I absolutely like the idea of establishing guardrails to make AI safe, secure, and trustworthy, but I am unsure that the concepts will manifest into something meaningful.
It appears that the authors have a simplistic view of AI, which if true, can be easily managed. However, AI is more an adaptable set of tools and capabilities. It is not a specific machine or device. It is equivalent to an edict requiring the Internet to be safe, secure, and trustworthy. Great in concept, but shortsighted in the actual complexity to achieve and sustain.
For example, there is a requirement for AI-generated content to be watermarked, to protect from fraud and deception. We can’t do this well in the real world, much less the digital one. If we could do this, spam and phishing would not be a problem. In the Generative AI world, every time a new tool or process has emerged to watermark content or detect fakes, it has been undermined in a very short period.
In general, the document is filled with mostly ‘don’t use AI for bad’ concepts, but not actual structures to govern, control, or penalize non-compliant practices.
At a high level, there is much good in this Executive Order, as it draws attention to key areas that we must manage, including security standards for AI implementation in Critical Infrastructure sectors. The order supports a long-needed national data privacy law that unifies the collage of confusing and inconsistent state rules. It offers guidance for many ways how the government can or should use AI.
These are great areas to pursue, but the rapid evolution and adoption of AI greatly limits our practical visibility and capabilities in how best to establish meaningful guardrails. The result will likely be similar to what has been seen in the past, ineffective standards, with government regulations that are outdated by the time they are defined, and the development community several steps ahead in whatever they want to accomplish.
Matthew Rosenquist is an industry-recognized pragmatic, passionate, and innovative strategic security expert with 28 years of experience. He thrives in challenging cybersecurity environments and in the face of ever shifting threats. A leader in identifying opportunities, driving industry change, and building mature security organizations, Matthew delivers capabilities for sustainable security postures. He has experience in protecting billions of dollars of corporate assets, consulting across industry verticals, understanding current and emerging risks, communicating opportunities, forging internal cooperation and executive buy-in, and developing practical strategies. Matthew is a trusted advisor, security expert, and evangelist for academia, businesses, and governments around the world. A public advocate for best-practices, and communicating the risks and opportunities emerging in cybersecurity. He delivers engaging keynotes, speeches, interviews, and consulting sessions at conferences and to audiences around the globe. He has attracted a large social following of security peers, is an active member on advisory boards, and quoted in news, magazines, and books. Matthew is a recognized industry expert, speaker, and leader who enjoys the pursuit of achieving optimal cybersecurity. Matthew Rosenquist is experienced in building world class teams and capabilities, managing security operations, evangelizing best-practices to the market, developing security products, and improving corporate security services.