top of page

Understanding AI Governance: Benefits, Challenges, and Realities of the Whitehouse Memo on Cybersecurity and AI

What is AI Governance?

AI governance comprises a set of frameworks, regulations, and policies that act as safeguards to ensure AI is developed and utilized to minimize risks and maximize its intended benefits.

How Does the AI Memo Apply To AI Governance?

The memorandum "Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence" (M-24-10) is a specific document issued by the Office of Management and Budget, it provides guidelines for the U.S. federal agencies on how to effectively implement AI within their operations. In summary, AI governance is a broader concept, while M-24-10 is a specific guideline within that broader framework, tailored to the needs and responsibilities of U.S. federal agencies.

The Good 

There are a lot of great aspects to AI Governance, such as the impact of AI and large language models that have increased the ability of organizations to move quickly through their decision cycles. In military circles, they call it the OODA loop or the ability to observe, orient, decide, and act on any particular situation. AI has impacted that in such a way that it allows organizations to move faster through that decision cycle thereby positioning a better and higher probability of defeating adversarial activity. And with AI something that might take hours, days to do, or even months, you can get down to a few minutes by crafting the right prompt. Some organizations are looking to include a Chief AI Officer, though it is a great strategic idea, from looking at the responsibilities from a cyber security standpoint there could be some overlap between the responsibilities that this role has, such as managing the risk of artificial intelligence which is something that the CISO office or a chief data officer might be evaluating. This is overall a good thing, what the Executive Branch is doing is providing some overall guidance towards organizations and the establishment of a chief AI officer is a good recommendation.

The Bad 

A negative aspect of AI Governance is that there are a lot of hidden costs, not only from a government agency standpoint but from a business standpoint as well it says on page 4 “The head of each covered agency must also consider the financial, human, information, and infrastructure resources necessary for implementation, prioritizing current resources or requesting additional resources via the budget process,” so when you think about AI it’s not just about this shiny element and how it could modernize our business though that a great outcome, the risk about AI is that you have to look at it from a strategic standpoint, let's think about how it's going to impact your team. Do you have the in-house team members with the skill set to run this technology? Are you going to have to hire them? If you need to hire them, are they available to hire? That's a major factor in what’s making organizations hesitate to incorporate AI.

The Ugly 

Let’s talk about the ugly aspects of AI governance that they don't tell you about. One major that comes with adopting new technologies is that there’s always a chance that an organization will not be fully equipped to protect themselves as they explore the use of the technology, it’s already been seen globally of organizations finding that there's been a collection of data or a misuse of data within their Enterprises. But what you should be looking at is from a generative AI standpoint a lot of people are using Chat GPT but it’s to look at where your data is going and what are you putting into this resource. We’ve written an article on how you can turn off some of those sharing capabilities, where if you are putting data in you're not inadvertently using your data in someone else's results. Understanding how these tools work and how you can securely use them is key.

Learn more about HacWare: Companies can decrease the likelihood that their end users will click on a phishing email by 60%. Let us help you empower your users with automated, AI-driven phishing simulations and under three-minute micro-trainings to build up their defenses against cyber attacks.

bottom of page