Whether you believe the hype around generative AI tools like ChatGPT is reasonable or over-inflated, it’s impossible to ignore the impact it is having on companies. As of August 2023, McKinsey found around a third of organizations are using generative AI in at least one business function.
It’s easy to see why adoption is growing on such a massive scale. Thanks to advances in large language models, and other foundational solutions, AI solutions are now more creative, insightful, and powerful than ever before. They can unlock higher levels of productivity for teams, minimize operational costs, and even transform customer experiences.
However, like any powerful new technology, generative AI comes with its own set of threats and risks to consider. In particular, companies need to be aware of the security, compliance, and privacy issues linked with generative AI tools. As compliance standards continue to evolve, here’s what organizations need to know to implement generative AI, without compromising on security.
“For firms in regulated industries, addressing these questions is not discretionary – firms need to start by leveraging AI technologies that are specifically designed as regulatory grade to be able to withstand legal or regulatory scrutiny,” said Robert Cruz, VP of Information Governance at Smarsh.
“The use of AI is an exercise in good information governance. Firms need to be considering where data model inputs are coming from, and the use cases that model outputs are touching to understand how they impact existing regulatory, legal, or data privacy mandates.”
Understanding the Risks of Generative AI
The meteoric rise of ChatGPT, Bard, and tools like Microsoft Copilot suggests generative AI solutions will only grow more attractive to businesses in the years to come. Analysts like Gartner believe the democratization of generative AI will be one of the major trends we see moving into 2024.
However, the analyst also notes this rise in adoption will lead to a new demand for AI trust, risk, and security management. The primary reason for this is generative AI tools are powered by data, growing stronger with each byte they consume. Without the right approach to AI development and data management, companies face a number of threats, such as:
- Data and IP theft or leakage
- Malicious content and bias
- Copyright infringement and plagiarism
The risks associated with generative AI don’t mean companies need to ignore or avoid these tools. However, they do require all organizations to take a strategic approach to implementation, focusing on the following factors.
Step 1: Practicing the Principle of Explainability
Explainability is one of the core pillars of “ethical AI”. It’s also crucial to building trust with stakeholders, and ensuring the responsible use of innovative technology. When implementing any new AI initiative, companies need to ask themselves whether they can interpret and articulate the data produced effectively, and whether the inputs and outputs can be fully understood and validated.
Consider how your organization will identify and remove potential biases in the AI system, and how you’ll be able to validate the information generated by your technology. If the executives in a business don’t understand the way a solution works as well as a data science, this is a sign you haven’t fully nailed down the concept of explainability.
At a basic level, firms should have a plain English summary of their AI models available to help them explain its performance to auditors and regulatory investigators. This summary should address the functionality of the model, key components, and even potential risk areas which need to be addressed.
Step 2: Avoid Bias from Day One
Whether you’re leveraging pre-built foundation models, or customizing generative AI solutions to suit your own business purposes, it’s important to recognize the risks in the data used to fine-tune and train these tools.
Data is at the core of any LLM, and models trained on bad data can lead to serious results. After all, the outputs of generative systems are only as unbiased as the data they were trained with. This means, by definition, AI will always be somewhat biased. Concepts like feature weighting, which involves applying more value to certain data elements, inherently creates bias.
This bias creates problems in the way information is produced. It can harm the reputation of a business, and lead to wide-spread misinformation, a significant ethical problems for organizations. Taking steps to minimize bias will be essential to protecting any company and its customers. For instance, bringing “weights” down to zero may be an option for some companies.
Step 3: Implement Strategies to Reduce Data Loss
Many market leading analysts and companies have recognized the potential risk of generative AI to create data leakage and loss issues. This is one of the core reasons some organizations haven’t yet adopted generative AI tools, or restrict access to employees.
Employees looking to save time, gain insights, or experiment with the latest technologies can accidentally share confidential data with AI applications. If this data is then used to train other models, or shared elsewhere, this leads to a security issue.
However, there are ways to minimize this risk, such as using solutions and APIs that have already been infused with security solutions, such as end-to-end encryption. Implementing strategies to ensure access to data is limited, such as secure access controls can be useful too.
Step 4: Train Employees Consistently
While many employees have been reluctant to adopt innovative tools in the past, this doesn’t seem to be the case for generative AI. Solutions like ChatGPT have been embraced by staff members and consumers worldwide. However, few employees fully understand how the technology works, and which steps they need to take to maintain security and compliance.
This leads to an increased need for comprehensive training and employee support. Business leaders need to research and fully understand the threats connected with generative AI, so they can provide the right level of guidance to their staff members.
Analyzing threat vectors and vulnerabilities, such as prompt injection, and providing step-by-step instructions to employees will be crucial to maintaining the safety of the business and team members.
Step 5: Don’t Ignore the Human Component
Finally, and perhaps most importantly, it’s crucial for businesses to understand the continued need for a human component in the AI journey. AI may be able to automate a lot of processes, and enhance team productivity, but it requires constant support and the right guidance from human employees.
There needs to be a lot of oversight in creating and training AI models, testing them for bias, and even supervising the performance of each application. Maintaining the “human in the loop” will be essential to ensuring AI models don’t mutate into a dangerous system for business leaders.
Reinforcement learning with human feedback, for instance, helps to ensure companies can consistently check and update their system to minimize risk and bias. Don’t underestimate the importance of preserving human input.
Ensuring Safety and Security with Generative AI
Large Language Models and Generative AI represent a powerful milestone in the development of artificial intelligence. The opportunities offered by these technologies are virtually limitless. However, it’s important to remember the solutions bring new risks and threats into the business landscape.
Leaders need to ensure they understand these risks, and that they’re taking actions from day one to minimize them. Working with the right partners, and taking a strategic approach to AI development and implementation is essential to maintaining an ethical, responsible AI initiative.
