According to dark web marketplace data, as of June 2023, more than 100,000 ChatGPT user accounts have been stolen by information-stealing malware and sold. In March 2023, a bug in the artificial intelligence (AI) chatbot exposed users’ payment information and chat titles to other users. Since then, companies including Samsung, Apple, Verizon, JPMorgan, Chase, and many of the tech services firms, have banned or put heavy restrictions on the use of generative AI. Innovative companies like Amazon have also put safeguards in place on how to use generative AI.

Amidst all these noises and real concerns, a vast majority of employees are using generative AI in the workplace, and many have inadvertently posted company data into ChatGPT since it was launched. Every company is trying to strike a balance between the threats of using Generative AI and the benefits of using it. However, the evolution of the concept and the associated processes, learning and best practices of scaling adoption will put many concerns at ease.

What are some of the challenges that businesses should address in order to adopt generative AI?

As every business figures out a way of adopting and scaling of generative AI, there are key challenges that companies need to address. These are nothing new! They need to make sure they are considering each of the following:

Assuring quality because Generative AI can be wrong Making AI-produced content culturally and ethically acceptable Avoiding unwanted bias because it is difficult to make the generative AI "explainable” Addressing the security vulnerabilities that products of generative AI may have Educating consumers on generative AI. Without doing so, delivering its work-products can lead to legal issues Addressing data privacy and intellectual property issues in the work products of generative AI Ensuring infrastructural readiness so that the technology availability is not an issue Establishing minimum standards so that the tech adoption is controllable from social and governmental perspectives Confirming accessibility so that the tech is extended to diverse consumers Establishing a mechanism for rollback, in case of adversity

Every tech-led innovation always starts with similar concerns, but the tech evolution has naturally addressed them.

What are the potential threats of using Gen AI?

There are five potential threats in the software production and consumption processes that businesses should worry about. They are:

Sensitive Data: Leakage of sensitive or confidential information such as employee data, financial information, trade secrets, strategies, and proprietary code/algorithm. Malicious Code: ChatGPT or other LLM engines may be susceptible to malicious input/output, intentionally designed to exploit vulnerabilities or manipulate the model's behavior. Non-Compliance: The Schrems II ruling underscores the need to ensure personal and sensitive data is protected under GDPR while ChatGPT content is processed and stored in the US. Third-Party Plug-Ins: Plugins that connect to ChatGPT or other AI when used in a browser will have access to private data, they may also be insecure or interact with other insecure external services. Enterprise Applications: Applications that are built as a consumer of these AI services will also have access to sensitive data and they may also be insecure on their own or interact with other insecure external services.

How do we systematically address these threats

There are four proven techniques that companies can use to prevent their information technology (IT) assets from the risks of using Gen AI. They are:

Monitoring: Understand the current observability frameworks in place such as DLP/CASB/End Point protection etc. and leverage their capabilities to monitor AI services and address data leak issues. Pseudo Proxy: All user requests should be routed and processed at the intermediate proxy server before the request is sent to AI servers. A custom browser plugin can be developed for this purpose. That way, you can control the policy to only allow questions to ChatGPT and only consume data and not feed no sensitive data into it. Code Checker: A code plagiarism checker should be installed in the proxy server to identify if any internal code from controlled repositories is being pasted in ChatGPT. Intent AI: Gather and analyze the current interaction data of internal ChatGPT users. Mark requests as sensitive or generic and use the data to train an Intent AI. Install the model in the proxy server to process all the user requests as either allowed or sensitive or block requests.

How can a service provider help?

Service providers can help companies figure out a way of adopting and scaling generative AI. At Qualitest, we have a tested methodology to address the top 10 challenges I have listed throughout this article.

Businesses should do periodic assurance audits to fully understand the current observability frameworks in places such as data loss protection, cloud access security blocker, and end point protection. This way, they can leverage their capabilities to monitor AI services and address data leak issues. Business can get a step ahead by deploying a dedicated information security auditor, i.e., a Policies Coach, who can define and periodically audit the process, policies, and guidelines for using large language model (LLM) tools within the organization and periodically conduct security awareness programs through training and coaching employees on the Do’s and Don’ts.

Unless we fully understand the challenges, threats and solutions around Gen AI, we cannot adopt or scale it. In the case of fast AI adoption, the side effects will be deadly, if we are not careful. Let us fasten our seatbelts!

Anbu Muppidathi is the President and CEO of Qualitest. A technology veteran with more than 30 years of experience in digital transformation and technology modernization, Anbu has world-class operational and go-to-market expertise. Before joining Qualitest, Anbu most recently served as Global Head of Cognizant’s Enterprise Cloud Application Services. Prior to that, while running Cognizant’s Quality Engineering and Assurance practice between 2014 and 2018, he more than doubled the company’s testing revenue to $2.2B in annual sales with a team of 35,000 professionals while improving its analyst rankings to the leader status.

