On Thursday last week, a memorandum for the heads of executive departments and agencies by Michael J. Kratsios, Assistant to the President for Science and Technology and Director of the Office of Science and Technical Policy was released with the subject 'Adversarial Distillation of American AI Models'. The memorandum casts unauthorised industrial-scale distillation as a threat to American AI.

Kratsios asserts that the 'United States leads the world in artificial intelligence (AI) technologies' built on 'decades of foundational research, bold entrepreneurial risk-taking, and hundreds of billions of dollars in annual private investment.' Kratsios credits American AI leaderships with driving economic growth, strengthening national security, advancing the frontiers of science, medicine and human knowledge, raising living standards, expanding opportunity and improving lives around the world. It informs recipients that the US Government 'has information indicating that foreign entities, principally based in China, are engaged in deliberate, industrial-scale campaigns to distill U.S. frontier AI systems.'

While the US Government recognises legitimate uses of AI distillation such as when used to produce smaller, lighter-weight models from more advanced systems is 'a vital part of that ecosystem' the memorandum condemns 'Industrial distillation activities that aim to systematically undermine American research and development and access proprietary information, however, are unacceptable.'

Kratsios contends that these distillation actions 'systematically extract capabilities from American AI models, exploiting American expertise and innovation' using 'tens of thousands of proxy accounts to evade detection and using jailbreaking techniques to expose proprietary information.' While distillation do not replicate the full performance of the original model, they 'enable foreign actors to release products that appear to perform comparably on select benchmarks at a fraction of the cost' of developing the original model.

Distillation allows actors to deliberately strip security protocols from the resulting models and undo mechanisms that ensure those AI models are ideologically neutral and truth-seeking. To address the threat, the Trump administration will:

  • share information about unauthorised industrial-scale distillation including tactics and actors with US AI companies
  • enable better private sector coordination
  • cooperate with industry to develop best practices to identify, mitigate and remediate industrial-scale distillation and build strong defences against it
  • explore measures to hold foreign actors accountable for industrial-scale distillation campaigns.

Kratsios then derides unauthorised industrial-scale distillation, saying there is nothing innovative about it, there is nothing open about 'supposedly open models that are derived from acts of malicious exploitation' and building AI capabilities on distillation is 'fragile foundations' providing 'little confidence in the integrity and reliability of the [resulting] models.'

The memorandum also states that the US 'is committed to the free and fair development of AI technologies across a competitive ecosystem, from leading frontier models to highly-tuned applied systems, and from open-source frameworks to open-weight models.'