Shadow AI Series 2/3: How to manage and control AI in your organization

The evolution of AI models and their use

Over the years I’ve seen firsthand how both AI models and their use are becoming increasingly complex. Today we are implementing both traditional AI models and Large Language Models (LLMs) across our organizations to assist us in solving sophisticated AI use cases. AI is also being embedded into traditional software products as part of a larger solution. Finally, AI is also being used by a wider range of users on a daily basis than ever before.

This accelerating use of AI presents a real challenge with respect to AI risk, security, and responsibility for all organizations and managing these AI models used across the organization over time. And now the desire to start using more AI models as fast as possible only makes it more complex and increases the risks involved.

The rise of Shadow AI: fueling this growing complexity

Shadow AI refers to the unauthorized use or implementation of AI systems and tools within an organization without the explicit approval, knowledge, or oversight of the IT department or data governance teams. It’s a bit like building a house without any blueprints or building codes – things can get messy quickly.

Let’s break down the factors of this complexity to better understand the associated risks.

Task complexity

First, we have the increasing sophistication of the tasks themselves. AI models are now doing some incredibly intricate things, from understanding and responding to natural language to making complex decisions based on huge amounts of data. And with powerful AI tools becoming more accessible, it’s easier than ever for individuals to create these complex models without anyone realizing it.

Scope complexity

Then, there’s the scope of what these models are used for. AI is no longer confined to a single department or task, it’s being used across the organization for all sorts of things. Shadow AI can make this even more complicated, as AI starts spreading in uncontrolled ways, potentially leading to unforeseen risks and challenges.

User complexity

Finally, we have an increasing diversity of users. As AI now becomes common, more and more people are using it, and they all have different levels of understanding and different goals. Shadow AI makes it even harder to keep track of who’s using what and for what purpose.

Strategies to manage this complexity

So, how can organizations navigate this and mitigate the risks of unauthorized AI?

Here’s what I recommend:

• Establish an AI Model register: Ensure that you have all AI Applications, Systems and Models registered, and establish a clear process for further efficient and structured process to support registration. Involve the procurement department to report all future AI systems including the ones which have AI embedded into their solutions.
• Encourage a culture of transparency and communication: Openly discuss AI initiatives throughout the organization to reduce the likelihood of unauthorized use and promote Responsible AI practices.
• Provide clear guidelines for AI projects: Offer training and resources to help people understand and comply with AI Governance policies and regulations like the EU AI Act.
• Robust AI infrastructure: Ensure that your organization has a robust AI infrastructure / platforms and resources that make it easier for people to develop according to the agreed upon AI Governance and Responsible criterias.

By taking these steps, organizations can effectively manage the growing complexity of AI and mitigate the risks of Shadow AI.

How do we help you manage this complexity and fight Shadow AI?

At 2021.AI, we believe that by working together, we can unlock the full potential of AI Responsibly while keeping risks, like Shadow AI, at bay.

Our GRACE AI Platform provides the tools and resources to do just that. GRACE’s Hub & Spoke structure, with GRACE at its core to centralize AI Governance, while decentralizing AI innovation and empowering business units to innovate responsibly.

‍