Artificial intelligence

Generative AI: the Taker Archetype and EU regulation

April 25, 2024 - 4 minutes reading time
Article by Serena De Pater En Razo Van Berkel

In March 2024 the European Parliament adopted the European AI Act. The text is pending for formal adoption and translation. The focus of the AI act is on safeguarding European values and creating a framework for reliable AI development and implementation.

The AI Regulation will enter into force 20 days after its publication in the Official Journal of the European Union and will not be fully applicable until two years later (with some exceptions).

In view of this recent important event, three articles focusing on the AI regulation around generative AI are appearing on this platform. This is the first article in that series.

Generative AI

Generative AI, short for generative artificial intelligence, is a type of AI that can help write new data, text, images, music or even computer code. Simply put, generative AI can learn from existing content and use that knowledge to generate entirely new data. Examples of well-known generative AI applications include ChatGPT and Midjourney. Organisations can optimise their use of generative AI by first defining a strategic approach tailored to their specific needs and requirements. This involves deciding whether to buy existing AI models, buy pre-trained AI models with some customisation options, or build their own AI models.

There are three archetypes when building generative AI: Takers, Shapers and Creators. The Taker is the most common AI archetype. In software development, you are an AI Taker when you take a pre-built AI solution and integrate it into your software suite. Pre-built AI solutions are typically compact, well-tested, and come from reputable sources like third-party vendors or open-source repositories. You have the option to choose between commercially licensed AI components from trusted vendors, or free, open-source options. An example of a commonly used open-source component is Mozilla DeepSpeech. The usage of a so-called “off-the-shelf” AI component offers several advantages.

First of all, a major benefit of using pre-built AI components is that they often require less in-depth technical knowledge of AI from the developer integrating them. This is because these AI components are designed to be “end-to-end solutions”, accessible through an API (Application Programing Interface).

Secondly, the use of “off-the-shelf” AI components drastically cuts development timeline and expenses. Since the core technology has already been developed and tested, companies can bypass the process of building solutions from the ground up. This results in a faster launch of new features and enhancements.

Lastly, using pre-built AI components and solutions grants access to a community of users and developers. This community contributes to the continuous improvement of the AI component by providing valuable feedback, bug reports, and contributions to the codebase.

However, a significant drawback of using an “off-the-shelf” approach is the dependency on the external provider(s) for the AI components. Should a critical AI component become deprecated or diverge from the integrator's requirements, it could force unforeseen changes or the need for replacements, potentially disrupting operation or development of the product.

Mozilla DeepSpeech is an open-source embeddable speech-to-text engine (STT). https://github.com/mozilla/DeepSpeech

Taker

Example

A website builder integrates Google Translate into a customers’ website. Google Translate is an AI (machine learning) solution, and it is used in its entirety by another firm.

“Taking” a generative AI tool: cybersecurity considerations

Read the (technical) documentation carefully

Because the “off-the-shelf” generative AI was created by another organization, you might not have full visibility into how the generative AI was built, trained, or how it works. This lack of transparency can make it difficult to assess the validity of the AI's output.

However, according to article fifteen of the new EU AI Act, all “high-risk” AI systems and applications must have strong cybersecurity measures in place to prevent hackers from manipulating its training data, inputs, or internal components, therefore ensuring the output is reliable.

Nevertheless, it is advised to read the (technical) documentation of the AI component or software thoroughly, before incorporating it into your organization.

Handle with care

To make sure your output is reliable, handle the AI component with care and use it how it is meant to be used. Don’t use the generative AI solution to design phishing mails or generate malicious code to harm others and/or search for security vulnerabilities.

Choose a safe and trustworthy AI component or solution

Even though there are laws and regulations in place, the generative AI model you use could potentially contain embedded malware or backdoors, which were configured during the development of the model. These weaknesses or flaws could be configured by accident, or on purpose. An example scenario can be hackers that mislead people by creating fake, or malicious generative AI systems online. Using a generative AI system containing vulnerabilities or malware could result in unauthorized access to your systems, data theft, or manipulation of the AI's outputs for malicious purposes.

Next up: Shaper

The quality and bias of the training data significantly impact the outputs of a generative AI. What if you want to have more control over the training data that is being used? You might need to fine-tune a pre-trained generative AI model to fit your specific needs. In the next article, we will highlight the second generative AI type; the shaper!

Related articles
A Dutch counterpart to ChatGPT: good idea?
Artificial intelligence
TNO is working on an open Dutch AI model, as a transparent counterpart to ChatGPT. AI engineer Razo van B ...
Why Centric is experimenting with its own AI model
Artificial intelligence
Centric is building its own AI language model that considers issues like privacy and information security ...