Pre-trained models (PTMs) have become a cornerstone of AI-based software, allowing for rapid integration and development with minimal training overhead. However, their adoption also introduces unique safety challenges, such as data leakage and biased outputs, that demand rigorous handling by downstream developers. While previous research has proposed taxonomies of AI safety concerns and various mitigation strategies, how downstream developers address these issues remains unexplored. This study investigates downstream developers' concerns, practices and perceived challenges regarding AI safety issues during AI-based software development. To achieve this, we conducted a mixed-method study, including interviews with 18 participants, a survey of 86 practitioners, and an analysis of 874 AI incidents from the AI Incident Database. Our results reveal that while developers generally demonstrate strong awareness of AI safety concerns, their practices, especially during the preparation and PTM selection phases, are often inadequate. The lack of concrete guidelines and policies leads to significant variability in the comprehensiveness of their safety approaches throughout the development lifecycle, with additional challenges such as poor documentation and knowledge gaps, further impeding effective implementation. Based on our findings, we offer suggestions for PTM developers, AI-based software developers, researchers, and policy makers to enhance the integration of AI safety measures.

翻译：预训练模型已成为基于AI的软件基石，能够以最小的训练开销实现快速集成与开发。然而，其应用也带来了独特的安全挑战，例如数据泄露和偏见输出，需要下游开发者进行严格处理。尽管先前研究已提出AI安全问题的分类体系及多种缓解策略，但下游开发者如何应对这些问题仍未被探索。本研究调查了基于AI的软件开发过程中，下游开发者对AI安全问题的关注点、实践及感知挑战。为此，我们开展了一项混合方法研究，包括对18名参与者的访谈、对86名从业者的问卷调查，以及对AI事件数据库中874起AI事件的分析。研究结果表明，尽管开发者普遍表现出对AI安全问题的较强意识，但其在准备和预训练模型选择阶段的实践往往不足。具体指南与政策的缺失导致其安全措施在整个开发生命周期中的完备性存在显著差异，而文档不完善和知识缺口等额外挑战进一步阻碍了有效实施。基于研究发现，我们为预训练模型开发者、基于AI的软件开发者、研究人员及政策制定者提出了加强AI安全措施整合的建议。