MDDI 演讲稿 · 2026-02-20
杨莉明部长在「监测智能体影响:弥合全球安全可信 AI 保障鸿沟」论坛上的开幕主旨演讲
Opening Keynote by Minister Josephine Teo at Preparing to Monitor the Impacts of Agents: Closing the Global Assurance Divide for Safe and Trusted AI
要点
- • 智能体(agentic AI)从去年巴黎 AI 行动峰会到今天才真正起飞。它的「自主性」既是价值,也是风险来源——一旦失控,影响往往复杂且难以预测。
- • 新加坡的姿态:从「被动监管」转向「主动准备」。政府要做先行者而非落后者——例如与 Google 合作的智能体 AI 沙盒,是政府「自己先吃狗粮」的方式。
- • 新加坡推出针对智能体 AI 的《Model Governance Framework》,作为一份「活文档」持续征集反馈。
- • 「保障生态」(assurance ecosystem)是建立信任的关键,至少需三块:①测试(不仅看输出,也要看推理与编排);②标准;③第三方保障提供者(独立审计、测试者)——后者补足内部能力,找出盲点。
- • Josephine 给企业的话:能给出「高安全保障」的公司会与对手区别开来——把它视为战略竞争优势,而不是不情愿合规的负担。
完整译文(中文)
MDDI 英文原文译文 · 翻译日期:2026-05-02
感谢「Partnership on AI」的邀请。
这一系列峰会最初在布莱切利园(Bletchley Park)启动时,AI 智能体(agents)还不是主角——甚至 12 个月前我们在巴黎开「AI 行动峰会」时,它都几乎没有进入对话。
当时大家关心的全是 DeepSeek,以及它向我们展示的——来自中国的能力出现在哪些层面。但今天,智能体(agentic)系统已经起飞,被越来越多地使用,我们需要更好地把握如何应对这个议题。
智能体 AI 在被战略性部署时,确实在「我们如何委派和编排工作」上提供了变革性的可能。智能体作为无价的「队友」,能解锁我们都希望要更多的——生产力提升与时间节约。
但我也应当补充一句:让智能体对我们有用的本质——是「自主性」。这种自主性也带来新的风险。当系统出错而人的监督不在场或被大幅削弱时,造成伤害的可能性会变大。它的影响可能复杂,不一定可被完全预测。
我和同行们的思考是——我们必须做一种姿态上的转变:从依赖「被动监管」(reactive regulation),转向另一种姿态——「主动准备」(proactive preparation)。
在新加坡,这正是我们一直在尝试做的事。我们试图主动治理智能体 AI 时代的新风险。
我认为这要从政府自己做起——政府要做使用智能体 AI 的领先者,而不是落后者。我们需要测试它,去看这些方案如何能改进公共服务的递交,同时也设立更多的控制。
政府是高风险场景,因为与公民的接触面非常敏感。没有哪个政府愿意在与公民互动时犯严重错误——告诉他们关于健康、社会保障、福利的不准确信息,并且这些错误不仅被告知公民,还被据此采取行动。这种「确保我们清楚自己在做什么」的要求非常高,而我们也在思考——要与产业一起做这件事。
比如,Google 与新加坡政府之间有一个智能体 AI 沙盒。这是我们「自己先尝尝自家狗粮」的方式之一——尝一尝它味道还行吗?会不会对我们造成严重伤害?因为如果我们自己做不到这一点,那我们要去治理智能体 AI,恐怕没有什么可信度。但我们也不能等狗粮的后果在我们身上完全显现。
与此同时,我的同事们整理出了针对智能体 AI 的《Model Governance Framework》——为企业提供务实支持,让它们也能负责任地部署自主智能体并缓释风险。我们知道这不是完整的解决方案,所以这份文件必须是一份「活文档」(live document)。我们非常欢迎反馈,借此持续改进给企业的指引。
这件事的意义与目的是什么?最终,是建立对智能体 AI 系统使用的信心。在许多层面,这种信心必须呈现并示范给——组织的董事会、客户、其他利益相关方。我们如何展示「风险已被良好管理」?
这就是「保障生态」(assurance ecosystem)登场的地方。它是中长期建立信任所绝对必要的部分,是智能体 AI 系统能更易被广泛采用、更易被获得的基础。
我也想说,对正在思考这件事的公司——如果我们要信任这些智能体系统,「安全」这块就不能被淡化。
我甚至敢说——一家能在「安全保障」上给到高水平保证的公司,会与竞争对手区别开来;这件事更可能转化为对其产品与服务更强的兴趣。
与其把它当作不情愿合规的对象,不如把它视为一种战略竞争优势——这种心态会让我们有信心把它推到台前。
但问题是:在这件事上,我们完全没有先例吗?答案是没有。
在航空与医疗领域,已经有大量措施给乘客与病人提供保证——我们登机时通常预期能到达;我们去医院时,除非是尚未被很好理解的疾病,我们一般预期会被治愈。
对这些系统的信任是一段时间累积出来的,并且离不开某种形式的「保障」存在。问题是——对 AI、特别是智能体 AI,构成「保障生态」的部件应当是什么?什么样的组合,才足够稳健?
我们认为至少有三个部件。
第一,必须有测试。我们需要某种方式对系统做技术评估,确保它稳健、可靠、安全。这一空间里还有许多工作要做——开发测试方法学、构建测试数据集,以及确保对智能体系统的测试考虑到——这些系统会因为涉及多个智能体而复杂得多。
比如,不只看「输出」,还要看「中间步骤」——推理是如何发生的、智能体系统中构建了什么样的「编排」。
第二,最终我们需要标准。我们不能只是各说各话「什么算够好」。我们也必须向用户保证——它达到了对安全与可靠性的预期。这块还非常早期。
第三,我们认为这个生态离不开「第三方保障提供者」。「声称自己的智能体 AI 系统是安全的」是一回事,「让别人证明它的安全性」是另一回事。这些角色可以是技术测试方、审计师——他们提供独立性,补足内部能力,也帮助识别盲点。我们也需要把这部分人才壮大起来。
我以这样一句话结束发言——新加坡正在积极建设这些部件。
我们欢迎与伙伴、同行的对话,因为我们知道这件事不是一国能独力完成的。我们也期待在三场分论坛中讨论——我们如何能在智能体 AI 的「保障」议题上有意义地协作。
再次感谢大家。
英文原文
MDDI 官网原始记录 · 抓取日期:2026-05-02
Thank you, Partnership on AI, for the invitation.
When this series of summits first began in Bletchley Park, AI agents were not a thing. Nobody was talking about them, even just 12 months ago when we had the AI Action Summit in Paris, it had barely crept into the conversation.
At the time, the preoccupation was all around DeepSeek, and what it told us about the capabilities that are emerging out of China. But today, agentic systems have taken off. They are increasingly being used, and we need to have a better grasp on how to deal with this issue.
Agentic AI certainly offers transformative possibilities in how we delegate and orchestrate work when deployed strategically. Agents function as invaluable teammates, unlocking productivity gains and time savings, which we all want more of.
However, I should also add that the very nature of how agents can be helpful to us, is autonomy. This autonomy also introduces new risk. The potential for harm increases when systems malfunction and human oversight is no longer present or at least diminished to a very large extent. The implications may be complex and not fully predictable.
The way my colleagues and I have been thinking about this is that there needs to be a shift, in terms of how we might want to rely on reactive regulation, to a different kind of stance, which is proactive preparation.
And in Singapore, that's what we've been trying to do. We have tried to be proactive about governing the new risks in the era of agentic AI.
I think it starts with the Government itself being a leader and not a laggard in using agentic AI. We need to test it. We need to look at how the solutions can enhance public service delivery but also put in place more controls.
Government is high-risk because the touch point with citizens is very sensitive. No government wants to make serious mistakes when it interacts with its citizens – telling them things about their health, social security, or things to do with their benefits that are not accurate, and having these mistakes not just told to citizens but acted upon. This need to ensure that we know what we're doing is a very high one, and the way we are also thinking about it is to work with the industry.
For example, between Google and the Singapore Government, we have a sandbox on agentic AI. It's one of the ways in which we think we can, in a way, try our own dog food. Try it to see if it tastes alright? Does it hurt us in a very significant way? Because if we were not able to do so, I don't think we have a lot of credibility in terms of how we want to govern agentic AI. But we can't wait for the dog food to materialise its consequences for ourselves.
In the meantime, my colleagues have put together a Model Governance Framework for agentic AI. It is meant to provide practical support to enterprises so that they can also deploy autonomous agents responsibly and mitigate the risk. We know that this is not a complete solution, and this document that we put out, has to be a live document. We very much encourage feedback as a way for us to keep improving the guidance to enterprises.
As we do this work, what is the meaning and purpose behind it? Ultimately, it is to build confidence in the use of agentic AI systems. At many levels, this confidence has to be presented and demonstrated to boards of organisations, customers, and other stakeholders. How do we demonstrate that the risks have been managed well?
That is where the assurance ecosystem comes in. It is an absolutely essential part of building trust over the medium to longer term, so that there is a foundation upon which agentic AI systems can be made more readily adopted and available.
I should also say that for companies that are thinking about it, if we are to trust these agentic systems, the safety aspects should not be downplayed.
I would venture to say that a company that is able to give a high assurance on safety will find itself being differentiated from its competitors, and this is more likely to translate into stronger interest in its products and services.
Rather than think of it as something that you are unhappy to comply with, think of it as a strategic competitive advantage, and the way that will give us the confidence to put it forward.
The question, however, is: are we completely without experience in this regard? The answer is no.
In aviation and healthcare, there are a lot of measures being put in place to give assurance to passengers that when we board a plane, we usually expect to arrive, or when we visit the hospital, we generally expect to be treated, except for disease conditions that are not yet well understood.
The trust in these systems has to be built over time, and it doesn't come without some assurance being put in place. The question is, for AI, and specifically agentic AI, what would be the components? What leads to an assurance ecosystem that would be robust enough?
We think that there are at least three components.
The first is that there must be testing. We need some way of making sure that there are technical assessments of the system to make sure that the systems are robust, reliable and safe. A lot more work needs to be done in this space – developing the testing methodology, building the testing data sets, and also making sure that the testing of agentic systems takes into account that these systems are going to be much more complex because they involve multiple agents.
For example, it's not just the output, but the in-between steps – how the reasoning takes place and what is the orchestration that is being built into the agentic systems.
The second is that eventually we will need standards. We cannot just define what is good enough. We also need to assure the users that it has met expectations for safety and reliability, and so these are still very early days.
Third, we think that this ecosystem cannot do without third party assurance providers. It's one thing to claim that your agentic AI system is safe, but another to have someone attest to the safety of it. So these could be technical testers, auditors, and they provide independence, augment in-house capabilities, and also help to identify the blind spots. And it's necessary for us to strengthen this pool as well.
I want to conclude my remarks by saying that Singapore is actively building these components.
We welcome conversations with partners and colleagues, because we know that we cannot do this alone. We look forward to discussions in the three panels on how we can meaningfully collaborate on assurance for agentic AI.
Thank you very much once again.