Don't Leave AI Governance To The Machines

Many companies are entrusting their top business-critical operations and decisions to artificial intelligence.

Rather than traditional, rule-based programming, users now have the ability to provide machine data, define outcomes, and let it create its own algorithms and provide recommendations to the business. For instance, an auto insurance company can feed a machine a library of photos of previous totaled cars with data on their make, model and payout. 

The system can then be “trained” to review future incidents, determine if a car is totaled, and give a recommended payout amount. This streamlines the review process, which is both a positive for the company and customer.

With the ability for AI to arrive at its own conclusions, governance over the machines is critical for the sake of business executives and customers alike. 

Was the machine accurate in its review of the accident photos? Was the customer paid the right amount? 
By taking the proper measures, organisations can gain clarity and ensure they are using these tools responsibly and to everyone’s benefit.  Here are three areas to keep in mind. 

Traceability sheds light on machine reasoning and logic 
In a recent Genpact study of C-suite and other senior executives, 63 percent of respondents said that they find it important to be able to trace an AI-enabled machine’s reasoning path. After all, traceability helps with articulating decisions to customers, such as in a loan approval.

Traceability is also critical for compliance and meeting regulatory requirements, especially with the implementation of the General Data Protection Regulation (GDPR) in Europe, which has affected practically every global company today. 
One critical GDPR requirement is that any organisation using automation in decision-making must disclose the logic involved in the processing to the data subject. Without traceability, companies can struggle to communicate the machine’s logic and face penalties from regulatory bodies.

The right controls and human intervention remain paramount 
By design, AI enables enterprises to review large datasets and delivers intelligence to facilitate decisions at far greater scale and speed than humanly possible. However, organisations cannot leave these systems to run in autopilot. There needs to be command and control by humans. 

For example, a social media platform can use natural language processing to review users’ posts for warning signs of gun violence or suicidal thoughts. The system can comb through billions of posts and connect the dots–which would be impossible for even the largest team of staff–and alert customer agents. Not every post that will be a legitimate concern so it is up to humans to verify what the machine picked up. 

This case highlights why people are still critical in the AI-driven future, as only we possess domain knowledge, business, industry, and customer intelligence acquired through experience–to validate the machine’s reasoning.

Command and control is also necessary to ensure algorithms are not being fooled or malfunctioning. For example, machines trained to identify certain types of images, such as for determining if a car is totaled for insurance purposes, can be fooled by feeding completely different images that have inherently the same pixel patterns. Why? Because the machine is analyzing the photos based on patterns, and not looking at them in the same context that human beings do.

Beware of unintentional human biases within data 
Since AI-enabled machines constantly absorb data and information, it is highly likely for biases or unwanted outcomes to emerge, such as a Chatbot that picks up inappropriate or violent language from interactions over time. However, if there is bias in the data going in, then there will be bias in what the system puts out. 

Beforehand, individual users with domain knowledge have to review the data that goes into these machines to prevent possible biases and then maintain governance to make sure that none emerges over time. 

With more visibility, understanding of their data and governance over AI, companies can proactively assess the machine’s business rules or acquired patterns before they are adopted and rolled out across the enterprise and to customers. At its root, responsible use of AI is all about trust. Companies, customers, and regulatory agencies want to trust that these intelligent systems are processing information and feeding back recommendations in the right fashion. They want to be clear that the business outcomes created by these machines are in everyone’s best interest. 

By applying the various techniques discussed above, organisations can strengthen this trust with better understanding of the AI’s reasoning path, communication of decisions to customers, regulatory compliance, and command and control to ensure that they have clarity and can always make the best decisions.

Information Week

You Might Also Read: 

Computer Says No:

AI Can Win At Poker But Who Is Overseeing Computer Ethics?:
 

 

« For Sale: Access To Airport Security
Putin Says Russia The Target Of 25m World Cup Cyber Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Avanan

Avanan

Avanan is The Cloud Security Platform. Protect all your SaaS applications using tools from over 60 industry-leading vendors in just one click.

Repository of Industrial Security Incidents (RISI)

Repository of Industrial Security Incidents (RISI)

RISI is a database of cyber security incidents that have (or could have) affected process control, industrial automation or SCADA systems.

Igloo Security

Igloo Security

Igloo Security is a leader and pioneer in SIEM (Security Information & Event Management), PSIM (Physical Security Information Management) and MSS (Managed Security Services).

Paygilant

Paygilant

Paygilant’s disruptive technology is designed to protect mobile payment  financial transactions against fraudulent attacks, whether executed by NFC, QR code, P2P or in-app.

Volatility Foundation

Volatility Foundation

Volatility is an open source memory forensics framework for incident response and malware analysis.

R2S Technologies

R2S Technologies

R2S can help you implement a cyber security framework to ensure your business is more resilient towards the growing threat of cyber crime. We provide Web and Mobile Application Security Assessment..

Joint Accreditation System of Australia and New Zealand (JASANZ)

Joint Accreditation System of Australia and New Zealand (JASANZ)

JASANZ is the joint national accreditation body for Australia and New Zealand. The directory of members provides details of organisations offering certification services for ISO 27001.

CyBOK - University of Bristol

CyBOK - University of Bristol

CyBOK is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector.

Tech-Recycle

Tech-Recycle

Tech-Recycle was formed to help companies and individuals securely, ethically and easily recycle their IT and office equipment. We destroy all data passed to us safely and securely.

Cybersecurity Collaboration Forum

Cybersecurity Collaboration Forum

The mission of the Cybersecurity Collaboration Forum is to foster information security communication and idea sharing across the C-Suite, enabling leaders to better protect their enterprises.

Defendify

Defendify

We built Defendify to help small businesses navigate the cybersecurity landscape with cybersecurity that is dead simple, affordable, and works around the clock.

Ackcent Cybersecurity

Ackcent Cybersecurity

Ackcent's mission is to help our clients to protect their critical digital assets by providing them with a portfolio of specialised professional services.

Secure Digital Solutions (SDS)

Secure Digital Solutions (SDS)

Secure Digital Solutions is a leading consulting firm in the business of information security providing cyber security program strategy, enterprise risk and compliance, and data privacy.

7layers

7layers

7layers has established itself as one of the world’s leading test house groups for mobile devices and the growing number of wireless devices, modules and chipsets.

Trovent Security

Trovent Security

Trovent was founded with a clear goal: to support medium-sized companies in significantly increasing their IT security level.

Incode

Incode

Incode is the leading provider of world-class identity solutions that is reinventing the way humans authenticate and verify their identities online.