Table of Contents
Fetching ...

Access Controls Will Solve the Dual-Use Dilemma

Evžen Wybitul

TL;DR

The paper tackles the dual-use dilemma in AI safety, where the appropriateness of answering a query hinges on real-world user context. It argues that current safety methods lack trustworthy contextual signals and proposes a verification-based access control framework that pairs content classification with user verification to restrict access to high-risk categories. Three implementation paths are explored—separate models, specialized expert modules using UNDO distillation and gradient routing, and post-processing classifiers—each with distinct robustness and practicality trade-offs. The authors discuss feasibility, potential to reduce over- and under-refusals, and open questions around privacy and global access, highlighting the framework’s potential to enable safer, more nuanced information access at inference time.

Abstract

AI safety systems face the dual-use dilemma. It is unclear whether to answer dual-use requests, since the same query could be either harmless or harmful depending on who made it and why. To make better decisions, such systems would need to examine requests' real-world context, but currently, they lack access to this information. Instead, they sometimes end up making arbitrary choices that result in refusing legitimate queries and allowing harmful ones, which hurts both utility and safety. To address this, we propose a conceptual framework based on access controls where only verified users can access dual-use outputs. We describe the framework's components, analyse its feasibility, and explain how it addresses both over-refusals and under-refusals. While only a high-level proposal, our work takes the first step toward giving model providers more granular tools for managing dual-use content. Such tools would enable users to access more capabilities without sacrificing safety, and offer regulators new options for targeted policies.

Access Controls Will Solve the Dual-Use Dilemma

TL;DR

The paper tackles the dual-use dilemma in AI safety, where the appropriateness of answering a query hinges on real-world user context. It argues that current safety methods lack trustworthy contextual signals and proposes a verification-based access control framework that pairs content classification with user verification to restrict access to high-risk categories. Three implementation paths are explored—separate models, specialized expert modules using UNDO distillation and gradient routing, and post-processing classifiers—each with distinct robustness and practicality trade-offs. The authors discuss feasibility, potential to reduce over- and under-refusals, and open questions around privacy and global access, highlighting the framework’s potential to enable safer, more nuanced information access at inference time.

Abstract

AI safety systems face the dual-use dilemma. It is unclear whether to answer dual-use requests, since the same query could be either harmless or harmful depending on who made it and why. To make better decisions, such systems would need to examine requests' real-world context, but currently, they lack access to this information. Instead, they sometimes end up making arbitrary choices that result in refusing legitimate queries and allowing harmful ones, which hurts both utility and safety. To address this, we propose a conceptual framework based on access controls where only verified users can access dual-use outputs. We describe the framework's components, analyse its feasibility, and explain how it addresses both over-refusals and under-refusals. While only a high-level proposal, our work takes the first step toward giving model providers more granular tools for managing dual-use content. Such tools would enable users to access more capabilities without sacrificing safety, and offer regulators new options for targeted policies.
Paper Structure (21 sections, 2 figures, 1 table)

This paper contains 21 sections, 2 figures, 1 table.

Figures (2)

  • Figure 1: The dual-use dilemma: the same question could be harmless or harmful depending on who asks it. Should we refuse to answer it? Current safety systems must decide without knowing the user's context. This leads to over-refusals (blocking legitimate users) and under-refusals (allowing bad actors). Verification-based access controls solve this by detecting grey-zone questions, obtaining real-world context about users, and making contextual decisions that can get both cases right.
  • Figure 2: The schema shows how an access control system could be implemented with specialized expert modules. (1) The model begins to answer the question because it is trained to be helpful. (2) During the forward pass, the model detects the question is about virology and activates its virology expert module that contains relevant knowledge. (3) The activation of the expert is observed by an external mechanism that (4) checks in the company's database if the user has the required authorization to access virology knowledge. (5) Since they don't, the model is stopped. If they did, the model would be allowed to give an answer.