Raja Sekhar Thota

Evolving AI Audits: Adapting to the Generative AI Era

AI systems have been evolving from just prediction algorithms to generative models, disrupting almost every industry, as are the approaches in auditing AI systems. Unlike the Predictive AI models that rely on historical data for training and making future predictions, Generative AI models use advanced algorithms to generate new data such as text, images, and code, creating unique challenges for auditors. This article will discuss the need for a shift in auditing practices based on underlying development principles and the challenges. We will also propose approaches for effective audits in this Generative AI era.

AI applications development landscape

A structured approach is followed in the development of predictive AI applications. In the first step, data is collected from various sources, such as structured data from SQL tables or unstructured data such as text and images. Data preprocessing is next, which involves treating missing values and outliers and balancing datasets. The cleaned data is then used for model development, where algorithms are applied based on the type of problem, such as classification, regression, or clustering. In the next step, the model is evaluated with metrics like accuracy, precision, and recall to measure model performance. Finally, the model would be deployed and served through an API or by integrating it directly into applications.

Later, Transfer learning has been in trend where pre-trained models developed for one task are reused for other related new tasks. It starts by selecting a pre-trained model trained on a large dataset with a range of features. The selected model is then fine-tuned with a smaller task/domain-specific dataset. This step adopts the model weights to make it more suited for the new task without needing training from scratch. Finally, the fine-tuned model is deployed and used in applications. Today, Generative AI applications are developed using transfer learning relying on pre-trained large language models like GPT or Gemini and vision models like Dall-E.

Challenges of auditing Generative AI applications

Traditional auditing of AI systems has focused on evaluating the algorithms' accuracy, fairness, and transparency. The main objective of these audits was to ensure that the AI's predictions were free from biases or inaccuracies.

In contrast, auditing Generative AI-powered applications poses additional challenges for auditors due to their capability to create new content. Data sources used to train the foundations of Generative AI, such as the internet, wikis, and articles, may contain biased and false information. Applications powered by these models also have the potential to generate misleading or harmful content. This demands a new approach to auditing that addresses these unique challenges, ensuring responsible use and deployment.

Scope and Approach

Effective auditing of Generative AI applications needs to cover multiple verticals, including Technical Assessment, Data Governance, Ethical Considerations, and Adaption to Regulation. Below is a detailed breakdown of each area essential for a thorough audit:

Technical Assessment

The scope of the technical assessment should focus on evaluating the application's ability to produce relevant and accurate outputs that meet set objectives. It should involve testing methods to discover any harmful content and suggest mitigation steps. Additionally, it also needs to cover the robustness of architecture and security practices in place.

Data Governance

Data Governance is important, especially in the Generative AI applications built using domain-specific data on foundational models. The scope of data governance includes assessing the credibility and reliability of data sources, data collection techniques, and data handling practices in alignment with data protection guidelines protecting PII and sensitive information against misuse.

Ethical considerations

Ethical considerations in AI audits need to measure the FAIRness (Fairness, Accountability, Interpretability, and Reliability) of AI-powered applications. This should also include measuring the impact of generated content on society, culture, and people, considering risks such as motivating them for illegal activities, spreading misinformation, and compromising privacy.

Adaption to Regulations

The adaptation to regulations needs to evaluate whether the application meets the current legal and compliance requirements of the jurisdiction and if the company maintains a process to continuously monitor and adapt to emerging regulations and standards related to AI.

This detailed approach, which is also at the core of AuditOne's AI systems auditing, is essential for mitigating risks, ensuring ethical use, and maintaining public trust in these rapidly growing AI applications.