Due to the feverish activity in the field of generative AI, regulators around the world are facing pressure to do something about it. Many have jumped into the fray, releasing everything from blog posts and guidance to full-fledged policy frameworks on the issue.
Due to the feverish activity in the field of generative AI, regulators around the world are facing pressure to do something about it. Many have jumped into the fray, releasing everything from blog posts and guidance to full-fledged policy frameworks on the issue.
In China, new regulations drafted by the China Cyberspace Administration will allow generative AI companies to open their products to the public so they can see if the content they generate is in line with the country’s socialist core values. are required to submit security assessments to authorities before If inappropriate content is generated, the responsible organization has three months to update its technology to prevent similar content from being generated again.
Hi!reading premium articles
In China, new regulations drafted by the China Cyberspace Administration will allow generative AI companies to open their products to the public so they can see if the content they generate is in line with the country’s socialist core values. are required to submit security assessments to authorities before If inappropriate content is generated, the responsible organization has three months to update its technology to prevent similar content from being generated again.
In the U.S., a Federal Trade Commission attorney wrote a blog post about generative AI, claiming that these tools are being used to leverage unearned human trust and deceive the weak to the detriment of their finances, health, and employment. It emphasizes how to guide people to make smart decisions. These posts are intended to send a message to companies engaging in this type of behavior that such behavior will not be tolerated. Instead, they argue that risk assessments should be performed to assess the foreseeable downstream impact of using these technologies and seek to mitigate the impact these tools may have on customers. doing.
In the midst of such regulatory cacophony, it was nice to point out that the Indian government had taken appropriate precautions. Instead of jumping into the fray like a lemming, the information technology minister made it clear to parliament that the government would not introduce new laws and regulations to deal with the potential impact of advances in AI. was good .
In my opinion, this is the correct reaction. To meaningfully regulate such revolutionary technology, we need to understand everything that technology can do – its harms and benefits alike. In doing so, the regulatory approach we adopt must strike the right balance between maximizing benefits while mitigating the worst harms.
But I should have known this was too good to last. Despite the Minister’s assurances, it was only a matter of time before other departments issued statements on generative AI, unnecessarily clouding the water.
Last week, India’s Computer Emergency Response Team (CERT-In) did just that by releasing an advisory on the security implications of AI language-based applications, and the advisory did not disappoint. Not only was it utterly bland and nonsensical, it was utterly useless to readers who may have landed on this page for advice on how to approach this new technology. .
Despite being a recommendation intended to address the security implications of new technology, the document does not point to any new risks that it may pose. Instead, it explains how generative AI can be used to do the same kind of harm that malicious actors have done since the birth of the internet. How is it used to exploit vulnerabilities, create malicious code, and build malware and ransomware? In the hands of phishers, this information could be used to generate fake news that could be used to create fake girlfriend websites or trick people into providing personal information. There is a nature.
As a result, the safety measures we propose to adopt are no different from what companies should do. Educate users on the correct use of new technology tools, require users to verify domains before visiting sites, and exercise caution before clicking. Links that look suspicious. This is what I always advise everyone, whether they are using generative AI or not.
Quite narrowly, it tells companies how they should be prepared to deal with the risks that generative AI poses to their operations. It advocates implementing content filters that can detect and prevent distribution of inappropriate content. Monitor how users interact with generative AI applications to detect suspicious activity taking place within your organization. Conduct security audits to identify vulnerabilities and information leaks, and employ multi-factor authentication to prevent AI applications from directly accessing user accounts.
None of this is new. Any company half serious about cybersecurity has processes in place for all of this. All that has been done so far is to repeat standard precautions against known threats and generative AI gives malicious actors new tools to do what they have been doing before. , only corroborates what we have known for some time.
CERT-In is the nation’s main line of defense against cyberthreats. This is what we rely on when we are hacked or face new forms of cyber-attack. It would be unfair for an organization of such importance to issue poor recommendations on an unimportant issue. They diminish our trust in what they mean.
Why, then, did I devote space to this paper for recommendations that were not worthy of publication?
Because this is a mistake regulators make more often than necessary. They feel the need to comply with regulation whenever new technology emerges. Flexing muscles the only way they know how, trying to control and wrestle with them, even if it doesn’t really make sense.
Rahul Matthan is a partner at Trilegal and also has a podcast called Ex Makina.his twitter handle is @matthan
