I can’t express urgently enough how important it is to have AI policy and contracts to ensure that your organization is using AI responsibly and are contacting for “Responsible AI”. Responsible AI prioritizes ethical considerations, fairness, transparency, accountability, privacy/security, and safety. It focuses on ensuring AI systems are developed and deployed in a way that benefits society and minimizes potential negative impacts. It’s the wild west out there in the world of AI – not everyone building AI knows how to build in the guardrails necessary.
As a test, the following sensitive information was received by adding instructions for the AI LLM on my Linked/in profile, using prompt injection. After scraping my profile while collecting recipients to SPAM, the AI provided everything needed to take over its own server along with the SPAM – just as instructed. I won’t show the prompt injection here – just the redacted SPAM:
The lesson? To use a simile, AI is a like a “really dumb genie.” If you are its programmer/teacher, you have to tell it those who find the genie’s lamp can’t wish for more wishes, and whatever other rules you want the genie to follow. Otherwise, the genie will do every stupid thing asked of it. The programmer must be smart and responsible to achieve Responsible AI. And if your organization is contracting for AI, or your employees are just using AI that is freely available, you have to know what you’re getting into and write contracts and company policy reflecting your Responsible AI needs.