Adopting Generative AI

Generative Artificial Intelligence (or GenAI for short) has emerged as one of the most transformative technologies of recent years, and has achieved world-wide fame since the release of ChatGPT in November 2022. Today, most people with Internet access have experimented with ChatGPT or similar technologies like Claude, Midjourney and Synthesia to generate text, images, or videos. Moreover, with GenAI being integrated into common applications and services, Bing Chat being a prime example, most people are using this technology indirectly on a daily basis.

Nonetheless, for businesses and organizations, especially small ones, determining how to effectively and safely use GenAI remains an unanswered question. A common marketing message from Tech companies is “use AI to improve your productivity”, but this message is somewhat simplistic and misleading. It occults the risks associated with AI and which must be assessed by each organization thinking of using GenAI.

1. What is Generative AI?

GenAI is a technology that creates content – such as text, images, and videos – from a command prompt that a user enters into the system. GenAI excels in natural language processing tasks like enhancing a text’s expressive quality, performing translations, and even business tasks like writing resumes or drafting business plans. GenAI systems also generate images, with Dall-e and Midjourney being the most popular platforms for this, as well as video (Runway, Synthesia, Fliki). Today, GenAI is used by design teams for image creation and by software developers for creating program code, correcting bugs, refactoring legacy software, and creating documentation.

Many companies are developing their own AI platforms for specific organizational tasks. A common use case for GenAI in organizations is chatbots. Their role is to reply to customer queries, thereby foregoing the “cost” of human operators. These platforms are created by training AI “models” with organizational data. This process can also involve customizing – or fine-tuning – one of the many publicly available AI models. The Hugging Face platform, for instance, currently has over 650’000 AI models that can be used!

The term artificial intelligence dates back to 1955 and is generally attributed to computer scientist John McCarthy. At that time, the ambition of computer scientists was to create general-purpose computing machines. It is unlikely that these scientists would have imagined machines with the power of today's GenAI systems.

The term “intelligence” in GenAI is controversial. It is debatable whether intelligence can be used to describe machines, especially when the meaning of intelligence in regards to humans and animals has evolved so much over the last decades. For instance, the term emotional intelligence only seems to have appeared in the 1960s. A more fitting denomination of GenAI is probably “advanced algorithmic” models. These algorithms are stochastic meaning they manipulate probabilities. For instance, in text generation, the system produces responses based on the likelihood of certain phrases appearing based on from the prompt entered by the user. The probabilities are calculated by observing the vast amounts of data available on the Internet, in Wikipedia articles, books, commoncrawl.org, archive.org, and a variety of websites. GenAI systems are sometimes described as Stochastic Parrots to reflect their probabilistic nature.

2. What are the Risks of GenAI?

Using GenAI comes with several potential risks that all organizations must consider before adopting the technology.

1. Lack of Understanding. As mentioned, GenAI models are just stochastic parrots. They do not possess a innate understanding of the content generated. These models can, and often do, generate content that is counter-factual – a phenomenon called hallucination.
2. Business Risks: Similar to human employees, GenAI chatbots can make mistakes that lead to business liabilities. For example, Air Canada's chatbot promised a discount to a customer that the airline later refused. However, a Canadian court ruled in favor of the customer saying that the chatbot’s information, available from the airline’s website, could not be disowned by the airline.
3. Bias and Quality of Data: Content generated by AI reflects the data it was trained on, which mostly comes from the Internet. Much Internet data contains inaccuracies and biases (racial, sexual, etc.), which can be repeated in the AI's output. The quality of AI-generated content is inherently limited by the quality of its training data.
4. Data Leakage and Privacy Concerns: AI models can inadvertently leak data entered by users as prompts. This poses significant risks, especially for proprietary or sensitive information. A case in point is Samsung employees who caused confidential source code to leak when using ChatGPT. In another development, the Polish authorities launched an investigation against OpenAI for GDPR violations, citing a lack of transparency about the manner that personal data scraped from the Internet was processed.
5. Operational Costs: it costs to use generative models. OpenAI introduced ChatGPT Enterprise, which charges 60 USD per employee. Outside of this, organizations must face the cost of up-skilling employees to responsibly use GenAI tools.
6. Intellectual Property Issues: There is ongoing debate over the ownership of content generated by AI. When you generate content, do you own that content or is it property of the GenAI platform owners? The terms and conditions of the GenAI platform should answer that question. In the case of ChatGPT for instance, at the present moment (May 2024), OpenAI will not claim copyright on content generated by its users. However, the problem is more complicated than this. GenAI models are trained on publicly available data, but publicly available data is not the same thing as data in the public domain. GenAI systems have been trained on data that some authors argue they did not give permission for. Such usage could infringe copyright. Lawyers have argued that data used in training should subscribe to the fair use principle of copyright law. The debate is ongoing. In the case of software generation, GenAI models such as Co-pilot have been trained on software that includes software with a free or open-source license. It is possible that using GenAI models to create code that becomes proprietary could violate the terms in software inside the training data.

The fuel of GenAI is data. The technology exists because there is enough data to train or fine-tune AI models. However, AI companies still need more data. One (surprising?) place they will be looking for data is on the social network profiles of deceased people! The number of these profiles is expected to reach millions in the coming years. The Irish data protection authority recently ruled that deceased individuals are not protected by the GDPR. The data of our departed is not protected by regulation.

3. How Should Your Company Adopt GenAI?

Given these risks, what should an organization do if it intends to utilize GenAI? The technology has obvious benefits for improving processes within organizations. Once organizations are aware of risks, there are then two steps that should be taken before deploying the technology.

The first step is to find out how your organization is already using AI. Employees sometimes install or use IT applications and services without corporate knowledge – a phenomenon known as shadow IT. It can be difficult to question employees and collaborators on this topic, but the responses can be very useful. Perhaps a colleague is using ChatGPT to correct grammar in emails before sending them, or to translate documents. Perhaps a colleague in the IT department is using Github Copilot or Amazon Code Whisperer to help write software.

Whether your organization decides to adopt generative AI or not (due to the inherent risks), knowing how your colleagues are using GenAI is insightful because it points to possible weaknesses or inefficiencies in your current organizational processes that might need to be addressed.

Another reason to identify how your colleagues are using GenAI is to identify your organizational risks. Perhaps personal information is being entered into prompts – which raises the possibility of data leakage, an event that can be sanctioned by data protection regulation like the GDPR. Another risk is that employees are relying on GenAI to take decisions that are considered too risk-worthy to be taken without human intervention. A simple example is choosing whether to hire a candidate from a submitted CV. The HR department must be able to explain to an unsuccessful candidate why his candidacy was not unsuccessful. A human operator would be unable to explain how a GenAI platform came to a rejection decision if it were that platform that took the decision. The ability to understand decisions made by information systems is a fundamental requirement of Expainable AI.

The second step, before deploying GenAI, is to define your concept of responsibility. This exercise essentially defines the lines you do not wish to cross for your organization, and these lines depend on the nature of the business. Consider three examples:

• A pharmacy is considering using a chatbot for customer queries. It is possible that the pharmacist deems acceptable that the chatbot replies to queries about loyalty cards or the range of perfumes on sale. On the other hand, the pharmacist might categorically refuse that the chatbot answer any question relating to the choice or dosage of a medication. He or she may believe that such queries only be answered by a certified professional.
• An apartment rental company decides to deploy a chatbot. Beforehand, the owner might accept that the chatbot reply to queries about vacant apartments for rent in relation to costs, age, utilities, commute times, etc. On the other hand, the owner might refuse that the chatbot take part in the compilation of client dossiers where sensitive information like salaries or childrens’ school addresses are processed. In this way, the owner is mitigating the risk of losing sensitive information.
• In the case of a university, it is possible that staff accept that a chatbot responds to questions concerning homework, recommended readings, but that the chatbot never gives out advice on the courses a student should take. The staff may believe that one can only orientate a student after discussing with and getting to know that student.

4. The Importance of Governance

The first two steps are really about organizational data governance. This theme is concerned with taking responsibility for, and accounting for, all data processing within the organization. Data governance is a journey, and some aspects are covered by law.

For instance, data protection regulations like the European GDPR and Swiss data protection law control the processing of personal data within companies. Organizations are obliged to have formal reasons for storing data (such as a person’s consent, or a legal requirement such as firms archiving salary data), and they must protect data with the same rigor that we expect of banks to protect our savings. The new EU Artificial Intelligence Act regulates how organizations use AI. In particularly, organizations will need to conduct a risk analysis for each AI system it deploys. Certain types of processing will be deemed as having unacceptable risks. Commonly cited examples include systems that do real-time facial recognition, subliminally influence children, or classify individuals based on sexual or racial characteristics.

In fine, adopting AI should be done in the context of a responsible IT transition.

5. Is There a Bigger Context?

The debate around GenAI is much bigger than what individual organizations decide to do with the technology. GenAI has a profound geopolitical impact. For example:

• AI can generate content with such efficacy that bad actors are using this technology to help create disinformation. A firm specializing in deep-fake detection reports a 900% increase in the number of deep fakes in 2024. This year, elections will be held in countries whose populations combine to nearly half of humanity, so the impact of disinformation can be very serious for the world’s remaining democracies.
• GenAI needs computing power, and this comes particularly from GPUs – high performance processors which were originally developed for gaming consoles. Taiwan currently produces over 90% of GPUs, and the fear of a Chinese blockade or invasion of Taiwan is pushing Western governments to look for alternatives. Also, China is now the leading country in GenAI in terms of research.
• GenAI has an ecological impact. For instance, a Scientific Reports article estimates that ChatGPT generates 3.82 metric tons of CO₂ every day.
• Pedophile networks are exploiting the capabilities of GenAI to combine adult sexual content with non-sexual depictions of children in order to produce abusive content. These networks are also using GenAI to "nudify" pictures of children.

There has been a large push for legislation to encourage responsible AI, from China and Asia, to Europe and the US. The aim of these regulations is to promote responsible use of GenAI by citizens and organizations. Key principles of the Hiroshima framework for instance include the requirement to tag the origin AI-generated content (so that it can be more easily identified as disinformation or as copyright infringed material), evaluate the societal risks of deploying AI systems, and prioritize the development of systems that tackle global challenges such as education and climate change.

6. Conclusion

Generative AI is a game-changer since it permits automation of core organizational work processes. The challenge is that the technology brings risks, and IT companies are not always willing to underscore these, or explain how the risks can be addressed. After all, the technology companies provide the technology to organizations but the organizations must accept risk consequences.

Organizations can adopt GenAI and its advantages. They just need to define their idea of responsibility beforehand, and ensure that adoption is part of a transition towards responsible data governance.