Investment Principles and Commitments on Trust, Safety, and Security

The following is a set of principles and voluntary high-level commitments that the investors listed below are making to promote trust, safety, and security risk management and best practices by their portfolio companies, including the trusted, safe, and secure development and use of AI technology and other cyber capabilities, the appropriate implementation of cybersecurity best practices, and compliance with applicable laws and regulations.

These high-level commitments apply to new lead investments made going forward and are designed to primarily reflect the issues on which investors will conduct due diligence.  In addition, where appropriate, these voluntary commitments may also be reflected in relevant definitive agreement provisions or through ongoing board oversight.  Any provisions implementing these commitments should allow portfolio companies the flexibility to determine the appropriate methodology for implementing such provisions with respect to their systems, software and technology. 

Preamble

As new cyber and artificial intelligence digital platforms and technologies continue to be created by the innovation and investment engines of the globe, it is important to be guided by a set of voluntary investment principles and commitments that will maximize the utilization of the technologies while at the same time ensure, to the maximum extent possible, that the technologies cannot be used against our democracy and our people.

Investment Principles

Free and open societies grounded in economic liberty are the engine that drives technological innovation and the expansion of economic opportunities for all people around the globe. 

Investors must consider—at the time and during the lifetime of an investment—the investment’s impact on free and open societies and should seek to uphold the democratic values and principles that undergird them.

Investors have a responsibility and obligation to invest in a manner that will ensure the highest possible return while also ensuring that our adversaries and criminal enterprises are not able to exploit the technologies against our countries and allies around the world.

Responsible investors investing into new and old companies should consider these voluntary principles and commitments at the time of their investment and then insist on a vigorous monitoring and management program during the life of the investment.

We believe that Limited Partners in venture capital and private equity firms will appreciate that their money is being invested in a manner which will maximize financial returns while ensuring that the technologies are not available to our adversaries and cannot be utilized against our countries and allies.

Credible Limited Partners do not want their money invested into enterprises where the technology can be utilized against the national security interests of the United States, NATO and thier allies. 

We believe that it is everyone’s duty and responsibility to ensure that we are not investing with other investors who would do harm to the United States, NATO and their allies or are from countries that are sanctioned or have violated US or international law. 

It is our duty to provide due diligence that ensure such matters while also setting in place a simple system for Boards and management of these companies to monitor and manage these issues throughout the lifetime of an investment.

We believe that there is a new duty of care that must be taken with the introduction of artificial intelligence platforms that are now available to billions of people to manipulate and exploit. This duty of care must focus on the trust, safety and security of these capabilities, as well as protecting against societal and national security risk.

Therefore, we enunciate these voluntary principles and commitments and by signing this declaration declare to use our best efforts to achieve these goals if at all possible.

Investment Commitments

Security

  1. Ensure that companies we invest in are taking affirmative steps to protect themselves against cyber attacks, including threats like nation-state sponsored attacks and ransomware.

  2. Ensure that companies we invest in are building safe and effective software by implementing appropriate secure-by-design and resilient-by-design principles and are taking affirmative steps to identify and mitigate risk both prior to and while their software is deployed.

  3. Ensure that companies we invest in are taking affirmative steps to identify and mitigate risks in their software supply chain.

  4. Ensure that companies we invest in encourage and incentivize the responsible discovery and reporting of vulnerabilities to the company and engage in rapid remediation of identified vulnerabilities.

    Trust

  5. Ensure that the companies that we invest in adopt and implement industry-standard best practices and comply with all applicable laws and regulations to appropriately protect the security and privacy of customer data and prevent technology-enabled discrimination.

  6. Ensure that companies we invest in only sell to countries that abide by international law as recognized by the United States.

  7. Require all companies we invest in to follow U.S. sanctions and relevant regulatory requirements, including not selling to or sharing sensitive technology with prohibited entities.

  8. Ensure that companies we invest in identify trust and safety risks in their software and systems, such as potentially dangerous emergent capabilities, and take steps to mitigate such risk and share information with appropriate entities.

  9. Ensure that we know who our co-investors are and seek to avoid making co-investments with investors subject to the direction and control of countries of concern as identified by the United States government.

    Safety

  10. Ensure that companies we invest in commit to the trust, safety, and security of their software during the entire software development and deployment lifecycle, including by undertaking robust software testing both prior to and following installation into an enterprise (including penetration testing or red-teaming), as appropriate.

  11. Ensure that companies we invest in undertake robust testing of AI models, seek to implement systems to protect against misuse and societal risk and to address appropriate national security concerns, and adequately consider the availability of human alternatives to fully automated systems in the design of AI systems.

  12. Ensure that companies we invest in adopt and implement appropriate cybersecurity and AI industry best practices, such as the NIST Cybersecurity Risk Management Framework and the NIST AI Risk Management Framework.

    National Security

  13. Invest, consistent with our fiduciary duties and investment approach, in capabilities we determine will enhance the defense, national security, and foreign policy interests of free and open societies, including protecting and defending the critical infrastructure of such free and open societies.

  14. Avoid investments, consistent with our fiduciary duties and investment approach, in companies that we determine would undermine the defense, national security, and foreign policy interests of free and open societies, including those that would undermine the defense of the critical infrastructure of such free and open societies.

Investors Agreeing to the Investment Principles and Commitments

  • Gilman Louie
    America’s Frontier Fund

  • Ted Schlein
    Ballistic Ventures

  • Don Dixon
    Forgepoint Capital

  • Ron Gula
    Gula Tech Adventures

  • Patrick Schneider-Sikorsky
    NATO Innovation Fund

  • Stephanie Usry Bellistri
    New North Ventures

  • Michael Steed
    Paladin Capital Group

  • Peggy Styer
    Razor’s Edge Ventures

  • Brad Harrison
    Scout Ventures

  • Raj Shah
    Shield Capital

  • Guy Filippelli
    Squadra Ventures

  • Jay Leek
    Syn Ventures

  • Tom Noonan
    TechOperators