The Need for Sharing

AI implementers, each working in their own organizations, are trying to implement intelligent agents. In the process, each is discovering pieces of new security vulnerabilities, ways of mitigating security vulnerabilities,  and new ways of creating effective intelligent agents.  At the same time, vendors are making guesses about what implementers want and need. The isolation of these efforts is a contributing factor to the low level of application success.

To achieve the full promise of the technology, we have to move the industry up the learning curve.  The best way to do that is to provide a way for people to come together and share their experiences - both successes and failures.

Such a cooperative group needs to encompass all different types of AI systems. In past steps of technology evolution, vendors have created vendor-specific user groups such as the San Francisco Apple Core or IBM’s SHARE. With AI intelligent agents, it is not unusual for an application developer to use more than one LLM and choose them from different vendors. Today, these LLM choices are based on considerations of best fit for functionality, hallucination mitigation, local resources available, latency, etc. In the future, LLM security will also be a decision criterion. LLM evolution is also increasing at a rapid rate. This can further complicate LLM suite choices. For these reasons, an organization that brings knowledge and experience with all types of AI systems is important. It will also be important to include people from both the LLM development communities and the application development communities.

In previous generations of technology, this was done in groups that operated on a principle of coop-etition. That is cooperation on fundamentals that creates a foundation that each participant can build on to compete. This kind of cooperation will lead to more effective, secure applications delivering the productivity benefits being sought.

Such a cooperative organization could develop tutorials and best practices in a wide ranging set of areas including: effective defenses against prompt injection attacks; architectural structures that prevent or minimize damage from cybersecurity attacks; selecting best functional areas for AI automation; orchestrating suites of LLM(s); handling hallucinations, dealing with end user acceptance, deployment, maintenance, etc. problems; meeting up-time / reliability requirements; creating requirements for future LLM creation, and technology projection to help in life cycle management of both applications and LLM’s. Developing and distributing this type of knowledge will be one of the valuable functions that a sharing organization can perform.

There has been previous work done on the possibility of a similar sharing organization dealing with the societal effects of GenAI. As can be seen in the illustration below, the types of expertise required for sharing security / application expertise and for sharing societal adaptation expertise have a great area of overlap.

Figure 1: The Overlap Between Societal Adoption and Effectiveness of Applications
click to enlarge

Because of the overlapping areas of expertise and potential memberships, combining the two will produce efficiency increases. Maybe more importantly, work in the two areas - speeding up deployment of quality applications and speeding up societal adaptation - will catalyze both groups. Progress in each area will stimulate the other. Creating better and faster results.

Therefore, it makes sense to combine these two work areas within one organization. They both share the objective of finding ways of maximizing the benefits from AI while minimizing the downsides.

Conclusion 

GenAI and intelligent agents using it have the potential for significant productivity improvements. To achieve the full productivity benefits, we need to learn how to secure, develop, and deploy these technologies. Currently, it appears that we are very low on the learning curve. As an industry, we are just beginning to understand the security vulnerabilities and how to develop effective applications of the technologies. The best way to quickly move up the learning curve and capture the full productivity benefits is to create a way that implementers can share experience and develop best practices. Combining that with similar work on societal adaptation to the technology will turbocharge both. The Bace Cybersecurity Institute (BCI) is exploring the creation of such a sharing organization. To learn more or become part of the discussion, go to https://www.bacesecurity.org/form/aiwg