By Rob Foxx
In the past few years, our world has turned a corner with new trends in technology. Unless you have been living a simpler and happier life then the rest of us you have either had an encounter with or conversation about Artificial Intelligence (AI). There has been a lot of talk and speculation about what that means for the workforce. Will it replace traditional workers? Will it bring about the end of all things? Or something in the middle? Knowing the extent of its capabilities is important to its implementation. More importantly how will we manage, limit, and protect ourselves from AI and its implementation. One of the best ways to answer these questions is with AI Governance.
AI is a wonderful tool. It is capable if completing work in just seconds that would take humans hours or days. AI can draft legal documents, policies, emails, and so much more ranging from the extraordinary to the mundane. This is not to say you can remove your workforce. You could ask AI to explain how to perform a heart transplant in detail as if it were explaining it to someone with a 3rd grade education, and it will. Does that mean you should perform said heart surgery? Consider if it is something you could not do without AI it’s something you should not do with AI.
Advanced AI already exists in the workplace and if it is not there it will be shortly. Windows 11 comes with copilot by default, and unless you disable it, copilot will be both accessible and collecting data in the background. Nextgen antivirus suites run on AI. ChatGPT and other AI engines are accessible from a web browser. Keep in mind these technologies are higher risk and lower maturity then your typical application.
How do you know who or what to trust? A good perspective to consider is if you are not buying goods or services then you likely are the goods being purchased. Your vendor provided services will usually specify items in the contract that should be considered when risk assessing. These contracts should be reviewed with AI and privacy as a consideration. What data is collected? How will it be used? Will it use personally identifiable information? Will it gather critical or sensitive business data? It is even possible it will do this unintentionally? Another consideration is how is AI trained. AI is given data to train and learn from, but raw data may have a bias. AI, like anything else, can be inaccurate or even wildly wrong if it has too much or not enough information. AI can make a guess; this has been referred to as AI hallucinations.
For good management of AI consider restricting use of company approved tools. Always classify and protect your internal data. Know your risk and what you are will accept. Define as an organization the proper use of AI tools. Allow for reporting of suspicious activity. Communicate your stances as an organization to your employees.