web analytics

Employees Say OpenAI Shields Whistleblowers From Regulators – Source: www.databreachtoday.com

employees-say-openai-shields-whistleblowers-from-regulators-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Artificial Intelligence & Machine Learning
,
Governance & Risk Management
,
Next-Generation Technologies & Secure Development

Complaint Seeks SEC Investigation of Whistleblower Practices, Financial Penalty

Rashmi Ramesh (rashmiramesh_) •
July 15, 2024    

Employees Say OpenAI Shields Whistleblowers From Regulators
Image: Shutterstock

Whistleblowers from OpenAI reportedly complained to the U.S. Securities and Exchange Commission that the company unlawfully restricted employees from alerting regulators of the artificial intelligence technology’s potential risks to humanity.

See Also: Close the Gapz in Your Security Strategy

The whistleblowers are seeking an investigation into these practices, The Washington Post said, citing a seven-page letter sent to SEC Chairman Gary Gensler.

The employees claim OpenAI imposed overly restrictive employment, severance and nondisclosure agreements that waived employees of federal rights to whistleblower compensation, requiring them to get the company’s consent before disclosing information to federal authorities.

The whistleblowers said the agreements violated federal laws designed to protect those looking to report corporate misconduct anonymously, without fear of retaliation.

“These contracts sent a message that ‘we don’t want employees talking to federal regulators,'” one whistleblower told The Washington Post anonymously, citing fears of retaliation. “AI companies cannot build technology that is safe and in the public interest if they shield themselves from scrutiny and dissent.”

OpenAI spokesperson Hannah Wong denied the allegations, saying that the company “believe(s) rigorous debate about this technology is essential and have already made important changes to our departure process to remove non-disparagement terms.”

The news comes on the heels of recent allegations that OpenAI did not report a data breach to federal law enforcement or make the news public. The company said it believes no customer information was stolen and the incident did not pose a national security threat. Some employees criticized that explanation, raising concerns about OpenAI’s commitment to cybersecurity and the potential for adversary nations such as China to steal AI information (see: OpenAI Did Not Disclose 2023 Breach to Feds, Public: Report).

OpenAI was founded as a nonprofit but controls a rapidly growing commercial business. Critics have expressed concerns that OpenAI may be prioritizing profit over safety. The company reportedly expedited the release of its latest AI model powering ChatGPT to meet a May deadline despite employee concerns about insufficient security testing, mere months after making a pledge to the White House to rigorously safety-test new versions to ensure its technology could not be misused. The company even set up a committee to make “critical” safety and security decisions for all of its projects in May, after disbanding its “superalignment” security team dedicated to preventing AI systems from going rogue (see: OpenAI Formulates Framework to Mitigate ‘Catastrophic Risks’.)

The super alignment safety team’s leaders – OpenAI co-founder Ilya Sutskever and Jan Leike – quit the company over their disagreement on the approach to security, as did policy researcher Gretchen Krueger.

Both Sutskever and Leike worked on addressing the long-term safety risks facing the company and the technology, and Leike in a social media post criticized OpenAI’s lack of support for the superalignment security team. “Over the past years, safety culture and processes have taken a backseat to shiny products,” Leike said. Sutskever was among the board members who in November removed Sam Altman from OpenAI only to see him reinstated as CEO five days later. Krueger said she decided to resign a few hours before her other two colleagues did, as she shared their security concerns.

“OpenAI’s policies and practices appear to cast a chilling effect on whistleblowers’ right to speak up and receive due compensation for their protected disclosures,” Sen. Chuck Grassley told the Post.

AI companies in the U.S. don’t have focused regulatory frameworks, making the role of whistleblowers to inform regulators even more crucial. “Current frontier AI development poses urgent and growing risks to national security. The rise of advanced AI and artificial general intelligence has the potential to destabilize global security in ways reminiscent of the introduction of nuclear weapons,” says a report commissioned by the U.S. Department of State.

The whistleblowers asked the SEC to force OpenAI to produce all employment, severance and investor agreements with nondisclosure clauses for review and to notify all past and current employees of their rights to confidentially in making complaints. They also asked the SEC to penalize OpenAI for every improper agreement.

Original Post url: https://www.databreachtoday.com/employees-say-openai-shields-whistleblowers-from-regulators-a-25769

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Secure Software Development Lifecycle Fundamentals by Codrut Andrei
Secure Software Development Lifecycle Fundamentals...
BUTTERWORTH-HEINEMANN
Security Operations Center Guidebook – A Practical Guide for a Successful SOC
Security Operations Center Guidebook –...
CISO Forum
CISO’s – First 100 Days Roadmap – Your success as a security leader is determined largely by your first 100 days in the role.
CISO’s – First 100 Days...
RedHat
State of Kubernetes Security Report 2022 by RedHat
State of Kubernetes Security Report...
National Cyber Security
Cyber Security Toolkit for Boards – Helping board members to get to grips with cyber security by NCSC
Cyber Security Toolkit for Boards...
WILEY
Cybercrime Investigators Handbook by WILEY
Cybercrime Investigators Handbook by WILEY
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

CASOS DE USO APLICABLES EN UN SIEM
CASOS DE USO APLICABLES EN...
IGNITE Technologies
Burp Suite for Pentester
Burp Suite for Pentester
The Institute of Internal auditors
Auditing Risk Culture
Auditing Risk Culture
DevSecOps Guide
ATTACKING PHP APPLICATIONS
ATTACKING PHP APPLICATIONS
DevSecOps Guide
ATTACKING KUBERNETES WITH SECURITY BEST PRACTICE
ATTACKING KUBERNETES WITH SECURITY BEST...
CLTC WHITE PAPER SERIES
Guidance for the Development of AI Risk and Impact Assessments
Guidance for the Development of...
Active Directory
Active Directory IT AuditChecklist
Active Directory IT AuditChecklist
A guide to business continuity planning
A guide to business continuity...
LOG RHYTHM
Using MITRE ATT&CK™ in Threat Huntingand Detection
Using MITRE ATT&CK™ in Threat...
Kaspersky
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
H2 2023 – A brief...
Andrey Prozorov
24 Great Cybersecurity Frameworks
24 Great Cybersecurity Frameworks
ENISA-EUROPA
SEGURIDAD DE TELECOMUNICACIONES
SEGURIDAD DE TELECOMUNICACIONES

More Latest Published Posts

SF-ISAC
Digital Operational Resilience Act
Digital Operational Resilience Act
SYNGRESS
DIGITAL FORENSICS WITH Open Source TOOLS
DIGITAL FORENSICS WITH Open Source TOOLS
IT REVOLUTION DEVOPS ENTERPRISE FORUM
DevOps Automated Governance Reference Architecture
DevOps Automated Governance Reference Architecture
SANS GIAC CERTIFICATIONS
Detecting Attacks on Web Applications from Log Files
Detecting Attacks on Web Applications from Log Files
EUROPEAN DATA PROTECTION SUPERVISOR
ANNUAL REPORT 2023
ANNUAL REPORT 2023
TechTarget
IT Disaster Recovery Plan Template
IT Disaster Recovery Plan Template
Opstune
IOC Scan Framework v2.0
IOC Scan Framework v2.0
Federal Office for Information Security
Indirect Prompt Injections
Indirect Prompt Injections
the Department of the Environment Climate and Communications
Guidelines on CyberSecurity Specifications
Guidelines on CyberSecurity Specifications
Edelman
INCIDENT RESPONSE REFERENCE GUIDE
INCIDENT RESPONSE REFERENCE GUIDE
Security METRICS
Security Metrics Guide to PCI DSS Compliance
Security Metrics Guide to PCI DSS Compliance
SOC TIPS Cybersecurity
Guia de Resposta a Incidentes de Segurança para LGPD
Guia de Resposta a Incidentes de Segurança para LGPD
CDCP
FIREWALL Audit CHECKLIST
FIREWALL Audit CHECKLIST
GitGuardian
Secrets Management Maturity Model
Secrets Management Maturity Model
MegaCorp One
Sample Penetration Test Report
Sample Penetration Test Report
FORTINET
Routing in FortiGate
Routing in FortiGate
FUTURE OF PRIVACY FORUM
Risk Framework Body Related Data (PD) Immersive Tech
Risk Framework Body Related Data (PD) Immersive Tech
ENISA
Remote ID Proofing Good Practices
Remote ID Proofing Good Practices
Google
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Red Canary
Threat Detection Report 2024
Threat Detection Report 2024
HADESS
Pwning the Domain Persistence
Pwning the Domain Persistence
Australian Goverment
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
CISC (Comité Internacional Sobre Ciberseguridad)
Política Nacional de Ciberseguridad 2023-2028
Política Nacional de Ciberseguridad 2023-2028
Google
Perspectiveson Securityfor the Board
Perspectiveson Securityfor the Board
HADESS
OSINT Method for Map Investigations
OSINT Method for Map Investigations
CCN-CERT
Observatorio Riesgos Ciberseguridad 2024
Observatorio Riesgos Ciberseguridad 2024
CYBERTHEORY
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
FORTINET
Bloking Malware Through Antivirus Security Profile in FortiGate
Bloking Malware Through Antivirus Security Profile in FortiGate