Establishing a robust and reliable framework for enterprise-level GenAI

By Chalapathi Rao, CEO India, Orange Business

In early 2022, few could have predicted that Generative AI (GenAI) would soon be capable of writing intelligently on almost any subject or engaging in sensible online conversations with humans. Fast forward to 2024, GenAI is not only helping to craft articles and social media posts or vet proposals, but also generating images and videos, showcasing an impressive theory of mind. This rapid progress has captured the attention of businesses worldwide, particularly in India, where 87% of companies have embraced GenAI to enhance customer experience, boost operational efficiency, and optimise costs.

In customer service, GenAI produces call summaries from previous interactions, enabling support agents to engage more effectively with customers. It also acts as a consultant, resolving customer issues through insightful discussions. In the public sector, GenAI offers real-time surveillance and IoT-based tracking solutions. Urban environments are becoming more secure under GenAI’s vigilant oversight, as it monitors data from security cameras and alerts personnel when necessary. With access to historical and real-time data, GenAI can predict traffic patterns and suggest alternative routes to alleviate congestion. Urban planners can leverage GenAI to simulate various scenarios involving changes in land use, population growth, and transportation systems, enabling informed decisions about urban development.

The perils of unregulated GenAI: Deciphering the shadow

Given the critical role of data in GenAI, organisations using the technology may face the threat of Shadow AI—unauthorised deployment bypassing IT governance. A study revealed that over 40% of employees manipulated technology without IT knowledge; this figure is expected to rise significantly2. Shadow AI poses substantial security, privacy, and compliance risks. For instance, proprietary code from tech companies appeared on public platforms, shared by employees to check for bugs. In another case, a GenAI-powered chatbot incorrectly informed a customer about a refund, leading to legal consequences. In a globally reported incident, a lawyer used GenAI for research while building a case against an airline. The GenAI tool provided many relevant precedents that strengthened his case. However, it was later discovered that all the precedents were fabricated, resulting in the dismissal of the case and the attorney.

Other risks include cyberattacks compromising private data or altering it, causing GenAI to produce erroneous outputs. Even without attacks, biased data can lead to incorrect results. A prominent technology company implemented a GenAI tool to streamline recruitment processes. However, due to biased data, the tool disproportionately rejected female applicants. Similarly, a leading restaurant chain faced reputational damage when its GenAI platform for drive-thru orders made repeated errors, ultimately leading to the program’s discontinuation.

These instances underscore the serious threat posed by Shadow AI, necessitating robust protective measures. Firms must develop a secure and compliant GenAI framework by adhering to best practices and solutions.

Establishing a secure and compliant GenAI framework: Best practices

To safeguard against Shadow AI, firms should rigorously define access control for GenAI tools, establishing classification and access controls for roles and departments. Encrypting stored and transmitted data using next-generation firewalls, business VPNs, and Email Protection Suites is essential . Organisations should anonymise data to enhance privacy, removing personally identifiable information before training. Monitoring models for optimisation and conducting regular audits are crucial to ensuring reliable and accurate data output.

Promoting a culture of responsible GenAI usage

Organisations must foster a culture where GenAI is used responsibly. This involves training employees – across the board from management level to the factory floor – to use AI ethically and responsibly, handle data securely, make ethical decisions, and comply with legal and regulatory standards. Inculcating this organisational culture across the board is vital. With such a training framework, GenAI can be utilised to achieve business objectives without violating privacy and regulatory laws. Crucially, organisations that promote collaboration between IT/Security Teams and various business units are more likely to use GenAI ethically and responsibly.

GenAI represents perhaps the one of the most significant technological advancements since the advent of the Internet. The technology’s rapid evolution over the next few years is likely to be more remarkable. While we have only begun to explore GenAI’s capabilities, its use requires appropriate safeguards. Firms should view these safeguards not as hindrances but as facilitators of successful and responsible GenAI adoption.

As organisations look towards technology vendors that can support the seamless implementation of GenAI solutions, a factor to consider is selecting a partner that does not only offer the comprehensive and complete lifecycle of services, but which collaborates with other industry-leading partners to provide the best outcome that would meet the diverse expectations and needs of customers.