If you’re anything
like me, you don’t have to step outside your front door to see what an impact
artificial intelligence (AI) is having on our lives. My virtual assistant helps
me to wake up at the right time, informs me what weather I can expect, and
schedules those all-important anniversary reminders. And once I’m on the road,
my satellite navigation system finds me the quickest route while news updates
stream to my phone based on my preference history.

But what exactly is AI and is the current hype surrounding it valid? In a new technology brief from NACD and Accenture Security, we look at the nuts and bolts of AI, where it comes from, and how it works. Here are some of the report’s ideas on the opportunities and risks of AI, and how organizations can take their first steps toward responsibly employing it.

AI is far from
a new idea—but it does offer new opportunities. AI is
likely to become a new driver of economic value for organizations, but
businesses may find it difficult to leverage this technology without first
understanding the opportunities it presents. To set a clearer path forward,
corporate leaders should consider doing the following:

Review and, where appropriate,
introduce automation into business processes,Assess how AI can augment
employees’ current work, andAvoid concentrating or limiting
this technology; instead, diffuse it throughout business units or functions.AI benefits don’t
come risk-free. Organizations should get started on
their AI journeys with a clear-eyed view of the likely risks. AI-associated cyber
risks fall into two broad categories: data integrity and algorithm
manipulation. The learning and decision-making capabilities of AI can be
altered by threat actors modifying the data used in the training process. The
algorithms themselves should also be protected from manipulations by threat
actors hoping to change the outcomes of AI systems for malevolent purposes. Breaches
can also take the form of “poisoning attacks,” where the machine learning model
itself is manipulated.

Four principal
risks should be considered in the near-term:

Trust and transparency: Complex forms of AI often operate in ways that can make it hard to
explain how they arrived at the results produced. New approaches are needed to
offer better explanations of the processes underlying AI decisions. Decisions
taken by AI must be open to interrogation or appeal.Liability: Executive leaders and the board should carefully monitor changes
in legislative and regulatory requirements to ensure compliance.Control: Careful thought is needed on when and how control is or should be
shared or transferred between humans and AI. Security: As the growth of AI into all sectors increases, security becomes
paramount and is compounded by the current lack of protection to both AI models
and the data used to train them. Boards should ensure they are asking the right
questions of management and outside advisors to secure their burgeoning AI
tools.Securing AI

Many of companies’
current investments in cybersecurity are dedicated to securing the
infrastructure underpinning AI models. This includes patching vulnerabilities
in software and systems, implementing robust access management to ensure
employees only engage with the necessary information to do their jobs, and prioritizing
the security of the firm’s most valuable data assets. The adoption of AI
systems generally creates entirely new areas of infrastructure to secure the AI
models themselves and requires better security practices to mitigate against
these vulnerabilities.

Here are some
suggestions around meeting the many challenges of secure AI governance:

Limit the AI learning rate. Limiting the volume of data to be ingested in an AI system over a
set period can act as a major deterrent to hackers, since the learning process
will take longer and malevolent data may be spotted more easily.Validate and protect AI
input. In assessing data integrity practices, both
around protection and validation, companies should carefully focus on inputs
into AI models and confirm that these originate from identifiable and trusted
sources.Restrict access to AI models. Restricting access to AI models by limiting certain employees’
ability to make ad hoc changes is one of the most effective forms of defense.Train AI to recognize
attacks. If enough malicious examples are inserted
into data during the training phase, a machine learning algorithm can
eventually understand how to interpret toxic data and reject adversarial
attacks. Business continuity and disaster recovery are also vital practices.
Organizations should understand how to relearn and recover after a cyber attack
without negatively impacting the business.This article only scratches the surface of a broad topic that is going to have an even greater impact on our individual lives in the future. We know that data integrity is a fundamental requirement to help secure AI from malevolent influence, and we also know that AI raises ethical challenges as people adjust to the larger and more prominent role of automated decision making in society. Going forward, our report concludes that the emphasis needs to be on engineering resilient modeling structures and strengthening critical models against cyberattack by malicious threat actors. 

If you’d like to pressure-test your management’s preparedness to assess and mitigate the risks associated with AI, take a look at the board primer on artificial intelligence today. It may help to open the dialogue in your organization to some of the questions—and answers—that you need.

Bob Kress is a managing director, co-chief operating officer, and global quality and risk officer for Accenture Security.