US SB3202

NSA Director, through the Artificial Intelligence Security Center, must develop and disseminate security guidance identifying vulnerabilities in AI technologies and supply chains, focusing on cybersecurity risks from foreign threat actors seeking theft or sabotage

Guidance must include strategies to protect model weights and sensitive artifacts, mitigate insider threats through personnel vetting, implement network access controls, and establish counterintelligence measures

NSA must engage with prominent AI developers and researchers, collaborate with National Laboratories and federally funded research centers, and consult with Commerce Department, NIST, DHS, and DoD in developing the guidance

Initial progress report required within 180 days of enactment; final guidance report due within 365 days to congressional intelligence committees, with both unclassified/public versions and classified annexes

Covers advanced AI systems with critical capabilities that would pose grave national security threats if stolen, including AI matching human expert performance in CBRN matters, cyber offense, model autonomy, persuasion, and self-improvement