Catching illicit distributed training operations during an AI pause
Researchers identify and patch a critical gap in proposed international AI safety regulations.
Researchers at the Machine Intelligence Research Institute (MIRI) have identified and proposed a fix for a critical vulnerability in a landmark international AI safety proposal. The original agreement, designed to pause risky development of superhuman AI, required any cluster of AI chips with more computing power than 16 H100 GPUs to be registered and monitored. A key enforcement mechanism was a 25 Gbit/s bandwidth threshold, intended to catch interconnected clusters while exempting ordinary internet connections.
However, MIRI researcher Robi Rahman discovered a loophole: an evader could perform 'distributed training' across thousands of small, geographically separate nodes, each individually below the computing power and bandwidth thresholds. After building a simulator to model this threat, the team proposed a simple but effective patch. The updated definition of a 'Covered Chip Cluster' now includes any set of chips with an aggregate accelerator memory greater than 1,280 GB, effectively closing the distributed training evasion path and strengthening the regulatory framework.
- Original proposal targeted clusters with >16 H100-equivalent compute or >25 Gbit/s inter-node bandwidth.
- Loophole allowed 'distributed training' across many small, unregistered nodes to evade detection.
- New rule adds a 1,280 GB accelerator memory cap to close the evasion method.
Why It Matters
This patch is crucial for making a potential AI development pause enforceable, moving regulation from theory to practical implementation.