How to Use AI Responsibly

Concerned about agentic AI risks cascading through your system? Consider these emerging smart practices which adapt existing AI governance best practices for agentic AI, reinforcing a "responsible by design" approach and encompassing the AI lifecycle end-to-end: ✅ Clearly define and audit the scope, robustness, goals, performance, and security of each agent's actions and decision-making authority. ✅ Develop "AI stress tests" and assess the resilience of interconnected AI systems ✅ Implement "circuit breakers" (a.k.a kill switches or fail-safes) that can isolate failing models and prevent contagion, limiting the impact of individual AI agent failures. ✅ Implement human oversight and observability across the system, not necessarily requiring a human-in-the-loop for each agent or decision (caveat: take a risk-based, use-case dependent approach here!). ✅ Test new agents in isolated / sand-box environments that mimic real-world interactions before productionizing ✅ Ensure teams responsible for different agents share knowledge about potential risks, understand who is responsible for interventions and controls, and document who is accountable for fixes. ✅ Implement real-time monitoring and anomaly detection to track KPIs, anomalies, errors, and deviations to trigger alerts.

The Cyber Security Agency of Singapore (CSA) has published “Guidelines on Securing AI Systems,” to help system owners manage security risks in the use of AI throughout the five stages of the AI lifecycle. 1. Planning and Design: - Raise awareness and competency on security by providing training and guidance on the security risks of #AI to all personnel, including developers, system owners and senior leaders. - Conduct a #riskassessment and supplement it by continuous monitoring and a strong feedback loop. 2. Development: - Secure the #supplychain (training data, models, APIs, software libraries) - Ensure that suppliers appropriately manage risks by adhering to #security policies or internationally recognized standards. - Consider security benefits and trade-offs such as complexity, explainability, interpretability, and sensitivity of training data when selecting the appropriate model to use (#machinelearning, deep learning, #GenAI). - Identify, track and protect AI-related assets, including models, #data, prompts, logs and assessments. - Secure the #artificialintelligence development environment by applying standard infrastructure security principles like #accesscontrols and logging/monitoring, segregation of environments, and secure-by-default configurations. 3. Deployment: - Establish #incidentresponse, escalation and remediation plans. - Release #AIsystems only after subjecting them to appropriate and effective security checks and evaluation. 4. Operations and Maintenance: - Monitor and log inputs (queries, prompts and requests) and outputs to ensure they are performing as intended. - Adopt a secure-by-design approach to updates and continuous learning. - Establish a vulnerability disclosure process for users to share potential #vulnerabilities to the system. 5. End of Life: - Ensure proper data and model disposal according to relevant industry standards or #regulations.

This new white paper "Introduction to AI assurance" by the UK Department for Science, Innovation, and Technology from Feb 12, 2024, provides an EXCELLENT overview of assurance methods and international technical standards that can be utilized to create and implement ethical AI systems. The new guidance is based on the UK AI governance framework, laid out in the 2023 white paper "A pro-innovation approach to AI regulation". This white paper defined 5 universal principles applicable across various sectors to guide and shape the responsible development and utilization of AI technologies throughout the economy: - Safety, Security, and Robustness - Appropriate Transparency and Explainability - Fairness - Accountability and Governance - Contestability and Redress The 2023 white paper also introduced a suite of tools designed to aid organizations in understanding "how" these outcomes can be achieved in practice, emphasizing tools for trustworthy AI, including assurance mechanisms and global technical standards. See: https://lnkd.in/gydvi9Tt The new publication, "Introduction to AI assurance," is a deep dive into these assurance mechanisms and standards. AI assurance encompasses a spectrum of techniques for evaluating AI systems throughout their lifecycle. These range from qualitative assessments for evaluating potential risks and societal impacts to quantitative assessments for measuring performance and legal compliance. Key techniques include: - Risk Assessment: Identifies potential risks like bias, privacy, misuse of technology, and reputational damage. - Impact Assessment: Anticipates broader effects on the environment, human rights, and data protection. - Bias Audit: Examines data and outcomes for unfair biases. - Compliance Audit: Reviews adherence to policies, regulations, and legal requirements. - Conformity Assessment: Verifies if a system meets required standards, often through performance testing. - Formal Verification: Uses mathematical methods to confirm if a system satisfies specific criteria. The white paper also explains how organizations in the UK can ensure their AI systems are responsibly governed, risk-assessed, and compliant with regulations: 1.) For demonstrating good internal governance processes around AI, a conformity assessment against standards like ISO/IEC 42001 (AI Management System) is recommended. 2.) To understand the potential risks of AI systems being acquired, an algorithmic impact assessment by a accredited conformity assessment body is advised. This involves (self) assessment against a proprietary framework or responsible AI toolkit. 3.) Ensuring AI systems adhere to existing data protection regulations involves a compliance audit by a third-party assurance provider. This white paper also has exceptional infographics! Pls, check it out, and TY Victoria Beckman for posting and providing us with great updates as always!

Generative AI: A Powerful Tool, But One That Needs Responsible Use Generative AI is revolutionizing various fields, from creating stunning artwork to crafting compelling marketing copy. But with this power comes responsibility. Here's a look at some critical risks associated with Generative AI and how we can manage them: Risks of Generative AI: Bias and Discrimination: AI models trained on biased data can perpetuate those biases in their outputs. This can lead to discriminatory content or unfair treatment of certain groups. Misinformation and Deepfakes: Generative AI can create highly realistic fake content, like news articles or videos, that cannot be easily distinguished from reality. This poses a severe threat to trust in information. Privacy Concerns: Generative AI models can generate synthetic data that could be used to identify or track individuals without their consent. Job Displacement: As generative AI automates tasks currently done by humans, job displacement is a concern. We need to focus on reskilling and upskilling the workforce. Mitigating the Risks: Data Quality and Fairness: Ensure training data is diverse, representative, and free from bias. Develop fairness metrics to monitor and mitigate bias in AI outputs. Transparency and Explainability: Develop transparent AI models in their decision-making processes. This allows users to understand how the AI arrived at a particular output and identify potential biases. Regulation and Governance: Establish clear guidelines and regulations for developing and deploying Generative AI to ensure responsible use. Education and Awareness: Educate the public about the capabilities and limitations of Generative AI. This helps people critically evaluate AI-generated content and identify potential risks. #generativeai #artificialintelligence #riskmanagement

Check out this massive global research study into the use of generative AI involving over 48,000 people in 47 countries - excellent work by KPMG and the University of Melbourne! Key findings: 𝗖𝘂𝗿𝗿𝗲𝗻𝘁 𝗚𝗲𝗻 𝗔𝗜 𝗔𝗱𝗼𝗽𝘁𝗶𝗼𝗻 - 58% of employees intentionally use AI regularly at work (31% weekly/daily) - General-purpose generative AI tools are most common (73% of AI users) - 70% use free public AI tools vs. 42% using employer-provided options - Only 41% of organizations have any policy on generative AI use 𝗧𝗵𝗲 𝗛𝗶𝗱𝗱𝗲𝗻 𝗥𝗶𝘀𝗸 𝗟𝗮𝗻𝗱𝘀𝗰𝗮𝗽𝗲 - 50% of employees admit uploading sensitive company data to public AI - 57% avoid revealing when they use AI or present AI content as their own - 66% rely on AI outputs without critical evaluation - 56% report making mistakes due to AI use 𝗕𝗲𝗻𝗲𝗳𝗶𝘁𝘀 𝘃𝘀. 𝗖𝗼𝗻𝗰𝗲𝗿𝗻𝘀 - Most report performance benefits: efficiency, quality, innovation - But AI creates mixed impacts on workload, stress, and human collaboration - Half use AI instead of collaborating with colleagues - 40% sometimes feel they cannot complete work without AI help 𝗧𝗵𝗲 𝗚𝗼𝘃𝗲𝗿𝗻𝗮𝗻𝗰𝗲 𝗚𝗮𝗽 - Only half of organizations offer AI training or responsible use policies - 55% feel adequate safeguards exist for responsible AI use - AI literacy is the strongest predictor of both use and critical engagement 𝗚𝗹𝗼𝗯𝗮𝗹 𝗜𝗻𝘀𝗶𝗴𝗵𝘁𝘀 - Countries like India, China, and Nigeria lead global AI adoption - Emerging economies report higher rates of AI literacy (64% vs. 46%) 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗤𝘂𝗲𝘀𝘁𝗶𝗼𝗻𝘀 𝗳𝗼𝗿 𝗟𝗲𝗮𝗱𝗲𝗿𝘀 - Do you have clear policies on appropriate generative AI use? - How are you supporting transparent disclosure of AI use? - What safeguards exist to prevent sensitive data leakage to public AI tools? - Are you providing adequate training on responsible AI use? - How do you balance AI efficiency with maintaining human collaboration? 𝗔𝗰𝘁𝗶𝗼𝗻 𝗜𝘁𝗲𝗺𝘀 𝗳𝗼𝗿 𝗢𝗿𝗴𝗮𝗻𝗶𝘇𝗮𝘁𝗶𝗼𝗻𝘀 - Develop clear generative AI policies and governance frameworks - Invest in AI literacy training focusing on responsible use - Create psychological safety for transparent AI use disclosure - Implement monitoring systems for sensitive data protection - Proactively design workflows that preserve human connection and collaboration 𝗔𝗰𝘁𝗶𝗼𝗻 𝗜𝘁𝗲𝗺𝘀 𝗳𝗼𝗿 𝗜𝗻𝗱𝗶𝘃𝗶𝗱𝘂𝗮𝗹𝘀 - Critically evaluate all AI outputs before using them - Be transparent about your AI tool usage - Learn your organization's AI policies and follow them (if they exist!) - Balance AI efficiency with maintaining your unique human skills You can find the full report here: https://lnkd.in/emvjQnxa All of this is a heavy focus for me within Advisory (AI literacy/fluency, AI policies, responsible & effective use, etc.). Let me know if you'd like to connect and discuss. 🙏 #GenerativeAI #WorkplaceTrends #AIGovernance #DigitalTransformation

Harvard Business Review just found that executives using GenAI for stock forecasts made less accurate predictions. The study found that:  • Executives consulting ChatGPT raised their stock price estimates by ~$5.  • Those who discussed with peers lowered their estimates by ~$2.  • Both groups were too optimistic overall, but the AI group performed worse. Why? Because GenAI encourages overconfidence. Executives trusted its confident tone and detail-rich analysis, even though it lacked real-time context or intuition. In contrast, peer discussions injected caution and a healthy fear of being wrong. AI is a powerful resource. It can process massive amounts of data in seconds, spot patterns we’d otherwise miss, and automate manual workflows – freeing up finance teams to focus on strategic work. I don’t think the problem is AI. It’s how we use it. As finance leaders, it’s on us to ensure ourselves, and our teams, use it responsibly. When I was a finance leader, I always asked for the financial model alongside the board slides. It was important to dig in and review the work, understand key drivers and assumptions before sending the slides to the board. My advice is the same for finance leaders integrating AI into their day-to-day: lead with transparency and accountability. 𝟭/ 𝗔𝗜 𝘀𝗵𝗼𝘂𝗹𝗱 𝗯𝗲 𝗮 𝘀𝘂𝗽𝗲𝗿𝗽𝗼𝘄𝗲𝗿, 𝗻𝗼𝘁 𝗮𝗻 𝗼𝗿𝗮𝗰𝗹𝗲. AI should help you organize your thoughts and analyze data, not replace your reasoning. Ask it why it predicts what it does – and how it might be wrong. 𝟮/ 𝗖𝗼𝗺𝗯𝗶𝗻𝗲 𝗔𝗜 𝗶𝗻𝘀𝗶𝗴𝗵𝘁𝘀 𝘄𝗶𝘁𝗵 𝗵𝘂𝗺𝗮𝗻 𝗱𝗶𝘀𝗰𝘂𝘀𝘀𝗶𝗼𝗻. AI is fast and thorough. Peers bring critical thinking, lived experience, and institutional knowledge. Use both to avoid blindspots. 𝟯/ 𝗧𝗿𝘂𝘀𝘁, 𝗯𝘂𝘁 𝘃𝗲𝗿𝗶𝗳𝘆. Treat AI like a member of your team. Have it create a first draft, but always check its work, add your own conclusions, and never delegate final judgment. 𝟰/ 𝗥𝗲𝘃𝗲𝗿𝘀𝗲 𝗿𝗼𝗹𝗲𝘀 - 𝘂𝘀𝗲 𝗶𝘁 𝘁𝗼 𝗰𝗵𝗲𝗰𝗸 𝘆𝗼𝘂𝗿 𝘄𝗼𝗿𝗸. Use AI for what it does best: challenging assumptions, spotting patterns, and stress-testing your own conclusions – not dictating them. We provide extensive AI within Campfire – for automations and reporting, and in our conversational interface, Ember. But we believe that AI should amplify human judgment, not override it. That’s why in everything we build, you can see the underlying data and logic behind AI outputs. Trust comes from transparency, and from knowing final judgment always rests with you. How are you integrating AI into your finance workflows? Where has it helped vs where has it fallen short? Would love to hear in the comments 👇

✴ AI Governance Blueprint via ISO Standards – The 4-Legged Stool✴ ➡ ISO42001: The Foundation for Responsible AI #ISO42001 is dedicated to AI governance, guiding organizations in managing AI-specific risks like bias, transparency, and accountability. Focus areas include: ✅Risk Management: Defines processes for identifying and mitigating AI risks, ensuring systems are fair, robust, and ethically aligned. ✅Ethics and Transparency: Promotes policies that encourage transparency in AI operations, data usage, and decision-making. ✅Continuous Monitoring: Emphasizes ongoing improvement, adapting AI practices to address new risks and regulatory updates. ➡#ISO27001: Securing the Data Backbone AI relies heavily on data, making ISO27001’s information security framework essential. It protects data integrity through: ✅Data Confidentiality and Integrity: Ensures data protection, crucial for trustworthy AI operations. ✅Security Risk Management: Provides a systematic approach to managing security risks and preparing for potential breaches. ✅Business Continuity: Offers guidelines for incident response, ensuring AI systems remain reliable. ➡ISO27701: Privacy Assurance in AI #ISO27701 builds on ISO27001, adding a layer of privacy controls to protect personally identifiable information (PII) that AI systems may process. Key areas include: ✅Privacy Governance: Ensures AI systems handle PII responsibly, in compliance with privacy laws like GDPR. ✅Data Minimization and Protection: Establishes guidelines for minimizing PII exposure and enhancing privacy through data protection measures. ✅Transparency in Data Processing: Promotes clear communication about data collection, use, and consent, building trust in AI-driven services. ➡ISO37301: Building a Culture of Compliance #ISO37301 cultivates a compliance-focused culture, supporting AI’s ethical and legal responsibilities. Contributions include: ✅Compliance Obligations: Helps organizations meet current and future regulatory standards for AI. ✅Transparency and Accountability: Reinforces transparent reporting and adherence to ethical standards, building stakeholder trust. ✅Compliance Risk Assessment: Identifies legal or reputational risks AI systems might pose, enabling proactive mitigation. ➡Why This Quartet? Combining these standards establishes a comprehensive compliance framework: 🥇1. Unified Risk and Privacy Management: Integrates AI-specific risk (ISO42001), data security (ISO27001), and privacy (ISO27701) with compliance (ISO37301), creating a holistic approach to risk mitigation. 🥈 2. Cross-Functional Alignment: Encourages collaboration across AI, IT, and compliance teams, fostering a unified response to AI risks and privacy concerns. 🥉 3. Continuous Improvement: ISO42001’s ongoing improvement cycle, supported by ISO27001’s security measures, ISO27701’s privacy protocols, and ISO37301’s compliance adaptability, ensures the framework remains resilient and adaptable to emerging challenges.

A lot of companies think they’re “safe” from AI compliance risks simply because they haven’t formally adopted AI. But that’s a dangerous assumption—and it’s already backfiring for some organizations. Here’s what’s really happening— Employees are quietly using ChatGPT, Claude, Gemini, and other tools to summarize customer data, rewrite client emails, or draft policy documents. In some cases, they’re even uploading sensitive files or legal content to get a “better” response. The organization may not have visibility into any of it. This is what’s called Shadow AI—unauthorized or unsanctioned use of AI tools by employees. Now, here’s what a #GRC professional needs to do about it: 1. Start with Discovery: Use internal surveys, browser activity logs (if available), or device-level monitoring to identify which teams are already using AI tools and for what purposes. No blame—just visibility. 2. Risk Categorization: Document the type of data being processed and match it to its sensitivity. Are they uploading PII? Legal content? Proprietary product info? If so, flag it. 3. Policy Design or Update: Draft an internal AI Use Policy. It doesn’t need to ban tools outright—but it should define: • What tools are approved • What types of data are prohibited • What employees need to do to request new tools 4. Communicate and Train: Employees need to understand not just what they can’t do, but why. Use plain examples to show how uploading files to a public AI model could violate privacy law, leak IP, or introduce bias into decisions. 5. Monitor and Adjust: Once you’ve rolled out your first version of the policy, revisit it every 60–90 days. This field is moving fast—and so should your governance. This can happen anywhere: in education, real estate, logistics, fintech, or nonprofits. You don’t need a team of AI engineers to start building good governance. You just need visibility, structure, and accountability. Let’s stop thinking of AI risk as something “only tech companies” deal with. Shadow AI is already in your workplace—you just haven’t looked yet.

According to a recent BBC article, half of all workers use personal generative AI tools (like ChatGPT) at work—often without their employer's knowledge or permission. So the question isn't whether your employees are using AI—it's how to ensure they use it responsibly. A well-crafted AI policy can help your business leverage AI's benefits while avoiding the legal, ethical, and operational risks that come with it. Here's a simple framework to help guide your workplace AI strategy: ✅ DO This When Using AI at Work 🔹 Set Clear Boundaries – Define what's acceptable and what's not. Specify which AI tools employees can use—and for what purposes. (Example: ChatGPT Acceptable; DeepSeek Not Acceptable.) 🔹 Require Human Oversight – AI is a tool, not a decision-maker. Employees should fact-check, edit, and verify all AI-generated content before using it. 🔹 Protect Confidential & Proprietary Data – Employees should never input sensitive customer, employee, or company information into public AI tools. (If you're not paying for a secure, enterprise-level AI, assume the data is public.) 🔹 Train Your Team – AI literacy is key. Educate employees on AI best practices, its limitations, and risks like bias, misinformation, and security threats. 🔹 Regularly Review & Update Your Policy – AI is evolving fast—your policy should too. Conduct periodic reviews to stay ahead of new AI capabilities and legal requirements. ❌ DON'T Do This With AI at Work 🚫 Don't Assume AI Is Always Right – AI can sound confident while being completely incorrect. Blindly copying and pasting AI-generated content is a recipe for disaster. 🚫 Don't Use AI Without Transparency – If AI is being used in external communications (e.g., customer service chatbots, marketing materials), be upfront about it. Misleading customers or employees can damage trust. 🚫 Don't Let AI Replace Human Creativity & Judgment – AI can assist with content creation, analysis, and automation, but it's no substitute for human expertise. Use it to enhance work—not replace critical thinking. 🚫 Don't Overlook Compliance & Legal Risks – AI introduces regulatory challenges, from intellectual property concerns to data privacy violations. Ensure AI use aligns with laws and industry standards. AI is neither an automatic win nor a ticking time bomb—it all depends on how you manage it. Put the right guardrails in place, educate your team, and treat AI as a tool (not a replacement for human judgment). Your employees are already using AI. It's time to embrace it strategically.

In the evolving landscape of AI, I often get asked about best practices for responsible AI, especially given that laws are still in development. 🔍 Because of the frequency of these questions, I want to share some best practices from the Women Defining AI report I drafted with Teresa Burlison and Shella Neba again. 🤓 Here are some tips you can implement in your organization to develop responsible AI: 🛠️ Scope out all AI tools used in your organization and understand where and how they're being used. This is crucial for identifying potential risks and ensuring appropriate oversight. 🚦 Categorize AI tools by risk from high to low risk. This helps prioritize resources and attention toward the most critical areas. 🔄 For high-risk use cases, implement continuous monitoring and stress testing. This ensures that your AI systems remain compliant and effective over time. 🗒 Educate your stakeholders and develop a cross-functional AI committee to set the right policies, monitor evolving laws, and recommend the best AI rollout and adoption strategies for your organization. Integrating these practices not only safeguards your organization but also promotes ethical and responsible AI. If you want to learn more, read our Responsible AI in Action Part 2: Ethical AI- Mitigating Risk, Bias, and Harm to learn how you can shape a future where AI benefits everyone responsibly and equitably. 🎯 Report link: https://lnkd.in/gW3YDZkF ****** If you found this helpful, please repost it to share with your network ♻️. Follow me, Irene Liu, for posts on AI, leadership, and hypergrowth at startups.