Corporate race to use AI puts public at risk: study

The rush by Australian companies to use generative artificial intelligence (AI) is escalating the privacy and security risks to the public as well as to staff, customers and stakeholders, according to a new study.

The University of the Sunshine Coast research, published in the Springer Nature journal AI and Ethics, warns that rapid AI take-up is leaving companies open to wide-ranging consequences. These include mass data breaches that expose third-party information, and business failures based on manipulated or ‘poisoned’ AI modelling — whether accidental or deliberate.

The study included a five-point checklist for businesses to ethically implement AI solutions.

UniSC lecturer in cybersecurity Dr Declan Humphreys said the corporate race to adopt generative AI solutions like ChatGPT, Microsoft’s Bard or Google’s Gemini was fraught with not just technical, but moral issues.

Generative AI applications turn large amounts of real-world data into content that appears to be created by humans.

“The research shows it’s not just tech firms rushing to integrate the AI into their everyday work — there are call centres, supply chain operators, investment funds, companies in sales, new product development and human resource management,” Humphreys said. “While there is a lot of talk around the threat of AI for jobs, or the risk of bias, few companies are considering the cybersecurity risks.

“Organisations caught in the hype can leave themselves vulnerable by either over-relying on or over-trusting AI systems.”

The paper was co-authored by UniSC experts in cybersecurity, computer science and AI, including Dr Dennis Desmond, Dr Abigail Koay and Dr Erica Mealy. It found that many companies were making their own AI models or using third-party providers without considering the potential for hacking.

“Hacking could involve accessing user data, which is put into the models, or even changing how the model responds to questions or the answers it gives,” Humphreys said. “This could mean data leaks, or otherwise negatively affect business decisions.”

He said legislation had not kept pace with issues of data protection and generative AI.

“This study recommends how organisations can ethically implement AI solutions by taking into consideration the cybersecurity risks,” he said.

The five-point checklist includes:

• secure and ethical AI model design;
• trusted and fair data collection process;
• secure data storage;
• ethical AI model retraining and maintenance;
• upskilling, training and managing of staff.
   

Humphreys said privacy and security should be a top priority for businesses implementing artificial intelligence systems in 2024 and beyond.

“The rapid adoption of generative AI seems to be moving faster than the industry’s understanding of the technology and its inherent ethical and cybersecurity risks,” he said. “A major risk is its adoption by workers without guidance or understanding of how various generative AI tools are produced or managed, or of the risks they pose.

“Companies will need to introduce new forms of governance and regulatory frameworks to protect workers, sensitive information and the public.”

Image credit: iStock.com/Sefa kart