AI: THE DOUBLE-EDGED SWORD OF CHANGE

AI promises a future filled with incredible possibilities – breakthroughs in medicine, solutions to climate change, and innovations that could reshape our world for the better. There is no doubt that the advances in artificial intelligence will have profound impacts on our lives.

However, with great power comes great responsibility. We can't ignore the potential pitfalls. In the wrong hands, AI could pose a significant threat.

As we navigate these "hyper-interesting times," it's crucial to develop AI responsibly, ensuring this powerful technology works for us, not against us.

 

THE CHALLENGE

The biggest challenge – for now – is the hype around AI.

Senior leaders who are afraid of being left behind and fresh-faced graduates eager to make their mark are adopting and experimenting with AI solutions with varying degrees of oversight.

It’s like the wild west days of the internet all over again – except this time everyone has jumped on the wagon and not just the strange techies.

We are seeing terms like “Shadow AI” emerging where AI based solutions are being deployed without oversight. Shadow IT was, and still is, a major headache for IT Governance and security. Shadow AI feels more like migraine territory.

We have seen some unintended consequences of AI experimentation. For instance, some AI applications bypass file and folder access controls making confidential information that had strict security settings generally accessible. AI applications capturing meeting minutes can minute one-on-one conversations over your meeting apps inadvertently capturing confidential discussions. AI applications can generate a lot of content which needs to be filed and stored properly – and deleted appropriately.

 

ADDRESSING THE CHALLENGE

AI solutions are everywhere we look – the list of applications that use Generative AI alone include conversational search, customer support agent assistance, customer support analytics, virtual assistants, chatbots, media generation, content moderation – the list goes on and on.

Any company who thinks it’s not using AI by now really is likely to be deluding itself. This enormous change must be met head on. By doing so you will ensure you are well placed to reap the benefits while protecting valuable company assets – your people, your customers and your information.

The trick here is to start in the right place – at the top! Figure out how AI is being used in your organisation and figure out the potential opportunities that are out there. Then get the right governance approach in place to deal with what you know right now. Communicate that to your teams. Fund it properly to ensure that your data is not funding it. Train people about the opportunities and the risks. Get prepared to deal with the pace of change that is happening right now by revisiting your governance more often than you have been used to doing.

 

What is the best way to go about this? The most powerful way is collaboratively. Here’s how we approach AI Governance:

Step 1: Develop your understanding of how AI is being used

• The first step is to figure out how people across the organisation are using AI based solutions right now. Ask about the current applications and the opportunities that teams would like to explore in the near future.
• Classify the solutions currently in use, and planned to be used, against the EU AI Act risk classification – unacceptable/high/medium and low.
• Armed with this knowledge, it will be possible to identify the benefits and the risks and get an informed governance policy in place.

 

Step 2: Policy development

• It’s a good idea to find some pragmatic team members in the areas most likely to be impacted – IT and IT Security, HR, recruitment, operations, marketing, compliance and your DPO, of course. The first step is to get these people onto some good training courses.
• Once trained they should be able to evaluate the information already gathered about the use of AI solutions in the organisation.
• The team should consider the risks and benefits that the use of various AI solutions create for the organisation. Their brief is to recommend an AI policy approach that maximises benefits while minimising the risks.

 

Step 3: AI Oversight

• Once the policy is in place, it needs to be rolled out – with training – across the organisation.
• The AI team can become a policy monitoring committee – with an expanded brief to monitor for policy compliance as well as vet proposals for new AI applications in the organisation.
• The pace of change is so fast with AI that the usual timeframe of revisiting and revising policies every 1-2 years is not adequate. AI policies should be reviewed every 3-6 months – at least until the hype cycle subsides!

The worst approach to the AI hype cycle is to ignore it in the hope that everything will work out fine in the end. The best approach is to do the best you can do for now. Develop as much understanding as you can about what is going on inside and outside your company and decide how you will approach it – head on!