ServizioContenuto basato su fatti, osservati e verificati dal reporter in modo diretto o riportati da fonti verificate e attendibili.Scopri di più
Artificial Intelligence

Ai governance goes through human skills

Shadow Ai threatens the sovereignty of data and puts hidden technical and legal errors and debts at risk. But prohibitions do not help

by Massimo Chiriatti

3' min read

Translated by AI

For feedback, please contact
english@ilsole24ore.com

Versione italiana

Key points

3' min read

Translated by AI

For feedback, please contact
english@ilsole24ore.com

Versione italiana

The history of corporate IT is, in general terms, a history of dialectical tensions between the centre and the periphery, in particular, between centralisation and decentralisation. Between those who control the infrastructure and those who must use it to produce value. If in past years we learnt to live with Shadow IT, i.e. the use of software and mobile devices in the shadow of technology managers, and in any case not approved. Today we are faced with a far more insidious and complex mutation: Shadow AI.

What are the causes?

We are facing a phenomenon in which generative artificial intelligence, accessible to anyone with a browser, is employed to perform critical tasks without the organisation's knowledge. The logical deduction is straightforward: if access to computational power has become frictionless, then traditional centralised control is no longer a sufficient curb.

Loading...

Those who use AI in this way do not do so with malicious intent, but rather follow a principle of individual economic efficiency, as if to say, they are trying to maximise their productivity by bridging the gap between the demand for speed imposed by the market and the often slow response of internal processes. Unfortunately, in doing so, it ignores what it puts at risk with its operations.

What risks does the company run?

When we take these tools into the shadows, i.e. outside the perimeter of corporate governance, we expose the organisation to three existential risks that cannot be ignored.

The first is, of course, the sovereignty of the data. Putting confidential data into a public model prompt is, in many cases, tantamount to handing over that data to the model supplier for future training. It is a silent and ongoing loss of intellectual property, and thus the company's core business is in jeopardy.

Loading...

The second risk is when you forget that the machine calculates not thinks. It produces content without realising it is doing so. In the shadows, strategic decisions could be made based on faulty statistical inferences, generated by a machine that does not have a full understanding of the context of what it has produced. If we delegate thinking to the machine without supervision, we are abdicating our human responsibility.

The third risk is hidden technical and legal debt. A code generated by an AI without a clear licence, or a text that violates copyright, enters corporate systems without traceability. When, inevitably, the time comes to account for those assets, the company will find itself dealing with liabilities it did not know existed.

What can you do?

Prohibition, blocking access, the history of digital teaches us, does not work. The answer has never been with the introduction of more technology, in fact the best results are achieved with organisational, and above all, cultural innovations.

We need to shift the axis from useless a priori control to competence. Shadow AI thrives where a widespread culture of AI is lacking. If employees use unapproved tools, it is often because the company has not provided viable and safe alternatives. Companies should provide secure 'sandboxes', protected environments where models are instantiated privately, where data does not leave the company perimeter and where output is subject to verification.

What is also needed is a return to the fundamentals of critical thinking. The adoption of AI requires more humanism, not less. We must train people not so much in the use of the tool (the interface is now natural language, accessible to all), but in the evaluation of the result. Technical competence must evolve into epistemological competence: knowing how to distinguish a statistical correlation from a causal link, knowing how to recognise a bias, knowing how to evaluate the ethics of an output.

Therefore, we can redefine Shadow AI as an internal market signal. It shows us that the hunger for cognitive automation is immense. The real challenge for C-levels is to bring AI from the shadow into the light, where it can be governed, measured and, above all, directed by human intent. If we go back to the 1970s where there were only centralised systems and only a terminal, not a personal computer, in our hands, we would certainly not have security risks in the periphery, but neither would creativity and accountability, which, unlike computation, cannot be delegated. And responsibility is the only objective reality that distinguishes us, and always will, from machines.

Chief Technology & Innovation Officer, Italy, Lenovo

Copyright reserved ©
Loading...

Brand connect

Loading...

I prossimi eventi

Tutti gli eventi

Newsletter

Notizie e approfondimenti sugli avvenimenti politici, economici e finanziari.

Iscriviti