Auditing the AI Supply Chain: The Feasibility of an OSINT-Driven 'AML for AI' Framework

As international regulatory bodies establish compute thresholds for frontier AI models, verifying compliance without intrusive physical inspections remains a critical bottleneck. A recent proposal on lessw-blog outlines an "AML for AI" framework, suggesting that open-source intelligence (OSINT) tracking of hardware procurement and logistics could serve as a non-invasive verification mechanism.

As international regulatory bodies establish compute thresholds for frontier AI models, verifying compliance without intrusive physical inspections remains a critical bottleneck. A recent proposal on lessw-blog outlines an "AML for AI" framework, suggesting that open-source intelligence (OSINT) tracking of hardware procurement and logistics could serve as a non-invasive verification mechanism. This analysis evaluates the feasibility of decentralized compute auditing as a geopolitical tool, contrasting it with hardware-level on-chip monitoring and assessing the friction of global adoption.

The core premise of the "AML for AI" framework is that training frontier models requires massive, physical infrastructure that cannot be easily hidden. Just as Anti-Money Laundering (AML) regulations track financial flows to detect illicit activity, an equivalent system for AI would track the physical and logistical flows necessary to accumulate massive compute clusters. The EU AI Act has already established a regulatory threshold of 10^25 floating-point operations (FLOPs) for general-purpose AI models with systemic risk, requiring providers to notify the AI Office. Enforcing such thresholds globally, however, requires a mechanism to detect rogue data centers and hidden training runs before they reach completion.

Operationalizing OSINT for Infrastructure Tracking

The proposed framework relies on aggregating disparate, open-source data streams to form a unified picture of global compute capacity. According to the source, this involves monitoring legal entities, hardware procurement, and logistics. By analyzing databases like OpenCorporates and OpenSanctions, analysts can identify shell companies or complex ownership chains established specifically for hardware acquisition.

Beyond corporate registries, the physical footprint of a massive data center leaves a substantial public record. Tracking the procurement of GPUs, high-bandwidth memory, specialized cooling systems, and industrial-scale power generators through platforms like Tenders Electronic Daily (TED) and SAM.gov provides measurable indicators of compute accumulation. The source notes that commercial precedents for this type of tracking already exist, pointing to the SemiAnalysis AI Datacenter Model, which tracks capacity for commercial intelligence. Furthermore, a real-world proof of concept was recently developed in Ukraine, utilizing government public procurement data to estimate the nation's total compute capacity.

Geopolitical Implications: OSINT vs. On-Chip Monitoring

From a geopolitical perspective, the "AML for AI" approach offers a distinct alternative to hardware-level governance mechanisms. Much of the current discourse around compute verification centers on on-chip monitoring-embedding cryptographic locks, firmware-level reporting, or compute limiters directly into the silicon of advanced accelerators. While highly deterministic, on-chip monitoring faces severe adoption friction. It requires the cooperation of hardware manufacturers, introduces potential cybersecurity vulnerabilities, and raises significant privacy and corporate espionage concerns among buyers.

In contrast, an OSINT-driven framework operates externally and non-invasively. It does not require the consent of the data center operator or the hardware manufacturer. By shifting the verification burden from the silicon level to the supply chain and logistics level, nation-states and international regulatory bodies can monitor compute accumulation unilaterally. This makes the "AML for AI" approach highly viable as an early-warning system for geopolitical intelligence, allowing regulators to detect the preparation phases of large training runs months before the actual compute cycles begin. The sheer physical requirements of a gigawatt-scale data center-land acquisition, grid interconnection, water rights for cooling, and thousands of specialized server racks-make it highly susceptible to OSINT detection.

Limitations and the Risk of Obfuscation

Despite its conceptual strength, the framework faces significant technical and operational limitations. The primary missing context in the proposal is the technical feasibility of accurately estimating actual FLOPs solely from public procurement and logistics data. While OSINT can indicate that a facility possesses a certain number of GPUs, translating that hardware inventory into an accurate estimate of a specific training run's FLOP count is highly complex. Training efficiency (Model FLOPs Utilization or MFU), interconnect bandwidth (such as NVLink or InfiniBand constraints), hardware utilization rates, and the specific architecture of the distributed cluster all introduce massive variables that procurement data alone cannot resolve.

Furthermore, the framework must account for sophisticated obfuscation techniques. Just as financial actors use nested shell companies to bypass AML laws, state-backed or highly funded rogue actors can employ split shipments, secondary market purchases, and decentralized cluster topologies to hide their hardware acquisition. The secondary market for older, yet still capable, GPUs is particularly difficult to track through official procurement channels. If a rogue actor aggregates compute across multiple smaller, geographically distributed data centers, the localized logistical footprint might not trigger the thresholds designed to detect massive, centralized facilities. The specific data schema, resource requirements, and algorithmic architecture needed to filter out this noise and mitigate obfuscation in the proposed Minimum Viable Product (MVP) remain undefined.

Synthesis

The "AML for AI" framework represents a pragmatic, data-driven approach to the enforcement of frontier AI regulations. By leveraging existing OSINT methodologies and applying them to the AI supply chain, regulators can establish a baseline of global compute capacity without relying entirely on intrusive hardware modifications or voluntary corporate disclosures. While it cannot provide the deterministic, cryptographic proof of a specific training run's FLOP count, it serves as a critical macro-level radar. As international bodies continue to debate the mechanics of AI governance, integrating supply chain intelligence with localized, targeted audits will likely form the most resilient architecture for verifying compliance and detecting rogue compute accumulation.

Key Takeaways

• An 'AML for AI' framework proposes using OSINT to track hardware procurement, logistics, and legal entities to monitor global compute capacity.
• This approach provides a non-invasive alternative to on-chip monitoring, allowing unilateral verification of regulatory thresholds like the EU AI Act's 10^25 FLOPs limit.
• Commercial and governmental precedents exist, such as the SemiAnalysis AI Datacenter Model and a public procurement tracking proof-of-concept in Ukraine.
• A major limitation is the difficulty of accurately estimating a specific training run's FLOP count solely from hardware inventory data, due to variables like Model FLOPs Utilization (MFU) and interconnect bandwidth.
• The framework must develop robust methodologies to counter obfuscation tactics, including shell companies, split shipments, and decentralized cluster topologies.