Position: In-House Evaluation Is Not Enough. Towards Robust Third-Party Evaluation and Flaw Disclosure for General-Purpose AI

Shayne Longpre; Kevin Klyman; Ruth E. Appel; Sayash Kapoor; Rishi Bommasani; Michelle Sahar; Sean McGregor; Avijit Ghosh; Borhane Blili Hamelin; Nathan Butters; Alondra Nelson; Amit Elazari; Andrew Sellars; Casey John Ellis; Dane Sherrets; Dawn Song; Harley Geiger; Ilona Cohen; Lauren McIlvenny; Madhulika Srikumar; Mark M. Jaycox; Markus Anderljung; Nadine Farid Johnson; Nicholas Carlini; Nicolas Miailhe; Nik Marda; Peter Henderson; Rebecca S. Portnoff; Rebecca Weiss; Victoria Westerhoff; Yacine Jernite; Rumman Chowdhury; Percy Liang; Arvind Narayanan

Position: In-House Evaluation Is Not Enough. Towards Robust Third-Party Evaluation and Flaw Disclosure for General-Purpose AI

Shayne Longpre
, Kevin Klyman
, Ruth E. Appel
, Sayash Kapoor
, Rishi Bommasani
, Michelle Sahar
, Sean McGregor
, Avijit Ghosh
, Borhane Blili Hamelin
, Nathan Butters
, Alondra Nelson
, Amit Elazari
, Andrew Sellars
, Casey John Ellis
, Dane Sherrets
, Dawn Song
, Harley Geiger
, Ilona Cohen
, Lauren McIlvenny
, Madhulika Srikumar

Mark M. Jaycox, Markus Anderljung, Nadine Farid Johnson, Nicholas Carlini, Nicolas Miailhe, Nik Marda, Peter Henderson, Rebecca S. Portnoff, Rebecca Weiss, Victoria Westerhoff, Yacine Jernite, Rumman Chowdhury, Percy Liang, Arvind Narayanan

Research output: Contribution to journal › Conference article › peer-review

1 Scopus citations

Abstract

The widespread deployment of general-purpose AI (GPAI) systems introduces significant new risks. Yet the infrastructure, practices, and norms for reporting flaws in GPAI systems remain seriously underdeveloped, lagging far behind more established fields like software security. Based on a collaboration between experts from the fields of software security, machine learning, law, social science, and policy, we identify key gaps in the evaluation and reporting of flaws in GPAI systems. We call for three interventions to advance system safety. First, we propose using standardized AI flaw reports and rules of engagementfor researchers in order to ease the process of submitting, reproducing, and triaging flaws inGPAI systems. Second, we propose GPAI system providers adopt broadly-scoped flaw disclosure programs, borrowing from bug bounties, with legal safe harbors to protect researchers. Third, we advocate for the development of improvedinfrastructure to coordinate distribution of flawreports across the many stakeholders who may beimpacted. These interventions are increasingly urgent, as evidenced by the prevalence of jailbreaks and other flaws that can transfer across different providers’ GPAI systems. By promoting robust reporting and coordination in the AI ecosystem, these proposals could significantly improve the safety, security, and accountability of GPAI systems.

Original language	English (US)
Pages (from-to)	81728-81758
Number of pages	31
Journal	Proceedings of Machine Learning Research
Volume	267
State	Published - 2025
Event	42nd International Conference on Machine Learning, ICML 2025 - Vancouver, Canada Duration: Jul 13 2025 → Jul 19 2025

All Science Journal Classification (ASJC) codes

Software
Control and Systems Engineering
Statistics and Probability
Artificial Intelligence

Cite this

Longpre, S., Klyman, K., Appel, R. E., Kapoor, S., Bommasani, R., Sahar, M., McGregor, S., Ghosh, A., Hamelin, B. B., Butters, N., Nelson, A., Elazari, A., Sellars, A., Ellis, C. J., Sherrets, D., Song, D., Geiger, H., Cohen, I., McIlvenny, L., ... Narayanan, A. (2025). Position: In-House Evaluation Is Not Enough. Towards Robust Third-Party Evaluation and Flaw Disclosure for General-Purpose AI. Proceedings of Machine Learning Research, 267, 81728-81758.

@article{abcef49dfcec4d46af6e7f2ec9add962,

title = "Position: In-House Evaluation Is Not Enough. Towards Robust Third-Party Evaluation and Flaw Disclosure for General-Purpose AI",

abstract = "The widespread deployment of general-purpose AI (GPAI) systems introduces significant new risks. Yet the infrastructure, practices, and norms for reporting flaws in GPAI systems remain seriously underdeveloped, lagging far behind more established fields like software security. Based on a collaboration between experts from the fields of software security, machine learning, law, social science, and policy, we identify key gaps in the evaluation and reporting of flaws in GPAI systems. We call for three interventions to advance system safety. First, we propose using standardized AI flaw reports and rules of engagementfor researchers in order to ease the process of submitting, reproducing, and triaging flaws inGPAI systems. Second, we propose GPAI system providers adopt broadly-scoped flaw disclosure programs, borrowing from bug bounties, with legal safe harbors to protect researchers. Third, we advocate for the development of improvedinfrastructure to coordinate distribution of flawreports across the many stakeholders who may beimpacted. These interventions are increasingly urgent, as evidenced by the prevalence of jailbreaks and other flaws that can transfer across different providers{\textquoteright} GPAI systems. By promoting robust reporting and coordination in the AI ecosystem, these proposals could significantly improve the safety, security, and accountability of GPAI systems.",

author = "Shayne Longpre and Kevin Klyman and Appel, \{Ruth E.\} and Sayash Kapoor and Rishi Bommasani and Michelle Sahar and Sean McGregor and Avijit Ghosh and Hamelin, \{Borhane Blili\} and Nathan Butters and Alondra Nelson and Amit Elazari and Andrew Sellars and Ellis, \{Casey John\} and Dane Sherrets and Dawn Song and Harley Geiger and Ilona Cohen and Lauren McIlvenny and Madhulika Srikumar and Jaycox, \{Mark M.\} and Markus Anderljung and Johnson, \{Nadine Farid\} and Nicholas Carlini and Nicolas Miailhe and Nik Marda and Peter Henderson and Portnoff, \{Rebecca S.\} and Rebecca Weiss and Victoria Westerhoff and Yacine Jernite and Rumman Chowdhury and Percy Liang and Arvind Narayanan",

note = "Publisher Copyright: {\textcopyright} 2025 by the author(s).; 42nd International Conference on Machine Learning, ICML 2025 ; Conference date: 13-07-2025 Through 19-07-2025",

year = "2025",

language = "English (US)",

volume = "267",

pages = "81728--81758",

journal = "Proceedings of Machine Learning Research",

issn = "2640-3498",

publisher = "ML Research Press",

}

Longpre, S, Klyman, K, Appel, RE, Kapoor, S, Bommasani, R, Sahar, M, McGregor, S, Ghosh, A, Hamelin, BB, Butters, N, Nelson, A, Elazari, A, Sellars, A, Ellis, CJ, Sherrets, D, Song, D, Geiger, H, Cohen, I, McIlvenny, L, Srikumar, M, Jaycox, MM, Anderljung, M, Johnson, NF, Carlini, N, Miailhe, N, Marda, N, Henderson, P, Portnoff, RS, Weiss, R, Westerhoff, V, Jernite, Y, Chowdhury, R, Liang, P & Narayanan, A 2025, 'Position: In-House Evaluation Is Not Enough. Towards Robust Third-Party Evaluation and Flaw Disclosure for General-Purpose AI', Proceedings of Machine Learning Research, vol. 267, pp. 81728-81758.

TY - JOUR

T1 - Position

T2 - 42nd International Conference on Machine Learning, ICML 2025

AU - Longpre, Shayne

AU - Klyman, Kevin

AU - Appel, Ruth E.

AU - Kapoor, Sayash

AU - Bommasani, Rishi

AU - Sahar, Michelle

AU - McGregor, Sean

AU - Ghosh, Avijit

AU - Hamelin, Borhane Blili

AU - Butters, Nathan

AU - Nelson, Alondra

AU - Elazari, Amit

AU - Sellars, Andrew

AU - Ellis, Casey John

AU - Sherrets, Dane

AU - Song, Dawn

AU - Geiger, Harley

AU - Cohen, Ilona

AU - McIlvenny, Lauren

AU - Srikumar, Madhulika

AU - Jaycox, Mark M.

AU - Anderljung, Markus

AU - Johnson, Nadine Farid

AU - Carlini, Nicholas

AU - Miailhe, Nicolas

AU - Marda, Nik

AU - Henderson, Peter

AU - Portnoff, Rebecca S.

AU - Weiss, Rebecca

AU - Westerhoff, Victoria

AU - Jernite, Yacine

AU - Chowdhury, Rumman

AU - Liang, Percy

AU - Narayanan, Arvind

PY - 2025

Y1 - 2025

N2 - The widespread deployment of general-purpose AI (GPAI) systems introduces significant new risks. Yet the infrastructure, practices, and norms for reporting flaws in GPAI systems remain seriously underdeveloped, lagging far behind more established fields like software security. Based on a collaboration between experts from the fields of software security, machine learning, law, social science, and policy, we identify key gaps in the evaluation and reporting of flaws in GPAI systems. We call for three interventions to advance system safety. First, we propose using standardized AI flaw reports and rules of engagementfor researchers in order to ease the process of submitting, reproducing, and triaging flaws inGPAI systems. Second, we propose GPAI system providers adopt broadly-scoped flaw disclosure programs, borrowing from bug bounties, with legal safe harbors to protect researchers. Third, we advocate for the development of improvedinfrastructure to coordinate distribution of flawreports across the many stakeholders who may beimpacted. These interventions are increasingly urgent, as evidenced by the prevalence of jailbreaks and other flaws that can transfer across different providers’ GPAI systems. By promoting robust reporting and coordination in the AI ecosystem, these proposals could significantly improve the safety, security, and accountability of GPAI systems.

AB - The widespread deployment of general-purpose AI (GPAI) systems introduces significant new risks. Yet the infrastructure, practices, and norms for reporting flaws in GPAI systems remain seriously underdeveloped, lagging far behind more established fields like software security. Based on a collaboration between experts from the fields of software security, machine learning, law, social science, and policy, we identify key gaps in the evaluation and reporting of flaws in GPAI systems. We call for three interventions to advance system safety. First, we propose using standardized AI flaw reports and rules of engagementfor researchers in order to ease the process of submitting, reproducing, and triaging flaws inGPAI systems. Second, we propose GPAI system providers adopt broadly-scoped flaw disclosure programs, borrowing from bug bounties, with legal safe harbors to protect researchers. Third, we advocate for the development of improvedinfrastructure to coordinate distribution of flawreports across the many stakeholders who may beimpacted. These interventions are increasingly urgent, as evidenced by the prevalence of jailbreaks and other flaws that can transfer across different providers’ GPAI systems. By promoting robust reporting and coordination in the AI ecosystem, these proposals could significantly improve the safety, security, and accountability of GPAI systems.

UR - https://www.scopus.com/pages/publications/105023492962

UR - https://www.scopus.com/pages/publications/105023492962#tab=citedBy

M3 - Conference article

AN - SCOPUS:105023492962

SN - 2640-3498

VL - 267

SP - 81728

EP - 81758

JO - Proceedings of Machine Learning Research

JF - Proceedings of Machine Learning Research

Y2 - 13 July 2025 through 19 July 2025

ER -

Position: In-House Evaluation Is Not Enough. Towards Robust Third-Party Evaluation and Flaw Disclosure for General-Purpose AI

Abstract

All Science Journal Classification (ASJC) codes

Other files and links

Fingerprint

Cite this