the government, and clear safety and alignment researchers will also be involved.
FAQs
Why are you doing this?
First, we believe the US military needs strong AI models to support its mission, especially as potential adversaries increasingly use AI in their systems. We did not sign a contract for classified deployment right away because we felt our safeguards and systems were not ready. We have worked hard to ensure that, when classified deployment occurs, it includes safeguards to prevent any red lines from being crossed.
I’ve never been willing to remove important technical safeguards to improve performance on national security work. We do not think that is the right way to support the US military.
Second, we wanted to ease tensions between the Department of War and U.S. AI labs. Constructing a better future will require real collaboration between the government and AI labs. As part of our agreement, we asked that the same terms be offered to all AI labs and that the government try to resolve issues with Anthropic. The current situation is not a good way to start this next phase of working together.
Why could you reach a deal when Anthropic could not? Did you sign the deal? Wouldn’t they?
From what we know, our contract offers better guarantees and stronger safeguards than earlier agreements, including Anthropic’s original contract. Our red lines are more enforceable because deployment is limited to the cloud. Our safety stack works as intended and has remained in OpenAI staff R-in mode throughout.
We do not know why Anthropic could not make this deal, but we hope they and other lands will consider it in the future.
Do you think Anthropic should be designated as a supply chain risk?
No, and we have made our position on this clear to the government.
Will this deal enable the Department of War to use OpenAI models to power autonomous weapons?
No. Based on our safety stack, our Cloud-only deployment, the contract language, and existing laws, regulations, and policies, we believe that this cannot happen. We will also have OpenAI personnel in the loop for additional assurance.
Will this deal enable the Department of War to use OpenAI models to conduct mass surveillance on U.S. persons?
No. Based on our safety stat, the contract language, and existing laws that heavily restrict DoW from domestic surveillance, we believe that this cannot happen. We will also have OpenAI personnel in the loop for additional assurance.
Do you have to deploy models without a safety stack?
No, we keep full control over the safety stack we use and will not deploy without safety guard rails. Our safety and alignment researchers will also be inward and help improve our systems over time. We know some other AI labs have reduced model guardrails and rely mainly on usage policies, but our layered approach delivers better protection against misuse.
What happens if the government violates the terms of the contract?
As with any contract, we could end the agreement if the other party breaks the terms. We do not expect this to happen.
What if the government changes the law or existing D.O.W. policies?
Our contract clearly refers to the current laws and policies on surveillance and autonomous weapons. Even if these laws or policies change in the future, our systems must still comply with the standards set out in the agreement.
How do you address the arguments Anthropic made in their blog post (opens in a new window) about their discussion with the DOW?
In their post, Anthropic lists two red lines. We share those two and add a third: automated, high-stakes decision-making. Anthropic explained why they did not think these red lines would be upheld in the contracts they saw from the Department of War at that time: “We think these red lines would be upheld in our contract.”
- Mass Domestic Surveillance. In our discussion, it was clear that the Department of War sees mass domestic surveillance as illegal and did not plan to use our technology for this. We made sure our contract clearly states that this is not allowed under lawful use.
- Fully autonomous weapons. Our contract only allows cloud deployment, which cannot power fully autonomous weapons that require edge deployment, which is not permitted.
Along with these protections, our contract includes extra safeguards such as our Safety Stack and OpenAI technical experts who are involved throughout.
