In December 2023, the European Parliament and the Council of the EU reached a political agreement on the AI Artificial Intelligence Act. The text is pending for formal adoption and translation. The focus of the AI act is on safeguarding European values and creating a framework for reliable AI development and implementation.
The AI Regulation will enter into force 20 days after its publication in the Official Journal of the European Union and will not be fully applicable until two years later (with some exceptions).
In view of this recent important event, three articles focusing on the AI regulation around generative AI are appearing on this platform. This is the first article in that series.
Generative AI, short for generative artificial intelligence, is a type of AI that can help write new data, text, images, music or even computer code. Simply put, generative AI can learn from existing content and use that knowledge to generate entirely new data. Examples of well-known generative AI applications include ChatGPT and Midjourney. Organisations can optimise their use of generative AI by first defining a strategic approach tailored to their specific needs and requirements. This involves deciding whether to buy existing AI models, buy pre-trained AI models with some customisation options, or build their own AI models.
There are three archetypes when building generative AI: Takers, Shapers and Creators. The Taker is the most common AI archetype. In software development, you are an AI Taker when you take a pre-built AI solution and integrate it into your software suite. Pre-built AI solutions are typically compact, well-tested, and come from reputable sources like third-party vendors or open-source repositories. You have the option to choose between commercially licensed AI components from trusted vendors, or free, open-source options. An example of a commonly used open-source component is Mozilla DeepSpeech. The usage of a so-called “off-the-shelf” AI component offers several advantages.
First of all, a major benefit of using pre-built AI components is that they often require less in-depth technical knowledge of AI from the developer integrating them. This is because these AI components are designed to be “end-to-end solutions”, accessible through an API (Application Programing Interface).
Secondly, the use of “off-the-shelf” AI components drastically cuts development timeline and expenses. Since the core technology has already been developed and tested, companies can bypass the process of building solutions from the ground up. This results in a faster launch of new features and enhancements.
Lastly, using pre-built AI components and solutions grants access to a community of users and developers. This community contributes to the continuous improvement of the AI component by providing valuable feedback, bug reports, and contributions to the codebase.
However, a significant drawback of using an “off-the-shelf” approach is the dependency on the external provider(s) for the AI components. Should a critical AI component become deprecated or diverge from the integrator's requirements, it could force unforeseen changes or the need for replacements, potentially disrupting operation or development of the product.
Mozilla DeepSpeech is an open-source embeddable speech-to-text engine (STT). https://github.com/mozilla/DeepSpeech
Because the “off-the-shelf” generative AI was created by another organization, you might not have full visibility into how the generative AI was built, trained, or how it works. This lack of transparency can make it difficult to assess the validity of the AI's output.
However, according to article fifteen of the new EU AI Act, all “high-risk” AI systems and applications must have strong cybersecurity measures in place to prevent hackers from manipulating its training data, inputs, or internal components, therefore ensuring the output is reliable.
Nevertheless, it is advised to read the (technical) documentation of the AI component or software thoroughly, before incorporating it into your organization.
To make sure your output is reliable, handle the AI component with care and use it how it is meant to be used. Don’t use the generative AI solution to design phishing mails or generate malicious code to harm others and/or search for security vulnerabilities.
Even though there are laws and regulations in place, the generative AI model you use could potentially contain embedded malware or backdoors, which were configured during the development of the model. These weaknesses or flaws could be configured by accident, or on purpose. An example scenario can be hackers that mislead people by creating fake, or malicious generative AI systems online. Using a generative AI system containing vulnerabilities or malware could result in unauthorized access to your systems, data theft, or manipulation of the AI's outputs for malicious purposes.
The quality and bias of the training data significantly impact the outputs of a generative AI. What if you want to have more control over the training data that is being used? You might need to fine-tune a pre-trained generative AI model to fit your specific needs. In the next article, we will highlight the second generative AI type; the shaper!
