So you’ve invested in artificial intelligence (AI). The first questions your board may ask will likely be related to what it can do, how will it improve business processes, save money or provide greater experiences for customers. However to be responsible there are two questions that should be asked first:
Will it perform as intended at all times?
Is it safe?
When we speak of robustness in AI, we’re talking about its performance ability. Can the system perform consistently under dynamic circumstances? Security, on the other hand, is about the safety of the technology itself, whether it is protected from abuse or appropriation.
These aren’t just technical challenges for data scientists; they’re business problems. As such, any business strategy around the use of AI needs to include the testing of its robustness and security — before deployment. Doing so will allow potential weaknesses to be identified and decisions around any required mitigation or remediation to be taken to executive leadership. Solutions may demand compromise, perhaps even of a desired attribute of the system itself.
For example, a complex AI model might do a great job of predicting the probability of approval of a credit limit increase for a large proportion of customers. This is a useful tool for targeting offers and business development opportunities. But if the algorithm does less well for some groups of customers, it may lead to poor business outcomes. The C-suite needs to have oversight of the robustness of the AI to ensure that it is not only performing to the financial benefit of the organisation, but upholding company values as well.
While data scientists can, and should, identify and flag these trade-offs, it is the C-Suite and related stakeholders who are ultimately accountable to customers and regulators — and who should balance AI decisions in light of broader business strategy.
So what are the key considerations business leaders should keep in mind?
Three questions to ask.
Artificial intelligence should support and enhance human decision-making — using data. However its performance can depend on the information available to it, and the sensitivity of its interpretation. Among other reasons, where a model is overfitted it may overreact to even small data changes, and this disproportionate reaction to minute input alterations can cause big problems.
Take for example an underwriting algorithm that assesses risk for customers. If it takes two similar people and fails to assign them similar credit scores — perhaps the applicants’ reported incomes differ by only a few thousand dollars per annum, but they are assigned wildly different scores — it would be considered oversensitive. Where an outcome of the algorithm is not reliably predictable, and instead gives very different outcomes there should be concern from the business.
There are a number of ways to manage model sensitivities, but companies should first identify where and when a model is over sensitive and determine what the ethical and business implications might be.
Tools exist that can test for these kinds of sensitivities. For example, PwC’s recently developed Responsible AI toolkit focuses on three key dimensions when it tests AI sensitivity:
Once the organisation has an overview of where any sensitivities lie and what form they may take, their impact, severity and costs can be determined and a remediation plan designed before the AI system goes into production.
Scope for AI manipulation is just as concerning as oversensitivity. Where the AI system manages access to a resource, such as financial credit, it may be susceptible to being ‘gamed’ (manipulated in unintended ways for nefarious or unfair benefits). For instance, opportunists or criminals could exploit susceptibilities in the system working out the rules of play, entering the criteria the AI program is looking for and gaining access to funds.
Increasingly, organisations are using AI to detect financial crimes, such as insider trading.1 But criminals know this, and there is a risk that the business’ detection algorithms could be manipulated so that ongoing illegal activities occur under the detection threshold, and thus, remain effectively invisible.
One way to reveal an AI’s susceptibility to manipulation is to test combinations of data inputs using purpose-built algorithms which can fool the system into producing an unwanted result. For example, strategically attempting to obtain credit by exploiting underlying parameters and rules to identify weak points.
The resulting information will enable the business to work with data scientists and determine the likely impacts, mitigation measures to be implemented, and the cost to do so.
An AI system is a critical part of the intellectual property of an organisation, but in many cases, its exposure is built in by design by way of customer interaction. Products and algorithms that vastly increase the efficiency and quality of service are also exposed via their use.2 So how can organisations secure their IP, when the automated model must be shared?
Not all artificial intelligence IP is easily stolen, but determining whether it is easy or difficult to appropriate can be as simple as using security comparison software.
Robustness and security in AI involves a multifaceted trade-off with other aspects of responsible AI: interpretability and explainability; bias and fairness; ethics and regulation; and governance. While there are a number of technical solutions available to identify potential robustness or security issues, ultimately the final implementation should be a business-led decision, not just a technical one.
This article is part of PwC’s Responsible AI initiative. Visit the Responsible AI website for further information on PwC’s comprehensive AI frameworks and toolkits – including tools for assessing AI sensitivity, algorithm manipulability and system security. You can also access the free PwC Responsible AI Diagnostic Survey.
© 2017 - 2021 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Liability limited by a scheme approved under Professional Standards Legislation.