Harness the Power of AI: Tame the Wild with API Management

The internet has often been likened to a "wild west," a place of both opportunity and danger. Just as the Wild West was eventually tamed through laws and regulations, AI, too, requires a structured approach to harness its potential and mitigate its risks. Unlike the historical taming of the West, however, our goal with AI should be for peaceful gains that allow for the growth of everyone in society and to avoid unethical conflicts and bloodshed that it can be so easily exploited and improperly used for. While there may not be blood on the streets from a shootout over a card game due to AI, there can and will be losses of employment and complete shifts in how society operates as it evolves, which may see entire industries disappear and livelihoods destroyed. More importantly, the environmental impact of AI adoption must always be considered, as its use is causing an exponential need for dense data centers and the electricity they consume. We must choose wisely how this electricity is generated, delivered, and consumed by the models we will be using everyday in the very near future. Unless we choose to use the power AI provides wisely, we risk becoming the sucker who drew a bad card and lay dead in the street.

People from all walks of life are now embracing the use of artificial intelligence (AI) in their daily lives. This may be as simple as using the features on your mobile device or desktop to assist with scheduling your day. Today, everything from personal assistants to your washing machine and the media devices in an average American household is now implanted with some form of voice or chat-based AI to assist with interactions, helping you build the perfect playlist or next set of binge-worthy shows to watch.

These tools are growing into our daily commutes with voice-activated AI being used in our cars to help us keep our hands on the wheel. With public transit, AI has been used throughout the operations to optimize and improve everything from automated ticketing, traffic controls to prevent congestion, and updated transit schedules based on congestion and the number of riders. The safety of these systems has improved with AI being used to assist with scheduling and predicting repairs, increasing reliability for both operators and riders. The use of facial recognition allows for ticketless fares while improving safety for everyone onboard while identifying problematic riders or catching the drivers of vehicles trying to illegally use the bus lanes.

The toolsets based on AI are growing daily in both capabilities and new features. Less than two years ago, any image that was generated by AI was easily identified by the various errors such as six-fingered hands or three legs on people. Now, you will need to spend a lot of time to find any flaws in the images produced. Deepfake videos were new and had a hard time trying to reach realistic results. Then came Tom Cruise doing magic tricks on TikTok, and we are now flooded with fakes of everything being created by our adversaries trying to influence our elections at all levels from school boards to the presidential election.

The use of good and bad AI has also hit the workplace. As an example, a finance worker of a large multinational firm was deceived into sending $25 million dollars to fraudsters after having a video conversation with an individual who they thought was their CFO, only later to find out it was a deepfake AI rendition of the CFO. Another example of an employee who had taken a role in the US and was not a strong English speaker was utilizing AI-based tools to assist with their communication to their English-speaking peers and inadvertently leaking information to the chatbot in the process, again sending confidential data into the vast black hole of model training data.

The potential problems created by shadow AI or even company-sponsored initiatives can be far worse, as companies such as Samsung learned the hard way. Samsung staff had been using a company-sponsored OpenAI ChatGPT to assist with their day-to-day responsibilities related to the development of new systems and software. In the process, they leaked confidential source code related to design and testing processes for their semiconductors. A separate incident caused the leak of internal corporate meeting notes that were being converted into presentations. In less than a month of use, they had leaked data three times into the immutable world of OpenAI training data with no recourse on how to recover or delete the data. While the events that occurred were embarrassing and expensive to resolve, Samsung did not give up and throw away their investment in AI. They instead learned from the incident, adapted, and moved forward. New safeguards have been put in place by turning inward for their AI platforms. Samsung has also imposed limits on how staff can interact with the systems, such as the size of the prompts being sent along with allowable content. Most importantly, they own the models and training data the staff are utilizing so the potential of leaks has been greatly reduced but not completely eliminated, with the risk of shadow AI still being used outside of the office.

Organizations of all sizes are still heavily investing in generative AI or may plan to in the future but worry about some of the risks I mentioned earlier. The investment could be in a service provider-based solution from companies such as Google with their Gemini solution, OpenAI with ChatGPT or Microsoft with CoPilot, or Meta with Llama. In-house solutions built on these solutions and others are also a popular option. Both methods are excellent solutions to allowing individuals in your organization to take advantage of the tools and capabilities these platforms offer, but both come with their own set of advantages and equally if not more concerning disadvantages as mentioned earlier.

Now to switch gears a bit and keep a positive mindset with a goal to continue to grow the innovation of AI in the corporate workplace, we must adapt and improve solutions available to us today and prepare for the next generation of tools coming. A popular saying "There is no AI without an API" cannot be more true. Pretty much every interaction with AI we have today will utilize an API. To protect your organization from experiencing any of the negative side effects of generative AI I mentioned earlier from occurring in your workplace, a strong API management solution is an absolute must. This rule applies to both AI offered by service providers or in-house solutions. API Management platforms today from pretty much every commercial and open-source provider can allow you to implement a few layers of additional security while also improving the overall capabilities the AI system can provide. They will not solve all of the problems we face today, but like everything with information security, there are many layers in a solution and they will change constantly. I will cover some of the additional methods in future posts, I will cover the first steps towards securing your AI investment and limiting your risk. These methods can assist you with controlling the access to your AI platform, preventing negative financial impacts by assisting and tracking the spend by allowing granular control of who, what, when, and where can access the AI interfaces. These methods will help prevent the leaking of confidential data while also preventing malicious attacks that may alter or poison your model data.?

The methods I will demonstrate in my future posts can be further utilized to allow you to have richer metric data to build useful reports and identify where AI is being utilized in your workplace, what it is being used for, and how much it is costing you. Most importantly, you will have a richer stream of data for your security teams, allowing them to know everything going in and out of the systems. You will gain a better return on your investment in AI and build trust in your AI platform by preventing the 'blackbox' effect some organizations feel when working with platforms that have no transparency. I will be releasing both a video and a write up of the demonstrated capabilities provided by API management by utilizing a combination of the Broadcom Layer 7 API Gateway as the API management platform with Google Gemini API as the target AI service provider. Regardless of which API management or AI platform you choose to use, the methods will apply.

AI offers immense potential, but it's essential to approach it with caution. By investing in API management, you can harness its power while mitigating its risks. Don't let your AI run wild – take control and ensure a safe and ethical future for AI in your organization.?

Contact me at CRG Technologies if you have any questions or would like to learn more about how CRG Technologies can help you protect your AI and API's. Until next time take care and consider what you put in the prompt as it never forgets.