Are there Security and Liability Concerns with Leveraging Artificial Intelligence?
Artificial intelligence systems, such as ChatGPT, are currently being developed with rapidly increasing capability, gathering a lot of attention to the technology recently. Large-scale computing resources and extensive training data sourced from the public internet are leveraged to create systems that can generate writing and graphics that can be difficult to distinguish from the creation of humans. While you can leverage this capability to work more effectively, it’s important to keep in mind some concerns about information security, intellectual property rights, and accuracy. I’ll address some of these concerns in this post.
If you are making use of AI systems confidentiality should be your primary security concern. Many AI models require significant resources to execute, far outstripping what you may expect to host on your own workstation or (in some cases) on-premises servers. Because of these steep requirements, you will likely be using AI services provided in the cloud by third parties. The business models and licensing of these services may also prevent you from hosting them locally. Therefore, your prompts and their output are not contained within the protections of your own network. There is the potential for the things you have asked an AI, and the responses, to be leaked in the event of a breach of an AI service provider. Depending on your relationship and licensing/usage agreements with the provider, your inputs and output are also likely to be monitored by the provider and used as training inputs for future iterations of the AI product. Be careful about providing original ideas and confidential data to an off-site AI.
Intellectual property rights for content generated by artificial intelligence are not yet agreed upon. The creations of people (writings, art) are being used as training input to these AI systems, and elements of that input can make their way into the output generated for the end user. Who owns the copyright for the output of an AI that generates text or graphics from a prompt? Is it the user that provided the prompt, effectively triggering the creation of output like a photographer pushing the shutter button? Is it the creators and operators of the AI system, by virtue of licensing agreements? Under current rules, the U.S. Copyright Office requires the “creative input or intervention from a human author” to recognize the copyright of a work. Users of AI systems should ensure that humans are still “in the loop” for the creation of content that needs IP protection.
It is also important to make sure that your use of AI doesn’t outpace your ability to verify that its output is correct. Many AI systems can give the impression of incredible feats of creation and breadth of knowledge to generate code, algorithms, and instruction, but can often get things wrong. AI systems like ChatGPT model language and can sometimes be better at confidently answering a prompt in a way that “reads well” than actually performing the logic to solve a problem. There are many examples of this online, including one where ChatGPT reasons across multiple paragraphs that, if it takes one woman nine months to make one baby, that nine women ought to be able to make one in a month. While language models can provide a skilled user with a good partner to bounce ideas off, any use of an AI system for serious work should be done with prompting and verification by subject matter experts.
What should you do to take advantage of AI systems in your organization? Licensing agreements and hosting should be examined carefully, and confidential data should not be sent offsite Ais without consideration. Subject matter experts should be kept in the loop to prompt, guide, and adapt inputs and outputs to safeguard against mistakes and protect ownership of the work product. While you shouldn’t be afraid to augment your human staff’s capabilities with those of artificial intelligence systems, it should be done in a controlled and careful manner.
