MDDI 演講稿 · 2026-02-20
楊莉明部長在「監測智慧體影響:彌合全球安全可信 AI 保障鴻溝」論壇上的開幕主旨演講
要點
- • 智慧體(agentic AI)從去年巴黎 AI 行動峰會到今天才真正起飛。它的「自主性」既是價值,也是風險來源——一旦失控,影響往往復雜且難以預測。
- • 新加坡的姿態:從「被動監管」轉向「主動準備」。政府要做先行者而非落後者——例如與 Google 合作的智慧體 AI 沙盒,是政府「自己先吃狗糧」的方式。
- • 新加坡推出針對智慧體 AI 的《Model Governance Framework》,作為一份「活文件」持續徵集反饋。
- • 「保障生態」(assurance ecosystem)是建立信任的關鍵,至少需三塊:①測試(不僅看輸出,也要看推理與編排);②標準;③第三方保障提供者(獨立審計、測試者)——後者補足內部能力,找出盲點。
- • Josephine 給企業的話:能給出「高安全保障」的公司會與對手區別開來——把它視為戰略競爭優勢,而不是不情願合規的負擔。
完整譯文(繁體中文)
MDDI 英文原文譯文 · 翻譯日期: 2026-05-02
感謝「Partnership on AI」的邀請。
這一系列峰會最初在布萊切利園(Bletchley Park)啟動時,AI 智慧體(agents)還不是主角——甚至 12 個月前我們在巴黎開「AI 行動峰會」時,它都幾乎沒有進入對話。
當時大家關心的全是 DeepSeek,以及它向我們展示的——來自中國的能力出現在哪些層面。但今天,智慧體(agentic)系統已經起飛,被越來越多地使用,我們需要更好地把握如何應對這個議題。
智慧體 AI 在被戰略性部署時,確實在「我們如何委派和編排工作」上提供了變革性的可能。智慧體作為無價的「隊友」,能解鎖我們都希望要更多的——生產力提升與時間節約。
但我也應當補充一句:讓智慧體對我們有用的本質——是「自主性」。這種自主性也帶來新的風險。當系統出錯而人的監督不在場或被大幅削弱時,造成傷害的可能性會變大。它的影響可能複雜,不一定可被完全預測。
我和同行們的思考是——我們必須做一種姿態上的轉變:從依賴「被動監管」(reactive regulation),轉向另一種姿態——「主動準備」(proactive preparation)。
在新加坡,這正是我們一直在嘗試做的事。我們試圖主動治理智慧體 AI 時代的新風險。
我認為這要從政府自己做起——政府要做使用智慧體 AI 的領先者,而不是落後者。我們需要測試它,去看這些方案如何能改進公共服務的遞交,同時也設立更多的控制。
政府是高風險場景,因為與公民的接觸面非常敏感。沒有哪個政府願意在與公民互動時犯嚴重錯誤——告訴他們關於健康、社會保障、福利的不準確資訊,並且這些錯誤不僅被告知公民,還被據此採取行動。這種「確保我們清楚自己在做什麼」的要求非常高,而我們也在思考——要與產業一起做這件事。
比如,Google 與新加坡政府之間有一個智慧體 AI 沙盒。這是我們「自己先嚐嘗自家狗糧」的方式之一——嘗一嘗它味道還行嗎?會不會對我們造成嚴重傷害?因為如果我們自己做不到這一點,那我們要去治理智慧體 AI,恐怕沒有什麼可信度。但我們也不能等狗糧的後果在我們身上完全顯現。
與此同時,我的同事們整理出了針對智慧體 AI 的《Model Governance Framework》——為企業提供務實支援,讓它們也能負責任地部署自主智慧體並緩釋風險。我們知道這不是完整的解決方案,所以這份檔案必須是一份「活文件」(live document)。我們非常歡迎反饋,藉此持續改進給企業的指引。
這件事的意義與目的是什麼?最終,是建立對智慧體 AI 系統使用的信心。在許多層面,這種信心必須呈現並示範給——組織的董事會、客戶、其他利益相關方。我們如何展示「風險已被良好管理」?
這就是「保障生態」(assurance ecosystem)登場的地方。它是中長期建立信任所絕對必要的部分,是智慧體 AI 系統能更易被廣泛採用、更易被獲得的基礎。
我也想說,對正在思考這件事的公司——如果我們要信任這些智慧體系統,「安全」這塊就不能被淡化。
我甚至敢說——一家能在「安全保障」上給到高水平保證的公司,會與競爭對手區別開來;這件事更可能轉化為對其產品與服務更強的興趣。
與其把它當作不情願合規的物件,不如把它視為一種戰略競爭優勢——這種心態會讓我們有信心把它推到臺前。
但問題是:在這件事上,我們完全沒有先例嗎?答案是沒有。
在航空與醫療領域,已經有大量措施給乘客與病人提供保證——我們登機時通常預期能到達;我們去醫院時,除非是尚未被很好理解的疾病,我們一般預期會被治癒。
對這些系統的信任是一段時間累積出來的,並且離不開某種形式的「保障」存在。問題是——對 AI、特別是智慧體 AI,構成「保障生態」的部件應當是什麼?什麼樣的組合,才足夠穩健?
我們認為至少有三個部件。
第一,必須有測試。我們需要某種方式對系統做技術評估,確保它穩健、可靠、安全。這一空間裡還有許多工作要做——開發測試方法學、構建測試資料集,以及確保對智慧體系統的測試考慮到——這些系統會因為涉及多個智慧體而複雜得多。
比如,不只看「輸出」,還要看「中間步驟」——推理是如何發生的、智慧體系統中構建了什麼樣的「編排」。
第二,最終我們需要標準。我們不能只是各說各話「什麼算夠好」。我們也必須向用戶保證——它達到了對安全與可靠性的預期。這塊還非常早期。
第三,我們認為這個生態離不開「第三方保障提供者」。「聲稱自己的智慧體 AI 系統是安全的」是一回事,「讓別人證明它的安全性」是另一回事。這些角色可以是技術測試方、審計師——他們提供獨立性,補足內部能力,也幫助識別盲點。我們也需要把這部分人才壯大起來。
我以這樣一句話結束髮言——新加坡正在積極建設這些部件。
我們歡迎與夥伴、同行的對話,因為我們知道這件事不是一國能獨力完成的。我們也期待在三場分論壇中討論——我們如何能在智慧體 AI 的「保障」議題上有意義地協作。
再次感謝大家。
英文原文
MDDI 官網原始記錄 · 抓取日期: 2026-05-02
Thank you, Partnership on AI, for the invitation.
When this series of summits first began in Bletchley Park, AI agents were not a thing. Nobody was talking about them, even just 12 months ago when we had the AI Action Summit in Paris, it had barely crept into the conversation.
At the time, the preoccupation was all around DeepSeek, and what it told us about the capabilities that are emerging out of China. But today, agentic systems have taken off. They are increasingly being used, and we need to have a better grasp on how to deal with this issue.
Agentic AI certainly offers transformative possibilities in how we delegate and orchestrate work when deployed strategically. Agents function as invaluable teammates, unlocking productivity gains and time savings, which we all want more of.
However, I should also add that the very nature of how agents can be helpful to us, is autonomy. This autonomy also introduces new risk. The potential for harm increases when systems malfunction and human oversight is no longer present or at least diminished to a very large extent. The implications may be complex and not fully predictable.
The way my colleagues and I have been thinking about this is that there needs to be a shift, in terms of how we might want to rely on reactive regulation, to a different kind of stance, which is proactive preparation.
And in Singapore, that's what we've been trying to do. We have tried to be proactive about governing the new risks in the era of agentic AI.
I think it starts with the Government itself being a leader and not a laggard in using agentic AI. We need to test it. We need to look at how the solutions can enhance public service delivery but also put in place more controls.
Government is high-risk because the touch point with citizens is very sensitive. No government wants to make serious mistakes when it interacts with its citizens – telling them things about their health, social security, or things to do with their benefits that are not accurate, and having these mistakes not just told to citizens but acted upon. This need to ensure that we know what we're doing is a very high one, and the way we are also thinking about it is to work with the industry.
For example, between Google and the Singapore Government, we have a sandbox on agentic AI. It's one of the ways in which we think we can, in a way, try our own dog food. Try it to see if it tastes alright? Does it hurt us in a very significant way? Because if we were not able to do so, I don't think we have a lot of credibility in terms of how we want to govern agentic AI. But we can't wait for the dog food to materialise its consequences for ourselves.
In the meantime, my colleagues have put together a Model Governance Framework for agentic AI. It is meant to provide practical support to enterprises so that they can also deploy autonomous agents responsibly and mitigate the risk. We know that this is not a complete solution, and this document that we put out, has to be a live document. We very much encourage feedback as a way for us to keep improving the guidance to enterprises.
As we do this work, what is the meaning and purpose behind it? Ultimately, it is to build confidence in the use of agentic AI systems. At many levels, this confidence has to be presented and demonstrated to boards of organisations, customers, and other stakeholders. How do we demonstrate that the risks have been managed well?
That is where the assurance ecosystem comes in. It is an absolutely essential part of building trust over the medium to longer term, so that there is a foundation upon which agentic AI systems can be made more readily adopted and available.
I should also say that for companies that are thinking about it, if we are to trust these agentic systems, the safety aspects should not be downplayed.
I would venture to say that a company that is able to give a high assurance on safety will find itself being differentiated from its competitors, and this is more likely to translate into stronger interest in its products and services.
Rather than think of it as something that you are unhappy to comply with, think of it as a strategic competitive advantage, and the way that will give us the confidence to put it forward.
The question, however, is: are we completely without experience in this regard? The answer is no.
In aviation and healthcare, there are a lot of measures being put in place to give assurance to passengers that when we board a plane, we usually expect to arrive, or when we visit the hospital, we generally expect to be treated, except for disease conditions that are not yet well understood.
The trust in these systems has to be built over time, and it doesn't come without some assurance being put in place. The question is, for AI, and specifically agentic AI, what would be the components? What leads to an assurance ecosystem that would be robust enough?
We think that there are at least three components.
The first is that there must be testing. We need some way of making sure that there are technical assessments of the system to make sure that the systems are robust, reliable and safe. A lot more work needs to be done in this space – developing the testing methodology, building the testing data sets, and also making sure that the testing of agentic systems takes into account that these systems are going to be much more complex because they involve multiple agents.
For example, it's not just the output, but the in-between steps – how the reasoning takes place and what is the orchestration that is being built into the agentic systems.
The second is that eventually we will need standards. We cannot just define what is good enough. We also need to assure the users that it has met expectations for safety and reliability, and so these are still very early days.
Third, we think that this ecosystem cannot do without third party assurance providers. It's one thing to claim that your agentic AI system is safe, but another to have someone attest to the safety of it. So these could be technical testers, auditors, and they provide independence, augment in-house capabilities, and also help to identify the blind spots. And it's necessary for us to strengthen this pool as well.
I want to conclude my remarks by saying that Singapore is actively building these components.
We welcome conversations with partners and colleagues, because we know that we cannot do this alone. We look forward to discussions in the three panels on how we can meaningfully collaborate on assurance for agentic AI.
Thank you very much once again.