[Congressional Record Volume 169, Number 123 (Tuesday, July 18, 2023)]
[Senate]
[Pages S3006-S3007]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

  SA 829. Mr. ROUNDS (for himself, Mr. Schumer, Mr. Young, and Mr. 
Heinrich) submitted an amendment intended to be proposed by him to the 
bill S. 2226, to authorize appropriations for fiscal year 2024 for 
military activities of the Department of Defense, for military 
construction, and for defense activities of the Department of Energy, 
to prescribe military personnel strengths for such fiscal year, and for 
other purposes; which was ordered to lie on the table; as follows:

       At the appropriate place in title X, insert the following:

  Subtitle __--Additional Matters Relating to Artificial Intelligence

     SEC. ___. REPORT ON ARTIFICIAL INTELLIGENCE REGULATION IN 
                   FINANCIAL SERVICES INDUSTRY.

       (a) In General.--Not later than 90 days after the date of 
     enactment of this Act, each of the Board of Governors of the 
     Federal Reserve System, the Federal Deposit Insurance 
     Corporation, the Office of the Comptroller of the Currency, 
     the National Credit Union Administration, and the Bureau of 
     Consumer Financial Protection shall submit to the Committee 
     on Banking, Housing and Urban Affairs of the Senate and the 
     Committee on Financial Services of the House of 
     Representatives a report on its gap in knowledge relating to 
     artificial intelligence, including an analysis on--
       (1) which tasks are most frequently being assisted or 
     completed with artificial intelligence in the institutions 
     the agency regulates;
       (2) current governance standards in place for artificial 
     intelligence use at the agency and current standards in place 
     for artificial intelligence oversight by the agency;
       (3) potentially additional regulatory authorities required 
     by the agency to continue to successfully execute its 
     mission;
       (4) where artificial intelligence may lead to overlapping 
     regulatory issues between agencies that require 
     clarification;
       (5) how the agency is currently using artificial 
     intelligence, how the agency plans to use such artificial 
     intelligence the next 3 years, and the expected impact, 
     including fiscal and staffing, of those plans; and
       (6) what resources, monetary or other resources, if any, 
     the agency requires to both adapt to the changes that 
     artificial intelligence will bring to the regulatory 
     landscape and to adequately adopt and oversee the use of 
     artificial intelligence across its operations described in 
     paragraph (5).
       (b) Rule of Construction.--Nothing in this section may be 
     construed to require an agency to include confidential 
     supervisory information or pre-decisional or deliberative 
     non-public information in a report under this section.

     SEC. ___. ARTIFICIAL INTELLIGENCE BUG BOUNTY PROGRAMS.

       (a) Program for Foundational Artificial Intelligence 
     Products Being Incorporated by Department of Defense.--
       (1) Development required.--Not later than 180 days after 
     the date of the enactment of this Act and subject to the 
     availability of appropriations, the Chief Data and Artificial 
     Intelligence Officer of the Department of Defense shall 
     develop a bug bounty program for foundational artificial 
     intelligence models being integrated into Department of 
     Defense missions and operations.
       (2) Collaboration.--In developing the program required by 
     paragraph (1), the Chief may collaborate with the heads of 
     other government agencies that have expertise in 
     cybersecurity and artificial intelligence.
       (3) Implementation authorized.--The Chief may carry out the 
     program developed pursuant to subsection (a).
       (4) Contracts.--The Secretary of Defense shall ensure, as 
     may be appropriate, that whenever the Department of Defense 
     enters into any contract, the contract allows for 
     participation in the bug bounty program developed pursuant to 
     paragraph (1).
       (5) Rule of construction.--Nothing in this subsection shall 
     be construed to require--
       (A) the use of any foundational artificial intelligence 
     model; or
       (B) the implementation of the program developed pursuant to 
     paragraph (1) in order for the Department to incorporate a 
     foundational artificial intelligence model.
       (b) Briefing.--Not later than one year after the date of 
     the enactment of this Act, the Chief shall provide the 
     congressional defense committees a briefing on--
       (1) the development and implementation of bug bounty 
     programs the Chief considers relevant to the matters covered 
     by this section; and
       (2) long-term plans of the Chief with respect to such bug 
     bounty programs.
       (c) Definition of Foundational Artificial Intelligence 
     Model.--In this section, the term ``foundational artificial 
     intelligence model'' means an adaptive generative model that 
     is trained on a broad set of unlabeled data sets that can be 
     used for different tasks, with minimal fine-tuning.

     SEC. ___. VULNERABILITY ANALYSIS STUDY FOR ARTIFICIAL 
                   INTELLIGENCE-ENABLED MILITARY APPLICATIONS.

       (a) Study Required.--Not later than one year after the date 
     of the enactment of this Act, the Chief Digital and 
     Artificial Intelligence Officer (CDAO) of the Department of 
     Defense shall complete a study analyzing the vulnerabilities 
     to the privacy, security, and accuracy of, and capacity to 
     assess, artificial intelligence-enabled military 
     applications, as well as research and development needs for 
     such applications.
       (b) Elements.--The study required by subsection (a) shall 
     cover the following:
       (1) Research and development needs and transition pathways 
     to advance explainable and interpretable artificial 
     intelligence-enabled military applications, including the 
     capability to assess the underlying algorithms and data 
     models of such applications.
       (2) Assessing the potential risks to the privacy, security, 
     and accuracy of underlying architectures and algorithms of 
     artificial intelligence-enabled military applications, 
     including the following:
       (A) Individual foundational artificial intelligence models, 
     including the adequacy of existing testing, training, and 
     auditing for such models to ensure models can be properly 
     assessed over time.
       (B) The interactions of multiple artificial intelligence-
     enabled military applications, and the ability to detect and 
     assess new, complex, and emergent behavior amongst individual 
     agents, as well as the collective impact, including how such 
     changes may affect risk to privacy, security, and accuracy 
     over time.
       (C) The impact of increased agency in artificial 
     intelligence-enabled military applications and how such 
     increased agency may affect the ability to detect and assess 
     new, complex, and emergent behavior, as well risks to the 
     privacy, security, and accuracy of such applications over 
     time.
       (3) Assessing the survivability and traceability of 
     decision support systems that are integrated with artificial 
     intelligence-enabled military applications and used in a 
     contested environment, including--
       (A) potential benefits and risks to Department of Defense 
     missions and operations of implementing such applications; 
     and
       (B) other technical or operational constraints to ensure 
     such decision support systems that are integrated with 
     artificial intelligence-enabled military applications are 
     able to adhere to the Department of Defense Ethical 
     Principles for Artificial Intelligence.
       (4) Identification of existing artificial intelligence 
     metrics, developmental, testing and audit capabilities, 
     personnel, and infrastructure within the Department of 
     Defense, including test and evaluation facilities, needed to 
     enable ongoing identification and assessment under paragraphs 
     (1) through (3), and other factors such as--
       (A) implications for deterrence systems based on systems 
     warfare; and
       (B) vulnerability to systems confrontation on the system 
     and system-of-systems level.
       (5) Identification of gaps or research needs to 
     sufficiently respond to the elements outlined in this 
     subsection that are not currently, or not sufficiently, 
     funded within the Department of Defense.
       (c) Coordination.--In carrying out the study required by 
     subsection (a), the Chief Digital and Artificial Intelligence 
     Officer shall coordinate with the following:
       (1) The Director of the Defense Advanced Research Projects 
     Agency (DARPA).
       (2) The Under Secretary of Defense for Research and 
     Evaluation.
       (3) The Under Secretary of Defense for Policy.
       (4) The Director for Operational Test and Evaluation 
     (DOT&E) of the Department.
       (5) As the Chief Digital and Artificial Intelligence 
     Officer considers appropriate, the following:
       (A) The Secretary of Energy.
       (B) The Director of the National Institute of Standards and 
     Technology.
       (C) The Director of the National Science Foundation.
       (D) The head of the National Artificial Intelligence 
     Initiative Office of the Office of Science and Technology 
     Policy.
       (E) Members and representatives of industry.
       (F) Members and representatives of academia.
       (d) Interim Briefing.--Not later than 180 days after the 
     date of the enactment of this Act, the Chief Digital and 
     Artificial Intelligence Officer shall provide the 
     congressional defense committees a briefing on the interim 
     findings of the Chief Digital and Artificial Intelligence 
     Officer with respect to the study being conducted pursuant to 
     subsection (a).
       (e) Final Report.--
       (1) In general.--Not later than one year after the date of 
     the enactment of this Act, the Chief Digital and Artificial 
     Intelligence

[[Page S3007]]

     Officer shall submit to the congressional defense committees 
     a final report on the findings of the Chief Digital and 
     Artificial Intelligence Officer with respect to the study 
     conducted pursuant to subsection (a).
       (2) Form.--The final report submitted pursuant to paragraph 
     (1) shall be submitted in unclassified for, but may include a 
     classified annex.
       (f) Definition of Foundational Artificial Intelligence 
     Model.--In this section, the term ``foundational artificial 
     intelligence model'' means an adaptive generative model that 
     is trained on a broad set of unlabeled data sets that can be 
     used for different tasks, with minimal fine-tuning.

     SEC. ___. REPORT ON DATA SHARING AND COORDINATION.

       (a) In General.--Not later than 180 days after the date of 
     the enactment of this Act, the Secretary of Defense shall 
     submit to the congressional defense committees a report on 
     ways to improve data sharing, interoperability, and quality, 
     as may be appropriate, across the Department of Defense.
       (b) Contents.--The report submitted pursuant to subsection 
     (a) shall include the following:
       (1) A description of policies, practices, and cultural 
     barriers that impede data sharing and interoperability, and 
     lead to data quality issues, among components of the 
     Department.
       (2) The impact a lack of appropriate levels of data 
     sharing, interoperability, and quality has on Departmental 
     collaboration, efficiency, interoperability, and joint-
     decisionmaking.
       (3) A review of current efforts to promote appropriate data 
     sharing, including to centralize data management, such as the 
     AVANA program.
       (4) A description of near-, mid-, and long-term efforts 
     that the Office of the Secretary of Defense plans to 
     implement to promote data sharing and interoperability, 
     including efforts to improve data quality.
       (5) A detailed plan to implement a data sharing and 
     interoperability strategy that supports effective development 
     and employment of artificial intelligence-enabled military 
     applications.
       (6) A detailed assessment of the implementation of the 
     Department of Defense Data Strategy issued in 2020, as well 
     as the use of data decrees to improve management rigor in the 
     Department when it comes to data sharing and 
     interoperability.
       (7) Any recommendations for Congress with respect to 
     assisting the Department in these efforts.
                                 ______