Poor Quality Due To Rush To Market: Is Ai Down That Same Path?

Marc Ashworth, CISSP, CISM, CRISC, Chief Information Security Officer, First Bank

Marc Ashworth, CISSP, CISM, CRISC, Chief Information Security Officer, First Bank

Marc Ashworth, Chief Information Security Officer at First Bank is a seasoned IT executive with 30+ years of expertise in cyber and physical security, IT architecture, project management and public speaking. He holds various security certifications, contributes to industry committees like the Missouri Bankers Association Technology Committee and co-founded the State of Cyber conference. Ashworth currently leads First Bank's information security, financial crimes unit, physical security and network services departments.

Through this article, Ashworth shares his insights on the historical issues of software bugs evolving into vulnerabilities, the potential risks posed by the rapid advancement of AI technologies, and the importance of implementing proper governance and oversight to mitigate these risks, with a focus on recent legislative efforts in the EU and the UK and a call for similar action by the United States government.

In my over 30 years of being in technology, I have seen a lot of software and technology come and go. Over that time, there was something that almost all of them had in common; issues that are commonly known as bugs. Many of these product concern were due to poor quality assurance, bad design or, in some cases, an unknown issue with a third-party product that was incorporated into the offering. These issues in the product are typically known by the company, but the pressure by executives and shareholders to get to market takes precedence over delivering a safe and quality product. Likewise, the push to add new features to future releases to remain competitive or meet the market domain once again takes precedence over cleaning up years of poor design and implementation.

Now that the product is available for sale these issues are no longer bugs. These bugs are now vulnerabilities in the product and eventually are exploited and wreak havoc for consumers, businesses and governments alike until one day the product is finally replaced or dies in the rack. Many are unable to be updated automatically or are no longer supported by the manufacturer.

Advanced AI is a new wave of technology that has catapulted to the top of everyone’s mind and is in high demand. AI solutions, such as generative pre-trained transformers (GPT) or AI algorithms in automobiles, are constantly in the news. Both types of AI have been plagued with issues ranging from racial or political bias to rear-ending a vehicle and causing injury or even death. AI is probably the most significant technology advancement since the release of the iPhone®.

“The rush to market with AI solutions risks prioritizing speed over safety, potentially endangering consumers and businesses alike, underscoring the urgent need for robust governance and due diligence in this nascent era of technological advancement”

This new AI era continues with a similar legacy as previous software and hardware. In my personal opinion, I feel that we are seeing the push to be first to market with various AI solutions at the cost of the consumer and businesses once again. The difference now is AI products can be highly disruptive and influential to human behavior, livelihoods and even life. We must quickly provide the proper governance and due diligence to this category of products and offerings while it is in its infancy. Likewise, the organizations releasing these solutions should be held accountable by governments to prevent AI from going astray.

We have seen some movement in the EU with the AI Act of 2023, and more recently the Product Security and Telecommunications Infrastructure Act or PSTI Act in the United Kingdom to provide governance over AI and IOT devices (via the PSTI Act). These firstof-their-kind legislations by these governments are the first step to driving quality and oversight of technology. The United States government needs to quickly follow suit with our European partners to provide the proper oversight of this amazing new technology in the early stages of this new era. Likewise, provide regulations for product quality like the PSTI Act of the UK.

The U.S. is the leader in developing and producing many new technologies, but the U.S. should also lead in being good stewards of these new, emerging technologies. Doing so will reduce risk to everyone, with the potential of reducing cybercrime by making it more difficult to exploit systems, ultimately protecting the lives of those who are using them.

The views expressed in this article are the author's views, all opinions are his own, and don't necessarily represent the views and opinions of First Bank.