Walter Haydock on Security and Compliance: Be Prepared

At the Generative AI World conference, Walter Haydock, Founder and CEO of StackAware, talked to us about security and compliance for programs. If you have executive responsibility these days, this is one that you don’t want to miss!

Here are three of the main takeaways:

The risks around AI, he suggested, don't mean that companies shouldn't use it – just that they should take precautions, many of which Haydock laid out in his talk.
Companies should weigh the benefits of different kinds of approaches, including whether they should host their own AI model or rely on a vendor.
Possible solutions – companies can minimize data exposure to LLMs, look for new attack vectors, and look out for problems like unintended learning, as well as using supervisory programs to tighten up how their AI components work.

Top Quotes

“Some people have asked already today if I'm here to rain on the parade – I am not here to rain on the parade. My bottom line is to weigh risk against reward. There is huge potential with generative AI – there are risks, and you can’t ignore them, but that doesn't mean that you have to shut the program down, abandon your projects – it just means that you should apply responsible controls to your AI deployments, to mitigate some of the most common risks.”

“ChatGPT doesn't have common sense,” in explaining how these models can betray trade secrets.

“(In a common scenario around unintended learning) You could potentially extract confidential data from the LLM that the operator of it doesn't want you to have access to."

“Think about what would happen if you had to rip out an AI model from your technology stack,” on examples like Meta’s changes to products, and how restrictions can impact companies.

More from Haydock

“Look for new attack vectors,” he cautioned the audience. “These things are popping up all the time.”

Among other fixes, Haydock called for business logic checks on systems, plans for emergency de-commissioning as necessary, and the ability to monitor regulatory changes. He specifically referenced some ambiguity around the GDPR and the use of data sets that might not be “personal” in technical ways, but may have some indirect or potential exposure value.

Haydock also broke down some of the pros and cons of having your own hosted AI: advantages he listed: observability and control. Disadvantages: less access to more powerful tools.

Haydock noted that it’s important to have policies, terms and conditions in place, to prepare for the continual advent of AI in enterprise.

Get the full video of Haydock’s speech at the conference with a Basic Membership ($89/year) to GAI Insights.