The Promise of AI – AI holds significant potential for good, offering the promise of boosting productivity and transforming the nature of work. It could create more fulfilling jobs or enable humans to work less – Goldman Sachs predicts that generative AI could drive a 7% increase in global GDP (almost $7 trillion).

The Perils of AI – Despite its potential, AI systems pose significant risks, including harmful malfunctions, discrimination, privacy issues, and the spread of disinformation. The barriers to malicious use have been lowered, with generative AI being used to create malware, bypass security systems, spread misinformation, and even forge documents.

Core Working Tenets of Agentic Systems

Perceive: Gathers and processes data from various sources + Reason: Uses language models to understand tasks and generate solutions + Act: Executes tasks by integrating with external tools + Learn: Continuously improves through a feedback loop

Obstacles to Controlling AI – AI governance is vague and faces numerous challenges, with a broad scope in areas of security, privacy, ethics, and moral values. The path forward is not clear-cut; thus, sharing my insight & strategies to help each other navigate this complex field.

Step1: Assess:

a. Identify the Regulation applicable to your use case, is it a High-Risk AI system? needs to ensure Product safety i.e. Medical AI, education, employment, insurance

b. Decide on your risk appetite based on the company size, product lifecycle, and use case

Refer to EU AI Act: first regulation on AI https://artificialintelligenceact.eu/high-level-summary/,

Step 2: Risk & Quality Management

a. Threat model & map integrity levels onto a combination of consequence and likelihood levels

b. Vulnerability assessment in case the bot already exists in pre-prod. Refer i.e. https://github.com/NVIDIA/NeMo-Guardrails

c. Minimize the attack surface and ensure we have defense in depth planned as suggested by OWASP top10 LLM, also refer to https://danielmiessler.com/p/the-ai-attack-surface-map-v1-0

Step 3: Data Governance & Security

a. Acquisition consists of Training data and Preparation steps: ML pipeline focuses on Correctness, Representativeness, and minimizing bias. Other security risks are data privacy, Security vulnerabilities – data positioning, and injection attacks.

b. Modelling consists of training and Model development steps: the focus is on transparency and documentation. Other security risks are bias, introducing Adversarial training, Reinforcement learning with humans in the loop, and constitutional AI methods for safe outputs.

c. Deployment consists of Application data and Application: Accuracy, Robustness, and IT Security, performance goals depend on the use cases its best to plot stakeholders and Concerns (impact from False positive or false negative). Refusal and blacklisting to minimize harmful/negative output.

Implement trust layers, such as zero data retention, dynamic grounding, prompt defense (LLM firewalls), data masking, and toxicity scoring.

Step 4: Technical document, and transparency

Translate Values into Processes: Ensure processes are documented, resources are communicated, and incentives and rewards are aligned. Effective AI governance requires a continuous improvement approach through various maturity levels (crawl, walk, and run). This includes:

• Starting with Safety Culture: Implement red teaming, cyber defense, anomaly detection, and transparency. guide on Governance, Map, Methods, and Measurement.
• Awareness, policy, Governance, development, and tooling, some of the frequently used tools Comet, Laker, Wayfound, Arize AI, Nemo, Guardrail.ai, Langkit, etc.

Modern tools with capabilities of Gatekeeper, Anchor, Parametric, and Guardrails

Further References for Holistic AI Governance:

1. Identify. analyze & mitigate threat with MITRE ATLAS https://atlas.mitre.org/
2. Building Trustworthy AI – NIST RMF Framework provides guidelines on these systems to incorporate reliability, resilience, and responsibility to build trust with customers.

Embedding Ethics in Product Development

• Use the V2MOM- Vision values Methods Obstacles Measure, a framework for alignment
• Design with Human-Centered Values: Emphasize trust and transparency using design thinking, customer journey mapping (CJM), and service blueprinting.
• Follow Safe Design Principles: Implement responsible AI development lifecycles with stories, sprints, releases, and monitoring.

Also, consider Product features to Nudge, assist, and enhance, to tap into the intuitive thinking of customers to create positive memories

• Mindful friction in decision-making processes.
• In-app pop-ups to flag detected toxicity.
• Continuous feedback loops to keep humans in the loop.

Tips to Startup / Early Stage Development”

• Further Embracing an Entrepreneurial Approach – To drive innovation and improvement in AI projects, we encourage an entrepreneurial mindset:

• Engage with experts to validate your concepts, run quick experiments, and use the results to refine or discard your ideas.
• Generate impact scenarios & Customer journey maps to understand the customer emotion and implications of your project.

I am certified CISSP, LLMOps, and AI Security and Governance. Happy to help. AI governance is pivotal in steering this powerful technology toward positive outcomes, ensuring that AI is used in ways that enrich our lives, benefit our communities, and constructively impact our society.