Access Controls Will Solve the Dual-Use Dilemma
Evžen Wybitul
TL;DR
The paper tackles the dual-use dilemma in AI safety, where the appropriateness of answering a query hinges on real-world user context. It argues that current safety methods lack trustworthy contextual signals and proposes a verification-based access control framework that pairs content classification with user verification to restrict access to high-risk categories. Three implementation paths are explored—separate models, specialized expert modules using UNDO distillation and gradient routing, and post-processing classifiers—each with distinct robustness and practicality trade-offs. The authors discuss feasibility, potential to reduce over- and under-refusals, and open questions around privacy and global access, highlighting the framework’s potential to enable safer, more nuanced information access at inference time.
Abstract
AI safety systems face the dual-use dilemma. It is unclear whether to answer dual-use requests, since the same query could be either harmless or harmful depending on who made it and why. To make better decisions, such systems would need to examine requests' real-world context, but currently, they lack access to this information. Instead, they sometimes end up making arbitrary choices that result in refusing legitimate queries and allowing harmful ones, which hurts both utility and safety. To address this, we propose a conceptual framework based on access controls where only verified users can access dual-use outputs. We describe the framework's components, analyse its feasibility, and explain how it addresses both over-refusals and under-refusals. While only a high-level proposal, our work takes the first step toward giving model providers more granular tools for managing dual-use content. Such tools would enable users to access more capabilities without sacrificing safety, and offer regulators new options for targeted policies.
