Security concerns are inexorably intertwined with the exploration and implementation of generative AI. According to a recent report featuring data we commissioned, 49% of business leaders consider safety and security risks a top concern, while 38% identified human error or human-caused data breaches arising from a lack of understanding of how to use GPT tools.
While these concerns are valid, the benefits early adopters stand to see far outweigh the potential downsides of limiting integration.
I want to share what I have learned from helping our teammates and clients alike understand why security should not be an afterthought but a prerequisite for integrating AI into the business, and some best practices for doing so.
The AI conversation starts with a safe-use policy
Companies understand the urgency with which they need to respond to the new security risks AI presents. In fact, according to the report referenced above, 81% of business leaders said their company already has implemented or was in the process of establishing user policies around generative AI.
Guardrails for testing and learning are essential to accelerating exploration while minimizing security risks.
However, because of the rapidly evolving nature of the technology — with new applications and use cases emerging every day — the policy should be continuously updated to address emerging risks and challenges.
Guardrails for testing and learning are essential to accelerating exploration while minimizing security risks. The policy also should not be created in a silo. Representation from across the business is important to understand how the technology is being or could be used by each function to account for unique security risks.
Importantly, skunkworks exploration of AI should not be banned altogether. Companies that resist it out of fear will no longer have to worry about competitors eroding their market share; they’ve already done that for themselves.
Enabling citizen developers
In order to ensure we use AI in a safe manner, we first gave our citizen developers carte blanche access to use a private instance of our large language learning model, Insight GPT. This has not only helped us identify potential use cases but also allowed us to stress test its outputs, enabling us to make continued refinements.