Corporate race to use AI puts public at risk: UniSC study | UniSC | University of the Sunshine Coast, Queensland, Australia

Accessibility links

Non-production environment - wwwtest.usc.edu.au

Corporate race to use AI puts public at risk: UniSC study

A rush by Australian companies to use generative Artificial Intelligence (AI) is escalating the privacy and security risks to the public as well as to staff, customers and stakeholders, according to a new study.

The University of the Sunshine Coast research, published in a paper in Springer Nature journal AI and Ethics on the weekend, warns that rapid AI take-up is leaving companies open to wide-ranging consequences.

These include mass data breaches that expose third-party information, and business failures based on manipulated or “poisoned” AI modelling – whether accidental or deliberate.

The study included a five-point checklist for businesses to ethically implement AI solutions.

Business and industry welcome latest technology. GettyImages

UniSC Lecturer in Cyber Security Dr Declan Humphreys said the corporate race to adopt generative AI solutions like ChatGPT, Bard or Gemini was fraught with not just technical, but moral issues.

Generative AI applications turn large amounts of real-world data into content that appears to be created by humans. ChatGPT is an example of a language-based AI application.

“The research shows it’s not just tech firms rushing to integrate the AI into their everyday work – there are call centres, supply chain operators, investment funds, companies in sales, new product development and human resource management,” Dr Humphreys said.

“While there is a lot of talk around the threat of AI for jobs, or the risk of bias, few companies are considering the cyber security risks.

“Organisations caught in the hype can leave themselves vulnerable by either over-relying on or over-trusting AI systems.”

The paper was co-authored by UniSC experts in cyber security, computer science and AI, including Dr Dennis Desmond, Dr Abigail Koay and Dr Erica Mealy.

It found that many companies were making their own AI models or using third-party providers without considering the potential for hacking.

'Organisations caught in the hype can leave themselves vulnerable by either over-relying on or over-trusting AI systems' - Dr Declan Humphreys

“Hacking could involve accessing user data, which is put into the models, or even changing how the model responds to questions or the answers it gives,” Dr Humphreys said.

“This could mean data leaks, or otherwise negatively affect business decisions.”

He said legislation had not kept pace with issues of data protection and generative AI.

“This study recommends how organisations can ethically implement AI solutions by taking into consideration the cyber security risks.”

The five-point checklist includes:

  • Secure and ethical AI model design
  • Trusted and fair data collection process
  • Secure data storage
  • Ethical AI model retraining and maintenance
  • Upskilling, training and managing staff.

Dr Humphreys said privacy and security should be a top priority for businesses implementing artificial intelligence systems in 2024 and beyond.

“The rapid adoption of generative AI seems to be moving faster than the industry’s understanding of the technology and its inherent ethical and cyber security risks,” he said.

“A major risk is its adoption by workers without guidance or understanding of how various generative AI tools are produced or managed, or of the risks they pose.

“Companies will need to introduce new forms of governance and regulatory frameworks to protect workers, sensitive information and the public.”

More news from UniSC

Media enquiries: Please contact the Media Team media@usc.edu.au