Artificial Intelligence (AI) is rapidly transforming the landscape of commercial enterprises, promising unprecedented improvements in business efficiency. However, amidst this excitement, there's an urgent need to rethink how we approach virtual communication and data governance in the AI era.

The Reality of Deepfakes and Their Implications

Deepfakes are not just a novelty; they pose real risks. For instance, a high school principal in suburban Baltimore was recently deepfaked by a disgruntled employee, severely damaging his reputation. This incident, among others, highlights the need for robust verification processes in both virtual and in-person interactions. Here are a few steps to help mitigate these risks:

1. Verification Protocols: Implement multi-channel verification, such as following up a video call with a phone call to confirm identities.
2. Safe Words or Pass Phrases: Use pre-agreed phrases known only to authorized personnel to verify communications.
3. Staff Training: Regularly train staff to spot deepfakes by looking for inconsistencies in facial movements, unnatural blinking, or mismatched audio and visual cues.

Focus of Today's Discussion: Generative AI and Data Governance

While AI encompasses a vast array of technologies, today's discussion will focus on generative AI and the governance of large language models (LLMs). As an application delivery manager at SunWest Bank, I leverage cutting-edge technologies to enhance business efficiency. My background in software engineering gives me a deep understanding of both the potential and risks of generative AI.

Navigating the AI Landscape: Key Considerations

Commercial enterprises must balance the pursuit of efficiency with the need to protect sensitive data. Here are three major pillars of AI defense:

1. Privacy: Establish strong data governance frameworks to protect sensitive information and ensure AI systems use accurate, approved data.
2. Data Security: Conduct frequent assessments to stay ahead of potential threats and maintain robust defenses.
3. Reliability: Create a use case committee to review and approve AI prompts, ensuring reliable and responsible usage across the enterprise.

Practical Steps for AI Defense

1. Update Your Acceptable Use Policy (AUP): Ensure your AUP complies with local laws and regulations for data security, providing clear guidance on the use of AI tools and handling of data.
2. Form an AI Use Case Committee: This interdepartmental committee should document, review, and approve AI use cases, fostering a holistic approach to AI implementation.
3. Empower Vendor Management Teams: Train vendor management teams to spot AI washing and overhyped product claims, equipping them with the right questions to ask during vendor negotiations.

Conclusion: Embracing AI with Caution and Preparedness

AI offers immense opportunities but also significant risks. By implementing the advice shared today and fostering a culture of continuous learning and vigilance, commercial enterprises can navigate the AI landscape effectively. Remember, you don't have to dive into the deep end of AI; start shallow and build your understanding gradually.

Thank you for your time and attention. If you have any questions or need further information, please feel free to ask. Let's embrace AI thoughtfully and responsibly, ensuring a secure and efficient future for our businesses.

Key Takeaways

• Deepfake Awareness: Understand the risks of deepfakes and implement verification protocols.
• Generative AI Governance: Focus on privacy, data security, and reliability.
• Practical Defense Steps: Update AUPs, form AI use case committees, and empower vendor management teams.
• Continuous Vigilance: Foster a culture of learning and vigilance to stay ahead of AI-related challenges.

By adopting these strategies, businesses can harness the power of AI while mitigating its risks, paving the way for a more secure and efficient future.

‍

You can watch Paddy's full session from APISEC|CON here.

‍