Continuous Threat Assessment: Adapting Governance Processes for Organizational Security
As AI continues to evolve, managing its risks becomes more complex. Similar to a constantly changing puzzle, organisations must continuously reassess potential threats and adapt governance processes accordingly.
This is particularly pertinent for India, which has the highest concentration of AI adoption among organisations and is ranked seventh in the number of newly-funded AI companies in the 2022 Stanford AI Index.
The IndiaAI program, which is intended to propel the local AI innovation ecosystem further, underscores four key areas. One of the four points of emphasis is the responsible use of AI.
To ensure ethical use, it is imperative for companies engaged in the development and deployment of such technologies to establish robust governance frameworks. The question remains, however, as to what specific aspects deserve their utmost attention.
It is crucial to identify the areas where AI excels and clearly define the boundaries for its application to prevent any potential misuse.
Mukundha Madhavan, APAC Tech lead, Datastax
Understanding AI
Some best practices can easily be established in the early stages of AI implementation. One is establishing shared terminology and a common understanding across the entire organisation. From developers to top-level executives, having a comprehensive grasp of core concepts and terminology allows for more fruitful discussions and progress in the field.
AI and/or digital literacy training is necessary, not only to enhance knowledge but also to emphasise the limitations of this technology. It is crucial to identify the areas where AI excels and clearly define the boundaries for its application to prevent any potential misuse.
It is also crucial for companies, particularly startups, to extend clarity in their messaging beyond the organisation. It is imperative for these companies to simply and clearly articulate their technology, specifically its limits and possibilities. This is important in terms of engaging diverse stakeholder groups, such as customers and potential board members.
It is also essential to take into account the specific circumstances of each individual or group that is being engaged. Ethical considerations vary across sectors such as healthcare,
banking, and education. For example, while sharing between students may facilitate the achievement of learning objectives, divulging stock transactions of a customer to other parties would be unlawful in the banking industry. This contextual understanding is crucial not only to effectively connect with one’s audience but also to discern and address risks that are unique to the application of AI within a given context.
Addressing security risks and AI’s societal impacts
The complexity increases at this stage, as the risks associated with the deployment of AI evolve. It is essential to assess potential new threats continuously and be prepared to update governance processes accordingly. In addition to the inherent risks posed by AI, the emergence of generative AI introduces additional avenues for harm that necessitate special attention, such as prompt engineering attacks and model poisoning.
Once an organisation has established routine monitoring and governance practices for deployed models, it becomes possible to consider broader ethical impacts, such as environmental damage and societal cohesion. Generative AI, in particular, has led to a significant increase in computational requirements and energy consumption. Without proper management, risks at a societal level become more prevalent in a generative AI-driven world.
Open-source generative AI also poses questions about accountability, as they can be exploited for misuse by malicious actors. The degree of openness must be carefully balanced with the likelihood of harm. This consideration extends not only to training data and model outputs but also to any supporting features or inference engines. Companies must carefully evaluate and navigate these trade-offs.
Businesses can also take the reins from a public policy standpoint. Regardless of their size, all companies involved in AI should start preparing for upcoming regulations, even if they may seem distant. These companies must establish governance and ethics practices that are aligned with public good to ensure compliance with future regulations.
Complementing governance policies with tech solutions
Effectively governing AI involves developing adaptable frameworks that are responsive to emerging capabilities and risks. By following the aforementioned practices, which may be both simple and demanding at times, organisations can ensure they are on the correct trajectory to harness the potential benefits of AI while also ensuring data integrity, privacy, and compliance with relevant regulations.
Through distributed cloud database solutions, enterprises can establish centralised control over their data and implement consistent governance policies throughout the entire data lifecycle. This allows them to securely manage and govern their data across multiple
locations and cloud environments as well as support data lineage and auditing, allowing organisations to track data usage and ensure accountability.
