generative AI, GenAI

Whether or not businesses are ready, employees turn to GenAI services such as ChatGPT, DALL-E2, and many others to enhance productivity. While employee use of GenAI promises to increase productivity, those gains do come with significant risk, a new report from Forrester Research warns.

According to Forrester, the advent of BYO-AI brings regulatory, governance, privacy, third-party vendor and security challenges that will prove difficult to manage in the years ahead. According to the firm, while companies such as Amazon, Apple, Citigroup and Samsung have announced restricted or outright bans of ChatGPT, the AI technology is here to stay. It predicts BYO-AI will become as ubiquitous as computers, mobile and cloud.

To mitigate the risks, enterprises must implement an effective BYO-AI policy, yet according to Andrew Hewitt, principal analyst at Forrester, there are three significant challenges surrounding successful BYO-AI implementation: Enforceability, AI literacy and scale.

Regarding enforceability, while firms may declare outright bans of GenAI, they have few options to enforce such prohibitions. “Unlike BYOD, where enterprises could simply deny access to corporate resources, BYO-AI will prove much more difficult to control because IT and security leaders don’t have adequate tools to observe its usage,” Hewitt told 

“The second major challenge is around AI literacy,” Hewitt continued. “While BYOD was primarily a technology support question, BYO-AI is much more. Instead of managing devices, enterprises must manage intelligence, and what that means is that employees need to know a lot more about the implications of the AI services they use to use them responsibly and safely. That means the BYOAI policy isn’t just a list of do’s and don’ts. It’s also guidance around ethical usage of AI and helping them to become more AI literate,” he said.

Finally, the sheer scale of GenAI is daunting for any enterprise that wishes to find ways to mitigate its risk. In Forrester’s report, “Bring-Your-Own-AI Hits The Enterprise,” the authors make it clear that GenAI won’t just be used by employees accessing web-based services, such as ChatGPT — GenAI will find itself entering all types of enterprise technology. “Such as AI-infused software, AI-creation tools, and cloud-based APIs, all of which fall under the purview of BYO-AI,” the report stated.

“AI is evolving so rapidly in so many forms that it’s difficult for CIOs to keep up. The policy will need to act as a living document that’s updated frequently with consistent outbound communication. Again, much different from a traditional BYOD policy,” Hewitt said.

According to Forrester, crafting their BYO-AI policy must align with the organization’s broader AI governance efforts, including “purpose, culture, action, and assessment.” Among those actions, organizations had better ready themselves to contend with AI’s ethical, security, regulatory, training and other considerations. Additionally, the policy should include critical enterprise GenAI use cases, boundaries for permitted AI use, sanctions for violations and resources for employee AI training and development. 

Regardless of an organization’s GenAI usage policies, it will be a near Sisyphean task to identify staff using shadow AI. “The best approach is a proactive one fueled by curiosity,” Hewitt said. Forrester’s report details how technology leaders should actively survey and communicate with employees to learn about their usage, not necessarily to block generative AI but rather to discover the key use cases that serve their particular businesses. “Then, try to find a corporate alternative that your organization can manage in its own technology stack,” Hewitt concluded.