119-hr3919

[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3919 Introduced in House

    (IH) ]

<DOC>

119th CONGRESS
 1st Session
 H. R. 3919

 To direct the Director of the National Security Agency to develop 
 strategies to secure artificial intelligence related technologies.

_______________________________________________________________________

 IN THE HOUSE OF REPRESENTATIVES

 June 11, 2025

 Mr. LaHood (for himself, Mr. Moolenaar, Mr. Gottheimer, and Mr. 
 Krishnamoorthi) introduced the following bill; which was referred to 
 the Permanent Select Committee on Intelligence

_______________________________________________________________________

 A BILL

 To direct the Director of the National Security Agency to develop 
 strategies to secure artificial intelligence related technologies.

 Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

 This Act may be cited as the ``Advanced AI Security Readiness 
Act''.

SEC. 2. AI SECURITY PLAYBOOK.

    (a) Requirement.--The Director of the National Security Agency, 
acting through the Artificial Intelligence Security Center (or 
successor office), shall develop strategies (in this section referred 
to as the ``AI Security Playbook'') to defend covered AI technologies 
from technology theft by threat actors.

    (b) Elements.--The AI Security Playbook under subsection

    (a) shall 
include the following:

    (1) Identification of potential vulnerabilities in advanced 
 AI data centers and among advanced AI developers capable of 
 producing covered AI technologies, with a focus on 
 cybersecurity risks and other security challenges that are 
 unique to protecting covered AI technologies and critical 
 components of such technologies (such as threat vectors that do 
 not typically arise, or are less severe, in the context of 
 conventional information technology systems).

    (2) Identification of components or information that, if 
 accessed by threat actors, would meaningfully contribute to 
 progress made by the actor with respect to developing covered 
 AI technologies, including with respect to--
        (A) AI models and key components of such models;
        (B) core insights relating to the development of 
 advanced AI systems, including with respect to training 
 such systems, the inferences made by such systems, and 
 the engineering of such systems; and
            (C) other related information.

    (3) Strategies to detect, prevent, and respond to cyber 
 threats by threat actors targeting covered AI technologies.

    (4) Identification of the levels of security, if any, that 
 would require substantial involvement by the United States 
 Government in the development or oversight of highly advanced 
 AI systems.

    (5) Analysis of how the United States Government would be 
 involved to achieve the levels of security identified in 
 paragraph

    (4) , including a description of a hypothetical 
 initiative to build covered AI technology systems in a highly 
 secure governmental environment, considering, at a minimum, 
 cybersecurity protocols, provisions to protect model weights, 
 efforts to mitigate insider threats (including personnel 
 vetting and security clearance adjudication processes), access 
 control procedures, counterintelligence and anti-espionage 
 measures, contingency and emergency response plans, and other 
 strategies that would be used to reduce threats of technology 
 theft by threat actors.
            (c) Form.--The AI Security Playbook under subsection

    (a) shall 
include--

    (1) detailed methodologies and intelligence assessments, 
 which may be contained in a classified annex; and

    (2) an unclassified portion with general guidelines and 
 best practices suitable for dissemination to relevant 
 individuals, including in the private sector.
            (d) Engagement.--

    (1) In general.--In developing the AI Security Playbook 
 under subsection

    (a) , the Director shall--
        (A) engage with prominent AI developers and 
 researchers, as determined by the Director, to assess 
 and anticipate the capabilities of highly advanced AI 
 systems relevant to national security, including by--
            (i) conducting a comprehensive review of 
 industry documents pertaining to the security 
 of AI systems with respect to preparedness 
 frameworks, scaling policies, risk management 
 frameworks, and other matters;
            (ii) conducting interviews with subject 
 matter experts;
            (iii) hosting roundtable discussions and 
 expert panels; and
            (iv) visiting facilities used to develop 
 AI; and
        (B) to leverage existing expertise and research, 
 collaborate with a federally funded research and 
 development center that has conducted research on 
 strategies to secure AI models from nation-state actors 
 and other highly resourced actors.

    (2) Nonapplicability of faca.--None of the activities 
 described in this subsection shall be construed to establish or 
 use an advisory committee subject to chapter 10 of title 5, 
 United States Code.

    (e) Reports.--

    (1) Initial report.--Not later than 90 days after the date 
 of the enactment of this Act, the Director shall submit to the 
 appropriate congressional committees a report on the AI 
 Security Playbook under subsection

    (a) , including a summary of 
 progress on the development of Playbook, an outline of 
 remaining sections, and any relevant insights about AI 
 security.

    (2) Final report.--Not later than 270 days after the date 
 of enactment of this Act, the Director shall submit to the 
 appropriate congressional committees a report on the Playbook.

    (3) Form.--The report submitted under paragraph

    (2) --
        (A) shall include--
            (i) an unclassified version suitable for 
 dissemination to relevant individuals, 
 including in the private sector; and
            (ii) a publicly available version; and
        (B) may include a classified annex.

    (f) Rule of Construction.--Nothing in subsection

    (b)

    (4) shall be 
construed to authorize or require any regulatory or enforcement action 
by the United States Government.

    (g) 

=== Definitions. ===
-In this section:

    (1) The term ``appropriate congressional committees'' means 
 the Permanent Select Committee on Intelligence of the House of 
 Representatives and the Select Committee on Intelligence of the 
 Senate.

    (2) The terms ``artificial intelligence'' and ``AI'' have 
 the meaning given the term ``artificial intelligence'' in 
 

section 238

    (g) of the John S. McCain National Defense 
 Authorization Act for Fiscal Year 2019 (Public Law 115-232; 10 
 U.S.C. note prec. 4061).

    (3) The term ``covered AI technologies'' means advanced AI 
 (whether developed by the private sector, the United States 
 Government, or a public-private partnership) with critical 
 capabilities that the Director determines would pose a grave 
 national security threat if acquired or stolen by threat 
 actors, such as AI systems that match or exceed human expert 
 performance in relating to chemical, biological, radiological, 
 and nuclear matters, cyber offense, model autonomy, persuasion, 
 research and development, and self-improvement.

    (4) The term ``technology theft'' means any unauthorized 
 acquisition, replication, or appropriation of covered AI 
 technologies or components of such technologies, including 
 models, model weights, architectures, or core algorithmic 
 insights, through any means, such as cyber attacks, insider 
 threats, and side-channel attacks, or exploitation of public 
 interfaces.

    (5) The term ``threat actors'' means nation-state actors 
 and other highly resourced actors capable of technology theft.
 <all>