ABEJA.inc: G7 Hiroshima AI Process (HAIP) Transparency Report

Based on factors such as the use case, the user, and the content of the AI's inference, we classify risks according to the entities affected by the risk, and the nature and content of the rights and interests that are impacted.

At the planning stage of AI development, before an AI's release, and upon major functional improvements, it is our practice to consult with the team responsible for AI risk management. This team conducts a risk assessment to perform risk identification and evaluation. In identifying risks, we carry out activities such as researching past incidents, exchanging opinions with domain experts, consulting with external specialists, and reviewing relevant documents and guidelines.

We identify appropriate, industry-accepted testing methodologies by researching relevant literature. Subsequently, we conduct mandatory testing prior to release and evaluate the results to determine whether to proceed with deployment.

We utilize both quantitative and qualitative metrics. We conduct a holistic assessment from various perspectives to evaluate the overall level of risk, noting that these metrics—particularly quantitative ones—do not measure the precise magnitude of the risk itself.

Reporting mechanisms for vulnerabilities and other related issues are available through the repository where the LLM is published.

We do not utilize incentive programs for the discovery of vulnerabilities or other issues.

We sought opinions from an advisory council composed of external experts prior to development.

Regarding the reporting of vulnerabilities and other related issues, the repository where the LLM is published facilitates open discussion, which allows such reports to be made.

Employees from our company are significantly involved in the development of the Japanese government's AI Guidelines for Business, serving as the member of the deliberation committee. Furthermore, one of the employees is serving as the member of the Global Partnership on AI (GPAI) as an expert.

We exchange opinions with various stakeholders through academia (such as universities), industry associations, and government bodies. Additionally, our organization has established an advisory committee composed of diverse external experts, whom we consult as needed.

Prior to AI development, consultation with the legal team responsible for AI risk management is mandatory. Upon consultation, the legal team conducts an AI risk assessment and establishes risk mitigation measures. Before an AI is released, it must undergo predefined tests, and only those that pass are released. We follow similar steps for large-scale additional training.

Based on the test results, we take necessary actions, such as re-training the model.

It depends on the circumstances, but testing is always conducted at least prior to release.

We define inappropriate data in advance and use filters and other methods to exclude it from the training data.

Under Japanese law, the use of copyrighted works for the purpose of information analysis is permitted as an exception to copyright. At the output level, we prevent the generation of content similar to the training data by using an enormous volume of training data.

While the definition of privacy can vary, regarding the protection of confidential information—which is central to privacy—we fundamentally use only publicly available information for our training data.

1.We conduct security risk assessments based on standards such as ISO.

2.We manage access controls according to the importance of information assets. Data is stored using highly secure cloud servers.

3. We employ a continuous, risk-based approach based on standards such as ISO, executing a clear lifecycle of vulnerability identification, prioritization, response, re-evaluation, and improvement.

4. Measures are reviewed at least annually, and additionally as needed

5.We have internal regulations regarding the prohibition of insider threat and related activities.

We maintain a continuous, ISMS-compliant security posture across the entire AI system. We comprehensively address vulnerabilities, incidents, emerging risks, and misuse through risk assessment from the design phase, strict vulnerability management, and real-time post-deployment monitoring and incident response.

i. We disclose information at the time of release. Subsequently, we plan to update the disclosures as necessary when new information is obtained.

ii. Model version upgrades have not yet been implemented.

iii. Information regarding harmful bias, discrimination, threats to privacy or personal data protection, and fairness is described within the procedures for constructing the dataset used for the model.

https://github.com/abeja-inc/Megatron-LM/blob/main/docs/dataset/about_data.md

https://tech-blog.abeja.asia/entry/abeja-nedo-project-part2-202405

We make this information publicly available through blogs and other formats.

We publish a privacy policy.

https://www.abejainc.com/security-policy-and-privacy-policy

This information is published on our blog and elsewhere.

We disclose our initiatives for Advanced AI at various presentation opportunities, such as serving as references for the government and through research at universities.

AI risk management is stipulated in various internal regulations, including our risk management policy. We have appointed a head of AI risk management within the company. We plan to revise these policies as necessary

Yes. The head of AI risk management conducts company-wide seminars on AI risks.

We have formulated an AI policy and made it publicly available on our website.

https://www.abejainc.com/ai-policy

Incident reports are documented and managed in accordance with internal regulations.

We disclose this information on the system screen for SaaS models, and on the repository for Open Access models

We publish our Advanced AI on a public repository. We will disclose incident information on this repository.

Our AI risk manager is an expert at the Global Partnership on AI (GPAI) and shares information through GPAI projects. Additionally, our employees may serve as members of Japanese government committees on AI risk management, sharing information through such committees. We also belong to the Japan Deep Learning Association (JDLA), one of Japan's largest industrial organizations for AI, and provide information through it.

We reference ISO 42001, the (Japanese) AI Guidelines for Business, and the NIST AI RMF

For services such as chatbots, we indicate that it is an AI chatbot on the system's top screen or equivalent location.

We clearly indicate on the service screen that it is a generative AI service.

Our R&D team researches various cutting-edge AI technologies, including the themes listed. As a company, we also participate in various research groups in academia and other areas to conduct research on these topics.

We are currently investigating the usefulness of such content authentication itself.

We do so through joint projects with universities and the government

We conduct various literature reviews and present our findings at government committees and other venues. Additionally, our employees individually publish papers and books.

We are advancing research with the government on the use of AI in the medical field, among other areas.

We frequently dispatch lecturers to university lectures and to seminars held by industry associations and academic societies. 

We emphasize the perspective of responsible AI and do not develop or accept contracts for AI that poses human rights issues.

We frequently exchange opinions with government bodies, universities, industry associations, and academic societies.