Deep-learning large language models are here, but the exact guidance on how to use them at work is still an unsettled question for chatbots and humans alike.
Organizations are grappling with how to adjust current policies to account for both big public large language models and private, contained ones—and the to-be-determined regulations set to govern them.
“There isn’t a confirmed playbook yet for rules,” said Luke Tenery, a partner at the consultancy StoneTurn, who advises clients on policy creation.
The risks. For a technology like generative AI that requires input to receive an automatic output, there are risks on both sides of the equation. The output can be false or biased, based on the model’s training data; the input could contain proprietary information.
A crowded regulatory picture. One challenge, according to Beena Ammanath, technology trust ethics leader at Deloitte and global head of the Deloitte AI Institute: There will be many regulations.
“It’s going to be dependent on the industry and the use case. Some regulations might be an extension to existing regulations, and some might be brand new,” Ammanath told IT Brew.
A 2023 Artificial Intelligence Index Report, led by the Stanford Institute for Human-Centered Artificial Intelligence (HAI), showed that the number of bills containing “artificial intelligence” passed into law grew from just 1 in 2016 to 37 in 2022, according to its study of the legislative records of 127 countries.
With no established playbook and a growing number of laws, how does a company ensure that their policy of today aligns with the regulations of tomorrow?
“Smart organizations are taking stock of what’s ‘acceptable use’ in this realm, and establishing policy and training around that,” said Tenery.
A university, for example, may allow language learning models to support syllabus planning, but ban the use of any student names as input. A risk assessment may determine that a contained, private language model, trained on a limited, internal set of data, offers a more secure option for a given task, compared to a public model like ChatGPT.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Blanket-blocking the bots likely won’t work. A February 2023 survey from the networking app Fishbowl of over 11,000 users found that 43% of professionals were using AI tools like ChatGPT; of the 5,067 trying out the tech, 68% didn’t tell their bosses.
“Like with any new technology that has a lot of interest, chances are your employees are going to want to use it. It’s very difficult, I think, to affirmatively just say, ‘No, you can’t have access to this,’” said Daren Orzechowski, global co-head of the technical practice at the international law firm Allen & Overy.
Company policies can be updated for emerging technologies like generative AI—an important first step for policy makers, said Ammanath.
Previous guidelines, for example, may restrict the locations to post specific pieces of sensitive information, like a public forum.
“Right now, you would extend it to say it cannot be fed into a publicly available generative AI tool,” Ammanath told IT Brew.
Some early official guidance includes the White House’s AI Bill of Rights and NIST’s AI Risk Management Framework.
A balancing act. Companies will likely need a flexible approach based on existing legal principles and the regulations to come, like EU’s AI Act, which aims to classify AI systems according to levels of acceptable risk…maybe. The fate of the EU bill is far from certain, and the rules of the road are not firmly established.
“We built the car, but we don’t have the speed limit set up. We don’t have the seatbelts. We don’t have the lanes even drawn up,” said Ammanath.