the doctor could not believe the recent headline in Forbes that said Only 9% of surveyed companies are ready to manage risks posed by AI. Because there is no way that 9% of companies are ready to manage the risks posed by AI. There’s no way even 0.9% of companies are ready to manage the risks posed by AI.
Why? Because of the rampant introduction of massive LLMs and DNNs that no one understands, for which I’m sure we’ve yet to seen the last of the abysmal failures, hallucinations, and suicide coaxing. There’s simply no way we can even begin to predict all of the potential errors they are going to make, the risks they are putting us under, the repercussions if those errors are made and risks materialize, and how the risks can be minimized, if not mitigated. No way whatsoever.
Not only is it theoretically impossible to be fully prepared, but when you consider that the average organization is not even equipped to handle regular software failures, how can the average organization expect to handle a software-based AI failure it can’t even predict?
The article, which quoted a recent study by RisKonnect (who are obviously able to detect and protect against most types of risk by using RisKonnect, and maybe that’s why they are so confident they can protect and defend against AI risks, but RisKonnect is for traditional enterprise and third-party risk, not cyber risk, and definitely not AI risk — no one can protect against a risk when they don’t even know what the risk is), did quote some very useful statistics on areas of concern. Specifically, of the companies surveyed
- 65% are concerned about data and cyber,
- 60% are worried about employees making decisions on erroneous information,
- 55% are worried about employee misuse and ethical risk,
- 34% are worried about copyright and intellectual property, and
- 17% are worried about discrimination risk.
The risks are the right risks, and the order of priority is about the right order, but the percentage of companies concerned is much too low.
1. 100% of companies should be concerned about data and cyber. Not only are we in the age of state-sponsored hacking, which makes any company with useful confidential designs and information a target, but with almost all significant commerce being conducted online, all companies are a target for financial fraud.
2. 100% of companies that need to make decisions based on data analysis should be concerned about erroneous information, as all companies have bad data, and the bigger the company, the worse the data.
But none of these match the risks of AI. As per the quote in the article from Caitlin Begg, an over-reliance on AI can risk robotic, insensitive, spammy, or off-topic messaging, and that’s just the beginning. As noted, most companies haven’t simulated their worst case scenario, and since one can’t even predict what that is with AI, they aren’t even close to ready. It’s not just another article in the organization’s tech stack, even though the article seemed to indicate it is. One can prioritize transparency, accountability, threat and vulnerability monitoring, and risk mitigation, but when most AI applications can’t explain their actions, aren’t accountable humans, have no realistic threat and risk assessments, and there is no way to mitigate risk except not to use the technology in the first place for any decision that should be made by a HUMAN, it’s just not enough.
The precautionary steps are not to identify where AI can be most effective and incorporate it, the steps should be to
- identify where partners and third parties are using AI and putting your organization at risk
- identify where employees might be using unapproved web-based AI applications and put a stop to it
- identify where your SaaS providers are not only using, but introducing, AI into their applications after purchase and delivery and ensure that any utilization is bounded, tested, and properly constrained to prevent risk
Then, instead of unbounded AI, identify appropriate automation technologies that can be properly configured, integrated, and managed as part of an enterprise stack. And reap the rewards while your competitors deal with risks.