Weekly Roundup (March 12, 2025)

Auditing AI systems post-deployment, pleas for standardization, superpowered scams and more

“Superpowered AI Scams” by DALL-E.

In this weekly Roundup:

1. Anonymized AI auditing and AI disclosure? The finalized NIST guidelines on differential privacy (DP).

2. Post-deployment monitoring is missing in action (MIA). A new report from Partnership on AI (PAI).

3. Industry asks for rules. Industry bodies write a letter rallying against the gutting of NIST.

4. OpenAI’s ambitious pricing scheme. OpenAI charges $20,000 a month.

5. Superpowered AI-driven scams. Do you know your grandmother’s voice?

---

1. Anonymized AI auditing and disclosure? The U.S. National Institute of Standards and Technology (NIST) finalized guidelines last week that help stakeholders evaluate differential privacy methods, vital to advancing privacy-preserving disclosures by platforms on their algorithms and platforms externally. Notes Wikipedia: “Differential privacy (DP) is a mathematically rigorous framework for releasing statistical information about datasets while protecting the privacy of individual data subjects. It enables a data holder to share aggregate patterns of the group while limiting information that is leaked about specific individuals.” It’s not a new method, but these guidelines are the first publication from NIST that aims to standardize implementation and aid interested parties looking to use this technology.

   
   With these new guidelines, and given strong existing usage of DP by tech companies internally, we believe that DP offers a promising approach to online disclosures and auditing that effectively navigates the tradeoff between privacy and safety. DP is already widely used by social media platforms to share user data externally with researchers while upholding their commitments to keeping users’ data private. (This blog post from Meta goes into more detail about how they’ve used DP to share data externally — back when Meta was willing to share data en-mass with researchers… RIP CrowdTangle.) Many platforms also use DP methods internally to preserve their users’ privacy.
   
   Given DP’s emphasis on user data — including how algorithms impact user behavior — DP can be an important backbone to making AI systems safer and more secure, through enhancing external audits and disclosures. DP methods can help us understand post-deployment outcomes and potential harms — i.e., actual usage. Anthropic’s Clio is probably the premium example of a DP auditing system currently used by a major AI company to understand post-deployment usage and moderation — and they disclose their analysis externally. But Anthropic still needs to make available the raw DP data externally. We propose that NIST DP standards should be used to help mainstream and standardize a Clio-like auditing approach to other AI platforms, including data from their APIs, in a way that makes the data accessible to approved researchers and regulators.
   

2. Post-deployment monitoring is missing in action (MIA). Speaking of post-deployment monitoring, Partnership on AI (PAI) has just released a comprehensive report on post-deployment governance practices. Their findings closely align with what we’ve been arguing: there is low evidence of AI companies tracking usage information and sharing it with third parties, low evidence of them reporting abuse, and no standardized body to compile incidents. What do they say hinders this process? A lack of standardization and established norms. Without best practices, and transparency to hold companies accountable to them, we’re left with finger pointing.

3. Industry asks for rules. In case you missed it in our post yesterday, technological industry bodies and AI advocacy groups are not happy about the gutting of NIST, the U.S. government’s standards body. In a letter sent to Commerce Secretary Howard Lutnick, they argued that: “downsizing NIST or eliminating these initiatives will have ramifications for the ability of the American AI industry to continue to lead globally.” It’s not just safety advocates who want standardization, industry is asking for it as well.
   
   The change in the letter’s rhetoric is also telling of the current political climate. Instead of arguing for safety or making points about existential risk, the authors invoke the latest language of AI policy — security and economic potential:
   
   “We recognize the need to shift priorities toward a security-focused approach that maximizes economic potential and continues to foster innovation. In this context, we emphasize that NIST’s work represents a high value investment that directly contributes to U.S. economic growth, competitiveness, and technological leadership.”
   
   Notably, the letter doesn’t include the word “safety” at all. Given that the White House’s latest approach to AI governance is increasingly a zero-sum competitive one, new approaches that go beyond “safety” are needed to mainstream adequate controls and standards within AI companies.

4. OpenAI’s ambitious pricing scheme. According to reporting from The Information, OpenAI has told investors that they plan to start charging up to $20,000/month for specialized agents that could replace a PhD level research assistant. This seems a little far fetched to us. If you grant that the AI agent is truly as powerful as promised, doesn’t hallucinate any facts, always provides correct citations, and never goes off track (something we have not yet seen), the price tag still seems hard to swallow. Researchers, even at the Ph.D level, rarely make anywhere close to $240,000 a year. OpenAI generated $3.7 billion in 2024 and estimates that it will make $12.7 billion this year, with a forecasted $3 billion of that from agentic products. However, they also forecasted that they will spend almost $7 billion this year with that amount only growing. They don’t plan to be profitable until around 2030. With this dramatic plan in both spending and revenue generation, it’s no surprise OpenAI is feeling the pressure to monetize as much as possible. It remains to be seen if consumers are convinced though.

5. Superpowered AI-driven scams. In a report released this week, Consumer Reports — an independent, nonprofit, and nonpartisan testing organization — shows just how easy it is for scammers to clone the voice of your grandmother asking you for $2,000. In a world full of anxiety about hypothetical existential risks from AI, harms are already happening, and AI spoofed voice schemes are a rising and extremely effective scam. Moreover, the report shows how many leading AI voice companies do not have sufficient safeguards against users abusing their platform. Many companies allow users to access their product for free and only require a cursory checkbox attesting that they will not be using the recording for illegal purposes. Since cloud companies and AI model providers rarely monitor general usage that carefully, they may unwittingly facilitating some of these scams.
   
   One policy suggestion is to look across the ocean to Japan, with the world’s oldest population, making it ground-zero for AI-driven scams targeting older people. Monitoring and mitigation measures that are implemented in Japan, if done carefully, could help lead the world in preventing AI-driven scams, especially for older, often less technologically savvy, people. Japan’s deflation and stock market is finally turning around (maybe). So why can’t it lead on this? We think it can.

---

---

Thanks for reading! If you liked this post and haven’t subscribed yet, subscribe now.