Walk into any sales demo today, and you will likely be assailed with a litany of AI buzzwords. It’s all about machine learning this, deep learning that, and every product has the magic built in. The hype is real (kind of), and it can be challenging for businesses to see through the smoke and mirrors to what matters.

The truth is, there are incredible things you can do with AI. But amidst the excitement, AI startups face significant challenges. It all has eerie echoes of the crypto/dotcom boom and bust as companies with questionable products grow to insane valuations only to bust a few months later without a lick of revenue. On top of the commercial hurdles, 60% of small companies go under after a cyberattack*. AI has created a huge new attack surface that engineers and product managers have yet to acclimate.

Fortunately, there’s a tried-and-tested solution that has been a cornerstone of the secure development lifecycle for decades: shifting left. For those who aren’t familiar with the term, shifting left involves integrating security measures early in the development process rather than addressing them at the end. This new AI era makes this approach more critical than ever.

Shifting left – This is the way.

Shifting left in the context of AI means evaluating the attack surfaces created by your use cases, assessing potential confidentiality risks, and identifying biases and hallucinations early in the product development lifecycle. For example, consider the well-documented case of gender bias in applicant tracking systems. Such biases affect business decisions and expose your company and customers to compliance and legal risks. These were unanticipated peculiarities 1-2 years ago; today, any product manager and engineering lead working with AI should have these things back of mind.

So, what steps can you take to shift left in your AI projects? Here are a few key strategies:

1. Early Risk Assessment: Identify potential security risks right from the design phase. Retrofitting solutions is very difficult in AI products.
2. Data Security: Ensure the data used to train AI models is secure and free from malicious inputs. This requires rigorous data governance policies and practices.
3. Transparency and Explainability: Develop AI systems that are transparent and whose decision-making processes can be explained. This builds trust and makes it easier to identify and address security issues.

Value Alignment

Looking beyond security, ensuring that AI addresses real challenges users face becomes crucial. The output of AI should align with the values and needs of the users. A recent controversy involving Adobe highlights the importance of this alignment. Users were unhappy with recent changes in terms and conditions, flooding forums like YouTube with complaints. The sticking point was that users don’t want their content to be freely used to train models, or at the very least, they want a bulletproof opt-out mechanism. Knowing your customer is vital. Understanding their needs and ensuring that your AI solutions respect their preferences and deliver genuine value will distinguish successful products from the rest.

In conclusion, shifting left in security is no longer just a best practice; it’s a necessity. As AI becomes more integrated into our products and services, it is paramount to ensure its security, credibility, and value from the outset. Organisations that succeed will be those that balance innovation with security, delivering groundbreaking and reliable solutions.

*Cybersecurity Ventures.com – Cybercrime Magazine