As generative AI (GenAI) becomes a top priority across the enterprise, C-level leaders are asking about GenAI when considering investments in this new technology. With a focus on business value, use cases, employee impact, and security, the impact of GenAI is far-reaching.
Below are some of the questions business leaders are most frequently asking about this technology, along with current recommendations for addressing them.
1. How do some organizations identify, vet, and fund appropriate GenAI use cases?
The most advanced organizations are creating ongoing GenAI education curricula to raise staff awareness, increase knowledge, and foster creativity. This approach fosters a dynamic, iterative process that methodically collects ideas and use cases.
Next, a targeted, multidisciplinary team will vet and weigh ideas based on business value and feasibility, leveraging frameworks such as a use-case value matrix. At this stage, executives and technology leaders (responsible for AI, analytics, data, applications, integration, and infrastructure) can collaborate to determine how to vet and fund various AI initiatives. To do this, they must consider cost, value, and risk.
2. How does your organization align GenAI initiatives with business objectives and evaluate business value?
To assess the business value of GenAI and determine whether it aligns with business objectives, companies must create a framework that defines these categories. There are three categories to consider when creating a framework for GenAI investments:
-
protect — Incremental and marginal gains and micro-innovations
-
stretch — Growth in market size, reach, revenue, or profitability
-
turn over — Creating new markets and products
AI leaders and C-suite executives should evaluate the potential benefits and costs of new GenAI investments: in most use cases, experimentation is cheap.
3. What are the regulatory risks associated with using LLM?
Depending on where your organization is located and the jurisdiction in which it operates, you may face a variety of constraints related to the use of large language models (LLMs). It is important to engage with legal experts before designing, deploying, or using LLMs. Concerns vary widely by jurisdiction, and the impact of future legislation is yet unknown. With regard to generic LLMs provided by third parties, end users often have no control over risks regarding where data is processed or transmitted, the legitimacy of training data/methods, the trustworthiness and desirability of the output (e.g., harmful or false information), and the transparency of the model design, training, and functionality.
Compliance concerns may arise from laws focused on intellectual property, privacy, data protection, and AI-specific technologies. Privacy and confidentiality requirements may need to be extended beyond prompt content and training/pre-training data to also cover user query logs, enterprise contextual data for prompt engineering, and training data for fine-tuning.
4. How can organizations develop a GenAI governance model to manage their GenAI solutions?
Additional policies and guidelines are needed to use GenAI responsibly and manage limitations and risks related to areas such as reliability, fairness, intellectual property, and security.
Governance of GenAI should be complementary and consistent with existing governance of AI, data, IT, etc. Furthermore, it should comply with new regulations such as EU AI law, as well as local, cultural and ethical values.
To be effective, GenAI governance must be implemented through clearly defined roles and responsibilities, procedures, communications, awareness sessions, and training. It must also be operationalized through practical guidelines and tool support for developing, deploying, and monitoring AI systems. Leading and coordinating AI governance is typically the responsibility of an AI Center of Excellence, owned by senior or C-level leadership, and often supported by an advisory board.
5. What is the impact on the workforce?
The short-term impact of GenAI will be primarily an enhancement of targeted activities and tasks. In most cases, there will be limited job reduction or elimination over the next 2-3 years. The primary focus of many organizations is the “productivity seeker” profile that uses AI on a daily basis. A limited number of organizations have embarked on “game-changing AI”. The impact of GenAI on the workforce will be on a case-by-case basis. It will vary depending on the industry, geography, tasks, and organizational complexity. The scope of the impact will depend on strategy, execution, risk management, governance, technology choices, and ability to engender trust.
The role we get asked about most often is for an AI strategy and execution leader, or AI chief. Most organizations don't need a Chief AI Officer. They do, however, need a leader to orchestrate a holistic or integrated approach to AI and GenAI with multidisciplinary governance. The focus should be on business strategy that incorporates AI, not an AI technology roadmap disguised as a strategy.
6. Should I choose the open source or proprietary model?
The key advantages of the open source model include customizability, greater control over deployment options, leveraging collaborative development, transparency in the model, enhanced privacy and security due to transparency, potential reduction in vendor lock-in, etc. Besides generic open source models, there are many task-specific open source LLMs that companies can choose from.
Some companies can leverage cloud infrastructure (infrastructure as a service or via APIs) for fine-tuning and inferencing open source models. Others choose smaller open source models and perform light tweaking (instruction tweaking) before hosting them on-premise. Additionally, companies must consider other factors.
7. Are there any security concerns regarding the LLM solution?
The main security concerns with LLMs remain data leakage and prompt injection. The attack surface depends on how the LLM is used. For an application like ChatGPT, the main attack surface is the prompt, which is susceptible to business logic abuse and injection. The output of the LLM can also pose a risk as it may contain malicious links or content. When integrating a third-party LLM as part of building an orchestration layer (such as prompts or RAG), we see an increased attack surface, especially with regards to the security of API calls.
Overall, if companies can address these questions, they will be well on their way to making GenAI a differentiator for their business.
