Dual use in AI describes the inherent double-edged nature of many AI capabilities. 

A generative AI model trained to assist researchers can also help bad actors synthesise dangerous substances. A facial recognition system designed to find missing children can be repurposed for mass surveillance. A language model built to improve communication can produce convincing disinformation or phishing attacks at scale.

Unlike traditional dual-use technologies (e.g. nuclear energy, chemistry), AI represents a form of crossover technology that is different from previous historical examples of dual- or multi-use technology, as it has a multiplicative effect across other technologies, amplifying the reach, speed, and sophistication of both beneficial and harmful applications simultaneously.

Why it matters

Dual use matters because the social benefits of AI can be undermined if the same technology is used to cause large-scale harm. This can erode trust in institutions, increase insecurity, and make it harder to safely share useful innovation.

It also matters the democratisation of powerful tools increases the risk of large-scale harm, destabilising the balance between innovation and public safety. These harms can spread quickly when AI is used for phishing, deepfakes, or automated cyber exploitation. 

In conflict settings, dual use AI can amplify the risks to civilian safety, and create accountability gaps when harmful outcomes occur.

The problem is compounded by the speed of development of AI systems, which consistently outpaces international governance and national and regional regulation, and by the global, borderless nature of their deployment, making containment highly challenging. 

Impacts & consequences

When dual-use norms break down, the consequences span multiple domains:

• National security. Adversarial states and non-state actors can access AI tools to increase the speed, scale and sophistication of attacks weapons development, cyberattacks, and influence operations. Optimisation algorithms for delivery drones can be repurposed for "slaughterbots" or autonomous lethal weapons. 

• Public health. AI-assisted access to information about dangerous pathogens could lower the barrier for bioterrorism. Models that predict protein folding for drug discovery can be "inverted" to design novel biochemical toxins. 

• Economic harm. Dual-use AI tools used in fraud, market manipulation, and cybercrime can cause significant financial damage. A single AI-generated fake image of an explosion at the Pentagon in May 2023 caused the S&P 500 index to fall in just minutes, causing a USD 500 billion market cap swing, even though the image was quickly proven fake.

• Information warfare. Large Language Models (LLMs) can easily be used to generate mass-scale disinformation or phishing campaigns. Equally, deepfake images and videos can be nefariously developed and deployed to defame political candidates and sway results. 

Causes & contributing factors

The dual use nature of many AI technologies is due to: 

• Capability generalisation. Large foundation models are trained to be broadly capable, making it difficult to restrict specific harmful applications without degrading legitimate ones.

• Openness of research and model weights. Publicly available models can be fine-tuned for harmful purposes without the original developer's knowledge or consent. 

• Weak access controls. Many powerful AI tools are available with few or no authentication or vetting requirements.

• Insufficient red-teaming and pre-deployment evaluation. Harms are regularly discovered after a model's release rather than anticipated beforehand.

• Commercial incentivisation. Companies prioritising market reach and rapid deployment over rigorous "know your customer" (KYC) or end-use monitoring.