The Flip Side: Generative AI and Risks for Enterprises, Amidst Tech Advances

Generative artificial intelligence offers remarkable benefits, yet it also brings significant challenges, including hallucinations, code errors, copyright issues, perpetuated biases, and—most critically for organisations—data leaks. Generative artificial intelligence’s flip side includes hallucinations, code errors, copyright infringement, and perpetuated bias.

A recent survey by Alteryx indicates that while 77% of companies report successful generative AI pilots, a staggering 80% highlight data privacy and security as the primary obstacles to scaling AI. Furthermore, AvePoint’s 2024 AI and Information Management Report reveals that 45% of organizations have faced unintended data exposure when deploying AI solutions. The severity of this issue was starkly illustrated by Microsoft AI’s leak of 38 terabytes of data late last year.

“AI has certainly amplified and accelerated some of the challenges around data management,” notes Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer at AvePoint, which specializes in helping organizations manage, migrate, and protect their data both in the cloud and on-premises.

Simberkoff points out that much of this leaked information is unstructured data lurking in collaboration spaces, unprotected and previously undiscovered due to the difficulty of locating it. “It’s often what we call dark data,” she explains.

Arvind Jain, CEO and cofounder of enterprise search platform Glean, which was recently named to the 2024 CNBC Disruptor 50 list, emphasizes the intense pressure on chief information officers and similar roles to implement AI, often leading to errors in the rush to modernization. “It was so hard to find anything. Nobody knows where to look,” Jain says. “That’s the thing that AI fundamentally changes. We don’t have to go and look anywhere anymore. You just have to ask a question.”

Jain asserts that most enterprise data carries some level of privacy, and insufficient permissions leave crucial information exposed. While his search platform is designed to operate with organisational permissions in mind, it's up to leaders to manage their data effectively before enhancing it with AI.

Exposing Unprotected ‘Dark Data’

The risks extend beyond customer and employee personal information leaking outside the organization. Sensitive documents, from former employees’ termination letters to confidential merger discussions, can cause significant issues if accessed by the wrong internal parties. Whether it’s employee dissatisfaction or insider trading, the dangers are real.

Even without AI, this information remains unprotected. “Not knowing is never better,” Simberkoff asserts. “Shining a light on that dark data means you can no longer ignore it.”

Simberkoff lives by the mantra, “We protect what we treasure, and we improve what we measure.”

Enhancing Data Permissions and Protections

How can leaders improve data permissions and protections before implementing AI? Jason Hardy, Chief Technology Officer for AI at Hitachi Vantara, advises taking preliminary steps to understand your data. This includes logging data, using vendor-provided tools to structure and search through it, and consistently vetting information over time.

Hardy emphasizes the importance of both prevention and enforcement: policies to prevent leaks and mechanisms to manage information if it does get out. “It does come down to a lot of training,” he says. “It’s about making your end users aware of the information they’re responsible for. We have approved tools, but as we integrate them into our systems, we need safeguards.”

Simberkoff highlights the need to prioritize high-risk information and practice data labeling, classification, and tagging.

A Cautious Approach to AI Implementation

Simberkoff advises that it’s acceptable to pause during the AI adoption journey. “Organizations may rush to adopt AI and then have to pause. That’s okay,” she says. “It’s effective to approach this in incremental steps, starting with an acceptable use policy and strategy, and then testing the waters with a pilot.”

Regulations and laws are evolving, so maintaining a good understanding of your data over time is prudent. Hardy stresses the importance of proactive measures: “Do the right thing up front and you’re not going to make the front page of pick-your-popular-news-vendor.”

Simberkoff reminds leaders that AI is inherently imperfect. “We know that these algorithms hallucinate, make mistakes, and are only as good as the data entered into them,” she says. “When using AI, it’s crucial to ensure that you’re verifying its outputs and using it for its intended purpose.”

User education is essential. Simberkoff likens AI to a valuable intern: “You can give them assignments, but you always want to check their work and ensure they’re not going off on tangents.”

Jain recommends that all companies, especially large enterprises, have a centralized AI strategy to vet tools and determine the content connected to their data set. While limited information provides limited value, connecting as much information as possible while maintaining appropriate permissions is most effective. Additionally, a soft rollout can help test a new program before full-scale adoption.

Even as AI exposes poor data hygiene, Simberkoff believes the benefits outweigh the challenges. “AI is our best friend,” she says. “It’s going to really push organisations to take the steps they should have been taking all along.”