Why do you think we are dropping the ball on ARA?
I think many members of the policy community feel like ARA is “weird” and therefore don’t want to bring it up. It’s much tamer to talk about CBRN threats and bioweapons. It also requires less knowledge and general competence– explaining ARA and autonomous systems risks is difficult, you get more questions, you’re more likely to explain something poorly, etc.
Historically, there was also a fair amount of gatekeeping, where some of the experienced policy people were explicitly discouraging people from being explicit about AGI threat models (this still happens to some degree, but I think the effect is much weaker than it was a year ago.)
With all this in mind, I currently think raising awareness about ARA threat models and AI R&D threat models is one of the most important things for AI comms/policy efforts to get right.
In the status quo, even if the evals go off, I don’t think we have laid the intellectual foundation required for policymakers to understand why the evals are dangerous. “Oh interesting– an AI can make copies of itself? A little weird but I guess we make copies of files all the time, shrug.” or “Oh wow– AI can help with R&D? That’s awesome– seems very exciting for innovation.”
I do think there’s a potential to lay the intellectual foundation before it’s too late, and I think many groups are starting to be more direct/explicit about the “weirder” threat models. Also, I think national security folks have more of a “take things seriously and worry about things even if there isn’t clear empirical evidence yet” mentality than ML people. And I think typical policymakers fall somewhere in between.
Potentially unpopular take, but if you have the skillset to do so, I’d rather you just come up with simple/clear explanations for why ARA is dangerous, what implications this has for AI policy, present these ideas to policymakers, and iterate on your explanations as you start to see why people are confused.
Note also that in the US, the NTIA has been tasked with making recommendations about open-weight models. The deadline for official submissions has ended but I’m pretty confident that if you had something you wanted them to know, you could just email it to them and they’d take a look. My impression is that they’re broadly aware of extreme risks from certain kinds of open-sourcing but might benefit from (a) clearer explanations of ARA threat models and (b) specific suggestions for what needs to be done.