/Research TeamHD Moore /Rob King /Tom Sellers2024VOLUME 1 MAY 2024runZero Research Report2024P2Volume 1Table of ContentsChapter 1Introduction3Chapter 2OT&Cloud Impacts on Attack Surfaces10Chapter 3Unusual Assets Are Risky Assets19Chapter 4Some Old Enemies23Chapter 5Emerging Threats36Chapter 6Fingerprints&Snapshots45Chapter 7AI&the Need for Specificity65About runZero69In this report we share runZeros observations from our unique perspective as an applied security research team.Our goal is to provide insight into how the security landscape is changing,and recommendations on what you can do to get ahead of these changes.Foreword by Rob King“Plus a change,plus cest la mme chose”The more things change,the more they stay the same.Jean-Baptiste Alphonse Karr,Les Gupes,1849.The only constant in information security is that this year will be different from last year.Not only will new individual threats emerge,but entirely new classes of threats will make their debut.Some evergreen threats will finally die off,while others will roar back from oblivion.More devices(and more types of devices!)will be connected to networks,and attack surfaces will continue to grow in sophistication and scope.While this may seem daunting,its also very exciting.We do not work in a boring industry,and we get to solve fascinating and complex problems every single day.runZeros research team exists to discover new and innovative ways to solve these problems and,just as importantly,identify new problems to solve tomorrow.Chapter 1IntroductionWe hope that you will find our first research report educational and possibly even entertaining.We would appreciate your feedback;if you have suggestions,questions,or comments,please reach out by email via .Rob KingDirector of Security ResearchrunZero Research Report2024P3Executive SummaryTectonic shifts are happening in the cybersecurity industry,brought about by the rapid coalescence of several powerful trends and technological developments that have been years in the making.First and foremost,vulnerabilities are being exploited at a truly unprecedented pace.And its working.So much so that the SEC now requires 8K filings for data breaches,not to mention the constant flow of news about emerging vulnerabilities and successful compromises across organizations of every size and sector.While zero day attacks at the network edge have surged,suppliers are struggling to provide timely patches for their products,often leaving customers at the mercy of attackers for days or weeks.In response to the acceleration of exploitation,suppliers are now often releasing indicators of compromise(IOCs)in conjunction with their initial notifications to customers.Recently,the xz-utils backdoor became a stark reminder that supply chains are still under immense attack with catastrophic potential.The incident also catalyzed conversations about what it means to be a responsible consumer of open source products,and what“supplier”means in a shared security model.runZero Research ReportMeanwhile,enterprise environments are changing faster than ever.The convergence between operational technology(OT)and information technology(IT)networks is an inevitable conclusion,creating a greenfield of high-value targets for cybercriminals to plunder.Security programs have matured dramatically over the years,but are still dogged by end-of-life systems,unknown assets,and network segmentation challenges.These time-consuming issues compete for resources with short-term fire drills related to emerging threats and exposures.Defenders continue to juggle scoping,patch management,emergency response,and incident analysis on top of business requirements all while security budgets shrink.2024P4Our analysis also indicates that large organizations are still struggling with long-standing configuration problems.Remote management services are not in great shape.The trends for outdated TLS stacks,continued use of outdated protocols like SMB v1,and general hygiene issues with the Secure Shell and Remote Desktop Protocols continue unabated,with serious implications for long-term security.The silver lining is that default choices by operating system vendors are making a difference,but not fast enough to reduce the risk to the overall attack surface.While generative artificial intelligence(Gen AI)and large language models(LLMs)have been touted as the next big thing for security,the reality is more modest.LLMs are helpful in many contexts,but are still prediction engines at heart.As a result,LLMs are limited to helping with the human side of security and struggle to replace expert systems and logic-based decision-making.runZero Research Report2024P5/runZero Research ObjectiveAmidst all of these dynamics,one thing remains clear:as more and more devices are attached to networks,we need faster ways to focus limited information security resources where they are needed most.Our objective as a research team is to identify incredibly efficient ways to pinpoint at-risk devices,through both precise fingerprinting and fast outlier analysis,and to quickly get these tools into the hands of our customers and community.This first research report includes insights derived from our data analyses,and also describes how we work as a team with this objective in mind.runZeros primary data collection method is the runZero Explorer;a lightweight network point-of-presence that is delivered as software and performs active scans,analyzes traffic passively,and integrates with dozens of applications and services.runZero Explorers provide a true insiders perspective on global cybersecurity,finding ephemeral devices(phones,watches,cars),devices that normally are less monitored(thermostats,projectors,door locks),and the vast“dark matter”of ad hoc and forgotten networks,alongside the assets already on ITs radar.Scope&MethodologyThis report is based on a representative,anonymized data sample from the public runZero cloud platform.This sample comprises almost four million assets with nearly fifty million associated,distinct data points,including more than 160 network protocols that have been normalized into 800 distinct attributes and filtered through more than 17,000 unique fingerprints.4MAssets800 Distinct Attributes17K Unique Fingerprints2024P650MData Points160 Network ProtocolsrunZero Research ReportrunZeros Unique PerspectiverunZero was founded on the principle that applied research makes for better asset discovery,and that better asset discovery is the foundation of modern exposure management.Today,runZero is recognized as the leading edge of Cyber Asset Attack Surface Management(CAASM).This success is due to the work of the runZero research team:a group of industry veterans with decades of experience in information security.The practical output of their research is the accurate and in-depth identification of assets across cloud,on-premises,and remote environments.CAASM was born out of the old adage that security teams cant defend what they dont know about.The same goes for assets with unknown attributes like their location,type,and nature.In addition to discovering devices and their associated details,CAASM attempts to methodically uncover the types and severity of exposures impacting those assets,offering defenders a new vantage point to observe the attack surface.CAASM elevates the discovery and visibility(both to attackers and defenders)of assets to a first-class field under the infosec umbrella,and is now considered foundational and critical components of an organizations information security posture.This dynamic is directly tied to the exponential expansion of attack surfaces and to exposures outpacing defenders resources.runZero Research Report2024P7HD MooreCEO&Co-FounderRob KingDirector of Security ResearchTom SellersPrincipal ResearchEngineer/Oddball Devices in Our Data Set Our data has uncovered a plethora of unusual connected devices,some of which have sufficient connectivity and services to route traffic,rangingfrom crockpots to cars.The attack surface of an organization is no longer defined by on-premises locations with a known set of managed devices.Today,the attack surface consists of personal mobile phones,smart watches,thermostats in conference rooms,aquarium pumps in the lobby,game consoles in the CEOs living room,and countless other devices,many of which come and go from the network on a regular basis.runZero Research ReportFigure 1:A list of devices with multiple attack surface designations found by runZero.Devices that span attack surfaces can provide entry points for attackers into internal organizational networks.CrockpotVacuum CleanerLight BulbLight SwitchThermostatDVRScannerVoice Assistant2024P8The COVID-19 pandemic resulted in an explosion of the attack surface perimeter.While remote work was previously a perk,suddenly it became the standard for countless organizations.Huge numbers of employees retreated from the office and added their home networks as entry points to the previously gated and walled garden under the CISOs watchful eye.Once considered an island unto itself,operational technology(OT)and industrial control systems(ICS)have converged with IT and further compounded complexity.The whole world has,with very rare exceptions,settled on Ethernet and the Internet Protocol stack for IT.The vast,chaotic sea of proprietary protocols and competing standards of the OT/ICS world have now joined the fray in earnest,along with all the growing pains that come with it.Today,the worlds living rooms and parking lots have become the CISOs responsibility,as well as its factories and utility grids.In 2024,the US Environmental Protection Agency(EPA)wrote an open letterdescribing how“disabling cyberattacks”are attacking water and wastewater systems throughout the United States.Not so long ago,these systems were unreachable directly from the wider Internet.Today,many of them are perilously and openly exposed to attackers from around the world.It is in this world that we,as information security practitioners,now find ourselves.Defining attack surfaces is no longer an academic exercise that can be table-topped once a quarter.As exposures emerge at lightspeed,rapid,real-time discovery and CAASM are more critical than ever before.runZero Research Report2024P9Today,the worlds living rooms and parking lots have become the CISOs responsibility,as well as its factories and utility grids.Chapter 2OT&Cloud Impacts on Attack SurfacesrunZero Research Report2024P10In cosmology,there is the concept of the holographic universe:the idea that a three-dimensional volume of space can be entirely described by the exposed information on its two-dimensional surface.In the context of an organizations security posture,attack surface is everything;A vulnerability is almost meaningless unless it is exploitable by a bad actor.The trick to determining where the vulnerable rubber meets the exposed road is in identifying whats actually reachable,taking into account security controls,or other defenses in depth.As described in the previous section,attack surfaces are expanding in multiple ways,becoming more numerous and more specific.Two areas of attack surface growth that merit attention are operational technology and the cloud,not only because of their prevalence but also because of the associated risks.The merging of operational technology and industrial control systems(OT/ICS)devices under the general IT umbrella has created another high-value attack surface.In the past,OT/ICS devices typically had completely separate,dedicated networks.Now they are increasingly attached to enterprise IT networks,making them a valuable and vulnerable part of an organizations attack surface.Meanwhile,the increasing commoditization and virtualization of infrastructure means that virtually all organizations now have a cloud-based attack surface to protect.Both independently and combined,these shifts have created new footholds for attackers that are worth examining.OT&IT Are ConvergingrunZero Research ReportHistorically,security was of less concern than safety and reliability for the“grade-separated”networks supporting OT/ICS devices.These networks had different dynamics,using industry-specific network protocols and following maintenance schedules that were less frequent than IT systems.OT equipment is designed for long-term reliability and infrequent changes.The result is that many factory floors,water treatment plants,critical infrastructure,and other industrial processes use equipment that is relatively slow compared to modern PCs.In order to support real-time control requirements,OT equipment often excludes encryption and authentication at the protocol level.OT systems offered a soft target for malicious actors,but only if they couldreach these networks.Until recently,OT was simply not ITs problem.Improvements to networking and security technologies have changed this,allowing organizations to link their OT and IT networks(sometimes on purpose,and sometimes not).Teams that were previously responsible for securing laptops and servers are now also responsible for OT security.With mandates to improve management and monitoring efficiencies,systems that were once in a walled garden are now,at least in theory,reachable from anywhere in the world.The 2022 report from the Presidents National Security Telecommunications Advisory Committee on IT-OT Convergence concludes that we must“accept that IT/OT convergence will be the end state”of IT and OT.2024P11“IT/OT convergence will be the end state”runZero Research ReportFigure 2:A selection of industrial devices detected by runZero on the public Internet.OT/ICS AROUND THE WORLDrunZero data confirms that thousands of OT/ICS devices are indeed“reachable from anywhere in the world.”These devices are prime targets for state actors and ransom seekers,as compromising them can result in industrial or utility disruption.The number of industrial control systems(ICS)directly exposed to the public Internet is terrifying.While the year-over-year increase of exposed devices has finally slowed,the total number continues to climb.Over 7%of the ICS systems in this reports sample data were connected directly to the public Internet,illustrating that organizations are increasingly placing critical control systems on the public Internet.2024P12OT SCANNING MOVES FROM PASSIVE TO SOMETIMES ACTIVEOT devices often run industry-specific software on hardware with limited computing power.These constraints,combined with the long-term nature of OT deployments,result in an environment that does not respond well to unexpected or excessive network traffic.Stories abound of naive security consultants accidentally shutting down a factory floor with vulnerability scans.As a result,OT engineers have developed a healthy skepticism for any asset inventory process that sends packets on the network and instead opted for vendor-specific tools and passive network monitoring.Passive monitoring works by siphoning network traffic to an out-of-band processing system that identifies devices and unexpected behavior,without creating any new communication on the network.runZero Research ReportWhile passive discovery is almost entirely safe,it is also limited.By definition,passive discovery can only see the traffic that is sent,and if a device is quiet or does not send any identifying information across the network,the device may be invisible.Passive deployments are also challenging at scale,since its not always possible to obtain a full copy of network traffic at every site,and much of the communication may occur between OT systems and never leave the deepest level of the network.Active scanning is faster,more accurate,and less expensive to deploy,but most scanning tools are not appropriate or safe to use in OT environments.Active scanning must be performed with extreme care.Large amounts of traffic,or traffic that is not typically seen by OT devices,can cause communication disruptions and even impact safety systems.Figure 4:A partial screenshot of an OT device detected by a runZero active scan.Figure 3:An Allen-Bradley industrial PLC indicating 100%CPU utilization due to the device receiving a high rate of packets from an active scan NOT conducted by runZero.2024P13SAFE ACTIVE SCANSrunZero enables safe scans of fragile systems through a unique approach to active discovery.This approach adheres to three fundamental principles.Send as little traffic as possible Only send traffic that the device expects to see Incrementally discover each asset to avoid methods that may be unsafe for a specific devicerunZero supports tuning of traffic rates at the per-host level as well as globally across the entire task.runZeros active scans can be configured to send as little as one packet per second to any specific endpoint,while still quickly completing scans of a large environment at a reasonable global packet rate.runZero Research ReportFigure 5:A high-level overview of the“progressive enhancement”probing process.runZero is careful to send only valid traffic to discovered services and specifically avoids any communication over OT protocols that could disrupt the device.This logic is adaptive,and runZeros active scans are customized per target through a policy of progressive enhancement.runZeros progress enhancement is built on a series of staged“probes.”These probes query specific protocols and applications and use the returned information to adapt the next phase of the scan for that target.The earliest probes are safest for any class of device and include ARP requests,ICMP echo requests,and some UDP discovery methods.These early probes determine the constraints for later stages of discovery,including enumeration of HTTP services and application-specific requests.The following diagram describes how this logic is applied.2024P14Safely Probe AssetCreate Empty Flag SetAssets to Scan?Pick AssetInitialize ProbesUpdate Flags with Probe ResultsRun ProbeSafeSkip ProbeUnsafeFor Each Stage in ProbingFor Each Probe in StageFlags Indicate Probe is Safe for Asset?Lastly,runZeros active scans also take into account shared resources within the network path.Active scans will treat all broadcast traffic as a single global host and apply the per-host rate limit to these requests.Scans that traverse layer 3 devices also actively reset the state within session-aware middle devices using a patent-pending algorithm.This combination allows runZeros active scans to safely detect fragile devices and reduce the impact on in-path network devices as well as CPU-constrained systems within the same broadcast domain.For those environments where active scanning is inappropriate or unavailable,runZero also supports comprehensive passive discovery through a novel traffic sampling mechanism.This sampling procedure applies runZeros deep asset discovery logic to observed network traffic,which produces similar results to runZeros active scanner in terms of depth and detail.runZero Research Report2024P15The Cloud Is Someone Elses Attack SurfaceThe commoditization of computing power,massive advancements in virtualization,and fast network connectivity have led to just about any form of software,hardware,or infrastructure being offered“as a service”to customers.Where companies used to run their own data centers or rent rack units in someone elses,they can now rent fractions of a real CPU or pay for bare metal hardware on a per-minute basis.Cloud migrations are often framed as flipping a switch,but the reality is that these efforts can take years and often result in a long-term hybrid approach that increases attack surface complexity.The result is more systems to worry about,more connectivity between systems,and greater exposure overall.CLOUD MIGRATIONSrunZero Research Report/Migration RealitiesOver the last five years,runZero has observed and assisted with dozens of cloud migration projects.These projects often take longer than planned and result in more assets to manage at completion.A common approach to cloud migrations is to enumerate the on-premises environment and then rebuild that environment virtually within the cloud provider.runZero helps customers with this effort by providing the baseline inventory of the on-premises data center and making it easy to compare this with the new cloud environment.During this process,organizations may end up with more than twice as many assets,since the migration process itself often requires additional infrastructure.The migration process can be tricky,with a gradual approach requiring connectivity between the old and new environments.Shared resources such as databases,identity services,and file servers tend to be the most difficult pieces to migrate;however,they are also the most sensitive components of the environment.The result is that many cloud environments still have direct connectivity back to the on-premises networks(and vice-versa).A compromised cloud system is often just as,if not more,catastrophic to an organizations security situation as a compromised on-premises system.Ultimately,the lengthy migration process can lead to increased asset exposure in the short-term due to implied bidirectional trust between the old and new environments.2024P16NEW EXPOSURESCloud providers assume many of the challenges with data center management;failures at the power,network,storage,and hardware level now become the providers problem,but new challenges arise to take their place including unique risks that require a different set of skills to adequately address.Cloud-hosted systems are Internet-connected by definition.While its possible to run isolated groupsof systems in a cloud environment,cloud defaults favor extensive connectivity and unfiltered egress.Although cloud providers offer many security controls,only some of these are enabled by default,and they function differently than on-premises solutions.Cloud-hosted systems are also vulnerable to classes of attacks that are only significant in a shared computing environment.CPU-specific vulnerabilitieslike Meltdown,Spectre,and Spectre v2 force cloud operators to choose between performance and security.The mitigations in place for these vulnerabilities are often bypassed.For example,the recently-disclosed CVE-2024-2201 allows for Spectre-style data stealing attacks on modern processors,a concern in shared-hosting cloud environments.Additionally,the ease of spinning up new virtual servers means that cloud-based inventory is now constantly in flux,often with many stale systems left in unknown states.Keeping up with dozens(or even thousands)of cloud accounts and knowing who is responsible for them becomes a problem on its own.We analyzed systems where runZero detected end-of-life operating systems(OSs),and found that the proportions of systems running unsupported OSs are roughly the same across the cloud and external attack surfaces.This implies that the ease of upgrading cloud systems may not be as great as advertised.runZero Research ReportCloudExternalPast EOLPast Extended EOL10.3%1.7%8.1%1.1%Figure 7:Comparison of end-of-life operating system distribution between cloud and external attack surfaces.Figure 6:CPU-specific vulnerabilities targeting cloud operators.2024P17V1V2HYBRID IS FOREVERrunZero Research Report2024P18Cloud infrastructure is here to stay,but so is on-premises computing.Any organization with a physical presence whether retail,fast food,healthcare,or manufacturing will require on-premises equipment and supporting infrastructure.Cloud services excel at providing highly available central management,but a medical clinic cant stop treating patients just because their Internet connection is temporarily offline.A hybrid model requires faster connectivity and increasingly powerful equipment to securely link on-premises and cloud environments.Even in more simplistic environments,cloud migrations leave behind networking devices,physical security systems,printers,and file servers.All of that equipment will most likely be linked to cloud environments,whether through a VPN or over the public Internet.While cloud migrations can help organizations modernize,these environments still require equally comprehensive asset visibility and exposure management with on-premises infrastructure.The beginning of many great projects start with a researcher saying“thats odd.”One of these moments led to the runZero concept of the“outlier score,”a single,simple numeric value that quantifies how“different”an asset is compared to its neighbors and,importantly,the discovery of how that difference corresponds to the risk associated with a given asset.Identifying risky assets is fundamental to successful exposure management programs,but this process can be challenging due to the quantity and sources of data.In this chapter,we will explore how runZero outlier scores can be used to quickly identify risky assets,even in cases where no vulnerability management data is available.Chapter 3Unusual Assets Are Risky AssetsrunZero Research Report2024P19/Identifying OutliersOur research shows that the outlier score,defined as how unique an asset is within the context of its neighbors,strongly correlates with the risk ranking sourced from third-party vulnerability management data,providing organizations another valuable method to pinpoint potential exposures.RiskcriticalOutlier score500Calculating Outlier ScoresrunZero ingests data from third-party integrations such as vulnerability scanners,device management systems,and security analysis tools,and then combines these data points with our own analysis.This produces a unified numericrisk rank for an asset.In general,the“riskier”an asset appears to be,the higher its rank becomes on the risk scale.runZero looks for assets that differ significantly from their peers,using multiple dimensions and points of comparison.The more an asset deviates from the sites“baseline,”the greater its outlier status from runZeros perspective.This is quantified in a single number,known as the outlier score:the more unusual a device is in its context from the baseline,the higher its outlier metric will be.The outlier metric starts at zero,but has no practical upper bound(though values 600 are fairly rare).Identifying outliers breaks through the noise by highlighting assets that merit further investigation by security teams.Often,sites will have large numbers of very similar assets a server farm of systems running Linux and some routers and switches,or an office with a large number of Windows PCs and printers.In those instances,a small number of,or even a single instance of,unusual devices may indicate that there is an asset that has escaped notice and attention by staff./Research NoteNote that for sites with no“common baseline”of assets,no outlier scores are computed.If they were,everything would be an outlier!the runZero Research Report2024P20Outliers Are Riskier,on AveragerunZero Research ReportrunZero observed that outlier scores are strongly predictive of asset risk.An analysis of 680,000 assets across sites in a variety of organizations and settings revealed that this correlation is quite strong.Figure 8 illustrates the correlation between the average risk rank of an asset with a given outlier score;color intensity indicates overlapping data points.Lines of best fit are provided for all data points(black),and those with an outlier score 300;higher outlier scores indicate that an asset is more unusual.4.03.53.02.52.01.51.00.50.00.00500600700800Figure 8:Average risk rank versus runZero outlier score.By definition,most assets have a relatively low outlier score,but note that there is a particularly strong correlation between outlier score and risk rank.It is especially notable that very few devices have an outlier score 300 without also having a risk rank 2.0.This correlation is particularly notable for its predictive power.In general,an asset with an outlier score 250 has a 78%chance of having a risk rank 2.0.Importantly,the opposite also generally holds true:an asset with an outlier score of 250 has a 69%chance of having a risk rank 2.0.Average Risk RankOutlier Score2024P21GuidanceAn unusual asset may be riskier than its peers,but that doesnt guarantee that it will be noticeable.The outlier score can often reveal when assets differ from the baseline in ways that would not necessarily be apparent to staff:for example,an unusual round-trip time on TCP connections,a slightly different set of services running,and so on.runZeros research shows that these assets,even if just slightly unusual,are often significantly riskier than others.The outlier score gives security practitioners a powerful tool to find riskier assets even when no one else might notice.runZero Research Report2024P22RiskcriticalOutlier score500Make new friends,but keep the old:one is silver,the other gold.Despite enormous advances within information technology,security practitioners are still plagued by common problems.Advances in secure-by-default designs,zero-trust architectures,and overall security awareness all help,but organizations still struggle with end-of-life assets,network dark matter,and segmentation challenges.These problems are difficult to solve and they often exist outside of defenders areas of control.Most importantly,from the attackers perspective,they still provide easy footholds into an environment.End-of-Life Is Not the EndAll of the system hardening and security patches in the world cannot protect a system that is not updated to use those features.System vendors generally provide patches and updates for a limited timespan.At that point,end users must invest in an upgrade to a newer version of the system or fend for themselves and hope for the best with an end-of-life(EOL),outdated asset lurking on the attack surface.EOLed systems often stick around for years,mostly forgotten but still part of an organizations infrastructure and,therefore,its attack surface.New vulnerabilities are still discovered and exploited in these outdated systems as the April 2024 D-Link NAS issue illustrated.Despite the known exposure,being EOL means that fixes will not be forthcoming.While this may seem like an academic exercise,EOLed systems are surprisingly common.Our findings show many still-active EOLed operating systems in various environments.Chapter 4Some Old EnemiesrunZero Research Report2024P23OPERATING SYSTEM END-OF-LIFEOperating systems typically have multiple phases of vendor support,referred to as a support lifecycle.The duration of the lifecycle and services provided in various stages vary from vendor to vendor,usually tapering off with fewer updates and patches in later stages.The two phases we are most concerned with are:runZero Research Report2024P24Mainstream support:during which vendors release patches that may add new features,fix bugs,or mitigate security vulnerabilities.Extended support:during which only critical bugs and vulnerabilities are addressed.While some vendors terminology and phases may slightly differ,generally speaking,most support lifecycles can be broadly mapped to these two phases.When a vendor stops providing upgrades for non-critical issues,the product is considered in an“End-of-Life”(EOL)status.There may be an additional period known as“Extended-End-of-Life”(EEOL)during which the vendor continues to provide updates for critical issues.EOL and EEOL can happen concurrently or separately depending on the system and the vendor.Most importantly,after EOL,systems no longer receive critical updates or security patches,and thus become much greater risks to keep around.But around they are!Systems have a long tail:if they still work,replacing them with a supported alternative may be more trouble than its worth.In some cases,the responsible staff cant or wont;in others,the system may host critical functions that are not supported on newer systems.Uptime guarantees and financial considerations may also play a role.The presence of Windows Server 2012 R2 isnt very surprising;it reached extended EOL only very recently,in October of 2023.While unfortunate,its not unusual for server migrations to drag on past EOL dates due to logistical and compatibility concerns.runZero Research Report2024P25Figure 9:Top OS past extended EOL.Microsoft Windows Server 2012 R212.69%Ubuntu Linux 14.04.x7.66%Microsoft Windows 10(1809)5.90%Microsoft Windows 75.30%Microsoft Windows 10(1909)5.01%Microsoft Windows 10(1607)4.68%Microsoft Windows Server 2008 R24.03%VMware ESXi 6.7.03.11%VMware ESXi 6.5.02.23%Microsoft Windows 10(20H2)2.16%When we look at our sample data for operating systems that are past their extended EOL dates,we see that the majority are running some version of Microsoft Windows:The second major group is composed of various Windows 10 releases.Windows 10 was originally released in July of 2015.Microsoft has generally released two major updates for it every year since.Typically,updates released in the first half of the year are supported for 18 months and those released in the second half are supported for 30 months.There are some variations on this theme,with Long-Term Servicing Channel(LTSC)editions,for example,having longer lifespans.runZero Research Report2024P26Figure 10:Windows 10 past extended EOL.Microsoft Windows 10(1809)28.31%Microsoft Windows 10(1909)24.06%Microsoft Windows 10(1607)22.45%Microsoft Windows 10(20H2)10.38%Microsoft Windows 10(1803)7.69%Microsoft Windows 10(21H1)3.67%Microsoft Windows 10(1709)1.77%Microsoft Windows 10(1703)1.33%Microsoft Windows 10(1511)0.33%runZero Research Report2024P27EXPOSED SYSTEMS PAST EXTENDED EOLWhile operating systems outside of their extended lifespans are always worth looking into,those with exposure to an external attack surface are particularly worrisome.Of all systems exposed to an external attack surface and for which EOL data was available,7.9%were past their extended EOL dates.That means that roughly 8%of all devices exposed to external attackers are probably not receiving security updates.For server operating systems specifically,approximately 6%were past their extended EOL dates,with the individual percentages varying across operating systems.Of particular note is VMware ESXi,with over a third of exposed systems being past their extended EOL date.Figure 11:Server operating systems with external attack surface exposure,past extended EOL.VMware ESXi34.4bian Linux11.7%Windows8.7%Ubuntu Linux7.3%Windows Server3.1%Enterprise Linux(RHEL&derivaties)1.2SE STUDY:THE BOA WEB SERVERThe Boa webserver is an open source web server designed to have low resource requirements for users and to be compatible with embedded applications.The last official release of the Boa webserver,version 0.94.14rc21,was in February of 2005.For comparison,the Colts have won a Super Bowl more recently than the latest release of the Boa web server,and the Colts havent won a Super Bowl since 2007!There are known vulnerabilities in Boa that have been exploited in critical infrastructure in the past.For example,in November 2022,Microsoft disclosed that Boa web servers in Internet-of-Things(IoT)devices were a common attack vector against power grids in India.While it is relatively easy for an administrator to determine if a server is running Boa,it is much harder to detect in an embedded device.Boa is common in embedded devices like security cameras and IP phones that are widely deployed in enterprise networks.Therefore,curating an accurate inventory of an organizations embedded devices,not just servers,that are running Boa is critical for protecting these networks.Figure 12:Boa web server version distribution in runZero data.Figure 13:Device types still running Boa in sample runZero data.58.07&.12%8.4%2.57%2.02%1.42%0.95%0.29%0.13%0.03%Boa/0.94.14rc21Boa/0.93.15Boa/0.94.13Boa/0.94.14rc18Boa/0.94.14rc19Boa/0.94.14rc20Boa/0.94.101wkBoa/0.92oBoa/0.94.11Boa/0.94.8.3Network-Attached Camera92.3%Media&Telephony Devices5.5%Environmental Control Devices0.9%Network Devices0.9%Industrial Control Devices0.3%runZero Research Report2024P28Dark Matter:IoT&Embedded DevicesThe level of attention,monitoring,and updates that network-connected devices receive can be divided into a three-tier hierarchy,a“hierarchy of visibility”as it were.At the top level,there are devices that humans interact with directly,or form part of a production system:our laptops,desktops,servers,routers,and switches.They tend to have high visibility to the information security team via mechanisms like Simple Network Management Protocol(SNMP)and endpoint management(EPM)software.These systems usually get frequent,managed updates that are often installed automatically and en masse.The middle tier consists of“limited visibility”devices present in every office:smart TVs and projectors,media devices like Rokus and Apple TVs,wireless access points,and printers.These devices often support updates over the network but may not receive frequent updates and may require manual intervention to apply them.How often do we think about updating the firmware on our venerable Brother printers?And last but not least,the dark matter of networks makes up the bottom tier.Much like dark matter in cosmology,these devices are present on the network and their influence can be felt,but they are mostly invisible to IT and management tools.These are things like thermostats,smart plugs and lights,aquarium pumps,refrigerators,sprinkler systems,physical access control systems,and so on.These devices often fade into the background and can go relatively unnoticed for years.Updates are likely infrequent or nonexistent,and may require manual intervention if they can even be applied at all.runZero Research Report2024P29Some human interaction when people notice when they stop working.Particularly vigilant teams may monitor these devices more closely.EDR and EPM mechanisms,SNMP and other management protocols,frequent human interaction.A lot of security teams may not even know these devices are on the network,or simply view them as a curiosity when they see them.runZero Research ReportP30Figure 14:Device types by visibility.MonitoredDevicesDevices w/Limited VisibilityDarkMatterTypical VisibilityMechanismUpdate CadenceRelative Percentage of Total Device TypesModerateHighLowMuch less often,and sometimes never.Devices often require manual intervention to apply security patches and updates.Often automatic and en masse,with rapid response to known threats.Very often never,and may not even be upgradeable.Often run firmware that is many years out of date.Devices in the last two tiers often outnumber the“visible”devices,sometimes significantly.Analysis of the runZero cloud data for physical assets(excluding virtual machines)indicates that limited visibility devices make up a whopping 45.46%of discovered devices,with true dark matter devices making up a further 19.09%.202419.09E.465.45%The Decay of SegmentationThe premise behind network segmentation is that security can be improved by preventing communication between systems with different trust levels and business functions.A company may offer a wireless guest network to office visitors,but does not want those visitors to be able to talk to critical file servers or security equipment.Segmentation is the most popular approach to securing unmanaged devices;if we are unable to enforce policies on the device itself,placing that device on a separate network that has little access to anything else can reduce the risk of a compromise.With the massive increase of“smart”IoT devices,even ISP-furnished residential routers now offer segmentation features.Segmentation is a widely-accepted approach to improving network security,to the point where overlooking network segmentation can violate the requirements of common industry requirements and best practices,such as PCI DSS.Figure 15:A simple example of network segmentation.runZero Research ReportP312024Segmentation as a goal is great,but its prone to failure,and often in ways that are not obvious to the team responsible for its implementation.Segmentation assumes that systems are organized into groups based on their business function and that those systems are prevented from communicating with other groups.Cracks appear quickly as the number of systems in the segment grows,primarily for two reasons:Each additional system in a network segment has the ability to weaken the security of the whole segment.This happens when a system is added that exposes additional network services or that accepts a different form of authorization relative to its peers.Any compromise of a system in that segment can provide a foothold for additional attacks,many of which are only possible when the attacker is on the same local network.The wider the variety of services and authentication sources available,the greater the chance of a successful attack,and this exposure scales with every addition.Modern equipment is complex and it is rare for any system to have a single network interface.Nearly every device we interact with has more than one way to communicate.The phones in our pockets may support a dozen concurrent network interfaces at once(wireless,Bluetooth,4G/5G,AWDL,NFC,and more).A modern laptop ships with a half-dozen interfaces out of the box.The humble network printer arrives with wireless,Bluetooth,and Ethernet enabled by default.Segmentation assumes that placing a device on a network limits its access,but that isnt true when every device has multiple network interfaces,and these interfaces allow an attacker to hop between physical connections using wireless protocols.runZero Research ReportP322024CASE STUDY:THE OFFICE PRINTERThe humble office printer is a great example of the challenges with network segmentation.A typical all-in-one(or multi-function center,aka MFC)printer arrives with Ethernet,Bluetooth,and wireless networks configured out of the box.The printers wireless interface is exposed as an open access point,allowing anyone within physical range of the device to connect and communicate with the printer.For many reasons,printers are often connected directly to wired Ethernet and the wireless interfaces are still left enabled.From a security perspective,any device with multiple networks(known as multi-homed devices)can introduce risk,but how risky is this printer example?If an attacker is able to compromise the printer and relay traffic,certainly that is bad,and while its been demonstrated repeatedly (including attacks via the Fax modem),lets assume that future printer firmware is more secure,and opportunities to directly compromise the printer are less common.Unfortunately,printers often ship with another tricky feature,and one that isnt possible to disable:IP forwarding.Many printers act like network routers and offer no way to configure this behavior outside of disabling all but one network interface.runZero Research Report2024P33IP forwarding allows an attacker connected to one side of a device to route packets through to a network on the other side.This doesnt always mean that network address translation(NAT)is enabled,but even one-way packet delivery into a target network can be disastrous,as source-address spoofing can be used to force target devices to reply to an Internet-facing public IP,providing a two-way communication channel into what should be an isolated network.Figure 16:An example of a segmented network,with several devices potentially breaking that segmentation./Research NoteEven single-interface devices with IPforwarding enabled can be abused to force a device to repeat a message from its own MAC address and network.Printers are not the only type of device that forwards IP traffic between network interfaces by default;runZero tests for IP forwarding during active scans,and has identified this behavior across IP telephones,network storage appliances,media servers,network cameras,DVRs,battery backup units,smart TVs,video game consoles,and even smart light bulbs.Even industrial automation equipment from HVAC controls to programmable logic controllers(PLCs)inexplicably enable IP forwarding.Why does this happen?Oftentimes these devices have virtual network interfaces that are only visible to the firmware itself.To communicate across these virtual interfaces,IP forwarding must be enabled,and no firewall rules were added to prevent the forwarding capability from accepting packets on external interfaces.runZero Research Report2024P34In 2024,nearly every device can be a router.Figure 17:A network diagram showing unexpected network bridging points.192.168.60.0/24100.106.248.0/24192.168.30.0/24192.0.0.0/24192.168.1.0/24192.168.1.0/24192.168.0.0/24192.168.40.0/24GLOBAL INTERNET(RESEARCH-ROUTER)192.168.1.64(HTD2617V1320200105AA)192.0.0.64(TV-IP310PI20161101CCWR)192.168.30.1(OPNSENSE)192.168.0.3(RAPID7SECURITY-CONSOLE)192.168.0.162(GITHUB-RUNNER-1)192.168.0.162(SLAB)This behavior can also surface on servers and workstations.For example,if a developer is using containers for development on their laptop,the container environment often creates virtual network interfaces,and enables IP forwarding for communication across the interfaces.Just like the case of the network printer,if that laptop is connected to both a wired and wireless network,the IP forwarding feature effectively turns their laptop into a router between these segments,since no firewall rule prevents it.Segmentation is still one of the best tools we have to improve security,but its limitations are becoming more obvious with modern equipment.Figure 18:Unusual devices with IP forwarding capabilities.Box sizes indicate relative frequency in our dataset.Printer or Multifunction Device NAS or Storage Appliance IP Phone Media Server Print Server Building Automation or Environmental Control/Monitoring Sensor DVR Video Conferencing IP Camera Power Device Smart TV BACnet Light Bulb Media Player Thermostat Scanner Access Control Home Automation Point of Sale Payment Device Barcode Scanner Power Meter Light Switch Game Console Voice Assistant Wireless Presenter Automobile Thin Client Vacuum Cleaner Smart Plug Video Encoder Media Gateway Industrial Control HID Test InstrumentrunZero Research Report2024P35 Ricoh IM C3000 SamsungSL-M3820ND Xerox WorkCentre6605DN Synology DiskStation DS220 Datto Backup Appliance Western Digital WD2GOMost surprising to runZero Research.Change is the only constant.As new technologies come into play and older technologies evolve,novel vulnerabilities can emerge.The runZero research team constantly seeks to uncover previously unknown threats,to track emerging threats,and to identify threats that may become consequential in the near future.Over the last year,the runZero research team has noted some significant trends.Exploitation of emerging threats is happening at an unprecedented pace,shifting the dynamics around zero day vulnerabilities.Weve also observed a massive uptick in attacks on secure gateway devices and an increasing number of zero day vulnerabilities exploiting critical products,especially border gateway devices,such as Ivanti Connect Secure systems.And finally,supply chain attacks are more sophisticated and foreboding than ever before.Zero Days Are-1 DaysThe term zero day(sometimes spelled 0day)describes a vulnerability that is exploited“zero days”after a vendorknew about it in other words,vulnerabilities that are known to and exploitable by attackers before they are known to vendors.Zero day vulnerabilities are critical threats,because they essentially place all of the power in the hands of attackers.They are one reason why defense-in-depth is so important:the only way to stop a zero day is tomake sure it never reaches its target.Chapter 5Emerging ThreatsrunZero Research Report2024P36Notable Emerging ThreatsOnce a zero day vulnerability is discovered,the clock starts ticking.How quickly can a vendor release a patch for the vulnerability?How many systems will be compromised before the patches can be applied?Will every system get patched?How can we know?It is absolutely critical that potentially vulnerable systems be located as quickly as possible when a zero day is discovered so that they can be patched(if a patch is available)or removed from potential attack paths(if not).At runZero,our Rapid Response procedure is invoked when a new zero day is discovered,with the goal of creating mechanisms that empower customers to quickly find and protect vulnerable assets in their inventory.By leveraging data that has already been captured,this can be accomplished without rescanning,providing immediate visibility for existing assets in addition to finding new potentially vulnerable assets going forward.CASE STUDY:CISCO IOS-XErunZero Research ReportP372024/Research NoteIn the first four months of 2024,runZero published 23 Rapid Responses covering 60 distinct vulnerabilities.Notably,more than half were vulnerabilities that were being actively exploited in the wild.The Cisco IOS-XE Web UI vulnerability and subsequent mass-compromise made information security headlines in late 2023.Cisco IOS-XE is a Linux-based operating system for Ciscos high-capacity routers and switches.In October of 2023,Cisco reported two vulnerabilities in IOS-XE.The first allowed an attacker to create a new,unprivileged user on the system through the web interface.The second allowed any unprivileged user to escalate their privileges to root and write files to the filesystem.Combined,these two vulnerabilities enabled an attacker to take complete control of a vulnerable system.It was estimated that prior to disclosure,over 10,000 systems were already infected with malicious code.Within a few days of disclosure,it was estimated that over 50,000 systems had been compromised and backdoored.CISCO IOS-XErunZero Research ReportP382024There were two interesting things about this vulnerability.First,the initial announcement from Cisco included a list of indicators of compromise(IOCs)telltale signs that users could look for to see if their device had been breached.The inclusion of IOCs in an initial announcement is always a bad sign;it means that there is already a significant population of compromised devices.Second,the initial vulnerability was through the administration web interface of the device.Security best practices require that such interfaces be disabled or reachable only from trusted sources.However this proved not to be the case for tens of thousands of systems that had their administration interface open to the public Internet.Given the numerous Cisco devices in many organizations,security teams needed to be able to quickly locate the systems running IOS-XE specifically and then isolate those with their web interfaces exposed,enabling them to swiftly remediate these devices under the pressure of active exploitation.In response,runZero released a query that located IOS-XE devices with exposed administrative interfaces in a matter of hours.CASE STUDY:D-LINK NASWhen a zero day is identified,the clock starts ticking until the vendor releases a patch.But what if the patch never arrives?In April 2024,D-Link announced a vulnerability in its DNS family of Network Attached Storage(NAS)devices,which enable users to store and share files over a network.These devices are EOL;the most recent model in this family ceased to be under support in 2020.Consequently,D-Link was unable to provide security updates and the official recommendation was to retire and replace these devices.NAS devices have a long lifespan in homes and businesses,and are often used by small businesses without dedicated information security teams to enforce best practices.runZero research quickly located tens of thousands of these vulnerable devices exposed on the public Internet.Because these sorts of devices tend to be deployed in small offices without dedicated staff,its essential for organizations to detect when they are present on their networks.Failure to do so leaves the organization vulnerable to attack,making it important for asset inventory solutions like runZero to discover and highlight these vulnerable devices.D-Link NASSecure.Gateway.Pick One.The COVID-19 pandemic accelerated the growth of remote work.According to USA Today,14%of the American workforce works remotely on a full-time basis and some estimate that number will increase to nearly 25%by the end of 2025.runZero Research ReportP39202414%American workforce working remotely2024Estimatedincrease of remoteworkforce 2025Organizations have leaned on secure gateway devices to bridge the moat between the secure corporate network and their remote employees,allowing remote workers to access corporate tools while working offsite.Given their nature and purpose,secure gateway devices are extremely attractive targets to attackers.They must be exposed to the public Internet in order to function;they are often used to transmit secure information;and they are designed to allow(controlled)access to the secure inner network.As such,when multiple critical vulnerabilities were discovered in these devices over the past several months,attackers wasted no time exploiting them.The blast radius from these attacks was widespread,with subsequent effects ranging from stolen personally identifiable information(PII)to persistence tools left behind by attackers to prolong exploitation effortsfor long-term gain.runZero Research ReportP402024ENEMY AT THE GATESThe Ivanti attacks are not unique.Major vulnerabilities have been recently discovered and exploited in a large number of gateway and remote collaboration systems.In the first four months of 2024 alone,vulnerabilities and compromises were disclosed in gateway and remote collaboration systems from Fortra,AnyDesk,ConnectWise,Progress Software,and TeamCity.Attackers are increasingly focusing their efforts on these gateway and remote collaboration systems,a departure from their historical focus on servers and client systems.If a gateway is present,its a likely target.CASE STUDY:IVANTIIvanti Connect Secure is a popular SSL-VPN solution,providing remote access from any web browser to internal organizational resources.Three times in the first half of 2024,in January,February,and April,Ivanti disclosed critical vulnerabilities in their Connect Secure systems.The initial disclosure on January 10th was communicated with an ominous note that stated there was active exploitation of the vulnerability in the wild.As these systems have a heavy presence in government organizations and large corporations,exploitation poses a potential threat to national security.By January 31st,the Cybersecurity and Infrastructure Security Agency(CISA),the agency responsible for the cybersecurity of the United States federal governments networks,issued an emergency directive requiring all federal agencies remove the affected Ivanti products from their networks by February 2nd.CISA indicated that two of their own systems were compromised as a result of these issues.It is suspected that these vulnerabilities were exploited by adversarial nation-state actors affiliated with military,intelligence,or cybersecurity agencies.Ivanti“Threat actors have recently developed workarounds to earlier mitigations and detection methods.”Supply Chains Under Attack:Witness XZ UtilsrunZero Research Report2024P41On March 29th,the world woke up to what will likely(hopefully?)be the biggest security exposure of 2024.Microsoft engineer Andres Freund announced that a backdoor had been discovered in the xz-utils project.xz-utils and its associated xz file format are extensively used in open source and proprietary software,and the tools and associated libraries are widely included in existing operating systems and applications.Notably in this context,the library implementing the compression algorithm,liblzma,is linked into various system services by several popular Linux distributions.The backdoor leaned on this linkage to allow authentication bypass in OpenSSH servers on these systems.Had the backdoor not been discovered when it was,the downstream impact would have been catastrophic:popular Linux distributions,deployed in all sorts of environments,would have been open to attack and compromise.Both fascinating and terrifying,the story behind how the xz-utils backdoor was planted is one for ages,involving sophisticated social engineering strategies that played out over several years to gain trust and then take advantage of that trust at opportunistic moments.The attack serves as a stark reminder that cyber criminals and nation states are increasingly innovative,advanced,and persistent in their techniques,and that they are willing to play the long game to reap significant rewards.This is particularly true when it comes to targeting supply chain attacks.The long-term impact of a compromised supply chain is hard to quantify given the immense scope,making attacks of this nature one of the biggest threats we face today.We should all count ourselves lucky that the xz-utils backdoor was caught in the nick of time.runZeros Response to XZ UtilsRated as critical with a CVSS score of 10.0,the entire information security world was united and immediately mobilized when the xz compromise was announced,recognizing the severity of a backdoor that could allow a threat actor to run arbitrary commands without authentication through vulnerable SSH daemons.runZeros Rapid Response process was similarly invoked given the gravity of the situation,with the goal of helping security teams quickly identify potentially affected systems.To start,we knew that almost every Linux server would be running SSH of some sort,so simply saying“look at all these Linux systems running SSH”was not particularly helpful.Additionally,distributions like Fedora and Kali are often used in one-off installations,outside of the scope of regular IT controls the so-called“shadow IT”of an organization.We asked ourselves the$65,535 question:how do we detect systems that could contain this backdoor,even the systems IT doesnt know about?To answer it,we found and installed the vulnerable versions of the compromised Linux distributions so that we could experiment with them.We then documented the versions of OpenSSH that corresponded to the versions in the vulnerable systems,as well as how OpenSSH reported itself in each of these environments(the“version exchange”that is sent by OpenSSH upon receiving a new connection).To further narrow results,we leveraged runZeros novel operating system identification.Every operating system has slight quirks in how it talks on a network,using slightly different sets of values or behaviors that are within the bounds of the standard.runZero Research Report2024P42/Research NoteOur research team maintains a compendium of“network protocol quirks”that can identify an operating system,often down to individual kernel versions and operating system releases,based solely on how these systems communicate on a network.In this case,we built a comprehensive data set mapping eight different low-level network protocol stack fingerprints and OpenSSH banner values to Linux kernel versions and Linux distribution identifiers,which resulted in this simple query:The query can be described colloquially as“find OpenSSH versions that are new enough to be vulnerable,running on top of versions of the Linux kernel recent enough to have been part of the vulnerable releases.”It does this by looking for telltale low-level behaviors in the relevant Linux kernel versions network stacks,along with SSH pre-authentication banners,to find systems that fit the profile of potentially compromised systems.This query will detect potentially vulnerable systems even if SSH is the only service theyre running,without the need to have endpoint management present or have the devices participate in a software inventory./Research NoteThis means potentially vulnerable devices could be located even if we didnt know they existed in the first place._asset.protocol:sshAND protocol:sshAND tcp.winScale:=7AND(tcp.win:=31856 OR tcp.mssMultiplier:=22 OR tcp.mssMultiplier:=23)AND(banner:=”SSH-2.0-OpenSSH_9.6”OR banner:=”SSH-2.0-OpenSSH_9.6p1bian%”OR banner:=”SSH-2.0-OpenSSH_9.7p1bian%”)runZero Research Report2024P43Debian LinuxSSH-2.0-OpenSSH_9.6p1 Debian-5Debian LinuxSSH-2.0-OpenSSH_9.7p1 Debian-2Debian Linux 11.0SSH-2.0-OpenSSH_9.6Debian Linux 12.0SSH-2.0-OpenSSH_9.6p1 Debian-3Debian Linux 12.0SSH-2.0-OpenSSH_9.6p1 Debian-4THE FALLOUTIn the end,how many vulnerable systems are there out there?Well likely never know for certain,but the backdoor did make it into the real world.Systems were,and almost certainly still are,affected.From the runZero perspective,we were able to look back at the asset data from just before the backdoor was discovered,and we found approximately 30 systems in disparate environments that were potentially affected and exposed to the Internet.Importantly,we were able to alert the security teams managing these systems,narrowing firefighting efforts down from hundreds of thousands of systems to 30 systems that needed immediate attention.Figure 19:A sample of matches illustrating the detected operating system and SSH version advertisement.runZero Research Report2024P44Years ago,a“snapshot”was a photograph taken on the spur of the moment,without preparation.Nowadays,it means a moment frozen in time.While poetic,its also accurate:we can look at the state of security only as it was at a given moment,but never as it is now.In this chapter,we dig deep into modern operating system fingerprinting through the lens of TCP/IP and four protocols critical to network security and system management.We present runZeros observations on the state of Secure Shell(SSH)deployments,Transport Layer Security(TLS)stack demographics,the awkward state of the Remote Desktop Protocol(RDP),and review the long tail of the Server Message Block(SMB)protocol.This snapshot provides some much-needed ground truth,especially in light of CISAs Binding Operational Directive 23-02,which focuses on mitigating exposure from Internet-facing remote management interfaces.Chapter 6Fingerprints&SnapshotsrunZero Research Report2024P45Fingerprinting ConceptsFor the purposes of this section,“fingerprinting”is defined as the process of trying to identify,with as much precision as possible,some aspect of an asset.Fingerprinting techniques generally fall into one of three categories:There can be significant variation in the precision that can be achieved when fingerprinting.In one situation we may be able to identify the operating system and exact build number.In another case,it may only be possible to vaguely bucket the asset into an OS family such as“Windows”or“Linux.”Both outcomes can be possible against the same asset depending on which protocols and services we can observe.runZero Research Report2024P46Self identification:The asset,via protocols,announces what it is.Attribute based:Identification is accomplished via a set of observed values that are known to be unique to or indicative of a specific kind of asset.Behavior based:Identification is accomplished by observing how the asset responds to certain stimuli.Operating System FingerprintingrunZero Research Report2024P47Identifying the operating system(OS)of a network-connected system,without credentials,and with minimal services,has always been a game of precision.Some of the trickiest examples are the forks of the Red Hat Enterprise Linux(RHEL)distribution.Often,the only real difference between these distributions is the replacement of Red Hat trademarks and branding with that of the particular Linux project.In many cases,these distributions are byte-for-byte identical,at the package level,and at the network level.These present a challenge to remote fingerprinting as a result.To overcome these challenges,we collect and analyze enormous amounts of data.Our first pass at trying to differentiate the RHEL derivatives used a combination of two attributes,such as SSH version negotiation strings and the TCP Receive Window size.Over time,we realized this wasnt going to be sufficient and that we needed more and better data.Analyzing data at scale is useful,but in situations like this it is vital to know exactly what combination of distribution and version leads to what results.For this effort we built hundreds of virtual machines running as many versions of the different distributions as we could.In some cases,these releases were over two decades old!/Research NoteCentOS and certain other Linux distributions such as Oracle Linux were originally forks or“bug and binary compatible”redistributions of Red Hat Enterprise Linux.The relationship changed in 2021 when Red Hat,which acquired CentOS in 2014,discontinued CentOS Linux and created CentOS Stream.With this change CentOS would no longer be downstream of RHEL but would instead be the upstream source from which RHEL is created.The logical flow now has Fedora as the root with both CentOS and RHEL downstream.In response to CentOS Linux being discontinued two new distributions were created:AlmaLinux OS and Rocky Linux.VERIFY TARGET,ONE SYN ONLYFrom each of these virtual machines we collected as much information as we could about how the TCP stack communicated.While it is true that fingerprinting an operating system via TCP stack quirks has been a thing for years,our challenge was to improve our detection while sending the absolute minimum amount of traffic and,importantly,to look for evidence that would persist through common configuration changes by the system administrators.To explain our findings,we first need to define some terms:TCP Receive Window:Maximum amount of data that a particular endpoint can receive and buffer.The sending host has to stop after sending the maximum amount of data and wait for ACK and window updates.MTU:Maximum transmission unit,which is the largest packet that the network interface can accept.MSS:Maximum segment size,which is the maximum amount of TCP data that can fit into a single packet,calculated as the MTU minus the protocol headers.TCP Window Scale:An optional factor by which the TCP Receive Window is scaled;this allows receive windows to exceed the maximum of 65535 bytes that can be specified in the TCP Receive Window field.Of the TCP attributes that we observed,the one that provided the murkiest fingerprinting results was the TCP Window Scale.The values for it,when present,range from 0 to 14.With this information,we can usually determine if the target is running a general family of operating systems.runZero Research Report2024P48TCP Window ScaleOperating System2Linux 2.x prior to 2.6.185/6BSD-based systems,including Apple MacOS,iOS,iPadOS,and tvOS7Linux 2.6.18 and higher8Microsoft Windows and miscellaneous others such as Roku OS9VMware ESXi,certain embedded Linux devicesFigure 20:TCP Window Scale by Operating System.Combining the TCP Receive Window and MSS offered the next significant improvement.In our past work,leveraging the Receive Window size sometimes yielded values that seemed to change unexpectedly.The reason why became clear when we looked at the data from the lab.The key points were:Changes to the link-layer MTU impacts the value of MSS,since MSS is calculated as the MTU minus the size of certain TCP/IP headers.MSS is different between IPv6 and IPv4 due to the IPv6 IP headers being 20 bytes larger.For Linux-based systems,Receive Windows less than the maximum value were almost always an even multiple of MSS.Due to the MSS difference mentioned above this means that the Receive Windows would vary as well.Critically,the MSS multiplier for Linux-based OSes correlated with the Linux kernel version.With the information above in hand,we can organize Linux systems into specific kernel version buckets based on the observed multiplier.That is quite a bit of information from the response to a single SYN packet!Figure 21:A table indicating the relationship between IPv4/IPv6 MSS Multiplier and Linux Kernel version.IPv4 MSS Multiplier IPv6 MSS Multiplier Linux Kernel442.x to 2.6.32-13110102.6.32-220 to 3.10.22920203.10.0-327 to 4.18.045455.0 to 6.5.x22236.6 to currentThe kernel version also offers a hint as to the relative age of the system.A MSS multiplier of 4 indicates that the machine is likely running an ancient version of Linux,far beyond EOL,and certainly not something that should still be in production.runZero Research Report2024P49A LITTLE FROM COLUMN A,A LITTLE FROM COLUMN BTCP-based fingerprinting by itself doesnt improve fingerprinting of RHEL derivatives as much as wed like.Since most of the systems in our analysis had SSH running,we looked for patterns in RHEL-derivative type and version in the light of SSH version negotiation advertisements (for example,SSH-2.0-OpenSSH_8.7)combined with the Linux kernel version.This strategy quickly yielded results.We found that we could generally identify the distributions major version,and in some cases,minor version range as well.The screenshots below demonstrates how specific patterns pop out underbulk analysis.runZero Research Report2024P50Figure 22:A table illustrating the relationship between different Enterprise Linux distribution versions and various network attributes.PlatformVersionSSH bannerv4tcp.winv4MSSMSSMultiplierv4 WindowScaleCentOS Linux7.1SSH-2.0-OpenSSH_6.6.07CentOS Linux7.2SSH-2.0-OpenSSH_6.6.07CentOS Linux7.3289601460207CentOS Linux7.4SSH-2.0-OpenSSH_7.4289601460207CentOS Linux7.5289601460207Oracle Linux Server7.7289601460207CentOS Linux7.9289601460207Oracle Linux Server7.9289601460207Scientific Linux7.9289601460207CentOS Linux8.0SSH-2.0-OpenSSH_7.8289601460207Oracle Linux Server8.0289601460207CentOS Linux8.1SSH-2.0-OpenSSH_8.0289601460207AlmaLinux8.9289601460207Red Hat Enterprise Linux8.9289601460207Rocky Linux8.9289601460207Oracle Linux Server8.9289601460207Oracle Linux Server8.7SSH-2.0-OpenSSH_8.0651601460457Oracle Linux Server8.9651601460457Oracle Linux Server9.1SSH-2.0-OpenSSH_8.7651601460457Oracle Linux Server9.2651601460457Rocky Linux9.2651601460457AlmaLinux9.3651601460457Oracle Linux Server9.3651601460457Red Hat Enterprise Linux9.3651601460457Rocky Linux9.3651601460457As we can see in this screenshot,by combining SSH version advertisement and various measured TCP quirks,it is possible to narrow the Linux distribution involved,often down to individual point releases.Even when it is not possible to precisely determine the version,it is almost always possible to determine if the distribution in question is derived from RHEL.runZero Research Report2024P51Figure 23:runZero detecting operating systems derived from Red Hat Enterprise Linux.Secure ShellThe Secure Shell(SSH)protocol is an encrypted network protocol used to access an interactive shell and perform file transfers between systems over untrusted networks.SSH is the de facto management protocol for non-Windows machines(and even some Windows systems),replacing the Telnet protocol from days past.The most recent version of the protocol,SSH-2,was standardized in 2006 and provides a high level of security when configured correctly.runZero analyzed aspects of SSH in the ecosystem to explore how SSH is being deployed in the real world.MY VOICE IS MY PASSPORT,VERIFY ME.The Secure Shell protocol consists of three phases.First,a secure transport is negotiated,similar to TLS.After the transport key negotiation is complete,the client attempts to authenticate,specifying one of a handful of known methods,and the server replies indicating whether the authentication succeeded and what remaining authentication methods are available if not.Finally,after successful authentication,a session is opened.This session enables access to channels,which in turn provide interactive shells,port forwarding,agent forwarding,and file transfer capabilities,among other options.The three most common authentication mechanisms are:Of the three mechanisms,publickey is by far the most secure and considered best practice.This type of authentication also supports key certificates,which provide even stronger security for key issuance and revocation.In publickey authentication,a users public key is stored in their profile on the destination system and only someone with the corresponding private key can authenticate.This prevents compromise through password-guessing attacks.runZero Research Report2024P52Password:Traditional username-plus-password authentication.Publickey:Uses public-key cryptography,where the client provides proof of the private key by signing a challenge from the server.Keyboard-interactive:Accommodates multiple back-and-forth steps to support additional challenges,like one-time passwords or multi-factor authentication tokens;however,the presence of keyboard-interactive doesnt guarantee stronger authentication as many systems are configured to treat it effectively the same as password authentication.In our survey of SSH endpoints,54%support both password and publickey authentication.This is the default for many modern SSH services,and allows the optional use of a strong public key while allowing for the ease of password setup.In general,best practices recommend that the password mechanism be used only to set up public key authentication,after which it should be disabled.Leaving password authentication enabled exposes systems to password enumeration attacks and the potential for user-set weak passwords.Password authentication is more common on storage and networking devices,where accounts are less likely to be associated with individual persons.Often,though,these systems still support publickey authentication,which should always be preferred over password authentication where possible.Looking at the big picture,95%of SSH endpoints offer publickey authentication.Whether these systems are configured to use it is another question entirely.What is perhaps somewhat disheartening is that,while 95%of endpoints support the most secure mechanism,approximately 92%still support some form of password authentication as well.runZero Research Report2024P53Figure 24:A partial screenshot of runZero showing the results of an SSH scan.Figure 25:Distribution of SSH authentication method combinations.password publickey53.91%keyboard-interactive password publickey23.67%keyboard-interactive publickey9.81%publickey8.02%password3.32%keyboard-interactive password1.17%keyboard-interactive0.09%SSHIP OF THESEUSSSH servers identify themselves by way of an SSH host key pair.Just as key pairs allow users to prove their identity,so too do host keys allow servers to prove their identity to users.This functionality is critically important.Without it,users could be tricked into thinking that they had logged into a totally different,possibly spoofed or malicious,system,with obvious security ramifications.However,unlike TLS,most SSH servers are not configured to use any form of Public Key Infrastructure(PKI)or other chain-of-trust to establish proof of server identity.Such functionality is available,but is not in widespread use.Instead,most SSH clients will use a technique called Trust on First Use(TOFU).In this scheme,the client will trust a host key the first time it receives it for a given host.Going forward,if the host key changes,the SSH client can alert the user to the problem.While this doesnt allow the user to confirm the hosts identity,it at least allows them to confirm that the hosts identity hasnt changed.While host keys are ostensibly used to uniquely identify a host,oftentimes multiple hosts have the same host key.This is sometimes intentional,such as when automatically provisioning many ephemeral systems.Unfortunately,it can also happen accidentally and this can have very undesirable consequences.runZero Research Report2024P54ubuntuu2404-infra-02:$ssh 192.168.50.127The authenticity of host 192.168.50.127(192.168.50.127)cant be established.ED25519 key fingerprint is SHA256:wdNLQA-2vyp6Qv 8T7Ac2rF6vRJz34P5RCQo9VJAa Ms.This key is not known by any other names.Are you sure you want to continue connecting(yes/no/fingerprint)?Or at least prove their possession of the correct private key./Research NoteWe performed a limited audit to see how frequently host keys were being reused across our data set.We identified more than 350 instances where the same host key was shared across unrelated environments.Further exploration across the wider Internet revealed thousands of additional shared host keys.The good news is that most of these situations can be avoided by using tools that are already available.SSH certificate-based authentication,which allows a trusted certificate authority to sign host keys,can provide clients with assurance that a never-before-seen host key can be trusted.runZero Research Report2024P55Figure 26:Reuse of individual keys across our data set by device type.Key 1Seen on 7,400 serversKey 2Seen on 4,300 storage appliancesKey 3Seen on 3,800 serversKey 4Seen on 3,200 serversKey 5Seen on 1,900 serversKey 6Seen on 1,700 serversKey 7Seen on 1,500 serversKey 8Seen on 1,400 serversKey 9Seen on 1,300 serversKey 10Seen on 1,200 serversKey 11Seen on 1,200 serversKey 12Seen on 1,100 serversKey 13Seen on 1,000 serversKey 14Seen on 1,000 serversKey 15Seen on 950 serversKey 16Seen on 900 serversKey 17Seen on 850 serversKey 18Seen on 850 serversKey 19Seen on 750 serversKey 20Seen on 700 serversrunZeros initial research in this area focused on trying to find protocol“quirks”that could identify individual TLS stacks.For example,what does the stack do when sent an empty value for the Server Name Indication extension?Does it respond with a Server Hello or an Alert Message?There are at least five possible responses in this situation,and each one helps narrow down which TLS stack it might be.As part of this effort,runZero audited and collated the responses from as many libraries(and versions of those libraries!)as possible.In many cases,lab test implementations were built to ensure the work could be replicated and validated.Identifying characteristics were then pared down to the minimal possible sets to ensure the scanning process sent as little traffic as possible to customer devices.Transport Layer SecurityrunZero Research Report2024P56TLS,or Transport Layer Security,is the de facto standard for encrypted communications over the Internet.It is responsible for securing and validating communication between two different systems across untrusted networks.The runZero scanner fingerprints TLS implementations(the“stack”)automatically as part of the discovery process.This feature was added in October 2022 to help customers identify OpenSSL 3.0.x endpoints in response to an announcement that a critical vulnerability was present in these versions,but not in the older 1.1.1 release.runZero was able to help customers identify their OpenSSL 3.0.x services before the details of the issue were made public andhas continued to improve this functionality ever since.Although there are a handful of existing TLS fingerprinting implementations,runZero decided to build something new for three reasons:Existing techniques were not resilient to communication tampering by devices along the network path.Existing techniques were overly reliant on attributes that can and do vary naturally due to configuration choices by administrators.Existing techniques used“lossy”hashing that limited their utility to lookup tables.AttributeValuetls.rzfp0v0|t10:alert#02#46:,t12:hello#0303#c02f#:sdone#00#,t13:hello#0304#1301#002b=n0002/0033=n0024:hello#0000#0000#,f0:hello#0304#1301#002b=n0002/0033=n0024:hello#0000#0000#,f5:hello#0304#1301#002b=n0002/0033=n0024:hello#0000#0000#,sne:alert#02#0a:,t12hc:hello#0303#c02f#:sdone#00#,ale:alert#02#0a:,alu:alert#02#78:,fd2:alert#02#28:,rts:random|0304|fd2|fd2tls.serialccae983745b38873542a47ac9c9ade1btls.stackgo-crypto-tls=1.21.01.22.1tls.supportedVersionNamesTLSv1.2 TLSv1.3runZero Research Report2024P57Microsoft Schannel26.64%OpenSSL 1.1.x15.74%BoringSSL2.29%Go crypto/tls 1.12.0 to 1.20.x2.09%OpenSSL 3.x2.05%Java 7u79 to 8u2420.55%Go crypto/tls 1.21.0 to 1.22.x0.31%Java 8u272 to 14.0.2u120.21%Java 15.0.1 to 22ea0.01%Java 8u252 to 8u2650.01%Figure 27:Top 10 fingerprinted TLS stacks.Figure 28:Screenshot showing TLS fingerprint attributes in field tls.rzfp0 and the resulting TLS stack assertion in tls.stack.As a result of this work runZero can identify many common(and not so common!)TLS stacks,often down to specific library versions.This information can prove invaluable in identifying not just the TLS stack,but also with detecting vulnerabilities and EOL systems.Note that the fingerprinting was able to identify the version of Gos TLS implementation to high precision.The ability to fingerprint TLS stacks directly is critical because the OpenSSL version used by a service is not typically visible to the average user or administrator.Many systems include multiple TLS implementations,so even the presence of old OpenSSL shared libraries on a system wouldnt necessarily say which services would be affected.To complicate things further,some services have statically linked the OpenSSL library,and the only way to identify their use is to examine the service binaries or communicate with them directly.runZero solves this challenge by measuring how the service actually communicates,providing an efficient way to find systems that could be stuck with a version of OpenSSL that will never see a new version.runZero Research Report2024P58CASE STUDY:OPENSSL 1.1.1 IS END-OF-LIFEThe TLS stack fingerprint can do double duty,serving as a useful indicator for the age of the associated system.For example,OpenSSL 1.1.1 reached end-of-life in September of 2023.That means that,in general,no further fixes,security or otherwise,will be made for that version of the library.Since that date,there have been two publicly-acknowledged vulnerabilities in OpenSSL 1.1.1.runZeros analysis shows that OpenSSL 1.1.1 is still present on roughly 16%of TLS services.It shows up everywhere:routers,switches,printers,phones,cameras,and power devices,amongst many others.These systems either werent or cant be upgraded to newer versions and that means roughly one out of every six TLS services is using a library that will no longer receive security updates.Figure 29:Top 5 fingerprinted TLS stacks.Microsoft SchannelOpenSSL 1.1.xBoringSSLGo crypto/tls 1.12.0 to 1.20.xOpenSSL 3.x26.64.74%2.29%2.09%2.05%Roughly one out of every six TLS services is using a library that will no longer receive security updates.With the release of Windows 2003 Service Pack 1,Microsoft introduced the ability to use TLS,which addressed the issue of machine-in-the-middle(MitM)attacks by allowing clients to cryptographically verify they were connecting to the expected server.In Windows Server 2008,Microsoft introduced Network Level Authentication(NLA),which required users to authenticate themselves before a session would be established.NLA forced authentication to occur after the TLS handshake,but before the console was provisioned,which mitigated the resource-exhaustion concerns,reduced information leakage,and significantly impaired brute-force attacks.When configuring RDS in Windows Server 2008,administrators had the option to require NLA for all connections or to allow the client to decide.Starting with Windows 2012,however,NLA was required by default to improve security.The Remote Desktop Protocol runZero Research Report2024P59In the early 2000s,Microsofts Remote Desktop Services(RDS,then called Terminal Services),presented a few security challenges:clients couldnt validate the servers identity,there was no brute force prevention,and unauthenticated users could connect and observe the login screen.The login screen often displayed a default username and the domain that the server was part of.This information could then be used in brute force attacks.Additionally,upon initial connection,the server would provision an entire desktop environment before beginning the login process.This meant that attackers could easily create a resource-exhaustion situation by simply opening a large number of sessions.Figure 30:Microsofts Remote Desktop Services login screen.runZero Research Report2024P60NLA RequiredNot RequiredMicrosoft Windows Server 202211.34%Microsoft Windows Server 201942.45%Microsoft Windows Server 201629.01%Microsoft Windows Server 20080.34%Microsoft Windows Server 2003 R20.16%Microsoft Windows Server 20030.23%Microsoft Windows Server 2012 R212.80%Microsoft Windows Server 2008 R23.35%Microsoft Windows Server 20120.33%Figure 31:RDP NLA enforcement-OS distribution.We explored how frequently organizations choose non-default options for NLA enforcement.As the results illustrate,the majority of Remote Desktop services on Windows Server versions where NLA is required by default do,in fact,require NLA.This is good news,and an indicator that secure defaults can have a positive impact.An argument could be made that the NLA requirement being disabled by default on Windows Server 2008/2008 R2 shows up in the results as well,but this state may be influenced by those servers being more likely to have legacy or third-party clients that dont support NLA.RHEL Derivative Linux 722.07%Oracle Linux 8.619.19%Oracle Linux 8.812.37%Linux Kernel9.39%Ubuntu Linux7.32%RHEL Derivative Linux 84.42%Ubuntu Linux 20.044.28%Red Hat Enterprise Linux3.3%Red Hat Enterprise Linux 72.55%Oracle Linux 9.21.93%Figure 32:RDP without NLA support-OS distribution.We also reviewed the OS distribution of services that did not permit using NLA at all.This list is dominated by Red Hat Enterprise Linux and its various derivatives running the xrdp RDP service.The xrdp service does not support NLA,so these results are not surprising.However,we were encouraged to find so few results for Microsoft Windows machines without NLA support that the number is not statistically significant.This implies that secure defaults work.runZero Research Report2024P61Server Message BlockrunZero Research Report2024P62The Server Message Block(SMB)protocol is used by Microsoft Windows for remote file access,printer sharing,and a laundry list of remote management features.SMB has a history stretching back to 1983,originally developed at IBM for file and printer sharing.Given its age,SMB has been both the target of,and vector for,countless attacks by malicious actors.The protocol has evolved greatly over the years:from a protocol with limited security targeting small,low-speed local networks in the early days,to a secure and featureful protocol with relatively good performance over the wide area networks.Security documentation commonly recommends disabling SMB version 1.SMBv1 has been superseded over the years by multiple versions of SMB v2 and SMB v3,both of which provide major security improvements.SMBv1 does not support encryption of data nor protection from protocol security downgrade attacks or MitM tampering.While it does include message signing for some messages,these signatures use the legacy MD5 function,which was itself replaced by the much stronger HMAC SHA-256 in SMBv2 and AES-CMAC in SMBv3.Newer SMB protocols have stronger security fundamentals and have also avoided severe vulnerabilities(such as EternalBlue)that only impacted SMBv1.The last versions of Windows to actually require SMBv1 were Windows XP and Windows Server 2003,both of which were removed from support nearly a decade ago.SMBv1 was publicly deprecated in mid-2013 and Microsoft removed it entirely from clean installs of Windows 10 and Windows Server 2019 starting in late 2017.Microsoft even went so far as to automatically uninstall SMB v1 support from updated systems that had not used the older protocol during a 15-day sampling period.runZero Research Report2024P63Microsoft Windows 1023.44%Microsoft Windows Server 201620.69%Microsoft Windows Server 2012 R211.07%Microsoft Windows 75.77%Microsoft Windows Server 2008 R24.55%Microsoft Windows Server 20193.78%FreeBSD FreeBSD2.9%Apple macOS2.23%Linux Kernel2.01%Synology DSM1.91%Figure 33:Percentages of OS(top 10)with SMBv1 enabled./Research NoterunZero analyzed the distribution of operating systems that still have SMBv1 enabled.While the number of services we observed was not exactly thrilling,it was good to see that,statistically,most instances were related to versions of Windows that may have been installed or upgraded while SMBv1 was still enabled by default,or in third-party systems that need to interact with the Windows ecosystem.runZero Research Report2024P64Microsoft Windows 10Microsoft Windows 11Microsoft Windows Server 2016Microsoft Windows Server 2012 R2Microsoft WindowsMicrosoft Windows Server 2008 R2FreeBSDMicrosoft Windows Server 2019Microsoft Windows Server 2022Microsoft Windows 7SMBv1 DisabledSMBv1 Enabled61.88.47%9.21%6.11%2.50%2.21%1.48%0.93%0.74%0.47%Figure 34:SMBv1 enabled-distribution within OS.The SMB v1 statistics look a bit better once you break these down by operating system.While it could be argued that the lack of SMBv1 in more recent systems is due to reduced need to interoperate with legacy systems,wed still expect to see it more frequently if enabled by default.Microsofts choice to disable SMBv1 by default seems to have had a significant positive impact on the security posture of environments with SMB present.Exact answers are seemingly pass.Everywhere we look,statistical models and neural networks have blossomed.Seemingly overnight,LLMs and other AI technologies have grown from fascinating curiosities to being embedded in everything,everywhere.Chatbots now handle customer service requests and teach foreign languages while large language models write dissertations for students and code for professionals.Software companies are claiming and seem to be realizing gains in programmer productivity thanks to code generation by LLM-backed AIs.Language learning tools and automated translation have been revolutionized in just a few short years,and it is not hard to imagine that in the near-future,advanced artificial intelligence will be as commodified as the once-world-shaking smartphone.AI tools provide answers that sound good and are easy for humans to consume,but struggle with a key challenge;knowing the truth.Thisflaw is a serious roadblock to using AI in security-critical workflows./Our PerspectiveModern AI is undoubtedly a fascinating and powerful set of technologies,but these tools are ill-suited to CAASM,asset inventory,and vulnerability discovery efforts.runZero believes that current-generation AI is not just unhelpful for most security efforts,but can be actively harmful.Chapter 7AI&the Need for SpecificityrunZero Research Report2024P65Verification Is EverythingLLMs have proven excellent at prediction and generation,but struggle to provide useful outcomes when the workload requires high levels of precision.In the case of content and code generation,LLMs do well because the user can quickly verify that the output matches the intent.Does the sentence make sense?Does the code compile?These are quick tests that the user can apply to determine whether the LLM provided an accurate response.LLM-generated data presents two problems for CAASM and asset inventory:In short,without an efficient way to verify the output from an LLM,it is difficult to rely on these systems for discovery automation at scale.The inference mechanisms are black boxes.There is little way to know how the detected devices relate to the provided evidence or what was skimmed over or omitted by the inference process.There is no guarantee that the claims made by the tool are accurate,or even that the specific assets or vulnerabilities exist.Careful,prompt engineering might help,but it might not.runZero Research Report2024P66Slightly Wrong Is Rarely RightLLMs struggle with another aspect of information security;the sheer scale of data.Even an AI tool that is 99curate at detecting vulnerabilities and classifying assets may result in worse outcomes than not using the tool at all.A one percent gap may seem small,but modern organizations manage asset and vulnerability records in the millions and even billions.Meaningful exposures already exist in the margins of massive datasets.For every 1,000 workstations,there may only be one exposed system;however,that system might be the single entry point an attacker needs to succeed.For situations that require knowing exactly what and where things are,systems that provide exact answers are,well,exactly what is needed.Lies,Damn Lies,&StatisticsStatistical methods are beautiful applications of mathematics based on centuries of meticulous work,but the outcomes of these methods tend to be aggregate views and trends over time.Statistical models and AI tools built on these models,are great at providing high-level views,but unfortunately tend to bury the most critical exposures instead of flagging them for remediation efforts.A great example of this is the average asset risk metric:does a singlehigh-risk asset actually present the same risk as 10 low-risk assets?In almost all cases,the answer is no.There are times when we want to analyze generalities from the details because statistical methods are indispensable tools when it comes to reporting,overall distribution,and location of outliers.However,when we want to see exactly what assets exist,where they are,and what they do,statistical methods are less useful.runZero Research Report2024P67Precision MattersThe goal of CAASM is to provide comprehensive and precise visibility into the entire organization,with a focus on minimizing exposure.The current-generation of AI tools struggle to help due to the outsized effort required to verify their results.Defenders already struggle with a deluge of noise from theirtools and adding more wrong answers has a real human cost.Statistical models,while helpful for measuring trends over time,also tend to obfuscate the most critical exposures in noise.CAASM requires precision at scale and failing to identify even one percent of an attack surface or an organizations assets,is not an acceptable error rate.AI tools may be helpful for report generation and data summarization,but struggle to provide the level of accuracy required to deliver on the promise of CAASM.runZero Research Report2024P68Test drive the runZero Platform for 21 days,with an option to convert to our free Community Edition at the end of your trial.Copyright 2024 runZero,Inc.runZero is a registered trademark of runZero,Inc.runZero Explorer and Get to know your network are trademarks of runZero,Inc.All other trademarks are properties of their respective owners.Try runZero for FreerunZero delivers the fastest,most complete security visibility possible,providing the ultimate foundation for successfully managing risk and exposure.Rated number one on Gartner Peer Insights,our cyber asset attack surface management(CAASM)platform starts delivering insights in minutes,discovering both managed and unmanaged devices across the full spectrum of IT,OT,IoT,cloud,mobile,and remote assets.Combining powerful,proprietary active scanning,passive discovery,and integrations enables runZero to deliver the most accurate,in-depth data and insights into everything on your network,without the need for credentials,agents,or hardware.With a world-class NPS score of 82,runZero has been trusted by more than 30,000 usersto improve security visibility since the company was founded by industry veteran HD Moore.Connect with us:

0人已浏览 2024-05-17 69页 5星级

These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Cloud Data Warehousing3rd Snowflake Special Editionby David BaumThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionPublished byJohn Wiley&Sons,Inc.111 River St.Hoboken,NJ 07030-Copyright 2024 by John Wiley&Sons,Inc.,Hoboken,New JerseyNo part of this publication may be reproduced,stored in a retrieval system or transmitted in any form or by any means,electronic,mechanical,photocopying,recording,scanning or otherwise,except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act,without the prior written permission of the Publisher.Requests to the Publisher for permission should be addressed to the Permissions Department,John Wiley&Sons,Inc.,111 River Street,Hoboken,NJ 07030,(201)748-6011,fax(201)748-6008,or online at http:/ Dummies,the Dummies Man logo,The Dummies Way,D,Making Everything Easier,and related trade dress are trademarks or registered trademarks of John Wiley&Sons,Inc.and/or its affiliates in the United States and other countries,and may not be used without written permission.Snowflake and the Snowflake logo are trademarks or registered trademarks of Snowflake,Inc.All other trademarks are the property of their respective owners.John Wiley&Sons,Inc.,is not associated with any product or vendor mentioned in this book.LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY:WHILE THE PUBLISHER AND AUTHORS HAVE USED THEIR BEST EFFORTS IN PREPARING THIS WORK,THEY MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES,INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES REPRESENTATIVES,WRITTEN SALES MATERIALS OR PROMOTIONAL STATEMENTS FOR THIS WORK.THE FACT THAT AN ORGANIZATION,WEBSITE,OR PRODUCT IS REFERRED TO IN THIS WORK AS A CITATION AND/OR POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE PUBLISHER AND AUTHORS ENDORSE THE INFORMATION OR SERVICES THE ORGANIZATION,WEBSITE,OR PRODUCT MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE.THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING PROFESSIONAL SERVICES.THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR YOUR SITUATION.YOU SHOULD CONSULT WITH A SPECIALIST WHERE APPROPRIATE.FURTHER,READERS SHOULD BE AWARE THAT WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.NEITHER THE PUBLISHER NOR AUTHORS SHALL BE LIABLE FOR ANY LOSS OF PROFIT OR ANY OTHER COMMERCIAL DAMAGES,INCLUDING BUT NOT LIMITED TO SPECIAL,INCIDENTAL,CONSEQUENTIAL,OR OTHER DAMAGES.For general information on our other products and services,or how to create a custom For Dummies book for your business or organization,please contact our Business Development Department in the U.S.at 877-409-4177,contact infodummies.biz,or visit information about licensing the For Dummies brand for products or services,contact BrandedRights&LicensesW.ISBN 978-1-394-21162-3(pbk);ISBN 978-1-394-21163-0(ebk)Publishers AcknowledgmentsSome of the people who helped bring this book to market include the following:Development Editor:Nicole ShollyProject Manager:Jen BinghamAcquisitions Editor:Traci MartinEditorial Manager:Rev MengleSales Manager Molly DaughertyContent Refinement Specialist:Tamilmani VaradharajTable of Contents iiiThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Table of ContentsINTRODUCTION.1About This Book.1Icons Used in This Book.2Beyond the Book.2CHAPTER 1:Introducing Cloud Data Warehousing.3Defining the Data Warehouse.4Defining Data Lakes.4Understanding the Cloud Data Platform.5Tracking the Emergence of Modern Cloud Data Warehousing.6Looking at Data Processing Trends.8Adapting to Data Demands.8CHAPTER 2:Standardizing on a Versatile Data Platform.11Supporting Many Languages.12Working with Many Data Formats.12Utilizing Open Table Formats.14Supporting New Architectural Patterns.14Improving Control with a Data Mesh.15Moving Beyond Data Lakes.16CHAPTER 3:Architecting a Cloud Data Platform That JustWorks.17Outlining the Primary Architectural Components.17Spanning Multiple Regions and Clouds.18Consolidating Data for Out-of-the-Box Analytics.20Achieving operational efficiency.21Provisioning and managing resources.22CHAPTER 4:Achieving Exceptional Price and Performance.23Utilizing Consumption-Based Pricing.24Maximizing Efficiency with Columnar Storage.24Calculating and Controlling Costs.25Optimizing Performance and TCO.25iv Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.CHAPTER 5:Bolstering Data Security and Governance.27Exploring the Fundamentals of Database Security.28Eliminating security silos.28Encrypting data by default.28Verifying vendor participation.29Patching,updates,and network monitoring.29Ensuring data protection,retention,and redundancy.30Securing marketplace data.30Controlling user logins.30Applying access controls.31Governing How People View,Access,and Interact with Your Data.31Protecting your data.32Classifying and identifying data.32Demanding attestations and compliance certifications.33Monitoring data quality.33CHAPTER 6:Enabling Data Sharing.35Confronting Technical Challenges.35Sharing without Copying.36Protecting Sensitive Data.37Monetizing Your Data.37CHAPTER 7:Advancing Analytics.39Considering Geospatial Analytics.40Optimizing Search Functions.40Arming Data Analysts with ML.41Developing AI Applications.41Automating Development,Deployment,and Monetization.42CHAPTER 8:Four Steps for Getting Started with Cloud Data Warehousing.43Step 1:Evaluate Your Needs.43Step 2:Migrate or Start Fresh.44Step 3:Calculate TCO.44Step 4:Set Up a Proof of Concept.44Introduction 1These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.IntroductionData is infiltrating all types of business processes and reshaping the way companies operate.Regardless of your industry or market,the ability to manage data easily,securely,and efficiently has become vital for success.For instance,in the realm of marketing,data is animating cus-tomer segmentation and targeted advertising,allowing busi-nesses to craft personalized marketing campaigns based on the moment-to-moment activities of consumers.In transportation,real-time data enables travelers to optimize routes,and that same data can be aggregated to reduce traffic congestion and improve roadway efficiency.These examples highlight the immense potential of data and the transformative impact it will continue to have for years to come.Forward-thinking organizations rely on powerful,easy-to-use,and out-of-the-box cloud data warehouses to put their data to work.The best cloud data warehouses are built on a cloud data platform a unified,global solution not only for data warehous-ing but also for data lakes,data engineering,AI/ML,and data application development.By concurrently powering these and other workloads,a cloud data platform enables everyone in the organization to deliver valuable experiences with their data.Delivered as an affordable,usage-based service,a cloud data platform can help your business users become more efficient and allows your IT team to break free from mundane data adminis-tration tasks.It provides consistent functionality across multi-ple regions and clouds with instant and near-infinite scalability.Multiple business units can securely share governed data without the complications of duplicating or copying data,as well as extend access to partners,customers,and other constituents either directly or through a data marketplace.About This BookWelcome to the third edition of Cloud Data Warehousing For Dummies where you discover how your organization can tap into and transform the power of massive amounts of data into valuable business intelligence.2 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.In this book,you learn how to create an innovative,cost-effective,and versatile cloud data platform that powers not only your data warehouse but also many other data workloads.Additionally,you learn how to extend an existing data warehouse to take advantage of the latest cloud technologies.Icons Used in This BookThroughout this book,the following icons highlight tips,impor-tant points to remember,and more.Tips alert you to easier ways of performing a task or better ways to use cloud data warehousing in your organization.This icon highlights concepts worth remembering as you immerse yourself in the understanding and application of cloud data warehousing.The jargon beneath the jargon,explained.The case studies in this book reveal how organizations applied cloud data warehousing to save money and significantly improve the speed and performance of their data analytics.Beyond the BookIf you like what you read in this book,visit ,where you can find out more about the companys cloud data platform offering,sign up for a free Snowflake trial account.CHAPTER 1 Introducing Cloud Data Warehousing 3These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Chapter1IN THIS CHAPTER Understanding data warehouses,data lakes,and cloud data platforms Diving into the modern cloud data warehouses history Exploring trends in data and analytics Keeping up with the shifting demands ofdataIntroducing Cloud Data WarehousingA traditional data warehouse required purchasing,install-ing,and configuring the necessary hardware,software,and infrastructure to store and analyze data.Cloud data warehousing emerged as an efficient,cost-effective way for organizations to scale analytics without those upfront costs.And,when a cloud data warehouse lives on a well-architected,modern cloud data platform,it not only enables organizations to acceler-ate analytics but also broadens data management capabilities to include other architectures,like a data lake,and can securely and efficiently run other workloads.To help you understand data warehouses,data lakes,and the modern cloud data platform,this chapter defines each,and briefly shows how the modern cloud data platform came into being.The chapter wraps up with a quick look at trends in data processing and how those trends require the ability to shift and meet new data demands.4 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Defining the Data WarehouseInitially,data warehouses were simplyrelational databases that stored and queried large volumes of structured data.Today,cloud-built and hybrid cloud data warehouses can also incor-porate semi-structured data,such as JavaScript Object Nota-tion(JSON)weblogs,and unstructured data,such as images and audio conversations.This has allowed modern data warehouses to expand beyond mere analytic repositories for internal business operations and include a burgeoning volume of data from mobile apps,online games,Internet of Things(IoT)devices,social media networks,generative AI systems,and many other sources.A data warehouse is a computer system dedicated to storing and analyzing data to reveal trends,patterns,and correlations that provide information and insight.Traditionally,organizations have used data warehouses to capture and integrate data collected from internal sources(usually transactional databases),includ-ing marketing,sales,production,finance,and more.However,unlike transactional databases,data warehouses are designed for analytical work.These software environments serve as federated merged repositories,collecting and aggregating data from var-ious operational systems for analysis and generating business insights.Defining Data LakesData lakes arose to supplement traditional data warehouses because the relational model cant accommodate the current diversity of data types and their fast-paced acquisition models.While data warehouses are generally designed and modeled for a particular purpose,such as financial reporting,data lakes dont always have a predetermined use case.Their utility becomes clear later,such as when data scientists conduct data exploration for feature engineering and developing predictive models.Data warehouses and data lakes are both widely used to store big data but arent interchangeable.A data lake is a vast pool of raw data that is stored in a highly flexible format for future use.A data CHAPTER 1 Introducing Cloud Data Warehousing 5These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.warehouse is a repository of filtered data that has been prepro-cessed for a specific purpose.We explore these differences further in Chapter2.Understanding the Cloud Data PlatformA cloud data platform is a single,unified network that enables data analysts,data scientists,data engineers,and more to connect their data,applications,and services that are most critical for their business.It allows for workloads like data warehousing,data lake,data engineering,collaboration,AI/ML,application devel-opment,and more.It makes it easy to share data with a diverse group of users without requiring the technology team to copy that data or establish a new data silo.It upholds centralized data security,data governance,and regulatory compliance policies to ensure that people obtain complete,consistent,and accurate data when they issue queries and generate reports without violating data privacy mandates.It also can accommodate new architecture patterns such as a data mesh,and integrate open table formats such as Apache Iceberg tables(for more on this,see Chapter2).Consumption-based pricing allows each user and workgroup to allocate costs to specific accounts and cost centers with constant visibility into the compute and storage resources they use.Best of all,a modern cloud data platform operates seamlessly across multiple public clouds via one consistent interface,maximizing flexibility and avoiding the restrictions of a single cloud provider.Cloud data warehousing,which can live as a workload on a mod-ern cloud data platform,emerged from the convergence of three major trends:1)changes in data sources,volume,and variety;2)increased demand for data access and analytics;and 3)technology improvements that significantly increased the efficiency of data storage,access,and analytics.6 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Tracking the Emergence of Modern Cloud Data WarehousingTraditional data platforms are designed to leverage a set of finite computing resources,often within the confines of an on-premises data center.Careful capacity planning is required to size each new data warehouse,data lake,data mart(a subset of a data warehouse that focuses on specific data for a particular purpose),or other data-driven workload.Because organizations dont always know how popular these workloads will become,they have to overpro-vision them deploying more hardware and software resources than they expect to initially need.MARRIOT SIMPLIFIES ITS DATA PLATFORM AND ACHIEVES LOWER TOTAL COST OF OWNERSHIPMarriot,a Snowflake customer,comprises 32 global brands across 139 countries,with 8,300 hotels offering 15 million hotel rooms,and 100,000 home and villa properties.Prior to using a unified,single cloud data platform,Marriott used a mix of legacy database technologies that made their stack complex,costly due to expensive upgrades,and difficult to operate.Data engi-neers spent 20 percent of their time on infrastructure issues such as tuning Spark jobs.Simplifying its data platform on Snowflake has enabled Marriott to achieve transparency and control of its data,faster speed to market,improved collaboration and data sharing,a better user experience,and lower TCO.With Snowflake,Marriott has seen a dramatic improvement in perfor-mance and cost savings in comparison to Spark and Hive-based work-loads.Many users from Marriott have commented on their improved experience with Snowflake,mentioning queries that used to take five hours or time out on Netezza that now take one hour on Snowflake.Data that previously took 48 hours to one week in Hadoop is now available nearly instantly in Snowflake.CHAPTER 1 Introducing Cloud Data Warehousing 7These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.As analytic applications,data science applications,data engineer-ing pipelines,and many other types of data applications have grown in popularity and importance,many of these legacy data warehouse platforms have bowed under the strain.Restricted by a linear architecture,they cant run multiple workloads in paral-lel,leading to long wait times for computing resources and the data-driven insights they impart.Many users complain of slow,inefficient queries,scalability issues,and rising licensing costs as analytic workloads grow.Complicating matters,many data-driven workloads are charac-terized by occasional bursts of activity,such as when the finance team closes the books at the end of the month or when data sci-entists train ML models.Sizing a data warehouse to accommodate peak loads is wasteful because the system needs all that capacity for only a small fraction of the time.These issues stem,in part,from antiquated design principles.Older data warehouses use a“shared nothing”architecture that tightly couples storage,compute,and database resources.This type of architecture makes it difficult to elastically scale the data-base to respond to the escalating needs of many concurrent users and workgroups,as well as to accommodate occasional bursts in query activity.The steady rise of public cloud services has empowered busi-nesses to provision nearly limitless amounts of compute and storage capacity.Theoretically,this has allowed traditional data environments to support a larger number of users and workloads.In practice,however,older data warehouse systems were not structured to take advantage of all this power and capacity.While some of these data environments have been“lifted and shifted”to the cloud,they have continued to operate under the architec-tural limitations of their legacy,on-premises heritage.In many cases,these information systems have been architected to work with a finite set of resources and to use a single type of data,which has led to data platform sprawl a data warehouse for structured data,a data lake for semi-structured data types,and a wide variety of local databases and data marts,some in the cloud and others on-premises with each created to solve a unique set of departmental needs.This sprawl forces IT administrators to contend with the problem of data silos,which involves reconcil-ing dissimilar architectures and different types of data stored in many different places.8 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Traditional data platforms dont scale well,and having a fixed set of compute and storage resources limits concurrency(the degree to which users can simultaneously access the same data and computing resources).Today,thanks to the nearly infinite resources available in the cloud,businesses can easily scale com-pute resources to handle an escalating volume of activity.Looking at Data Processing TrendsHistorically,businesses collected data in a well-defined,highly structured format at a reasonably predictable rate and volume.Even as the speed of older technologies advanced,data access and usage were carefully controlled and limited,given the scar-city of computing resources,to ensure acceptable performance for every user.But now,the business world is experiencing a data deluge,with data arising from sources too numerous and varied to list.The velocity and volume of this data can quickly overwhelm a con-ventional data warehouse.In some cases,this can cause analytics applications to hang or even crash due to an overload of users and the workloads they attempt to run.Adapting to Data DemandsIt may be difficult to predict the amount of computing resources needed to analyze large and growing data sets,especially when an increasing share of this data originates outside your data center.This makes a cloud data platform the natural location for storing and integrating warehouse data.A modern cloud data platform also enables elasticity to scale all your analytic workloads.Organizations and workgroups can acquire computing power for short periods,making projects eas-ier to execute and allowing even small businesses to reap the ben-efits of a powerful data warehouse.To take full advantage of cloud resources,a new architecture is required that separates but logically integrates storage,com-pute,and data warehouse services(such as metadata and user management).Chapter3 explains that because each component CHAPTER 1 Introducing Cloud Data Warehousing 9These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.is separate,they can be expanded and contracted independently,enabling data warehouses to be more responsive and adaptable.Adapting to the exponential increase of data also requires a fresh perspective(see Figure1-1).The conversation must shift from how big an organizations data warehouse should be to whether it can scale cost effectively,without friction,and in the magnitude necessary to handle massive volumes and varieties of data,arriv-ing at increasing velocity.FIGURE1-1:The modern data warehouse must support many types of data,analytic use cases,and applications.SUMMING UP THE CHALLENGES OF DATA MANAGEMENTThe modern cloud data warehouse arose in response to several evolving data trends,all of which put a strain on legacy architectures:Variety:Data sources are numerous and varied,resulting in more-diverse data structures that must coexist in a single location to enable exhaustive and affordable analysis.Resource contention:When data storage and computation are physically tied together,analytics problems typically arise if either resource starts to run low.Velocity:Loading data in batches at specific intervals is still com-mon,but many organizations require continuous data loading(micro batching)and streaming data(instant loading).(continued)10 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.OVERCOMING SCALABILITY ISSUESAutodesk software solves challenges in architecture,engineering,con-struction,product design,manufacturing,media,and entertainment.Autodesks customer 360 Analytics Data Platform(ADP)supports a variety of BI,data science,and customer-facing use cases.Autodesks data lake architecture was operationally burdensome to support and cost-prohibitive to scale.Data ingestion workloads relied on large amounts of homegrown code that led to frequent trouble-shooting and unreliable data.Data-access-control limitations pre-sented data governance challenges.Performance issues inhibited Autodesks product teams and business users from accessing timely insights.Lack of trust in ADP caused teams to consider building their own data environments.Near-zero maintenance reduced administrative work and freed up technical staff to focus on increasing analytics.Adding native SQL support and an extensive network of connectors,drivers,and programming languages simplified data ingestion and transformation.Autodesks reimagined data architecture allows the data platform team to support even more self-service analytics use cases and gain the following benefits:Significantly reduced administration overhead(by 3x)10 x faster data ingestion and transformation Increased self-service access to analytics powered ML workloads Elasticity:Scaling up a conventional data warehouse to meet todays increasing storage and workload demands,when possible,is expensive,painful,and slow.Diversity:Proprietary data platforms are often complex,requiring specialized skills and lots of tuning and configuration.This wors-ens with the growing number of data sources,users,and queries.Collaboration:Sharing data usually requires building data pipe-lines and copying data around,which takes time and resources and often results in delays and negative downstream impacts.(continued)CHAPTER 2 Standardizing on a Versatile Data Platform 11These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Chapter2IN THIS CHAPTER Supporting many languages Working with many data formats Organizing data files with open table formats Utilizing new architectural patterns Simplifying data management with a data mesh Taking a modern approach to data lakesStandardizing on a Versatile Data PlatformRegardless of your industry or market,the capability to har-ness your data easily and securely in a multitude of ways has become paramount for success.A modern cloud data platform empowers you to consolidate your data,providing unlimited bandwidth for data analysis,data sharing,data engi-neering,application development,and data science initiatives.As a result,your business users become more efficient and your IT team can break free from mundane data administration tasks,allowing everyone to focus on delivering valuable experiences.Each role has unique data requirements from developers to data architects to operational workers.As a result,a cloud data warehouse must live on a cloud data platform that can work with numerous programming languages,be compatible with prevail-ing architectural patterns,and integrate smoothly with a wide variety of data formats.12 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Supporting Many LanguagesSQL,Python,Scala,Java,JavaScript developers interact with many languages to access data and build data applications,including non-coding languages,natural languages,and conver-sational interfaces,such as generative AI tools that use program-ming languages behind the scenes.A cloud data warehouse should live on a cloud data platform that works seamlessly with these languages.In addition,business analysts should be able to use ANSI SQL to manipulate all data,including support for joins across data types and databases.Flexible access via SQL and other popular languages makes it easier to build data pipelines,run exploratory analytics,train ML models,and perform other data-intensive tasks.This is the start-ing point for enabling a broad set of business intelligence(BI),reporting,and analytic use cases.Working with Many Data FormatsTraditional data warehouses are optimized for storing relational data in predefined tables.However,todays data warehouses must accommodate many other data types and file formats,including raw and streaming data from weblogs,equipment sensors,social media networks,and other sources that dont conform to a rigid tabular structure.Web data may be stored as JSON files.Spreadsheets may occupy comma-separated value(CSV)formats or tab-delimited text files.And data interchanged among multiple applications may be defined in extensible markup language(XML),complete with tags and other coding that identify distinct entities within the data.A cloud data platform should natively support popular semi-structured data formats,including the following:JSON,a lightweight,plain-text,data-interchange format based on a subset of the JavaScript Programming Language.JSON data can be produced by any application.Apache Avro,an open-source data serialization and Remote Procedure Call(RPC)framework originally developed for use with Apache Hadoop.Avro utilizes schemas defined in JSON CHAPTER 2 Standardizing on a Versatile Data Platform 13These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.to produce serialized data in a compact binary format.The serialized data can be sent to any destination(that is,application or program)where it can be easily deserialized because the schema is included in the data.Apache ORC(Optimized Row Columnar),a columnar format used to speed up Apache Hive queries.ORC was designed for efficient compression in Hadoop and improved performance of Hive for reading,writing,and processing data.Apache Parquet,a compressed,efficient columnar data representation designed for projects in the Hadoop ecosystem.This file format supports complex nested data structures and uses Dremel record shredding and assembly algorithms.XML,a markup language that defines a set of rules for encoding documents.XML was originally based on standard generalized markup language(SGML),another markup language developed for standardizing the structure and elements that comprise a document.THE THREE BASIC DATA TYPESMost data can be grouped into three basic categories:Structured data(customer names,dates,addresses,order history,product information,and so forth)is generally maintained in a neat,predictable,and orderly form,such as the tables in a relational database or the rows and columns in a spreadsheet.Semi-structured data(web data,spreadsheet data,XML data)doesnt conform to traditional structured data standards but contains tags or other types of markups that identify distinct entities within the data.Unstructured data(audio,video,images,PDFs,and other docu-ments)doesnt conform to a predefined data model or is not organized in a predefined manner.Unstructured information may contain textual information,such as dates,numbers,and facts that are not logically organized into the fields of a database or semantically tagged document.14 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.A complete cloud data platform can store diverse types of data in their native formats without creating data silos or imposing unique schemas to access data.You dont have to develop or maintain sep-arate storage environments for structured,semi-structured,and unstructured data.It is easy to load,combine,and analyze all data through a single interface while maintaining transactional integrity.Utilizing Open Table FormatsIn addition to standardizing on a cloud data platform that sup-ports JSON,Avro,Parquet,and XML file formats,make sure it works with your desired table format,whether proprietary or open source.Apache Iceberg is a widely popular open table for-mat with a large ecosystem of contributors,vendors,and users,ensuring you dont lock your data into any single vendor.Iceberg adds a SQL-like table structure to the unstructured and semi-structured data stored in files and documents.You can store Iceberg metadata and data files in your object storage and query them in-place.This allows computing engines,such as Spark,Trino,PrestoDB,Apache Flink,Hive,and Snowflake,to easily manage and inspect the data.Open table data formats have tremendous momentum from the commercial and open-source communities.Will your data plat-form support them if needed?Even when most of your data is maintained in a centralized data warehouse repository,its still possible to accommodate data in external tables(read-only tables that can be used for query and join operations)and materialized views(database objects that contain the precomputed results of a query).This architecture enables seamless,high-performance analytics and governance,even when the data arises from more than one location.Supporting New Architectural PatternsOne reason technology projects fail is because the stakeholders fail to look ahead.Dont just look at your current state;consider how your business may evolve in the future.Historically,companies have invested in special-purpose tech-nologies and data platforms,and its a huge effort to migrate CHAPTER 2 Standardizing on a Versatile Data Platform 15These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.them to more open and versatile formats.Such migrations can become a massive undertaking,sort of like trying to copy a life-times worth of family movies from an analog VHS format to a digital format like MP4.With new types of data,you may encounter new architectural pat-terns that you didnt predict.For instance,you may want a data warehouse to be transformed into a hybrid pattern that merges the strengths of data warehouses and data lakes.Additionally,domain-specific data marts could evolve into a more streamlined and regulated data mesh.A modern data platform supporting the data warehouse workload must be able to accommodate these patterns and easily adapt to your evolving business needs,as shown in Figure2-1.By making rigid demands about how to structure your data,you may unwittingly determine how to structure your business.The right data platform will allow you to do new things in familiar ways through a familiar interface.This maximizes flexibility as your business evolves.Improving Control with a Data MeshA data mesh simplifies the process of managing massive data architectures by breaking them down into smaller functional domains,each overseen by a dedicated team.These domain teams are responsible for crucial tasks,such as building and maintain-ing data pipelines,implementing governance policies,upholding FIGURE2-1:A versatile data platform powers a full spectrum of use cases,whether data is stored inside a data warehouse or in external tables.16 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.data privacy mandates,and ensuring data quality.Rather than creating silos,a data mesh breaks them down it distributes data responsibilities across different teams or domains while maintaining data discoverability and accessibility.This architectural pattern confirms that the teams working with the data have in-depth knowledge and expertise,fostering greater ownership and accountability as each data set aligns with the overall needs of the business.By distributing data responsibili-ties across the organization,a data mesh fosters a culture of data democratization and encourages cross-functional collaboration.When anchored by a modern cloud data platform,a data mesh can incorporate many types of data and file formats and accom-modate external data sources,different workloads,and multiple clouds.Moving Beyond Data LakesData lakes are designed to store huge quantities of raw data in their native formats in a single repository.However,business users often find accessing and securing this vast pool of data difficult,and many organizations have a hard time finding,recruiting,and retaining the specialized IT experts needed to access the data and prepare it for downstream analytics and data science use cases.Additionally,most of todays data lakes cant effectively organize all of an orga-nizations data,which may originate from dozens of data streams and data silos that must be loaded at different frequencies,such as once per day,once per hour,or via a continuous data stream.In response,hybrid platforms have emerged that combine the best attributes of data warehouses and data lakes into a single platform.These solutions have become the foundation for the modern data lake:a cloud-built repository where structured,semi-structured,and unstructured data can be staged in their raw forms.Anchored by a cloud data platform,these newer data lakes provide a harmonious environment that blends many different data management and data storage options,including a cloud analytics layer,a data warehouse,and a cloud-based object store.With the right software architecture,these data lakes provide nearly unlimited capacity and scalability for the storage and com-puting power you need.They make it easy to derive insights,obtain value from your data,and reveal new business opportunities.CHAPTER 3 Architecting a Cloud Data Platform That Just Works 17These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Chapter3IN THIS CHAPTER Defining essential architectural attributes Enabling data workloads across regions and clouds Organizing your data for out-of-the-box analyticsArchitecting a Cloud Data Platform That JustWorksCreating an effective cloud data warehouse isnt just a matter of repurposing yesterdays on-premises technologies or moving existing analytic applications and databases from your data center to a cloud vendors infrastructure.Properly leveraging the power and scale of the cloud requires a new mindset,a new set of management principles,and new cloud-built capabilities.Outlining the Primary Architectural ComponentsTo best satisfy the requirements of diverse and ever-escalating data workloads,a modern cloud data platform should be built on a multi-cluster,shared data architecture,in which separate compute,storage,and services can be scaled independently to leverage all the resources of the cloud.18 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.A modern cloud data warehouse includes a central persisted data repository that is accessible from all compute nodes.Like a shared-nothing architecture,it processes queries using MPP(massively parallel processing)compute clusters.This architecture allows maximum scalability,because each node in the cluster stores a portion of the entire data set locally.A near-limitless number of users can query the same data concurrently without degrading performance,even while other workloads are executing simultaneously,such as running a batch processing pipeline,training a machine learning model,or exploring data with ad hoc queries.A multi-cluster,shared data architecture includes four layers that are logically integrated yet scale inde-pendently from one another:The storage layer holds your data,tables,and query results.This scalable repository should handle structured,semi-structured,and unstructured data and span multiple regions within a single cloud and across major public clouds.The compute layer processes enormous quantities of data with maximum speed and efficiency.You can easily specify the number of dedicated clusters you want to use for each workload(thus eliminating contention for resources)and have the option to let the service scale automatically.The services layer coordinates transactions across all workloads and enables concurrent data loading and querying activities,enforcing security,propagating metadata,optimizing queries,and performing other important data management tasks.When each workload has its own dedicated compute resources,operations can run simultane-ously and perform as needed.The cross cloud and global layer globally connects data and applications across regions and clouds,securely,through a single,consistent experience,and is described further below.Spanning Multiple Regions and CloudsMany companies store data in multiple clouds and regions,neces-sitating a cohesive cross-cloud strategy that can attain business continuity,resilience,and collaboration no matter where data is located.A recent survey,part of Snowflakes Data Trends Report,CHAPTER 3 Architecting a Cloud Data Platform That Just Works 19These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.examined data usage patterns at 7,800 organizationsall Snow-flake customers.According to the survey,the number of organi-zations operating across the three leading public cloud providers(Amazon Web Services,Microsoft Azure,and Google Cloud)grew 207%during the 12 months ending January 2023.These companies need data warehouses that can store and man-age data consistently across many different geographic regions and clouds.However,when working with multiple cloud provid-ers,how do you ensure that the same security configurations,administrative techniques,analytics practices,and data pipelines apply to all your cloud providers?For example,will you have to resolve differences in audit trails and event logs or apply unique tuning and scaling techniques on each cloud?Will your security experts have to deal with varying sets of rules or work with multi-ple key management systems to encrypt data?Will data engineers have to create unique pipelines?A cross-cloud data platform enables data administrators to apply consistent policies to all data in all areas.This makes it easier to keep up with changing regulations,apply regional locality con-trols,and take advantage of whichever public cloud services best match your evolving business strategy.Once you have this type of technology layer in place,it quickly becomes a competitive advantage,allowing you to achieve results faster,comply with data governance procedures more easily,and maintain uninterrupted operations through seamless data repli-cation(see Figure3-1).A cross-cloud data warehouse provides a consistent layer of ser-vices across regions of a single public cloud provider and between major cloud providers,with the following emphases:Continuity:The data warehouse must offer inherent resiliency to eliminate disruptions,comply with changing regulations,and simplify data migrations among different vendor clouds.Governance:Your data warehouse should offer flexible policies,tags,and lineage capabilities that follow the data,ensuring consistent enforcement across users,workloads,clouds,and regions.20 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Collaboration:A cloud data warehouse should allow workers to instantly discover,access,and share data,services,and applications across clouds and regions,without requiring complex integration technology such as file transfer protocol(FTP)or extract,transform,and load(ETL)procedures.Consolidating Data for Out-of-the-Box AnalyticsOne of the fundamental principles of this book is to encour-age all stakeholders in your organization including line-of-business managers,data analysts,data engineers,data scientists,application developers,and frontline workers to actively lev-erage the same single source of data.This ensures consistent out-comes and accelerates time to insight by reducing the time spent wrangling data.In practice,rallying the enterprise around a single source of truth is rarely a seamless process,mainly due to how corporate infor-mation systems have been designed and implemented over the last several decades.Whether on-premises or in the cloud,each FIGURE3-1:A modern cloud data platform should seamlessly operate across multiple clouds and apply a consistent set of data management services to many types of data workloads.CHAPTER 3 Architecting a Cloud Data Platform That Just Works 21These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.production application creates its own data silo.For example,mar-keting data resides in a marketing automation system,sales data in a customer relationship management(CRM)system,finance data in an enterprise resource planning(ERP)system,and inven-tory data in a warehouse management system,among others.These disparities are carried over to the analytic databases derived from these production systems.Operational reporting may be the province of a data warehouse,while departmental analytics relies on data marts and data mining,or exploration requires a data lake.Sharing data among these systems may need specialized data pipelines powered by complex ETL procedures.The situa-tion has become even more complex with the rise of thousands of software-as-a-service(SaaS)tools and mobile apps,each with its own unique sources of data.Achieving operational efficiencyAll cloud data warehouse vendors offer some degree of automa-tion,but its crucial to delve deeper to determine the level of auto-mation they truly provide.Ideally,your data warehouse platform should be seamlessly managed,updated,secured,governed,and administered without requiring extra effort from your IT team.When it comes to software updates,you should automatically receive the latest functionality without enduring a lengthy,manual upgrade process.You shouldnt have to worry about planning for updates,experiencing downtime,or making modi-fications to your installation.The cloud data warehouse provider handles all administrative tasks related to storage,encryption,table structure,query optimization,and metadata management behind the scenes,effectively eliminating the need for manual administration.To determine how much work will be necessary,ask your cloud data warehouse vendor these questions:Do we have to optimize resource usage or manually scale the system,such as requesting an additional cluster when more compute power is required?Does the provider automatically apply software updates,such as security patches,as soon as those updates are available?Or does it merely manage the underlying infrastructure and require us to keep the software platform up to date?22 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Does the service automatically encrypt all our data at rest and in motion with industry-standard encryption,or do we have to set up and apply encryption to the data manually?Does the encryption system hinder query performance?Does the service scale up and out instantaneously and elastically and then release extra compute or storage resources when theyre no longer in use?Or do we have to handle these tasks manually?Does the cloud provider automatically replicate your data to ensure business continuity across regions?After cross-regional replication is established,do we have to set up change data capture(CDC)procedures to keep multiple databases in sync,or does the vendor handle that for us?Do we need to partition data,tune SQL queries,and optimize performance,or does the platform handle this automatically?Provisioning and managing resourcesYour cloud data warehouse should allow you to right-size the computing infrastructure to match the resource needs of each workload.For example,if youre running a data pipeline with low compute requirements,you can match a small cluster to that workload rather than incur the cost of an overprovisioned cluster.If you need to test new machine learning modules or run advanced analytics,you can utilize a large cluster.The best cloud data platforms have an elastic performance engine that permits variable concurrency without resource contention,tuning,or the need to manage the system.The data platform sup-ports any number of users,quantity of jobs,or volume data with reliable multi-cluster resource isolation.This gives you fine-grained scalability for each workload while minimizing usage costs.With some cloud data platforms,IT is responsible for provision-ing and managing new resources.In other platforms,all the infrastructure is provisioned and managed behind the scenes;you simply run your queries or processing jobs and the cloud data platform does the rest,abstracting technical complexities and automating system management activities in the background.CHAPTER 4 Achieving Exceptional Price and Performance 23These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Chapter4IN THIS CHAPTER Ensuring value through consumption-based pricing Using columnar storage to maximize efficiency Looking at the right metrics to keep costs down Improving performance and total cost of ownership(TCO)by fine-tuning compute resourcesAchieving Exceptional Price and PerformanceFast analytical performance is crucial for data-informed decision-making.However,the more data you ingest and process in your data warehouse,the more cloud resources you consume,which can have a direct impact on costs.There are three essential aspects to cost optimization in a cloud data warehouse:Visibility:Users can fully understand their spending and attribute it accurately to designated cost centers.Control:Administrators can set limits and take corrective actions to govern resource use.Optimization:Companies can identify inefficient spending and reallocate funds for more impact.This chapter dives into these aspects and describes how to achieve cutting-edge performance while simultaneously monitoring data warehouse costs and optimizing resource use.24 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Utilizing Consumption-Based PricingMake sure that the pricing model for your cloud data warehouse matches the value you obtain from it.Paying for a set amount of storage and computing power,commonly known as subscription-based pricing,can incur significant yearly costs and typically requires regular management.To ensure that you dont pay for more capac-ity than you need,your cloud data platform should offer usage-based pricing.Usage-based pricing allows you to choose how data users at your organization consume resources.Some cloud data platforms allow you to pay for usage per second with a one-minute minimum,increasing control over costs.Maximizing Efficiency with Columnar StorageData uploaded into the data warehouse should be reorganized into a compressed columnar format.Because columnar databases use less memory to output data,more data can be stored,speeding up queries.Examine the terms of your usage agreement:Expect to pay only for storage you use,not for excess or reserved storage capacity.You also shouldnt pay to clone databases within your data ware-house for development and testing activities.You want to be able to reference not copy your data multiple times and therefore not have to pay extra for storage.Chapter6 covers data sharing and collaboration in detail.Compute resources are more expensive than storage resources,so your data warehouse service should allow you to scale each resource independently and make it easy to spin up exactly the compute resources you need under a usage-based pricing model.The vendor should bill you only for the resources you use down to the second and automatically suspend compute resources when you stop using them.Its useful to receive those charges in an all-inclusive bill with no hidden costs or fees.CHAPTER 4 Achieving Exceptional Price and Performance 25These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Calculating and Controlling CostsAs enterprises migrate IT workloads to the cloud,theyre transi-tioning from a world of scarcity to a world of abundance marked by nearly limitless data storage resources and nonstop data pro-cessing capacity.Its important to control costs and rein in exces-sive consumption.The cost of using a cloud data warehouse is typically based on three interrelated metrics:data transfer volume,data storage consumption,and compute resources.A cloud data platform sep-arates these three services to give administrators complete con-trol over data warehouse usage.Your data platform must make it easy to track the consumption of all cloud services.This includes built-in resource monitoring and management features that provide transparency into usage and billing,ideally with granular chargeback capabilities to tie usage to individual budgets,departments,and workgroups.Data warehouse administrators can set guardrails to ensure that no individual or workgroup spends more than expected.For example,they can set time-out periods for each type of workload along with auto suspend and auto resume features to automatically start and stop resource accounting when the platform isnt processing data.They may also set limits at a granular level,such as determining how long a query can run before its terminated,which helps to avoid unexpected costs associated with runaway queries.Optimizing Performance and TCOFine-tuning the compute resources provided by a cloud data warehouse can improve the performance of a query or set of que-ries.Administrators can resize the environment whenever neces-sary,even while running production workloads in tandem.They can also start or stop the entire data warehouse at any time to optimize overall price and performance.26 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Look for a cloud data warehouse solution that automatically optimizes performance and eliminates administrative effort to incorporate new resources.Whether its search optimization(SO)capabilities,more efficient storage compression techniques,or reduced compilation time for SQL queries,you shouldnt have to do anything to gain access to new features or the latest capabilities.Thats the beauty of subscribing to cloud services from a reputa-ble data platform provider:New functionality appears instantly,without tedious upgrade cycles.Regularly released platform opti-mizations and software updates continuously improve perfor-mance,often while simultaneously lowering costs.AUTOMATION DRIVES INNOVATIONVeradigm,a Snowflake customer,is a technology company that deliv-ers care and financial solutions to healthcare providers.To provide stakeholders with actionable data and insights,the company ingests and analyzes large amounts of data on electronic health records,disease registry data,and claims data.Unfortunately,with Veradigms legacy data warehouse environment,onboarding new data sources took up to nine months.Furthermore,data processing limitations made it difficult to join tables that con-tained medication,laboratory,and other healthcare data.Realizing the need for a more modern data environment,Veradigm subscribed to a cloud data platform with a multi-cluster shared data architecture.The platform automatically scales storage and compute resources,eliminating performance issues,lowering costs,and offering more granular control.For example,one group at Veradigm reduced its resource consumption from$40,000 per month to less than$4,000 per month,even though team members were processing twice as much data.With a fully managed infrastructure and near-zero maintenance,Veradigms cloud data platform has enabled the company to support additional data use cases such as a data lake without increasing head-count and easily meets its service level agreements(SLAs)for each workload.All data resides in one multipurpose repository,which is much simpler than wrangling multiple disparate data sets.CHAPTER 5 Bolstering Data Security and Governance 27These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Chapter5IN THIS CHAPTER Securing data through encryption,user login controls,access controls,and more Applying governance policies to protect data and maintain the quality of yourdataBolstering Data Security and GovernanceIn recent years,there has been a spike in the proliferation of data generated and collected by organizations.With data from third-party sources becoming more common such as data from SaaS apps,popular application clouds,data marketplaces,data exchanges,and more data security,data privacy,data governance,and regulatory compliance have become much more complicated.Organizations need to understand the source of common threats and take a hard look at who might be trying to misuse,breach,or attack their database management systems.For example,trade secrets may be valuable to industry competi-tors,while energy grid information is a target for political saboteurs.Understanding these realities is the starting point for setting up comprehensive security,governance,and compliance policies that can be consistently enforced across your entire data estate.28 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Exploring the Fundamentals of Database SecuritySecuring your data and complying with pertinent regulations is fundamental to the architecture,implementation,and opera-tion of a cloud data warehouse service.All aspects of the service must be centered on protecting your data as part of a multilayered strategy that considers both current and evolving security threats.Your security strategy should address external interfaces,access control,data storage,and physical infrastructure in conjunction with comprehensive network monitoring,alerts,and verifiable cybersecurity practices.Eliminating security silosSome organizations enforce security and governance policies by creating unique data silos and then limiting access to each silo based on account,region,role,and other variables.This approach complicates data governance.Rather than creating unique data silos with unique data protection policies,establish universal,application-level controls that apply to one centralized repository.Just as it is important to eliminate data silos,a good security strategy seeks to eliminate identity silos as well.Encrypting data by defaultEncrypting data means applying an encryption algorithm to translate the clear text into cipher text.All warehouse data should be encrypted by default using the latest security standards and best practices.Encrypt data from the time it leaves your premises,through the internet,and into the warehouse:when its stored on disk,moved into a staging location,placed within a database object,and cached within a virtual data warehouse.Query results should also be encrypted.The vendor must protect the decryption keys that decode your data.The best service providers employ AES 256-bit encryption with a hierarchical key model.This method encrypts the encryp-tion keys and instigates key rotation that limits the time during which any single key can be used.CHAPTER 5 Bolstering Data Security and Governance 29These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Data encryption and key management must be always on and entirely transparent.Having the option to supply your own encryption keys is important so that you can disconnect the cloud provider from your data if necessary.Verifying vendor participationSome cloud data warehouse vendors automate only rudimentary security capabilities,leaving many aspects of data encryption,access control,and security monitoring to the customer.Other vendors handle these tasks for you.Before standardizing on a cloud data platform for your data warehouse deployment,ask the vendor these questions:Does the service enforce essential security attributes by default,such as encryption,threat detection,and incident response?Does it follow Center for Internet Security(CIS)Benchmarks for configuring IT systems,software,networks,and cloud infrastructure?Are security controls global,comprehensive,and easy to configure?Does the vendor subscribe to a shared responsibility model,and is it clear whos responsible for which aspects of security?Can we bring our own identity and establish SSO(single sign-on)?Can our data administrators set granular access controls(such as column-and row-level restrictions),along with role-based access to database tables?Is security applied not only to the central data repository but to external tables as well?Does the vendor regularly perform compliance audits and have the necessary security attestations to show?Patching,updates,and network monitoringSoftware patches and security updates must be installed on all pertinent software components as soon as those updates are available.The vendor should deploy periodic security testing 30 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.(also known as penetration testing)by an independent security firm to proactively check for vulnerabilities.As an added protection,file integrity monitoring(FIM)tools ensure that critical system files arent tampered with,and IP address allowed lists enable you to restrict access to the data warehouse to only trusted networks.Security“events,”generated by cybersecurity monitoring systems that watch over the network,need to be automatically logged in a tamper-resistant security information and event management(SIEM)system.Automatic alerts should be sent to security per-sonnel when suspicious activity is detected.Ensuring data protection,retention,and redundancyIn case of a mishap,you should be able to instantly restore or query previous versions of your data in a table or database within a specified retention period,as governed by your service-level agreement(SLA)with the cloud data warehouse provider.A com-plete data-retention strategy goes beyond duplicating data within the same cloud region or zone;it replicates that data among mul-tiple availability zones for geographic redundancy.Optionally,automatic failover to these other zones can ensure continuous business operations.Securing marketplace dataA growing number of organizations leverage a data warehouse to develop data applications not only for internal use but also for external use via a data marketplace.Sharing data through mar-ketplace apps necessitates another level of security.Data pro-viders must be able to guard,monitor,and review application submissions to vet potential users.In some cases,data providers create data clean rooms that enforce designated governance policies.These sanitized data sets can be confidently shared with partners and other external constituents without exposing sensitive information.Controlling user loginsFor maximum convenience and security,a cloud data ware-house will allow you to apply your chosen SSO and identity access CHAPTER 5 Bolstering Data Security and Governance 31These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.management(IAM)procedures.The data warehouse should also permit you to apply multifactor authentication(MFA)at the account level.This permits you to require some or all users to pass through a secondary level of verification such as entering a one-time security code sent to the users mobile phone.SSO procedures and federated authentication make it easier for people to log in to the data warehouse service directly from other sanctioned applications.Federated authentication centralizes iden-tity management and access control procedures,making it easier for data warehouse stakeholders to manage user access privileges.Applying access controlsTo protect sensitive data,a cloud data warehouse service must authorize users,authenticate credentials,and grant people access only to the data theyre authorized to see.Role-based access control(RBAC)policies need to be applied to all database objects,includ-ing tables,schemas,and virtual extensions to the data warehouse.Ideally,data administrators can apply granular access controls down to the rows and columns of database tables.For example,this type of control could be used to permit users to see basic employee data but not Social Security numbers,salaries,and other sensitive information.Governing How People View,Access,and Interact with Your DataGovernance policies establish rules and procedures to control the ownership and accessibility of your data.Applying global,univer-sal data governance policies allows you to scale your data estate with confidence.For example,interaction controls,like secure views,secure joins,and secure user-defined functions(UDFs),are applied as people interact with the data:Secure views give data custodians control over data access,preventing security breaches.For instance,customers can view specific rows of data from a table that excludes rows pertaining to other customers.32 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Secure joins establish linkages without revealing personally identifiable information(PII).It allows discreet connections to people,devices,cookies,or other identifiers.Secure UDFs let users analyze fine-grained data while protecting raw data from being viewed or exported by other parties.Protecting your dataOrganizations concerned about safeguarding sensitive data can control access at a more granular level.Common data protection methods include the following:Row access policies allow users to see only information relevant to them.For example,sales reps may only access customer data for their own accounts while regional managers can access all customer data within their regions.Dynamic data masking selectively conceals data during queries.This technology allows you to store PII and still perform robust analytics on the data without exposing it to unauthorized users.External tokenization transforms data into an unrecogniz-able string of characters with no meaningful value in case of a system breach.The data can be dynamically detokenized at query runtime.Classifying and identifying dataClassification and identification policies help you avoid data pri-vacy leaks and compliance breaches by tracking the types of data in use,its lineage,and how it changes.For example,you can use object tagging to control access to confidential and sensitive infor-mation such as salary amounts and Social Security numbers.Traceability tools let users track data wherever it resides,ensuring continuous protections and enabling data deletion when neces-sary(including the“right to be forgotten”).Data lineage tools,whether embedded in the cloud data platform or provided as additional services,help you understand how data flows through your data-processing systems.This knowledge CHAPTER 5 Bolstering Data Security and Governance 33These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.assists compliance officers in tracing the usage of sensitive data,including its sources,destinations,and any transformations along the way.Demanding attestations and compliance certificationsCompliance isnt just about robust cybersecurity practices.Its also about ensuring that your data warehouse provider can prove it has the required security procedures in place.Industry-stan-dard attestation reports that verify cloud vendors use appropri-ate security controls.For example,a cloud data warehouse vendor needs to demonstrate that it adequately monitors and responds to threats and security incidents and has established sufficient inci-dent response procedures.In addition to industry-standard technology certifications,such as ISO/IEC 27001 and SOC 1/SOC 2 Type II,youll want to verify that your data warehouse provider complies with all applicable government and industry regulations.Depending on your busi-ness,this could include the following:Payment Card Industry Data Security Standards(PCI-DSS)GxP data integrity requirements HIPAA/HITRUST privacy controls ISO/IEC 27001 security management provisions International Traffic in Arms Regulations(ITAR)FedRAMP certificationsAsk your providers to supply complete attestation reports for each pertinent standard.Monitoring data qualityData governance requires rigorous oversight to maintain the quality of the data your company uses internally and shares with external constituents.Bad data can lead to missed or poor business decisions,loss of revenue,and increased costs.Data stewards charged with overseeing data quality must be empowered to proactively uncover anomalies in the data,such as when data is corrupt,inaccurate,or not being refreshed often enough to be 34 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.relevant.The best data platforms include out-of-the-box sys-tem metrics for the most common types of data quality issues,and make it easy to define,measure,and monitor data quality via integrated,cloud-native facilities(see Figure5-1).Establishing comprehensive security and governance policies is not only about reducing risk but also about increasing productiv-ity.If your data platform lacks an integrated set of applications for data custodians,data stewards,compliance officers,and other experts,youll have to cobble together these capabilities from third-party tools.At best,this scattered approach will make it difficult to enforce organization-wide policies.At worst,it will introduce delays or even cause users to mistrust the data,lead-ing to poor decision-making,a lack of a data-driven culture,and inefficiency.As you provide access to your users,pay attention to these tenets of data governance:Know your data:Classify data,tag sensitive data,and audit data usage Protect your data:Secure sensitive and regulated data with granular access policies Connect your ecosystem:Seamlessly extend your data governance policies as you share data,internally and externally,across regions and clouds.FIGURE5-1:A complete cloud data platform empowers data stewards to enforce data quality via cloud-native management facilities.CHAPTER 6 Enabling Data Sharing 35These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Chapter6IN THIS CHAPTER Recognizing and overcoming technology limitations Sharing data without copying or duplication Extending security and governance policies to shared data Monetizing data and data services via a data marketplaceEnabling Data SharingData sharing is the act of providing access to data both within an enterprise and between enterprises.The organization that makes its data available,or shares its data,is a data provider.The organization that wants to use the shared data is a data consumer.Any organization can be a data provider,a data consumer,or both.Theres an abundance of potential value to unlock from the worlds burgeoning data sources.Until recently,however,no technology existed for sharing data without a significant amount of risk,cost,headache,and delay.Confronting Technical ChallengesTraditional data-sharing methods,such as File Transfer Protocol(FTP),application programming interfaces(APIs),and email,require you to make a copy of the shared data and send it to your data consumers.These cumbersome,costly,and risky methods produce static data that quickly becomes dated and must be refreshed with more current versions,requiring constant data movement and management via data pipelines,and causing a loss 36 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.of data version control.These complexities,coupled with data-base inconsistencies,authenticity headaches,and the difficulty of sharing large volumes of data add up to frustrating,expensive,and time-consuming data exchange processes.Look for a cloud data platform that allows you to accomplish the following:Share data easily and securely across clouds,companies,teams,departments,functions,and business units Easily set up security and governance with built-in permis-sions and roles for ease of administration Share data,views,and dashboards to permit collaborative decision-making through a single,consistent user interface Deliver direct access to live,ready-to-query data across clouds and regions with on-demand fulfillment and no programmatic APIs,FTP transfers,or ETL procedures Safely share highly sensitive or regulated data without exposing it to unauthorized users by applying privacy-enhancing technologies and cross-cloud data clean roomsSharing without CopyingA cloud data platform is ideal for a data-sharing service because it enables authorized members of a cloud ecosystem to tap into live,read-only versions of the data.Organizations can easily share and receive slices of data in a secure and governed way.This method doesnt require data movement,extract,transform,load(ETL)technology,or constant updates to keep data current.Theres no need to transfer data via FTP or to configure APIs to link applica-tions.Because data is shared rather than copied,no additional cloud storage is required.With this superior architecture,data providers can easily and securely publish data for instant dis-covery,query,and enrichment by data consumers,as shown in Figure6-1.CHAPTER 6 Enabling Data Sharing 37These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Protecting Sensitive DataIn some cases,portions of a data warehouse are subject to strict security and confidentiality policies.Before you can share these parts of the data set,you may need to mask or anonymize certain fields,rows,or columns.This allows people to analyze the data without seeing the sensitive data elements.Choose a cloud data platform that allows data providers to easily control access to individual database tables with granular protec-tions policies and privacy-enhancing technologies.All the per-tinent data security and governance capabilities should apply to your data-sharing architecture(for more on this,see Chapter5).For example,controlling who can view and analyze sensitive or regulated data should be easy.Furthermore,you need to be able to share tables without exposing designated elements,either through privacy-enhancing technologies,such as aggregation and projection constraints,or data clean rooms.Monetizing Your DataModern data-sharing technology sets the stage for collaborat-ing and monetizing data via marketplaces online communities that facilitate the purchase and sale of data and data services.For example,a telecommunications company can sell location data FIGURE6-1:Identifying the attributes of modern data sharing.38 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.to help retailers target consumers with ads.Consumer packaged goods companies can share purchasing data with online advertis-ers or directly with customers.In addition to monetizing data,a marketplace allows you to monetize business logic,such as user-defined functions(UDFs),as well as applications.If sharing data and applications through a marketplace is impor-tant to you,opt for a cloud data platform that has a thriving marketplace associated with it.Some platforms make it easy to discover third-party data,data services,and applications from hundreds,or even thousands,of providers,and can market and deliver your data products and services(see Figure6-2).Marketplace customers can use cloud credits and budgets to purchase data and data services.Such platforms may also offer built-in facilities to meter application usage and handle the asso-ciated billing.These capabilities allow data providers to focus on supplying value-added data services rather than getting caught up in administrative chores.FIGURE6-2:A cloud data platform enables you to securely leverage your data warehouse to share and collaborate with your data,for every scenario.CHAPTER 7 Advancing Analytics 39These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Chapter7IN THIS CHAPTER Accommodating geospatial analytics Optimizing search activities Exploring the benefits of ML-powered functions Developing AI applications Understanding the importance of automationAdvancing AnalyticsBusiness intelligence(BI)is no longer merely the domain of executives,professional analysts,and data scientists.An effective cloud data platform that supports data warehouse workloads establishes not only a common repository for all types of data and analytics but also empowers diverse teams to collab-orate and easily manage data.Popular analytic methods include the following:Ad hoc analytics allow business users to answer discrete business questions iteratively,such as tracking monthly sales or reviewing on-hand product inventory.Dynamic elasticity and dedicated resources for each workload power these queries without slowing down other workloads.Event-driven analytics constantly incorporate new data to update reports and dashboards so managers can monitor the business in real time or near-real time.Ingesting and processing streaming data requires an elastic data ware-house to handle variations and spikes in data flow.Embedded analytics operate as separate and distinct business processes within applications.The cloud facilitates data transfers from cloud-based applications to a cloud data warehouse where inherent scalability and elasticity can better support fluctuations in users and workloads.40 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.The data warehouse workload in your cloud data platform should support a broad ecosystem of third-party BI solutions,as well as offer native tools for specific types of analysis.Some of the pri-mary capabilities are summarized below.Considering Geospatial AnalyticsMost companies use geospatial data due to its capability to offer insights into location-based trends and patterns.For example,retailers collect geospatial data about sales territories,store loca-tions,and customer addresses to design better supply chains.Healthcare companies collect geospatial data to track the pene-tration of viruses and diseases.Telecommunications firms use it to monitor subscriber usage and optimize their communications networks.Logistics companies collect it to plan routes and opti-mize shipping activities.In some cases,this data is stored as sim-ple numeric coordinates.In other cases,it resides in specialty data types such as spherical(geography)or flat surface(geometry).Collecting and analyzing spatial data involves new methods of data integration,analysis,governance,and interpretation.Tradi-tional data warehouse systems cant handle location data at scale because they have limited processing power,lack robust spatial analysis capabilities,and are difficult to integrate with geographic information systems(GIS).Select a data platform that can store and process any type of spatial vector object and perform complex geospatial transfor-mations,such as converting geographic coordinates to street addresses.The processing engine must be able to handle location data at scale and seamlessly integrate with leading GIS tools.Optimizing Search FunctionsSearch optimization features can significantly improve the perfor-mance of certain types of queries on tables such as the following:Queries that use selected geospatial functions with geogra-phy values Selective point lookup queries on tablesCHAPTER 7 Advancing Analytics 41These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Substring and regular expression searches Queries on fields in columns that use certain types of predicatesYour cloud data platform should offer optimized search capabili-ties that allow analysts to efficiently explore and query large vol-umes of data for point lookup queries,log analytics,star joins,substring searches,and geospatial searches.These capabilities are especially useful for needle in the haystack searches(such as a customer lookup)along with cybersecurity and log search use cases(such as when an analyst seeks to find the logs for a partic-ular IP address).Arming Data Analysts with MLMany data analysts want to take advantage of the benefits of machine learning(ML)but are daunted by the complexity of ML frameworks.In response,some cloud data platform vendors have created SQL functions that use ML to detect patterns in data.When backed by a robust data processing engine,these ML func-tions make it easy to scale from one to millions of dimension-value combinations.In addition,data engineers can integrate calls to these functions into their data pipelines just as any other SQL function.Some examples of SQL functions with ML under-the-hood include the following:Forecasting functions allow data scientists to construct accurate time series forecasts with automated handling of seasonality,scaling,and other variables.Anomaly detection functions empower analysts to find outlier events that should be investigated for suspicious activity,along with unlikely situations that should be excluded from future analysis.Developing AI ApplicationsYou may start out using a cloud data platform for a traditional warehousing workload.As your volume of data grows,as your data analysts advance,and as you hire data scientists to join your team,you can start using the cloud data platform to store and 42 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.process artificial intelligence(AI)/ML workflows,train predictive models,and then put those models into production.ML algorithms learn from data;the more data you provide,the more capable they become.A cloud data platform gives you one place to instantly access all relevant data for AI and ML workflows without complex data pipelines.It enables data science teams to store and process nearly limitless volumes of data at a progres-sively lower cost via powerful arrays of computers that can be scaled up and down at will.It unifies data security and data gov-ernance activities,fosters collaboration,and provides elastic scal-ability for data science and related analytic endeavors.The most advanced cloud data platforms allow developers to deploy containerized data apps on accelerated computing infrastructure such as leading graphical processing units(GPUs),expanding the processing power that can be applied to these resource-intensive workloads.One popular application for these advanced process-ing scenarios is the ability to natively run large language models(LLMs)within the platform and access them through an associ-ated marketplace.This arrangement allows cloud data platform customers to utilize these applications within their own accounts.Although your data platform should be able to securely deploy and process non-SQL code including Python,Java,and Scala SQL remains the industry standard for querying data.As such,your cloud data platforms data warehousing workload should include innovative SQL tools for data management,data transformation,data integration,visualization,BI,and all types of analysis.Automating Development,Deployment,and MonetizationAs AI becomes a more important aspect of many of todays soft-ware development projects,a cloud data platform gives advanced data analysts and data scientists native tools to facilitate ML application development such as turning data and ML models into interactive applications.These platforms should work readily with popular open-source frameworks,tools,and languages,and include native libraries and functions that automate the data sci-ence life cycle.Some platforms even have out-of-the-box capa-bilities to turn Python scripts into web apps with no front-end development required.CHAPTER 8 Four Steps for Getting Started with Cloud Data Warehousing 43These materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Chapter8Four Steps for Getting Started with Cloud Data WarehousingT his chapter guides you through four key steps to choosing a cloud data warehouse for your organization.Step 1:Evaluate Your NeedsConsider the nature of your data,the skills and tools already in place,your usage needs,your plans,and how a cloud data platform can take your business in new directions.Think beyond data warehousing(storing and analyzing data).Ideally,you want one integrated platform that enables many workloads,including data warehouses for analytics;data lakes for data exploration;data engineering for data ingestion and transformation;data science for developing predictive applications and machine learn-ing(ML)models;data application development and operation;and data sharing for easily and securely sharing data among authorized users.44 Cloud Data Warehousing For Dummies,3rd Snowflake Special EditionThese materials are 2024 John Wiley&Sons,Inc.Any dissemination,distribution,or unauthorized use is strictly prohibited.Step 2:Migrate or Start FreshAssess how much of your existing environment should migrate to the new data platform and what should be built from scratch.Defining strategy and goals,taking account of budget and resources to migrate,and understanding your data volume can help you make this decision.To better understand which approach is best for your organization,talk to the professional services team of the data platform youre considering.Your BI solutions,data visualization tools,data science libraries,and other software development tools must easily adapt to the new architecture.Step 3:Calculate TCOSelect a vendor that allows you to pay for actual usage in per-second increments.Consumption-based pricing eliminates soft-ware license fees,reduces infrastructure costs,and minimizes maintenance so you can reallocate technology resources to higher-value business priorities.Plus,when it comes to minimiz-ing TCO,dont overlook the value of productivity.Dont overlook the savings possible with features such as scaling up and down dynamically in response to changing demand.Step 4:Set Up a Proof of ConceptRequest a POC from a prospective vendor with the general under-standing that if the solution performs satisfactorily,youll sub-scribe to the service.A proof of concept(POC)tests a solution to determine how well it serves your needs and meets your success criteria.Request a POC from a prospective vendor with the general understanding that if the solution performs satisfactorily,youll subscribe to the service.Obtaining first-hand experience via a POC will set you up for success with future data warehouse endeavors.WILEY END USER LICENSE AGREEMENTGo to to access Wileys ebook EULA.

0人已浏览 2024-05-17 52页 5星级

Winning with AI:New Repricing Strategies for Todays Amazon Seller2 FEEDVISORWinning with AI:The Benefits of Enhanced Repricing on AmazonIn the early days of the Amazon Marketplace,it was relatively easy for sellers to compete for and win the Buy Box.The market was less crowded,competition was less complex,and the frequency of price changes was lower.As the marketplace evolved,Amazon developed a hyper-sophisticated,near real-time system that notifies sellers via an API on every intended price change,allowing sellers to respond intelligently and timely.This change resulted in an environment more dynamic and competitive than ever before,where sellers now utilize repricing technology to constantly respond to market changes.The Opportunity for AIThe heightened awareness and increased responsiveness of sellers to price fluctuations have forged an unprecedented opportunity for advanced AI systems to comprehend how competitors react to such changes.Armed with this knowledge,these intelligent systems can strategically influence the market in a predetermined direction.Imagine a seller who wants to increase their profitmargin.Feedvisor saw this opportunity to leverage AI,engineering its advanced algorithmic repricer to be able to:1.Analyze the patterns of their competitors pricemoves.2.Learn that competitors tendencies.For example,Feedvisors AI can follow an increase or a price decrease,and gauge that the competitors typically alter their price within 15 or so minutes of the change.This knowledge enables the AI to execute autonomous price changes that will eventually trigger competitors to move their prices in the direction of the AIs choice while maintaining or increasing Buy Box share through hyper-fast price changes.These higher prices can lead to better profit margin,meeting the business objective of the seller.In another example,lets say that the Feedvisor AI detects a competitor that configured their repricer to raise the price periodically,wait for a specific time,and return to the original price.The AI can learn this pattern and leverage this knowledge by either reciprocating with a price increase if the objective is to increase profits or ignoring it if the aim is to focus on sales.This unique ability to learn and predict competitors moves enables Feedvisors customers to be in a position where they lead the market to comply with their own business strategy rather than blindly follow others moves.3 FEEDVISORWINNING WITH AI:THE BENEFITS OF ENHANCED REPRICING ON AMAZONBuy Box Competition and Consumer DemandMost merchants that compete for the Buy Box do not take consumer demand into consideration.They assume that the competition between sellers will always drive the market to the most competitive price.This might have been the case when the Amazon marketplace was less sophisticated and responsive and might still be the case today for the most popular and competitive products.However,highly responsive sellers obsessed with Buy Box share alone often raise prices in unison.For example,when one seller raises the price,another seller sees the opportunity to win the Buy Box at a higher price and reciprocates by raising the price as well and so forth.All this may result in a significant price hike in a very short period.A rapid price hike often leads to significantly softer consumer demand,and eventually,the very same Buy Box share will lead to much lower sales volume.In some cases,the drop in volume may exceed the increase in margin,resulting in the drop in the overall profit dollars.Buy Box Competition and Price WarsLike price increases,competitive price drops,known as price wars,can develop quickly.When one seller drops the price and wins the Buy Box,other sellers programmed to respond will lower the price even further,creating a vicious cycle of rapid price drops.At the same time,sellers and their prices are highly reactive,with little effort in trying to change the dynamics.A result of such a cycle is a rapid drop in margin,which may exceed the gain in volume and result in lower profit dollars.Win on Amazon with advanced AI-Driven repricing: FEEDVISORWINNING WITH AI:THE BENEFITS OF ENHANCED REPRICING ON AMAZONA Unique Advantage:AI-Driven Optimization Strategies for Buy Box SellersEvery seller has different goals,and every item in their catalog has unique goals and competitive dynamics.Precision is needed.Being an autonomous AI optimization system,Feedvisors platform can be tuned to meet sellers specific business goals.The repricer includes three objectives for sellers to instruct the AI,from which the system will autonomously execute optimization actions to achieve the objectives.Increase margin,maintain unit salesIncrease unit sales,maintain marginMaximize unit sales regardless of marginTHE FIRST BUSINESS OBJECTIVE:Increase margin and maintain unit salesAllows sellers to optimize overall profit through margin increase.Feedvisors AI will execute a sequence of autonomous price changes,eventually leading the competition to raise prices.The Feedvisor AI will continuously monitor the demand as a function of price changes.If it detects that the demand is inelastic and consumers keep buying at the higher price range,it will keep raising the price.However,if it detects that demand starts to drop,it will stop leading the market higher and direct it to the optimal price range from the demand perspective.While executing this strategy,Feedvisors AI continuously monitors Buy Box share and competitive response.It does not allow for a drop in Buy Box share as it can learn if competitors do not reciprocate to the price increases.THE SECOND BUSINESS OBJECTIVE:Increase unit sales and maintain marginsAllows sellers to achieve higher sales velocity by exploring lower price ranges.Under this strategy,Feedvisors AI will continuously search for opportunities to win more Buy Box by lowering the price without engaging in a price war.The moment Feedvisors AI detects that the price war has begun,either because of Feedvisors or competitive actions,it will immediately act to slow it down by raising the price and signal a consistent unwillingness to engage in the price war.This strategy is a great fit for a seller who wants to move their inventory faster but doesnt want to engage in price wars or see massive drops in margin.Feedvisors AI will always analyze the impact of a price drop versus a decline in margin and will pursue price drops only if an increase in sales exceeds the decrease in margin.THE THIRD BUSINESS OBJECTIVE:Maximize unit sales regardless of marginAllows sellers to move inventory as fast as possible without considering margin impact.Under this strategy,Feedvisors AI will not shy away from price wars.In addition to its objective to win the Buy Box,the AI will explore lower price ranges to determine price elasticity.If it detects that demand is elastic,it will act to determine the optimal price point where demand is maximized.Combining maximal demand and maximal Buy Box share allows the seller to maximize sales velocity.5 FEEDVISORWINNING WITH AI:THE BENEFITS OF ENHANCED REPRICING ON AMAZONPrime vs.Non-Prime Buy BoxUnlike before,Amazon now awards Buy Box differently to Prime and non-Prime buyers.Prime offers are typically cheaper than non-Prime offers,and therefore,Prime users will normally see Prime offers in the Buy Box.Non-prime users,who pay extra for prime shipping,will often find non-prime offers more attractive,and Amazon will typically award Buy Box to such offers for non-prime users.However,if the price of the Prime offer is low enough,Amazon may still decide to offer a non-Prime Buy Box to such a Prime offer.A similar logic works for a non-Prime offer that wants to compete for the Prime Buy Box.Feedvisor allows sellers the flexibility to either compete for the Buy Box in their own fulfillment channel or for both Prime and Non-Prime.In most cases,sellers want to compete in their own fulfillment channel:sellers that fulfill via FBA or seller-fulfilled Prime compete for Prime Buy Box,and sellers that fulfill FBM(non-prime)compete for non-Prime Buy Box.In some cases,it makes sense for sellers to compete for both Prime and non-Prime Buy Boxes.For example:If sellers want to move their inventory faster and are less margin-sensitiveWhen a seller detects that they own a high degree of Buy Box in their own fulfillment channel,but their sales volume declines.This can be caused by the relatively high demand for the product outside their fulfillment channel,which“eats your lunch”.In such cases,competing for both Prime and Non-Prime Buy Boxes makes a lot of sense.6 FEEDVISORWINNING WITH AI:THE BENEFITS OF ENHANCED REPRICING ON AMAZONNational vs.Regional Buy BoxesWith the evolution of Amazon FBA infrastructure and various 3PL solutions,delivery speed and cost now vary substantially between regions.It enables sellers to offer more attractive prices for their products regionally.As a result,depending on the consumers zip code,the offers in terms of price and speed can differ substantially.Amazon has responded to this trend by allowing different offers to win the Buy Box in different regions.From the sellers perspective,it means multiple concurrent Buy Box winners.A super-aggressive seller,however,can force only one winner of the Buy Box across all regions.It would require more aggressive pricing and potentially compromise the margin,but it is a viable strategy for sellers looking to move their inventory or dominate the market aggressively.Feedvisor enables sellers to define their strategy regarding regionality.A seller can either aim for a higher profit margin while potentially losing the Buy Box in some regions or aim for aggressive market domination at the expense of the margin.Win on Amazon with advanced AI-Driven repricing: FEEDVISORWINNING WITH AI:THE BENEFITS OF ENHANCED REPRICING ON AMAZONInventory Management:A Bigger Focus for Merchants in 2024In 2023,Amazon achieved its quickest global delivery speeds for Prime members by prioritizing regional fulfillment centers,marking its fastest shipping speeds to date.Looking ahead to 2024,the e-commerce giant is determined to enhance its supply chain and inventory management throughout its marketplace.For instance,Amazon is rolling out a new low-inventory-level fee to encourage sellers to enhance their inventory management and speed up distribution within fulfillment centers.This fee is designed to tackle situations where sellers keep insufficient inventory compared to their unit sales,which can hinder Amazons ability to efficiently distribute products through the FBA network.This,in turn,affects delivery speed for customers and raises shipping costs for the company.New Inventory Health Reports Amazon has also recently upgraded its FBA(Fulfillment by Amazon)Inventory reporting,introducing more dynamic,real-time data and additional metrics for sellers.This enhanced system now categorizes inventory with different states and provides insightful fee forecasts based on these states.Notable improvements include:Fresher Data:The data refresh rate has been increased to 1 day,a significant improvement from the previous 10 days.Inventory Tagging:Items are now tagged with labels such as Healthy,Excess,Low Inventory,and Out of Stock,allowing sellers to quickly assess their stock status.Comprehensive Metrics:Numerous metrics have been incorporated to calculate the various inventory states mentioned above,providing sellers with a more comprehensive view of their stock performance.Fee Forecasting:The system now forecasts fees based on the inventory states and metrics,helping sellers anticipate costs more accurately.Recommendations:Sellers will benefit from a range of recommendations,including replenishment suggestions,enabling them to optimize their inventory management strategies.These enhancements aim to empower merchants with valuable insights and tools for better decision-making and improved overall efficiency within the FBA system.Leverage inventory-aware repricing to mitigate fees: FEEDVISORWINNING WITH AI:THE BENEFITS OF ENHANCED REPRICING ON AMAZONFulfillment fees make up a substantial percentage of these costs;FBA fees make up to 35%of a typical sellers total fees.2 With this in mind,its more important than ever for sellers to protect their profits against inventory fees.Using this updated data,Amazon gains improved insights into inventory states,influencing both past and predicted fees.In light of these new capabilities,sellers need to swiftly adapt to safeguard their profits.Its crucial for sellers to accurately grasp the inventory status per SKU and take appropriate actions to mitigate fee-related risks.Failure to do so could lead to:Increased Fees:Amazons charges are directly linked to inventory states.For instance,excessive inventory or low stock levels can impact fees related to storage,fulfillment,and other services.Negative Buy Box Visibility Impact:While current penalties like visibility restrictions or Buy Box(BB)ineligibility may not be in effect,theres a potential for Amazon to introduce such measures in the future.Amazon now takes 45 cents in fees out of every dollar of third-party sales at its marketplace.1*Projected for the full year based on the first two quarters.Referral FeesSeller Advertising FeesFulfillment(FBA)FeesOther FeesAmazons Revenue from Seller Feesin the U.S.by Type of Fee1 Prospect2 Marketplace Pulse3 Amazons Monopoly Tollbooth in 2023New Fees9 FEEDVISORWINNING WITH AI:THE BENEFITS OF ENHANCED REPRICING ON AMAZONLeveraging Repricing Technology to Protect ProfitsTaking action based on Amazons new recommendations is akin to threading a needle.The ideal solution not only optimizes current fees but also safeguards against possible future penalties or restrictions that Amazon might impose on sellers who neglect proactive inventory management.Since moving inventory takes time and is often challenging to rectify,its essential to swiftly comprehend the inventory situation,identify necessary actions,and implement them in a timely manner to prevent incurring fines from Amazon fees.Sellers need a solution that can not only provide invaluable information about their inventory,but also turn this information into actionable strategies that impact how quickly products move off the shelves,ultimately influencing profitability and efficiency.In the wake of these new fees,sellers must grasp their inventory status using Amazons metrics,allowing them to maintain a healthy inventory and steer clear of fees tied to excess or low stock.Feedvisor is evolving to not only assist sellers in pricing and Buy Box strategies but also to dynamically respond to changes in inventory states,automating actions for optimal results.What sets Feedvisor apart is our ability to not just present this information analytically,as most vendors will do,but to empower sellers to take action based on it.Were not just providing insights;were enabling sellers to influence and optimize their inventory velocity-essentially,how fast their products move.How do we do it?Feedvisors differentiation lies in its capacity to act on the data provided by Amazon.While other vendors may offer similar insights,very few can translate them into actionable strategies.Fedvisor,on the other hand,is building off of its ability to help sellers with pricing strategies and profitability by integrating the inventory velocity dimension.10 FEEDVISORFinal ThoughtsThe Amazon Marketplace has evolved substantially over the last few years:it has become more competitive,dynamic,and sophisticated.To win in such an environment,sellers need a technological solution that can help them better analyze the market,predict competition,and be able to lead the market to comply with their business strategy.Adaptation is the key to survival.Proactive inventory management is a strategic imperative for online sellers looking to thrive in an environment where fulfillment fees continue to increase.By integrating a dynamic pricing system that considers the interconnected web of e-marketplaces and inventory levels,sellers can position themselves as leaders in the online retail arena.The time to embrace the future is now,and it begins with the adoption of advanced repricing technology.Feedvisors AI can learn the competitors behavior and predict their response;it is the only solution capable of directing market moves per seller-defined business strategy,delivering revenue and profit increases and overall business growth.See the power of AI-based repricing,free for 14 days.Drive Demand and Sales with AI-Powered,Inventory-Aware Repricing and Advertising Optimization,Starting at$100 a MonthThe Top AI-Powered RepricerHarness the power of the most advanced AI technology to gain a competitive advantage and optimize your pricing strategies.Maximize Campaign Performance Leverage impactful advertising optimization,driving keyword harvesting and campaign optimization.Data-Driven Insights Make informed decisions with access to real-time market data and performance analytics.64%increase in revenue 40%increase sales51%improvement in sales rankOur clients see results:Start your 14-day free trial: have used Feedvisor for almost 5 years now.I can clearly say that we would not be as successful as we are on Amazon without Feedvisor.We have been able to reliably grow our sales year over year and stay competitive without increasing our inventory liability,thanks to the reporting and repricing feature in Feedvisor.-Steven L.,E-Commerce Specialist“REPRICING OPTIMIZATION|ADVERTISING OPTIMIZATION|POWERFUL ANALYTICSExperience the power of Feedvisor with:Increased Profitability Maximize profit margins by automating pricing strategies and identifying revenue opportunities.Pre-Built Optimization Strategies Customize your repricing strategy to your unique business needs with an array of profit to revenue-oriented strategies.Optimize Inventory ManagementManage your inventory levels to steer clear of fulfillment fees with intelligent,inventory-aware repricing.Try Us Free Today

0人已浏览 2024-05-17 11页 5星级

1FINANCIAL SERVICES DATA AI PREDICTIONS 2024FINANCIAL SERVICESDATA AI PREDICTIONS 20242While global markets show signs of improvement,the longer-term economic forecast indicates potential storms ahead for the financial sector.To remain competitive in this climate,financial services organizations need to become more agile and focused on cost optimization to remain competitive.They must also contend with the disruptive arrival of generative AI(gen AI).If financial services organizations implement this pivotal new technology improperly,they risk wasting millions of dollars and creating reputational or regulatory harm.If they are strategic about gen AI,however,they can accelerate growth and stay ahead of the competition.To learn more about the impact generative AI and other developments will have in the coming year,we sat down with our in-house experts to hear their predictions.In our report Data AI Predictions 2024,we cover artificial intelligence(AI),cybersecurity and open-source technologies that will transform the broader landscape in the years to come.Here,well focus on whats next for the financial services sector in particular.3FINANCIAL SERVICES DATA AI PREDICTIONS 2024123456THESE ARE SIX OF THE MOST IMPORTANT INDUSTRY TRENDS WERE TRACKING FOR 2024:Gen AI will be a make-or-break technologySpecialized AIs integrated with data sharing will be a competitive differentiatorMining unstructured data will be key to unlocking novel analyticsStrong data security for gen AI will be a defining factor for growthLeaders will stay nimble to meet quickly shifting regulatory requirementsA strong data strategy will distinguish industry leaders from followersFinancial institutions that unravel the complexities of gen AI and can create proprietary gen AI models will see major competitive advantage and value creation as they transform customer experience,streamline operations and reduce waste.But for others,implementing gen AI will be complex,costly and insufficient in providing competitive differentiation.Accessing the vast volumes of data and compute capacity required to train and fine-tune large language models(LLMs)can be costly.Some analysts and technologists estimate the cost to be in the millions of dollars.Organizations will need to consider whether they want to create their own LLM trained on specific data,fine-tune a ready-made commercial or OSS LLM for a specific use case or implement a commercial LLM for the entire organization.The decision will likely hinge on several factors,including fine-grained access control to critical data and the availability levels of budget,time and specialized skills.According to our internal technology experts,these will be the most important data requirements for gen AI and LLMs:Strong security and governance:To protect personally identifiable information,enforce regulatory and business-critical fine grained access controls,ensure ethical data use and mitigate potential risks,strict security and governance capabilities are essential for model training and use.Scale of data:Access to large volumes of data is required to train or fine-tune LLMs.Data quality:AI systems are only as good as the data theyre built on,and poor data quality can lead to data bias.Compute power:AI models require substantial computational resources for actions such as processing large datasets,making complex computations and processing data in real time.The foundation for success is a data platform that allows flexible,cost-effective ways to access gen AI whether organizations want to use off-the-shelf commercial and OSS LLMs for simple workloads or fine-tune their own LLMs for more complex applications.4FINANCIAL SERVICES DATA AI PREDICTIONS 2024GEN AI WILL BE A MAKE-OR-BREAK TECHNOLOGY“In 2023,nothing captured the imagination of the financial services industry more than generative AI,”says Rinesh Patel,Snowflakes Global Head of Financial Services.“While it will unlock enormous productivity and open up countless opportunities,organizations will also have to mitigate the risks of ungoverned usage to deliver successful outcomes.Unified data access,strong governance and robust security combined with technical expertise and a clear understanding of business objectives will be essential.”Gen AI will become the modus operandi of customer interactionPublic sentiment for the financial services industry took a hit in the aftermath of the 2008 financial crisis.Since then,organizations have invested heavily in improving their relationships with clients.But customer satisfaction for companies in this space still lags behind brands in other sectors such as technology,retail and consumer goods.To improve customer experience,financial services institutions will invest heavily in gen AI to develop customer interfaces that speed response times and simplify bureaucratic complexity.In fact,gen AI will become the new model for how customers interact with their bank or insurer.Popular enterprise gen AI use cases that can improve customer engagement include conversational copilots for data and document analysis and summarization,and report generation.Chatbots or virtual assistants can now answer questions regarding investment ideas,portfolio performance,account information,and claims or fraud concerns.In wealth management,gen AI can support better investment decision-making and help improve the client experience.Gen AI will not replace financial services professionals who can develop client relationships and understand the complexities of client needs.Instead,it will deliver faster information and analytics,enabling client-facing employees from call center agents and branch managers to financial advisors and private bankers to serve customers more efficiently.“Gen AI presents opportunities to refine and redesign the customer experience,”says Patel.“Copilot-enabled user experiences will streamline and enhance consumer interactions with services provided by a bank,insurer or asset manager.Todays asset owners and managers struggle to get deep and timely insights.Were already seeing gen AI transform the institutional client experience with custodian banks.”5FINANCIAL SERVICES DATA AI PREDICTIONS 2024SPECIALIZED AI APPLICATIONS INTEGRATED WITH DATA SHARING WILL BE A COMPETITIVE DIFFERENTIATOREconomic volatility is driving financial institutions to seek new revenue streams.One potential source is data sharing.Financial services companies have robust client and transaction data that can power gen AI-enabled insights both within and outside their organization.For example,custodian banks are building applications that provide institutional clients with gen AI-powered assets and security servicing data,models and analytics.Payment companies are using transaction data and analytics to support their customers in tackling fraud and better managing risk.Exchanges and data providers are packaging their data with AI applications to drive differentiation for their customers.The opportunities to reduce waste,streamline operations,reduce complexity and improve time-to-analytic-insight through a data-sharing ecosystem will be significant.But sharing such data easily and securely has been a challenge with traditional data platforms.Financial services organizations need a modern data platform that allows them to to anonymize data and share it without moving or copying it,or risking the exposure of PII.Increasingly,financial institutions will monetize their data through apps and data marketplaces.The ones that do so successfully will gain a competitive advantage.“When it comes to enabling a next-generation data experience for our customers,data sharing will remove the need to physically move data in large volumes from vendors to customers and from customers to counterparties and regulators,”says Patel.“This opens up completely new opportunities for revenue streams from data sharing and better business decision-making.”When it comes to enabling a next-generation data experience for our customers,data sharing will remove the need to physically move data in large volumes from vendors to customers and from customers to counterparties and regulators.”RINESH PATEL,Global Head of Financial Services,SnowflakeMINING COMPLEX UNSTRUCTURED DATA WILL BE THE KEY TO UNLOCKING NOVEL ANALYTICS By harnessing the power of unstructured data,organizations will be able to transform their customer 360 initiatives,accelerate customer onboarding and better enact know your customer processes.”RINESH PATEL6Much of the worlds data is unstructured,and thats not going to change any time soon.Financial services companies that can harness that data for gen AI-enabled insights will reap the rewards.They will be able to open up new analytics use cases in every subsector from banking and asset management to payments and insurance.From customer onboarding and claims management to due diligence and company valuations,banks and insurance companies spend a significant amount of time and resources looking for information in documents.Gen AI can help employees more effectively find and understand information in contracts,credit memos,reports and other unstructured PDF documents.Payment and insurance companies can use gen AI to analyze large volumes of unstructured data and deliver faster customer service through chatbots.The possibilities are endless.But traditional data management systems struggle to store and process vast troves of unstructured data ranging from emails and social media posts to scanned documents,video and audio recordings.A modern data platform with cloud-based storage and processing capabilities can scale to handle that data according to organizational needs.“So much information about the customer is locked in unstructured data such as call center transcripts,tax documents,application forms and social media posts,”says Patel.“By harnessing the power of unstructured data,organizations will be able to transform their customer 360 initiatives,accelerate customer onboarding and better enact know your customer processes.”FINANCIAL SERVICES DATA AI PREDICTIONS 20247STRONG DATA SECURITY WILL BE A DEFINING FACTOR FOR GROWTHData privacy and security concerns are top of mind among financial services leaders,and rightfully so.In 2022,financial services companies were the second-most-targeted industry for cyberattacks that resulted in data compromises,behind only healthcare.And even as recently as November 2023,the U.S.financial services division of Chinese bank ICBC was hit by a cyberattack that reportedly disrupted U.S.Treasury markets.This demonstrates how gen AI is a double-edged sword in the realm of financial services cybersecurity.On one hand,it can boost security by detecting risks and providing immediate automated responses.On the other,it can introduce new vulnerabilities.“Robust security and governance controls sit at the heart of any enterprise data strategy and now at the core of gen AI implementation,”says Patel.“Poor data control in these areas has real consequences.Were talking about noncompliance and spiraling costs,as well as poor customer experience and damaged reputations.”This is why organizations will increasingly focus on security and governance capabilities to realize the value of gen AI while mitigating the risks.Leading financial institutions will rely on strong data foundations that share,secure and govern data throughout the entire business ecosystem as they build gen AI solutions.Theyll prioritize data solutions that work across clouds.Theyll also prioritize platforms with built-in,highly observable and easy-to-use security capabilities that strengthen the business while helping them more effectively respond to threats.FINANCIAL SERVICES DATA AI PREDICTIONS 20248FINANCIAL SERVICES DATA AI PREDICTIONS 2024LEADERS WILL NEED TO STAY NIMBLE TO MEET QUICKLY SHIFTING REGULATORY REQUIREMENTSGen AI will face increasing regulatory scrutiny as governments worldwide try to stay ahead of concerns about data privacy,intellectual property rights and the misuse of AI-generated content.In the U.S.,in an effort to prevent firms from placing their interests ahead of their investors,the SEC recently proposed new rules that would require broker-dealers and investment advisers to take steps to address conflicts of interest associated with their use of predictive data analytics and similar technologies to interact with investors.China published draft provisions for regulations that aim to ensure the healthy development and standardized application of gen AI.And the European Union is finalizing its A.I.Act,which aims to strengthen rules around data transparency,human oversight and accountability.The quickly evolving landscape presents a challenge for companies looking to stay compliant with gen AI regulations.Businesses with strong compliance,AI governance and data security programs will be well-positioned to handle future policy changes and pivot their operations accordingly.Financial services companies that can keep their risk and compliance teams nimble to meet changing reporting needs will be poised to lead the industry.“How firms operationalize in the cloud is now also increasingly under regulatory scrutiny,with global organizations having to meet the demands of different regulators in different regions,many with potentially different regulatory reporting requirements,”says Patel.“Organizations with a wide geographical reach will have to account for these myriad reporting requirements.Theyll need to adjust their data strategies or architectures to accommodate these jurisdictional requirements and spin up workloads accordingly.There is a new bar for doing business in the cloud.”How firms operationalize in the cloud is now also increasingly under regulatory scrutiny,with global organizations having to meet the demands of different regulators in different regions RINESH PATELFINANCIAL SERVICES DATA AI PREDICTIONS 2024A STRONG DATA STRATEGY WILL DISTINGUISH INDUSTRY LEADERS FROM FOLLOWERSCompanies that stay ahead of the trends will be able to leverage gen AI for maximum growth.To do it,they need a strong data strategy that involves several key elements.Here are four of the most important:Access:Establish access to data from various sources.Data silos will only make outputs incomplete or inaccurate and require extra work to overcome.Quality:Ensure source data is consistent and standardized,and expand the framework to include measures for issues such as bias.Governance:Develop strong governance frameworks that ensure the high quality of all data.Security:Focus on securing the enterprises data and protecting personal information while actively monitoring a fluid regulatory environment.A holistic approach to data management will help improve metadata,ensure consistency and raise the quality of what goes into an LLM and,thus,the quality of the output.910FINANCIAL SERVICES DATA AI PREDICTIONS 2024LEVERAGING MODERN DATA CLOUD PLATFORMSA modern data cloud platform is critical to executing successfully on such a strong data strategy for gen AI.A handful of capabilities differentiate a platform that can be counted on to securely access,process,manage and analyze data from across the financial services ecosystem:Unified platform:A single platform helps enterprises break down data silos,allowing them to bring more workloads directly to their data.This includes the ability to run and fine-tune leading LLMs.Data security and governance:A built-in governance solution supports the stringent requirements of todays financial services organizations and allows customers to securely collaborate on data across the enterprise while efficiently meeting regulatory requirements.Integration with AI and machine learning(ML)workloads:Developers need to be able to effortlessly register and deploy containerized data apps using a secure,managed infrastructure.Such additional flexibility drastically expands the scope of AI,ML and app workloads that can be brought directly to data.Flexible access to leading LLMs:Customers benefit from a platform that enables direct access to leading open-source,commercial and other third-party external LLMs.Data analysis and building AI apps:A fully managed cloud data service empowers enterprises to discover,analyze and build AI apps in one place.Those who will stand out as leaders in the financial services industry will be those who choose a simple and cost-effective platform that meets the complex demands of data management while building a strong data foundation for gen AI success.Learn how the Data Cloud can power better business outcomes and help you prepare for whats ahead.ABOUT SNOWFLAKEOrganizations use Snowflakes Data Cloud to unite siloed data,discover and securely share data,power data applications and execute diverse AI/ML and analytic workloads across multiple clouds and geographies.Organizations,including 647 of the 2023 Forbes Global 2000 as of October 31,2023,use the Snowflake Data Cloud to power their businesses.Learn more: 2023 Snowflake Inc.All rights reserved.Snowflake,the Snowflake logo,and all other Snowflake product,feature and service names mentioned herein are registered trademarks or trademarks of Snowflake Inc.in the United States and other countries.All other brand names or logos mentioned or used herein are for identification purposes only and may be the trademarks of their respective holder(s).Snowflake may not be associated with,or be sponsored or endorsed by,any such holder(s).

0人已浏览 2024-05-16 11页 5星级

USING AI IN THE WORKPLACEOPPORTUNITIES,RISKS AND POLICY RESPONSESOECD ARTIFICIAL INTELLIGENCE PAPERSMarch 2024 No.112 USING AI IN THE WORKPLACE OECD 2024 This paper is published under the responsibility of the Secretary-General of the OECD.The opinions expressed and the arguments employed herein do not necessarily reflect the official views of OECD member countries.This document,as well as any data and map included herein,are without prejudice to the status of or sovereignty over any territory,to the delimitation of international frontiers and boundaries and to the name of any territory,city or area.Cover image:Kjpargeter/S OECD 2024 The use of this work,whether digital or print,is governed by the Terms and Conditions to be found at www.oecd.org/termsandconditions.3 USING AI IN THE WORKPLACE OECD 2024 Introduction and purpose Policy makers across the globe are grappling with the rapid developments in artificial intelligence(AI)technologies and their adoption in the workplace.Even before the advent of generative AI,impressive progress had been made in a range of domains,including computer vision,reasoning,problem solving,as well as reading comprehension and learning.Employers are beginning to use AI applications to sift through CVs,interact with customers,allocate,direct,and evaluate work,and to identify and provide training.Workers are using AI in an increasing number of tasks.The advent of generative AI has resulted in a shift and acceleration in the use and impact of AI,which is now a general purpose technology that is likely to affect every occupation and sector of the economy.AI can bring significant benefits to the workplace.In the OECD AI surveys,four in five workers said that AI had improved their performance at work and three in five said it had increased their enjoyment of work(Lane,Williams and Broecke,20231).Workers were also positive about the impact of AI on their physical and mental health,as well as its usefulness in decision making(Lane,Williams and Broecke,20231).Not investing in AI and not adopting it in the workplace would be a missed opportunity to boost productivity and improve job quality,amongst others.Unequal access to and use of AI in the workplace could lead to increased disparities between firms and workers as well as across countries.To realise these opportunities,it is however necessary to address the risks raised by AI for the labour market.The OECD AI surveys show that 3 in 5 workers are worried about losing their job to AI in the next 10 years,and 2 in 5 expect AI to reduce wages in their sector.Workers also express concerns around increased work intensity and the collection and use of data,amongst others(Lane,Williams and Broecke,20231).Other risks include:bias and discrimination,unequal impact on workers,lack of human oversight,as well as lack of transparency,explainability and accountability,amongst others.Box 1.The OECD AI surveys Wishing to capture workers and employers own perceptions of the current and future impact of AI on their workplaces,the OECD surveyed a total of 5 334 workers and 2053 firms in the manufacturing and financial sectors in Austria,Canada,France,Germany,Ireland,the United Kingdom and the United States.The surveys examine how and why AI is being implemented in the workplace;its impact on management,working conditions and skill needs;its impact on worker productivity,wages and employment;what measures are being put in place to manage transitions;and concerns and attitudes surrounding AI.The most frequently reported uses of AI include data analytics and fraud detection in the finance sector,and production processes and maintenance tasks in manufacturing.Using AI in the workplace:Opportunities,risks and policy responses 4 USING AI IN THE WORKPLACE OECD 2024 The survey reveals that both workers and employers are generally very positive about the impact of AI on worker productivity and working conditions.Around 80%of AI users said that AI had improved their performance at work,and AI users were more than four times as likely to say that AI had improved working conditions as to say that AI had worsened them.However,there are also concerns,including about job loss an issue that should be closely monitored.The surveys also indicate that,while many workers trust their employers when it comes to the implementation of AI in the workplace,more can be done to improve trust.In particular,the surveys show that both training and worker consultation are associated with better outcomes for workers.Source:Lane,M.,M.Williams and S.Broecke(20231),“The impact of AI on the workplace:Main findings from the OECD AI surveys of employers and workers”,https:/doi.org/10.1787/ea0a0fe1-en.A risk-based approach has been common in thinking about the policy and regulatory response to AI.In December 2023,the European Parliament and Council reached a provisional agreement on the Artificial Intelligence Act,which will establish rules for AI based on its potential risks and level of impact,with some applications being banned and obligations imposed for applications that are deemed to be high risk such as many uses in the workplace.In the United States,the Executive Order on Safe,Secure,and Trustworthy Artificial Intelligence issued in October 2023 directs“the most sweeping actions ever taken to protect Americans from the potential risks of AI systems”including,for example,developing principles and best practices to mitigate the harms and maximise the benefits of AI for workers.The Bletchley Declaration by countries that attended the AI Safety Summit at Bletchley Park(United Kingdom)in November 2023 focused on identifying AI safety risks and building risk-based policies.In many cases,AI does not operate in a regulatory vacuum and that there are already laws that regulate its use and impact.However there are gaps in the existing regulatory and policy frameworks,and urgent policy action is needed.As policy makers implement these measures,there is a need for specific guidance on risks and measures linked to the use of AI in the workplace.This note uses the OECD Principles on trustworthy AI and draws on the substantial body of work done by the OECD in this field(OECD,20232)to identify key risks posed by the use of AI in the workplace,to identify the main policy gaps and offer possible policy avenues specific to labour markets.The note presents the risks and the associated policy responses individually,but these risks interact among each other and measures to address one risk will often contribute to addressing others as well.Risks,policy gaps and policy avenues Automation and job displacement Risks:AI is an automating technology that differs from previous technologies in at least three important aspects.First,AI extends the types of tasks that can be automated to many non-routine cognitive tasks,and therefore exposes workers who were previously relatively protected from automation(e.g.the high-skilled)to the risks of displacement.Second,all occupations and sectors are likely to be affected by AI(as opposed to,for example,robots which primarily impacted the manufacturing sector).Third,the speed of AI development and adoption in the labour market leaves little time for adjustment and could raise frictional unemployment.So far,there is little evidence of a net negative impact of AI on the number of jobs,but the risk of automation remains substantial:the OECD estimates that occupations at the highest risk of automation account for about 27%of total employment.It will be important to help workers move from declining sectors and occupations into to new and growing ones.5 USING AI IN THE WORKPLACE OECD 2024 Figure 1.Percentage of employment in highly automatable jobs,2019 Source:OECD(20232),OECD Employment Outlook 2023,https:/doi.org/10.1787/08785bba-en.Policy gaps:Most countries recognise the importance of skills and training to adapt to AI-related automation,but few have proposed concrete action plans,and few are prepared for the quantum leap in training that will be required.Existing programmes tend to focus on digital or AI skills,but few recognise the importance of complementary skills(munication,creativity,or working with others),and only a minority have developed an integrated approach for AI skills development.Social dialogue will also be important in managing these transitions,but faces its own challenges(see section on social dialogue below).Possible policy directions that countries may consider:Monitoring the impact of AI on the labour market to identify jobs most at risk of automation.Anticipating future skill needs related to AI adoption in the workplace.Skills development programmes at all levels of education,to develop skills needed to work with and develop AI.Training for workers and managers to support the adoption and use of trustworthy AI.Employment support measures,including targeted training programmes and career guidance,for workers at direct risk of automation by AI.Adequate social protection for workers displaced by AI.Supporting social dialogue(see below).Rising inequality Risks:Workers face different risks of automation for example depending on their skills,occupation,firm size.They have also different exposure to risk of bias and discrimination,privacy breaches,and health and safety.On the other hand,workers that do not have access to AI in the workplace cannot benefit from the opportunities it offers,for example to be more productive,to overcome obstacles linked to disability,or access new jobs created by AI.Emerging evidence shows that AI can also increase productivity of low-skilled workers in certain occupations,reducing productivity gaps with higher-skilled workers.There is therefore a concrete risk that the adoption of AI in the workplace leads to increased inequality in the labour market.055406 USING AI IN THE WORKPLACE OECD 2024 Figure 2.Percentage of employers who think AI helps/harms groups of workers,finance and manufacturing Source:OECD(20232),OECD Employment Outlook 2023,https:/doi.org/10.1787/08785bba-en.Policy gaps:While some countries already have policies in place such as training or subsidies for AI adoption,they may be poorly targeted and there is a need to better understand which groups face the highest risk so that public resources are used efficiently.Where AI offers opportunities for reducing inequalities,governments can do more to foster their development and adoption,especially among smaller firms which have less means to access good quality AI tools.For example,even though many AI solutions exist to help people with disabilities overcome labour market barriers,there are challenges with funding,certification and quality standards for such tools,as well as a lack of accessibility training among developers.Policies to address the other risks discussed in the rest of this brief will help address inequalities.Possible policy directions that countries may consider:Identifying the groups most exposed to AI-related risks in the labour market.Training and support targeted to disadvantaged workers prior to and during AI adoption.Targeted grants or subsidies for SMEs to facilitate their adoption of trustworthy AI.Tackling risks in AI systems related to bias and discrimination and autonomy(see below).Involving vulnerable and underrepresented groups in the development and adoption of AI systems for the workplace.Risks to occupational health and safety Risks:AI systems can be used to improve workers health and safety at work,for example by automating dangerous tasks,detecting hazards,or monitoring worker fatigue.The OECD AI Surveys show,for example,that the adoption of AI at work increased enjoyment at work for 3 in 5 workers(Lane,Williams and Broecke,20231).At the same time,the use of AI creates new risks from an Occupational Safety and Health(OSH)perspective.For instance,some AI-powered monitoring systems may increase time and performance pressure to the extent that they cause stress and/or create incentives for workers to ignore safety standards.Stress may also result from decisions that are unfair,lack transparency and explainability,and where there is no easy opportunity for redress.The disappearance of routine tasks 0 0P%Workers with disabilitiesFemale workersLow skilled workersOlder workersHarm themHelp them 7 USING AI IN THE WORKPLACE OECD 2024 through AI may deprive the worker of the respite provided by these tasks,leading to more mentally taxing shifts and possibly increasing the risk of physical injury.Increased use of AI in the workplace may also decrease human contact to the detriment of mental health.Figure 3.Number of incidents causing physical or psychological harm to workers,2023 Source:OECD AI Incidents Monitor(AIM),https:/oecd.ai/en/incidents.Gaps:Most countries have regulations that set out employers obligations towards employees concerning their occupational safety and health.While the details vary from country to country,employers usually have to assess risks,and eliminate or reduce them with preventative and protective measures,and inform workers about the risks and train them.While in theory such regulations should also cover AI,there may be gaps,particularly in mental health.Also,while most countries have product liability regulations,they likely will need to be adapted to the use of AI systems.Finally,labour inspectorates may lack the knowledge and/or capacity to address new risks posed by AI.Possible policy directions that countries may consider:Reviewing and,if necessary,updating labour laws and OSH regulations to address the AI use in the workplace.Health and safety risk assessments,audits and certifications for AI systems to ensure workers health and safety from the design stage.Strengthening labour inspectorates capacities to inspect and enforce compliance with the law.Involving managers,workers,and their representatives in the design and adoption of AI systems in the workplace.Informing employers,workers and their representatives about the possible OSH risks of AI systems used in the workplace.Privacy breaches Risks:The increased use of AI in the workplace will likely result in the greater collection and analysis of data on workers and job candidates to train and use these systems.Data may or may not be personal,and could include information such as:worker movements,biometric data,like heart rates and blood pressure,as well as digital activities.Workers may feel that this is an invasion of their privacy,in particular 05540JanFebMarAprMayJunJulAugSepOctNovDec8 USING AI IN THE WORKPLACE OECD 2024 if they gave no consent to the collection and use of the data.Workers might also worry that the data are used for purposes other than for which it was intended.Moreover,data collection may result in increased monitoring and surveillance,which could lead to stress.Gaps:The protection of workers against privacy risks varies considerably across OECD countries but,even in those with the strongest protections,gaps remain.For example,in EU countries,the General Data and Privacy Regulation(GDPR)strengthens individuals control and rights over their personal information but there are significant enforcement gaps.The GDPR also leaves data protection in the employment context to be addressed at the Member State level,so these rules are still far from being harmonised across countries,consistent and comprehensive.Protections are even weaker in other OECD countries.For example,in most US states,there are very limited protections when it comes to the collection and use of data on workers by employers.Figure 4.Percentage of workers who are worried about their privacy,manufacturing and finance employers who use AI Note:Workers who report that their employers use of AI involved the collection of data on workers or their work were asked:“To what extent do you agree or disagree with the following statements?I worry about my privacy when my data is collected”.Source:Lane,M.,M.Williams and S.Broecke(20231),“The impact of AI on the workplace:Main findings from the OECD AI surveys of employers and workers”,https:/doi.org/10.1787/ea0a0fe1-en.Possible policy directions that countries may consider:Impact assessments and quality labels to evaluate privacy and security of personal information in the AI systems.Restricting the collection,use,inference,and disclosure of workers personal information.Requirements to safeguard workers personal information and appropriate handling of data.Providing information to workers about data collected by employers and purpose of use(see also Transparency).Rights for workers to correct,delete,opt-out of,or limit the use of sensitive personal information,including through workers representatives.Quality labels and certifications for AI systems with good data protection.242%Strongly agreeSomewhat agreeNeither agree nor disagreeSomewhat disagreeStrongly disagree 9 USING AI IN THE WORKPLACE OECD 2024 Bias and discrimination Risks:Trustworthy AI can help identify and reduce human discrimination and bias in the workplace by supporting decisions with quantitative evidence.However,if not well designed and/or trained on biased/non-representative data,AI systems can replicate and systematise human biases that have historically existed in the labour market,leading to bias and discrimination in who can see job postings,who is shortlisted for job openings,who is assigned which tasks at work,who receives training,and performance assessment,among others.Gaps:In theory,existing anti-discrimination legislation is applicable to AI use in the workplace.There may,however,be gaps and loopholes in this legislation.Relevant case law is still limited and will show where legislation may need to be reviewed.Lack of transparency and explainability of AI systems(see Transparency and Explainability)poses further challenges in countries that rely heavily on individual action for seeking redress,making it difficult to contest AI(-based)workplace decisions using only existing anti-discrimination laws.Figure 5.Percentage of AI-using organisations that do not take steps to reduce unintended bias in the system Source:IBM Watson(20223),IBM Global AI Adoption Index 2022, policy directions that countries may consider:Reviewing and,where necessary,adapting existing anti-discrimination legislation to the use of AI in the workplace.Impact assessments to assess risks of bias prior to implementation,and regular audits after implementation.Quality labels and certifications against bias.Involving social partners and representatives of vulnerable and underrepresented workers in the design and deployment of AI systems in the workplace.007080Not reducing unintended biasNot making sure they canexplain AI-powered decisionsNot developing ethical AIpoliciesNot guarding againstadversarial threats and potentialincursions to keep systemshealthyNot safeguarding data privacythrough the entire lifecycle10 USING AI IN THE WORKPLACE OECD 2024 Lack of autonomy,agency,and dignity Risks:Firms frequently introduce AI systems to streamline production processes,boost efficiency and increase productivity.These systems can give workers real-time and continuous feedback on their performance,direct work and provide behavioural nudges.This“algorithmic management”can unduly limit workers autonomy,reduce human contact and the ability of workers to discuss their work with managers,or contest decisions that seem unsafe,unfair,or discriminatory.These practices could undermine workers sense of professional identity and meaningfulness,and present risks for physical and mental health and safety at work.Gaps:Some countries have introduced regulation on workplace monitoring(e.g.the Electronic Communications Privacy Act in the United States,the GDPR in the European Union and the United Kingdom,or the Personal Information Protection and Electronic Documents Act in Canada)and automated decision-making(the Algorithmic Accountability Act in the United States and the GDPR).A comprehensive approach to regulating algorithmic management is still lacking in most jurisdictions,however.The EU platform directive is one of the first pieces of legislation to do so,but it only applies to a very small sub-section of the workforce(platform workers).Figure 6.Percentage of workers whose sense of autonomy decreased,manufacturing and finance employers who use AI Source:OECD(20232),OECD Employment Outlook 2023,https:/doi.org/10.1787/08785bba-en.Possible policy directions that countries may consider:Defining clear boundaries for use of AI systems,e.g.on the permissible extent of monitoring and automated decision-making.Requiring human oversight of decisions that affect workers safety,rights,and opportunities.Consultations and involvement of workers and/or their representatives in the adoption of AI systems(see Challenges to social dialogue).0246810121416Other AI usersManaged by AI 11 USING AI IN THE WORKPLACE OECD 2024 Lack of transparency Risks:The ability of workers to exercise specific rights(e.g.the right not to be subject to automated decision-making),detect risks,and/or effectively question outcomes,hinges on their awareness of their interactions with AI systems and how that system reaches its outcomes(see also Insufficient explainability).However,AI use can be difficult to detect without explicit disclosure.For instance,Harris,B.et al.(20234)find that only 17%of adults in the United Kingdom can often or always tell when they are using AI.Even if individuals are aware of their interactions with AI,gaining insight into its decision-making process can be difficult,for instance due to developers reluctance to disclose information,or to the complexity of the system.Gaps:Most AI principles underscore the importance of transparency of AI and its use,but translating these concepts into practice may be complex.For instance,several States in the United States have introduced laws requiring employers to notify applicants and/or employees about their interactions with AI,but often these regulations do not encompass all conceivable AI applications,and focus on the use of AI for recruitment or electronic monitoring.In the EU,the Platform Work Directive provides individuals with some rights to information on the logic of algorithms where automated decision-making is used,however it only applies to platform workers.In addition,there may be barriers to transparency due to intellectual property rights(trade secrets)and privacy laws,both of which limit how much information can be disclosed.Possible policy directions that countries may consider:Requirements to disclose use of AI systems in the workplace and in hiring processes,for both employers and workers.Reviewing and,if necessary,updating privacy and intellectual property laws to address potential ambiguities and balance the rights they protect against the need for transparent AI(use).Insufficient explainability Risks:AI systems,particularly those using complex technologies like deep neural networks,yield outcomes that can be difficult or even impossible to explain.A lack of explainability can undermine the trust and confidence that people place in AI systems and the decisions that are informed by them.It also makes it difficult for individuals to provide informed consent to the use of such systems,or to identify and seek redress for adverse effects caused by AI systems in the workplace.A lack of trust and confidence,in turn,can cause worker resistance and hence hinder the adoption of AI systems in the workplace.Gaps:Policy makers in various countries have touted explainability as a desirable property of AI systems,however,there still is no broad agreement on what explainability would entail.The GDPR for example requires data subjects to be provided with“meaningful information about the logic involved”in automated decision making processes,which often starts by providing information about what the AI system has been“optimised”to do.Explanatory tools,such as a simple algorithm that approximates the behaviour of the AI system and thus provides approximate explanation.For some AI systems(and depending upon the definition used),explainability may be difficult if not impossible to achieve,or it may be in conflict with other desirable objectives such as accuracy or privacy.Neither the EU AI Act nor the US Presidential Executive Order mention explainability.Possible policy directions that countries may consider:Requiring developers to provide documentation,instructions of use,and explanatory tools to accompany AI systems used in the workplace.Requiring employers and workers to disclose the use of AI systems in the workplace and in hiring processes,and provide results of explanatory tools upon the request of workers or their representatives.12 USING AI IN THE WORKPLACE OECD 2024 Lack of accountability Risks:Establishing clear lines of accountability is fundamental for a trustworthy use of AI and the enforcement of regulations.It is not always clear,however,which actor linked to the AI system is responsible if something goes wrong.This is related to the fact that,unlike traditional goods and services,some AI systems can change as they are used,by learning from new data,so it is not always clear who would be accountable in case something goes wrong:the developer,the provider or the user.Gaps:In recent years,legislators have made efforts to promote accountability mechanisms,such as impact assessments and/or audits of AI systems to provide evidence and assurance that they are trustworthy and safe to use.For example,New York City Local Law 144 expects employers using automated employment decisions tools to complete yearly bias audits and to make these audits public,and various states have introduced data protection impact assessments for personal data processing activities.However,these efforts remain limited to narrow applications of AI,or to specific risks.The EU AI Act will require providers to carry out ex ante conformity assessments of high-risk AI tools before they are placed on the market.Accountability cannot only rest with developers,however,and the EU AI Act makes clear that users including employers bear responsibility for using AI systems in accordance with the instructions of use.Accountability is also promoted by providing individuals with a right to meaningful human input on important decisions that affect them,as done for example by GDPR in the European Union and the United Kingdom.Requiring human intervention and oversight is also called having a human“in the loop”(when humans approve AI decisions)or“on the loop”(when humans view and check AI decisions).However,even in countries where the legislation requires consent to use such systems,it is not clear that such consent is meaningful because of the power imbalance that exists between employers and workers.Moreover,even when there is a human in the loop,there is a risk of mere“rubber-stamping”of decisions taken by AI.Possible policy directions that countries may consider:Code of ethics or an ethics officer/board to oversee the implementation and use of the AI system in companies.Audits,prior and/or post adoption of AI systems in the workplace to guarantee their accountability.Oversight by humans when AI-informed decisions affect the rights or safety of workers,with explanations of the responsibilities involved.Rights for workers to contest decisions made by an automatic decision-making tool.Guidelines for employers and support to SMEs on compliance with accountability measures applicable to their use of AI in the workplace,including national or international auditing standards(e.g.on auditor independence,representative analysis,access to data,code and models,and consideration of adversarial actions).Challenges to social dialogue Risks:Social dialogue can play a critical role in managing the work-place risks of AI.Evidence shows that the outcomes of AI for workers are more positive in firms that consult workers about the adoption of new technologies.However,by giving employers access to more and better data about workers,AI could also introduce information asymmetries,especially when workers are not aware that they are interacting with AI,or not sufficiently informed about the outcomes of this interaction(see Transparency).In some cases,employers may try to shirk responsibility for certain decision by arguing they were made by AI systems.There is also a risk that data collected through AI is used to limit workers the right to organise.Gaps:The number of workers who are members of unions and are covered by collective agreements has declined in most OECD countries,and the development of new forms of work and new business models,13 USING AI IN THE WORKPLACE OECD 2024 partly facilitated by AI,risks exacerbating the under-representation challenge faced by traditional social partners.The lack of AI-related expertise among social partners is a major challenge to support their members in the AI transition.Figure 7.Percentage of employers reporting positive impact on job quality Source:Lane,M.,M.Williams and S.Broecke(20231),“The impact of AI on the workplace:Main findings from the OECD AI surveys of employers and workers”,https:/doi.org/10.1787/ea0a0fe1-en.Possible policy directions that countries may consider:Consultations and discussions with managers,workers and their representatives and other stakeholders on the adoption of AI in the workplace,while taking into account the countrys situation and labour relations.Development of AI-related expertise,and digital education more generally,among workers representatives.Supporting social partners efforts to expand their membership to forms of work and employers where they are not currently represented,for example in the platform economy.Conclusions AI is a fast-moving technology and while policy makers should be lauded for the many initiatives they have taken so far,it is clear that many gaps remain especially considering the very fast pace of AI development.In order to assist policy makers in this daunting task,there is a need to keep monitoring the risks of AI as they emerge and play out in the labour market.It is also important to keep track of policy responses across and within countries,and to follow the evolution of case law,to help policy makers identify emerging solutions as well as best practice,for their policy formulation but also,importantly,for effective and swift implementation of these policies.Finally,there is a key need for co-ordination at the international level to promote interoperability across borders and avoid regulatory gaps.0070ProductivitySatisfactionManagementHealth and safetyConsultationNo consultation14 USING AI IN THE WORKPLACE OECD 2024 Box 2.OECD Principles for responsible stewardship of trustworthy AI These Principles form Section 1 of the OECD Recommendation of the Council on Artificial Intelligence(“OECD AI Principles”)(OECD,20195).The OECD AI Principles were adopted in May 2019 by the OECD member countries;since,other adherents include Argentina,Brazil,Egypt,Malta,Peru,Romania,Singapore and Ukraine.In June 2019,the G20 adopted human-centred AI Principles that draw from the OECD AI Principles.1.Inclusive growth,sustainable development and well-being Stakeholders should proactively engage in responsible stewardship of trustworthy AI in pursuit of beneficial outcomes for people and the planet,such as augmenting human capabilities and enhancing creativity,advancing inclusion of underrepresented populations,reducing economic,social,gender and other inequalities,and protecting natural environments,thus invigorating inclusive growth,sustainable development and well-being.2.Human-centred values and fairness a)AI actors should respect the rule of law,human rights and democratic values,throughout the AI system lifecycle.These include freedom,dignity and autonomy,privacy and data protection,non-discrimination and equality,diversity,fairness,social justice,and internationally recognised labour rights.b)To this end,AI actors should implement mechanisms and safeguards,such as capacity for human determination,that are appropriate to the context and consistent with the state of art.3.Transparency and explainability AI Actors should commit to transparency and responsible disclosure regarding AI systems.To this end,they should provide meaningful information,appropriate to the context,and consistent with the state of art:i.to foster a general understanding of AI systems,ii.to make stakeholders aware of their interactions with AI systems,including in the workplace,iii.to enable those affected by an AI system to understand the outcome,and,iv.to enable those adversely affected by an AI system to challenge its outcome based on plain and easy-to-understand information on the factors,and the logic that served as the basis for the prediction,recommendation or decision.4.Robustness,security and safety a)AI systems should be robust,secure and safe throughout their entire lifecycle so that,in conditions of normal use,foreseeable use or misuse,or other adverse conditions,they function appropriately and do not pose unreasonable safety risk.b)To this end,AI actors should ensure traceability,including in relation to datasets,processes and decisions made during the AI system lifecycle,to enable analysis of the AI systems outcomes and responses to inquiry,appropriate to the context and consistent with the state of art.c)AI actors should,based on their roles,the context,and their ability to act,apply a systematic risk management approach to each phase of the AI system lifecycle on a continuous basis to address risks related to AI systems,including privacy,digital security,safety and bias.5.Accountability AI actors should be accountable for the proper functioning of AI systems and for the respect of the above principles,based on their roles,the context,and consistent with the state of art.Source:OECD(20195),Recommendation of the Council on Artificial Intelligence,OECD,https:/legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0449.15 USING AI IN THE WORKPLACE OECD 2024 References Harris,B.et al.(2023),Public awareness,opinions and expectations about artificial intelligence:July to October,UK Office for National Statistics,https:/www.ons.gov.uk/businessindustryandtrade/itandinternetindustry/articles/publicawarenessopinionsandexpectationsaboutartificialintelligence/julytooctober2023.4 IBM Watson(2022),IBM Global AI Adoption Index 2022,https:/ Lane,M.,M.Williams and S.Broecke(2023),“The impact of AI on the workplace:Main findings from the OECD AI surveys of employers and workers”,OECD Social,Employment and Migration Working Papers,No.288,OECD Publishing,Paris,https:/doi.org/10.1787/ea0a0fe1-en.1 OECD(2023),OECD Employment Outlook 2023:Artificial Intelligence and the Labour Market,OECD Publishing,Paris,https:/doi.org/10.1787/08785bba-en.2 OECD(2019),Recommendation of the Council on Artificial Intelligence,OECD,https:/legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0449.5 Contact Stefano SCARPETTA(stefano.scarpettaoecd.org)

0人已浏览 2024-05-16 15页 5星级

1RETAIL AND CONSUMER GOODS DATA AI PREDICTIONS 2024RETAIL AND CONSUMER GOODSDATA AI PREDICTIONS 20242Theres no facet of society that artificial intelligence(AI)hasnt begun to touch,and while its affecting some aspects of our lives more subtly than others,there is no question that the retail and consumer goods industry will experience massive upheaval as a result.We can thank the surge of generative AI(gen AI)technology for that,plus changes to customer engagement and the way products are sold in general.To learn more about the impact AI and other developments will have in the coming year,we sat down with our in-house experts to hear their predictions.In our report Data AI Predictions 2024 we cover the AI,cybersecurity and open-source technologies that will transform the broader landscape in the years to come.Here,well take a deeper dive into the impact of data and AI on the retail and consumer goods industry in particular.1233THESE ARE THREE OF THE MOST IMPORTANT INDUSTRY TRENDS WERE TRACKING FOR 2024:Data monetization will play a massive role in driving revenueExperimenting with gen AI will put retailers and consumer goods companies ahead of the curve on productivityA strong data strategy will distinguish industry leaders from followersConsumers are still figuring out how to wrap their arms around AI,with feelings of both awe and distrust.While shoppers try to work out exactly what to think of these technologies,the businesses that move quickly to incorporate AI and new data strategies into their operations will be best poised for success no matter which direction AI goes from here.4RETAIL AND CONSUMER GOODS DATA AI PREDICTIONS 2024Even just a few years ago,it was hard to imagine the power and reach that AI would be seeing today.Who could have predicted that we would use AI to generate photorealistic artwork and write reports for us and that anyone with a computer or cell phone would be able to do as much?The rise of ChatGPT,DALL-E and similar gen AI tools has instilled in people the kind of wide-eyed wonder at technological advances that we havent seen in over a decade.At the same time,many people are wondering if theyll soon be replaced by an algorithm at work,or if the customer service rep is a real human or not.Early adopters of AI tools are already reaping success,but efforts to measure that success havent been fully fleshed out.Yes,AI saves time,and yes,it makes things possible that werent before.But how does that translate to the bottom line?As time goes on,businesses will need to more clearly quantify how AI is impacting the enterprise,particularly in the cutthroat retail and consumer goods segments.EXPERIMENTING WITH GEN AI WILL PUT RETAIL AND CONSUMER GOODS COMPANIES AHEAD OF THE CURVE ON PRODUCTIVITYGen AI is improving employee productivity in many waysGen AIs first inroads into our daily lives were halting and limited.It could be used to automate chatbot support calls or summarize a long document into bullet points,for example but the number of use cases are now multiplying exponentially.Businesses are experimenting with large language models(LLMs)to find new ways to leverage gen AI as a part of daily operations,increasing personalization for customers,optimizing supply chain operations and enabling data-driven merchandising activities.Rosemary DeAragon,Global Retail and CPG Industry GTM Lead for Snowflake,predicts that the top applications for gen AI and LLM in retail and consumer goods will revolve around shopping assistants,market signal analysis and content creation.“The hype of generative AI is not over,”she says,“and the building of gen AI capabilities within a secure environment has just begun.”DeAragon says she sees gen AI helping content managers evaluate and improve product descriptions and listings,and aiding marketing teams in the use of natural language to quickly generate audiences and segments,based on data.“Flexible models can also analyze disparate sources of textual data,say says,like customer reviews that can be translated into a reliable numeric signal for later modeling on-demand signals,mixed marketing and more.”The hype of generative AI is not over,and the building of gen AI capabilities within a secure environment has just begun.”ROSEMARY DEARAGON,Global Industry GTM Lead,Retail and CPG,Snowflake5RETAIL AND CONSUMER GOODS DATA AI PREDICTIONS 2024Data will dictate how to best use gen AI for both customer and business needsSo youve invested in an AI platform;now what are you going to do with it?The early days of gen AI felt a lot like giving a toolbox to each employee and letting them loose on a construction site to see what they could build.As business use cases become clearer,the fervor is fixing on opportunities to drive innovation.Enterprises are still in the experimental phase,but the push to monetize gen AI investments and quantify their value is becoming stronger.Leading that charge are decisions around how to use valuable internal data to maximize the value that gen AI is creating.Initially,companies will use data based on how their targeted consumers feel about AI.In the retail environment,some gen AI use cases work,but some dont.Gen AI-driven customer service,gen AI-curated product recommendations and the use of“virtual try-on”have been widely accepted in the apparel world.However,where a human touch is valuable and expected think jewelry or luxury watches a virtual assistant may not be ideal.Privacy is also a major concern.For example,few shoppers are apt to upload images for AI-driven virtual underwear try-ons.Very complex purchases,like new automobiles,probably arent the best use case for AI assistance either.Gen AIs ability to extract market signals by digitizing and analyzing data across multiple channels will help improve matters.Analysis of customer reviews,social media posts,support emails and other text-based material can help brands enhance the customer care process while honing marketing strategies.As gen AI matures,expect to see this type of unstructured data being analyzed and converted into a reliable numeric signal(similar to a Net Promoter Score)that can be used to quantify consumer sentiment and track it over time.6RETAIL AND CONSUMER GOODS DATA AI PREDICTIONS 2024AI leaders will define the metrics that measure successAs AI adoption skyrockets,its the ahead-of-the-curve enterprises that will define the metrics which determine the technologys impact on any given brands bottom line.“2024 is shaping up to be the year of experimentation for generative AI and LLM,”says DeAragon.“And while there is a lot to be excited about here,success metrics will need to be considered before launching enterprise-class AI applications.Creating these applications requires company resources,and just because you can ask an AI assistant what you should make for dinner tonight or what color sweater you should order,it doesnt mean there is going to be a positive ROI for retailers.Experimenting is good,but it needs to be measured with clearly defined metrics that indicate whether they are successful.”2024 is shaping up to be the year of experimentation for generative AI and LLM.Experimenting is good,but it needs to be measured with clearly defined metrics that indicate whether they are successful.”ROSEMARY DEARAGONSo what do effective AI success metrics look like?They will vary based on the use case of course,but here are some of the most important indicators:Quantifiable time savings:If an AI tool allows workers to avoid having to complete repetitive manual tasks,that savings can be quantified and measured financially.Improved productivity:Productivity can be a bit more difficult to quantify,but employees who are more effective at their jobs improve the bottom line accordingly.For example,an AI security tool that helps operators find more exploits on the network ultimately generates positive return on investment(ROI).Direct cost savings:In some cases,AI can help reduce headcount directly such as when chatbots replace some number of live phone or web chat operators.Increased revenue:Do AI tools such as recommendation systems and customized products resonate with customers,enticing them to pay more or shop more often at the store?This ROI can also be quantified.There are additional“soft returns”that are less numerical in nature,including better customer experience and satisfaction,more employee skills retention,and improved operational agility for the business.The bottom line:Companies need to start thinking now about how they will measure the impact of their AI investments,since this can help direct the development of programs customized to their business in the near term and set them up for longer-term success.7RETAIL AND CONSUMER GOODS DATA AI PREDICTIONS 2024Since the dawn of retail,sellers have had two primary ways to drive profits:Increase prices or reduce costs.Both of these are incredibly difficult to do,particularly the former,since it endangers customer loyalty.This is particularly true in the internet age,when the cost of switching to a competing retailer is effectively zero.Add to this the fact that,in the current climate of steady inflation,retailers are finding it harder than ever to continue raising prices without significant customer pushback.This is why winning retailers today live by the adage that“data is money”driving profits thanks to a comparatively new third strategy that doesnt require continual price increases:creating new revenue streams by maximizing the data insights they can generate within their business.In the retail world,data is everywhere.Businesses have incredible amounts of information about their customers,about the products they sell,and about their brick-and-mortar stores and digital storefronts.Smart businesses are already using this information to identify cross-selling opportunities and improve marketing programs to increase profitability but were just at the tip of the iceberg on such endeavors.DATA MONETIZATION WILL CREATE NEW REVENUE STREAMS AND THEY COULD BE MASSIVEThe demand for data is enormous including customer demographics and buying behavior,sales trends,supply chain information,and geographically based data about traffic and other localized customer behavior.“The broader opportunity that every single retailer should take advantage of is that many financial institutions want to purchase retail data,and retailers can monetize that data through data sharing,”says DeAragon.Failure to sell this data will leave money on the table for any retailer and is likely to lead to a shakeout in the future,as businesses that do a poor job at monetizing data are likely to be left behind.The broader opportunity that every single retailer should take advantage of is that many financial institutions want to purchase retail data,and retailers can monetize that data through data sharing.”ROSEMARY DEARAGON8RETAIL AND CONSUMER GOODS DATA AI PREDICTIONS 2024In a winner-takes-all market for retail media networks,there will be a shift back to in-store mediaBy owning the direct customer relationship,retailers hold unique insights and can impact customers at critical moments in their buying journey.Retail media networks are where advertisers can leverage these insights or even directly advertise on retailers physical or digital footprint.This fast-growth new market is expected to eclipse traditional TV advertising by 2028.While retailers have had good success in this market,in 2023 we saw that beginning to shift.“It is now clear that large retailers media networks will thrive,while others will struggle to gain traction with large CPG brands,”says DeAragon.CPG companies dont have the time,interest or money to invest in thousands of unproven,smaller websites,apps and Instagram pages,so they are likely to continue pouring their investments into big players networks.However,says DeAragon,“companies do have a monopoly on their in-store experience.”A captive customer physically in the aisles or checkout line presents a much more enticing buying opportunity than someone doom-scrolling through their social media feed at home.In-store customers bring the opportunity for face-to-face sales,impulse buys and cross-selling opportunities that digital merchants often lack.As such,says DeAragon,“small and midsize retailers have shoppers physically inside their four walls,and this is a space where they can win at selling media.”New technology can address concerns around privacy and security Businesses seeking new revenue growth through data monetization need to keep privacy as a top priority.Access to customer data,provided without customer permission,whether intentionally done or via rogue employee action has resulted in customer backlash and legal penalties that no brand wants to repeat or experience firsthand.The good news is,companies dont have to sell customer data directly to turn it into revenue.Sales and category data can be aggregated,particularly when leveraging new technology to anonymize personally identifiable information(PII)from datasets being prepared for the market.Aggregated data strategies will become more prominent in 2024,and in fact many purchasers of customer data prefer aggregated data because it allows them to make it publicly available without risk of penalty or reprisal.Technologies like Snowflakes Data Cloud make it easier to safely share data directly with buyers,allowing sellers to cut out brokers and go-betweens that reduce the profitability of data monetization.Data clean rooms provide a secure environment where organizations can review data without exposing PII.Keeping it all within the Data Cloud environment either within the organization or with external partners allows the information to be securely shared without risk of exposing PII.And if a business relationship changes,the system allows access to that data to be quickly and easily revoked.9RETAIL AND CONSUMER GOODS DATA AI PREDICTIONS 2024A STRONG DATA STRATEGY WILL SET INDUSTRY LEADERS APART FROM FOLLOWERS Ultimately,the ability to build an LLM across business lines is going to be what differentiates one retailer from another.”ROSEMARY DEARAGONSuccess for retail and consumer goods companies in this space will require savvy,top-down direction and a strong data strategy that informs all AI operations.Organizations that take the time to develop a data strategy will emerge as leaders able to quickly adopt new technologies as they are developed and pivot to new tactics when market conditions change.Gen AI and LLMs will drive retail and consumer goods companies to improve data collaboration and their tech stackAs anyone knows whos experimented with ChatGPT and encountered an obvious or not-so-obvious hallucination or two,the open secret of LLMs is that they are only as good as the data they are trained on.Retailers will need to be mindful of their data quality,taking efforts to remove PII and ensure they are training AI models on accurate,relevant and timely information.“Anyone talking about AI really should also be talking about their data quality and where they are storing that data,”says DeAragon.To maximize LLMs usefulness,companies will need to ensure they are not isolated but instead are built across all lines of business,from marketing to logistics to customer service.The fundamental reason AI is so powerful is its ability to find patterns and relationships in data that humans wouldnt normally be able to see.To do that,it needs access to information and lots of it,including data that may seem irrelevant.Building a cross-functional LLM also gives the broader enterprise access to these powerful tools rather than siloing them in marketing or supply chain operations,which ultimately boosts the data-driven intelligence of the entire enterprise.As DeAragon puts it,“Ultimately,the ability to build an LLM across business lines is going to be what differentiates one retailer from another.”Over time,AI will need to leverage not just the companys own data,but also collaborative data from across the industryConnecting the entire enterprise with a companywide LLM is a great first step,but its only the beginning.Its safe to anticipate that the most successful retailers will also connect their AI systems with those of strategic partners,exponentially increasing the volume of available insights.The additional insights developed by a collaborative AI model that draws information from multiple sources from the likes of shipping partners,suppliers and external marketing agencies will allow for a greater depth of intelligence than has been possible before.10RETAIL AND CONSUMER GOODS DATA AI PREDICTIONS 2024Gen AI will supercharge the data strategies of tomorrows leading businesses“The generative AI era does not call for a fundamental shift in data strategy,”says Jennifer Belissent,Principal Data Strategist at Snowflake and a former Forrester analyst.“It calls for an acceleration of the trend toward breaking down silos and opening access to data sources wherever they might be in the organization.”AI-generated insights dont just need to be granular;they also need to be timely.The goal of an AI strategy should be to help understand customers and target them as specifically and individually as possible.This requires a level of insight that few organizations have even conceived of previously.Generic insights driven by macro trends and generalized news reports will be functionally useless in the gen AI era.Organizations will need to quickly learn how customers interact with their AI-enabled experiences and tools,and adapt these programs in response to that behavior.This will require a strong data strategy and future-fixed leadership to support it.A modern data platform will distinguish retail and CPG leadersWere at a critical moment as the gen AI era starts kicking into gear.The choice of data platforms will have a foundational impact on a given business,affecting total cost of ownership,time to market,risk management and more.The data platform will be the foundation for all AI strategies going forward,so its critical to build the right infrastructure from the start.Businesses need a platform that delivers fast time to value alongside a flexible future-proof foundation one that makes it easy for everyone to access all the data they need,seamlessly,while keeping the data secure and easily governable.Its critical to also consider both the long-term and short-term ramifications of the AI ecosystem.While its wise to plan for the next 10 years of innovation,businesses still need a platform that can deliver value today.And that data platform must also offer applications that can scale with the company as the size of the data stores grow,both internally and externally.Leaders in the coming year will be those that implement a cloud-based data platform that addresses the unique pain points and challenges of the retail and consumer goods industry.It will be one that allows them to more fully leverage the data they already have,develop new sources of data and collaborate with partners across the retail ecosystem all by leveraging the powerful capabilities of generative AI and LLMs.Learn how the Data Cloud can elevate data competency and help you prepare for whats ahead.ABOUT SNOWFLAKESnowflake enables every organization to mobilize their data with Snowflakes Data Cloud.Customers use the Data Cloud to unite siloed data,discover and securely share data,and execute diverse artificial intelligence(AI)/machine learning(ML)and analytic workloads.Wherever data or users live,Snowflake delivers a single data experience that spans multiple clouds and geographies.Thousands of customers across many industries,including 639 of the 2023 Forbes Global 2000(G2K)as of July 31,2023,use the Snowflake Data Cloud to power their businesses.Learn more at 2023 Snowflake Inc.All rights reserved.Snowflake,the Snowflake logo,and all other Snowflake product,feature and service names mentioned herein are registered trademarks or trademarks of Snowflake Inc.in the United States and other countries.All other brand names or logos mentioned or used herein are for identification purposes only and may be the trademarks of their respective holder(s).Snowflake may not be associated with,or be sponsored or endorsed by,any such holder(s).

3人已浏览 2024-05-16 11页 5星级

Future Workplace:Opportunities&Adversities in AIWorkforce Insights 2024Contents3The New Way of Working 7Survey Methodology 8AI in the Workplace 14Conclusion16Appendix 24References 25About PERSOLKELLY All the photos in the Workforce Insights 2024 were generated by AI image generators.The New Way of WorkingThe Artificial Intelligence(AI)revolution is upon us,poised to revolutionise the world of work in ways beyond our current comprehension.From finance to healthcare,manufacturing to media,its impact is already being felt across various sectors,compelling businesses of all sizes to adapt swiftly.From restructuring workflows to upskilling employees,evolution is not just a necessity but a strategic necessity in navigating the shifting employment terrain.Artificial intelligence,or AI,enables computers and machines to simulate human intelligence and problem-solving capabilities.AI can perform tasks that would otherwise require human intelligence,or intervention,on its own,or combined with other technologies(e.g.sensors,geolocation,robotics).Source:McKinsey&CompanyWhat is AI?Opportunities&Adversities in AI /3 Opportunities&Adversities in AI /4 In this rapidly changing landscape,businesses across Asia Pacific stand to gain a lot by observing others preparations and understanding the implications of AI adoption.Insight into the strategies adopted by different companies,within various markets to tackle these challenges,is vital for success in this transformative era.The results of the PERSOLKELLY 2024 Workforce Insights Report indicate a significant uptake and acceptance of AI within the surveyed Asia Pacific markets.A noteworthy 80%of respondents already either currently utilise AI in their workplaces or are actively considering its implementation.Interestingly,only a minority,constituting 20%,have no plans for AI adoption.New Zealand leads in current workplace AI usage,with a rate of 82%-almost double the Asia Pacific average of 43%.Singapore stands at 45%,while Australia is at 35%by comparison.80%of Asia Pacific employers currently use AI,or are considering it.20%of companies do not plan to adopt the technology.AI generated imageOpportunities&Adversities in AI /4 Opportunities&Adversities in AI /5 Top 5 markets where companies currently use,or are considering,AI:The 3 markets with the lowest AI adoption rates,where companies neither use AI nor plan to adopt it:Despite high expected spending on AI,both Australia and Korea exhibit some of the lowest AI adoption rates.In Australia,AI spending is mainly concentrated in the finance sector leading to slower adoption across other industries.Boston Consulting Group has identified two primary barriers to faster adoption in Australia:implementation challenges due to lacking capabilities and culture within companies,and risk aversion to data sensitivities driven by concerns over customer trust and brand reputation.Similarly,Korea is a significant player in the global AI space with a focus on research and development supported by universities,research institutes and government programs.However,widespread adoption remains limited.To address this,the Korean government recently announced plans to invest over USD500 million across 69 sectors to foster AI-driven innovations in various aspects of daily life,industries and government services.There is a widespread understanding that AI represents the most significant productivity advance of our time.However,the potential benefits to businesses extend far beyond increasing efficiency and enhancing productivity.From cost savings and improved decision-making to personalised customer experiences and predictive maintenance,AI offers a diverse range of advantages that are reshaping industries worldwide.By 2040,automation could cause 63 million jobs to disappear in the five biggest economies in Asia Pacific(India,China,South Korea,Australia and Japan).Another 247 million jobs in those economies could be at risk because of automation.Source:ForresterIn Singapore,67%of workers think AI will change how they work and 41lieve AI will replace their jobs in the next 5 years.Source:Ipsos67A%Opportunities&Adversities in AI /6 Source:Forbes 49%of Asia Pacific companies will implement internal policies governing AI usage within a year.Businesses across Asia Pacific are swiftly moving to implement internal policies governing AI usage,recognising the urgency of preparing for new technologies.A significant portion,comprising 49%of respondents,aim to establish such policies within a year.The rise of new AI technologies offers significant opportunities for businesses,yet they also encounter specific challenges in the Asia Pacific region.These include navigating diverse cultural and regulatory environments,addressing talent shortages in the AI field,ensuring data quality and accessibility,overcoming infrastructure limitations,addressing ethical and bias concerns,integrating AI with legacy systems,and managing cost constraints especially for small and medium-sized enterprises(SMEs).Overcoming these hurdles demands a strategic approach,collaboration with stakeholders and investment in talent development,infrastructure and ethical frameworks to fully harness the potential of AI.AI offers numerous benefjts to businesses,including:Reducing Human Error AI-enabled systems minimise errors,saving time and resources.Automating Tasks AI automates routine tasks,allowing employees to focus on complex tasks.Handling Big Data AI processes and analyses large datasets quickly and accurately.Facilitating Decision-Making AI gathers insights rapidly,aiding in faster decision-making.AI-Enabled Digital AssistantsChatbots and voice assistants address customer queries promptly.Performing Risky Tasks AI applications undertake hazardous tasks,reducing risks.Improving Processes AI enhances workflows and productivity,minimising errors.Assisting in Healthcare AI predicts health risks and aids in complex medical procedures.Full-Time Availability AI systems are available 24/7,ensuring continuous productivity.Opportunities&Adversities in AI /7 Survey MethodologyPERSOLKELLY 2024 Workforce Insights Report.The survey was conducted from 22 February,2024 1 March,2024,across 12 markets in Asia Pacific.The total sample collected was 2,409.Respondents were employees of small(10-249 employees)and large(250 employees)companies.AccountancyTransportation&DistributionHospitality&LeisureMedia/Marketing/Advertising/PR&SalesConstructionEducationFinancial ServicesMedical&Health ServicesLegalManufacturingReal EstateRetailIT&TelecomsSectors involved in the survey:KoreaTaiwanHong KongSingaporeIndonesiaChinaIndiaNew ZealandAustraliaVietnamMalaysiaThailandOpportunities&Adversities in AI /8 AI in the WorkplaceAI generated imageOpportunities&Adversities in AI /9 How is AI Used in the Workplace?The survey reveals that AI chatbots and virtual assistants(28%)top the list as the most used or considered AI applications.These platforms including Dialogflow by Google,Microsoft Bot Framework,Rasa and others utilise natural language understanding(NLU)technology to understand and respond to user queries in natural language,contributing to enhanced customer service and improved user experience.Next comes AI for customer service(25%),employing software tools like Zendesk AI,Freshdesk,and Intercom.These tools streamline customer inquiries,automate tasks,organise support tickets and provide insights into support team performance.They enable multichannel support,maintain a knowledge base and personalise communication,leading to improved customer interactions and loyalty.Additionally,AI for marketing(22%)is on the rise leveraging platforms such as Adobe Sensei,HubSpot AI and Marketo.These platforms enable effective data analysis,provide insights and craft personalised customer journeys,enhancing customer engagement for businesses.Spending on AI-related software,services and hardware for AI-centric systems in Asia Pacific is set to hit$78.4 billion by 2027,growing at a compound annual growth rate(CAGR)of 25.5%from 2022 to 2027.Source:IDC$78.4 billionAI chatbots and virtual assistants 28%Customer service 25%Marketing 22%Top 3 most used/considered AI applicationsOpportunities&Adversities in AI /10 37%Customer Service/OperationsJob Roles Affected by AI AdoptionRespondents across the APAC region anticipate that AI adoption will impact various departments within their companies,with IT(40%),HR(39%)and Customer Service/Operations(37%)being the top areas of concern.Across all markets,there is a general consensus(top four choices)that IT roles will be impacted by AI adoption.This holds true even in Taiwan(29%),Australia(30%)and Malaysia(33%),where IT roles are perceived to be less affected.Additionally,customer service/operations rank in the top three concerns in all markets except Vietnam and Thailand.Departments most affected by AI adoption40%Information Technology39%Human ResourcesAI is delivering benefjtsRespondents in the APAC region value AI technology primarily for its efficiency(51%)and productivity(44%),making them the top two factors.This mirrors the popularity of AI chatbots and virtual assistants as noted in the survey,which serve as versatile tools across various job roles to enhance efficiency and productivity.AI technologies are clearly proving to be valuable assets that drive positive outcomes and contribute to business success.Top 5 reasons companies are adopting AI technologyIncrease effjciency 51%Increase productivity 44%Reduce operational costs and increase cost-effjciency 35%Reduce the risk of human error 32%Stay competitive in the market 29%Opportunities&Adversities in AI /11 Actions Taken After AI AdoptionIn terms of actions following AI adoption,the top responses overall include implementing upskilling(46%),change management strategies to aid employee adaptation(44%),and maintaining communication(44%).Upskilling emerges as a popular choice,featuring in the top three for all markets except Korea,Indonesia and New Zealand.However,upskilling appears particularly unpopular among Korean respondents plummeting to the bottom three at 27%.This trend,coupled with Korean managers lesser interest in retaining key talent(just 16%compared to APACs 33%),suggests a potential openness among Korean respondents to replacing staff with AI,although they perceive the need for this as insignificant.Interestingly,for Indonesia and New Zealand,upskilling is replaced in the top three responses by utilising AI for HR decision-making(49%and 44%respectively).This shift reflects the previous emphasis on HR decision-making factors in both markets reasons for adopting AI.Top 3 strategies for bridging the skill gap to implement AI technologyAI generated imageInternal upskilling 18%Training and knowledge sharing for AI-related skills 14%Supporting employees in obtaining AI certifjcation/education 14%Opportunities&Adversities in AI /12 Critical skills in an AI eraAs automation and AI reshape the workforce,there is a growing recognition of the value of uniquely human skills.While technology excels in efficiency and accuracy,it often lacks in emotional intelligence,creativity,empathy and interpersonal connections.Skills like building relationships,collaborating effectively and understanding human emotions are inherently human and difficult for technology to replicate.Therefore,leveraging these skills will be essential for success in the evolving workforce complementing emerging technologies.Employers across the Asia Pacific region emphasise the importance of specific human skills in successful AI adoption.According to survey results,creativity(43%),adaptability(42%)and critical thinking(39%)are deemed crucial for AI integration.These skills empower employees to innovate,adapt to changes and make informed decisions based on AI insights.Project management skills(29%)are considered the least important,filling the bottom spot.Some variables across markets did emerge.For example,in Indonesia,digital literacy(47%)and communication(46%)are prioritised over adaptability and critical thinking.In Singapore,critical thinking(51%)and adaptability(50%)are highly valued while creativity is less emphasised(29%).Conversely,Korea,Vietnam and Thailand prioritise digital literacy over critical thinking with Korea ranking it lowest(22%).Vietnam and Thailand prioritise digital literacy at 43%over critical thinking,rated at 31%and 28%respectively.Critical skills for AI adoptionAI generated imageCreativity and innovation 43aptability and fmexibility 42%Critical thinking and problem-solving 39%Analytical skills 38%Communication and collaboration 36%Digital literacy 36%Project management skills 29%Opportunities&Adversities in AI /13 How companies plan to manage the potential displacement of jobs due to AIOffer reskilling programs Create new job positions Engage in open dialogue about the impactsWays to manage job displacement due to AIBusinesses must take action in response to AI adoption,as failure to do so could lead to substantial disruption,talent attrition and reduced competitiveness.Proactively managing potential job displacement ensures that the organisation maintains agility,resilience and readiness to succeed in a rapidly-evolving landscape shaped by AI and automation.When asked about managing potential job losses due to AI,roughly half of companies in Asia Pacific(45-50%)chose options like providing re-skilling programs,creating new job positions and having open discussions about the potential impacts.In markets like Australia and Korea,which show less interest in adopting AI,theres a stronger belief that significant job losses are unlikely.In Australia,41%are confident that job displacement wont occur leading to lower interest in other plans to manage it.Korea,on the other hand,prefers to be cautious,with 42%opting for dialogue with employees about potential impacts.In contrast,India has a much lower belief that job displacement wont happen,with only 8%sharing this view.Consequently,India is more supportive of all plans to manage displacement than the regional average.Vietnam,China and New Zealand show similar trends,with higher expectations of job displacement and a corresponding higher interest in plans to manage it.Notably,China emphasises creating new job roles(60%)as a primary strategy for handling displacement.Opportunities&Adversities in AI /14 ConclusionAI generated imageOpportunities&Adversities in AI /15 The rise of AI,exemplified by innovative tools like ChatGPT,signals the onset of the fourth industrial revolution.The pace of change is expected to accelerate further as the global AI chip race intensifies,with tech companies competing to develop increasingly powerful semiconductors crucial for the next wave of AI tools.It is fair to say that both employees and businesses cannot afford to ignore these trends if they want to remain relevant in the future.As automation and AI continue to advance,there is a pivotal shift altering how people work,communicate and access information.Skill requirements are evolving rapidly,impacting production,management and governance structures.Individuals must stay informed and adapt by acquiring new skills or transitioning to different roles,while businesses need to adjust strategies,operations and their workforce to leverage these technological advancements.Neglecting these trends could leave both individuals and businesses vulnerable to disruption and loss of competitiveness.PERSOLKELLY is actively adapting its services to meet the demands of this evolving space,to better serve both job seekers and employers.By leveraging AI-driven insights,PERSOLKELLY assists job seekers in finding roles that align with their passions and values ensuring a workforce that is engaged,motivated and fulfilled in their professional pursuits.Through personalised guidance and strategic support,PERSOLKELLY enables employers to harness the potential of AI technologies to optimise recruitment processes and cultivate a workplace culture that fosters happiness,satisfaction and personal growth.Invest strategically in AI:Recognise AI as more than just a technology;its a strategic investment that can reshape operations,customer experiences and competitiveness.Develop an AI-ready workforce:Prioritise upskilling current employees,attracting AI-specialised talent and fostering a culture of continuous learning and adaptation to new technologies.Differentiate between AI hype and reality:Stay informed about AI developments,make decisions based on facts and avoid following trends that dont align with business objectives or deliver tangible benefits.Optimise operations or exit:In anticipation of economic stagnation,assess assets and markets for profitability and consider divesting from underperforming areas.Drive growth through strategic partnerships:Explore opportunities for strategic mergers,acquisitions and joint ventures to acquire new capabilities,enter new markets or enhance AI capabilities.Five tips for CEOs in the AI Era:Source:EYOpportunities&Adversities in AI /16 AppendixAI generated imageOpportunities&Adversities in AI /17 Implement upskilling programs for current staffImplement change management strategies to help employees adapt to new roles and technology-driven changesMaintain open and transparent communication about AI adoption and its impact on job rolesEnsure that AI-related activities comply with laws and regulationsRedefinition of job roles and responsibilities to accommodate AI technologyUtilise AI and data analytics for HR decision-making related to role changesDevelop comprehensive plans to assist affected staff in finding new opportunities within or outside the organisationRetain key talent and maintain employee morale during transitionsActions taken after AI adoptionAustraliaIndonesiaSingaporeHong KongMalaysiaTaiwanChinaKoreaThailandIndiaNew ZealandVietnam30!8RD7R28AEB9ED73AEB75PERDCHQUU78I1BHTE6$B1G68538IGGP4BD83DSA95EDBET4BG1BBQH8BEEBC2187D4F%Opportunities&Adversities in AI /18 Top 5 reasons for adopting AI technology(by market)KoreaTo reduce operational costs and increasing cost-efficiency 40%To increase efficiency 38%To increase productivity 36%To stay competitive in the market 29%To reduce overhead cost 26%MalaysiaTo increase efficiency 60%To increase productivity 49%To reduce operational costs and increasing cost-efficiency 40%To improve the quality of content output 33%To reduce the risk of human error 30%Hong KongTo increase efficiency 53%To increase productivity 50%To reduce operational costs and increasing cost-efficiency 40%To reduce overhead cost 37%To reduce the risk of human error 36%ChinaTo increase efficiency 54%To increase productivity 47%To reduce operational costs and increasing cost-efficiency 35%To reduce the risk of human error 32%To reduce overhead cost 30%VietnamTo increase efficiency 49%To increase productivity 46%To reduce overhead cost 35%To reduce operational costs and increasing cost-efficiency 34%To reduce the risk of human error 30%ThailandTo increase efficiency 56%To optimise workforce planning and resource allocation 38%To reduce the risk of human error 36%To reduce operational costs and increasing cost-efficiency 33%To stay competitive in the market 31%New ZealandTo increase efficiency 43%To increase productivity 38%To enable data-driven decision-making for HR and talent management 36%To improve talent acquisition and recruitment processes 36%To optimise workforce planning and resource allocation 33%TaiwanTo increase efficiency 60%To reduce overhead cost 40%To increase productivity 39%To reduce operational costs and increasing cost-efficiency 33%To reduce the risk of human error 32%IndiaTo increase efficiency 46%To increase productivity 42%To stay competitive in the market 38%To improve the quality of content output 36%To reduce operational costs and increasing cost-efficiency 35%IndonesiaTo increase efficiency 48%To increase productivity 48%To reduce the risk of human error 37%To stay competitive in the market 35%To reduce operational costs and increasing cost-efficiency 34%AustraliaTo increase efficiency 49%To increase productivity 49%To reduce operational costs and increasing cost-efficiency 30%To stay competitive in the market 27%To improve the quality of content output 24%SingaporeTo increase efficiency 59%To increase productivity 57%To reduce the risk of human error 40%To reduce operational costs and increasing cost-efficiency 35%To enhance customer experience 31%Opportunities&Adversities in AI /19 Top 5 job roles affected by AI adoption in the company(by market)AustraliaAdministrative 38%Customer Service/Operations 36%Marketing 36%IT 30%HR 25%Hong KongCustomer Service/Operations 48%IT 38%HR 36%Marketing 33ministrative 32%ChinaIT 49%HR 42%Customer Service/Operations 35%Manufacturing 34%Marketing 29%MalaysiaCustomer Service/Operations 42%HR 39ministrative 36%IT 33%Marketing 29%VietnamHR 45%IT 37%Manufacturing 36ministrative 35%Marketing 34%ThailandIT 48%HR 38%Finance 35%Customer Service/Operations 33%Manufacturing 33%New ZealandHR 80%IT 50%Customer Service/Operations 34%Marketing 34%Finance 29%TaiwanCustomer Service/Operations 36ministrative 31%Marketing 30%IT 29%Sales 24%IndiaIT 44ministrative 40%HR 39%Customer Service/Operations 39%Marketing 36%IndonesiaIT 48%Customer Service/Operations 45ministrative 44%HR 43%Marketing 42%SingaporeAdministrative 41%Customer Service/Operations 39%IT 38%HR 35%Marketing 29%KoreaAdministrative 40%Customer Service/Operations 37%IT 36%Marketing 32%Manufacturing 31%Opportunities&Adversities in AI /20 Strategy to bridge skill gap in order to implement AIAustraliaChinaHong KongIndiaIndonesiaKoreaMalaysiaNew ZealandSingaporeThailandTaiwanVietnam21%8%6%6%5%9%9%1!%9%7%6%4%4%8%7%6%2%9%9%8%2%9%8%5%8#%8%5%7%9%1%8%6%5%8%8%5 %9%8%7%9%4%9%9%4%Internal upskilling and training programsOrganise cross-functional training and knowledge sharing within organisation to develop AI-related skillsSupport employees in obtaining relevant AI certifications and furthering their educationEngage external consultants or experts to guide and support AI adoption and workforce development effortsHire individuals with necessary AI skillsCollaborate with vendors who use the same technology,outsourcing tasks when necessary for specific projectsEngage specialised freelancers,temporary,or contract staff who are experts in the required AI technology for project-based workPartner with staffing companies that specialise in sourcing talent familiar with technology we needDont know/not applicable;there is no skill gapOpportunities&Adversities in AI /21 Critical skills in an AI eraAustraliaChinaHong KongIndiaIndonesiaKoreaMalaysiaNew ZealandSingaporeThailandTaiwanVietnam365E146%FS18%&BHE4)8F9D4565W411FG%6B6486FAB)A#HG3E)PQC38$BB(A9C$H7FB6)(BB1C3C)%Creativity and innovationAdaptability and flexibilityCritical thinking and problem-solvingAnalytical skillsCommunication and collaborationDigital literacyProject management skillsOpportunities&Adversities in AI /22 Ways to manage job displacement due to AIAustraliaChinaHong KongIndiaIndonesiaKoreaMalaysiaNew ZealandSingaporeThailandTaiwanVietnamOffering reskilling programs to transition into other roles within the companyCreating new job roles that complement AI technologiesEngaging in open dialogue with employees about potential impacts and solutionsProviding support and resources for external job placementNot applicable;We do not foresee significant job displacement due to AI3344#ATF5%7PEIWXF%8QIQG%969B%IDC6UVGF%4SGA3THP7IH(YIUI%6%Opportunities&Adversities in AI /23 Speed of implementing AI policiesWithin a yearMore than a year39X2cRA9GC6S$5V21625AG%AustraliaChinaHong KongIndiaIndonesiaKoreaMalaysiaNew ZealandSingaporeThailandTaiwanVietnamOpportunities&Adversities in AI /24 Page 3:McKinsey&Company articleWhat is AI?-2023Page 5:Boston Consulting Group ReportAccelerating Australias AI Adoption 2023Defence Research and Studies articleSouth Korea-A Key Player in AI Research-2023The Korea Times articleKorea to invest$527 mil.to integrate AI into all sectors of society 2024Forrester ReportFuture Of Jobs Forecast,2020 To 2040(India,China,South Korea,Australia,And Japan)2022Ipsos SurveyAI is making the world more nervous-2023Page 6:Forbes articleAdvantages Of Artificial Intelligence(AI)In 2024 2024Page 9:IDC Worldwide Artificial Intelligence Spending Guide 2023Page 15:EY ArticleHow Asia-Pacific CEOs Can Grow In The AI Era Amid Economic Challenges 2023ReferencesOpportunities&Adversities in AI /25 We are one of the leading staffing,recruitment and HR solutions providers in the Asia Pacific region.Built on a legacy of innovation that dates back to the start of the modern staffing industry,PERSOLKELLY have a depth and breadth of expertise across diverse industries.Our team of specialists take a collaborative approach to understand your unique challenges,leading to better relationships and results.And our dynamic,fresh-thinking is paired with a focus on quality,creating greater value for your business.With PERSOLKELLY,you get the strength and support of an organisation that has successfully been delivering this value across the APAC region for decades.About PERSOLKELLYDatabase of over 650k candidates40 years of experience in APACRegional and global networks13 market coverage across APAC,with 80 officesAustralia,China,Hong Kong,India,Indonesia,Korea,Malaysia,Philippines,New Zealand,Singapore,Taiwan,Thailand,VOpportunities&Adversities in AI /26 2024 PERSOLKELLY Pte Ltd.All Rights Reserved.

10人已浏览 2024-05-16 26页 5星级

Outsmarting Amazons Storage Fees:Essential Inventory Tactics2 FEEDVISOROutsmarting Amazons Storage Fees:Essential Inventory TacticsAmazons fulfillment fees have long posed challenges to sellers profits research shows sellers pay 20-35%in Fulfillment by Amazon fees,1 which encompass storage and other fees.But while fulfillment fees have historically been an issue for sellers,they should be prepared for an even bigger challenge this year in 2024,the stakes are higher as Amazon introduces a more intricate system of storage fees,further complicating the profitability equation for sellers.To navigate the intricate labyrinth of Amazons storage fees,we have crafted a comprehensive guide to Amazons most recent fee structures.We will unveil the complexities of Amazons storage fees while providing invaluable inventory tactics,empowering sellers to mitigate fulfillment costs and safeguard their earnings.Throughout this guide,we will delve into:The often overlooked nuances of Amazons storage fees,shedding light on common pitfalls that lead to unexpected chargesThe recent shifts in Amazons inventory reporting and why sellers must remain more vigilant than ever beforeActionable strategies for inventory optimization,enabling sellers to proactively mitigate the risk of storage fee penalties.The benefits of using inventory-aware repricing like Feedvisors cutting-edge inventory-aware AI repricer,a powerful tool designed to enhance inventory velocity and safeguard against storage fee burdensWith this guide,sellers will gain a deeper understanding of the storage fees that jeopardize their profits,particularly Amazons low-inventory-level fee,which demands precise inventory management.Furthermore,we will provide tangible tips and tricks to strategically align inventory levels.Armed with this knowledge,you will be well-prepared to navigate Amazons perplexing storage fees,steering clear of both overstocking and understocking scenarios,and mitigating the impact of complex storage fees on your bottom line.1 Search Engine Land3 FEEDVISOROUTSMARTING AMAZONS STORAGE FEES:ESSENTIAL INVENTORY TACTICS*Projected for the full year based on the first two quarters.Referral FeesSeller Advertising FeesFulfillment(FBA)FeesOther FeesAmazons Revenue from Seller Feesin the U.S.by Type of Fee31 Amazon2 Search Engine Land3 ILSRWin on Amazon with inventory-aware repricing: Fees:A Bigger Focus for Merchants in 2024In 2023,Amazon achieved its quickest global delivery speeds for Prime members by prioritizing regional fulfillment centers,marking its fastest shipping speeds to date.1Specifically,Amazon surpassed 7 billion units delivered the same or next day,including over 4 billion units in the U.S.and more than 2 billion in Europe.In 2024,the e-commerce giant is intensifying efforts to improve supply chain and inventory management.Its goal is to enhance operations by providing teams with precise insights into incoming inventory,aligning it with regional customer demands for a more streamlined and responsive process.Amazon is reinforcing its distribution centers by introducing new inventory fees and features to encourage sellers to hone in on their inventory management.Notably,Amazon has introduced the low-inventory-level fee and made improvements to its inventory reporting to help achieve their goal.Yet,this poses a challenge,as current research indicates that Amazon now deducts 45 cents in fees from every third-party sales dollar.A significant portion of these costs comes from fulfillment fees,with FBA fees accounting for up to 35%of a typical sellers total fees.2 Amidst sellers concerns about various inventory and fulfillment expenses,these additional fees make inventory a more crucial focus for sellers in 2024.4 FEEDVISORLow-Inventory-Level Fee:ExplainedThe low-inventory-level fee will be applicable for standard-sized products and implemented for consistently low inventory levels starting April 1st.The fee only applies to standard-sized products when both their long-term(last 90 days)and short-term(last 30 days)historical days of supply are below 28 days.Sellers should know that this fee operates differently from traditional retroactive storage fees,which apply to the previous month.Instead,it relies on historical data to assess charges for future sales.Importantly,you will not incur this fee if you have no stock linked to a specific ASIN,as it is tied to actual sales.In other words,the Low Inventory Fee is charged for upcoming orders if they meet certain criteria based on past stock levels.The fee is calculated during a recalculation process that typically occurs on Sunday night or Monday morning.The fee will apply if orders after Amazons recalculation do not meet the required stock-level criteria over the past 30 days,90 days,and for new product listings.As the seller,you will be responsible for covering this fee for a 7-day.Its important to note that Amazon doesnt calculate these metrics daily but rather in weekly increments during the specified recalculation time.In introducing this new fee,Amazon aims to motivate sellers to optimize their inventory management and expedite the distribution process within fulfillment centers.The fee specifically targets instances where sellers maintain inadequate inventory relative to their unit sales,potentially impeding Amazons ability to efficiently distribute products through the FBA network in a timely and cost-effective manner.What If Im a New Seller?There is an exemption from this fee for new sellers who have spent less than 365 days on Amazon.When you introduce a new ASIN,your product qualifies for the New Selection program,granting a grace period of 180 days.New Low-Inventory-Level Fee(Begins April 1,2024)2024 Size TierShipping WeightLow-Inventory-Level Fee0-14 Historical Days of Supply14-21 Historical Days of Supply21-28 Historical Days of SupplySmall StandardUp to 16 oz$0.89$0.63$0.32Large StandardUp to 3 lb$0.97$0.70$0.36Large Standard3 lb to 20 lb$1.11$0.87$0.47Courtesy of AmazonOUTSMARTING AMAZONS STORAGE FEES:ESSENTIAL INVENTORY TACTICS5 FEEDVISORWhile the recent fee introduction may bolster Amazons efficiency in fulfillment center distribution and supply chain management,it presents a hurdle for sellers.While fees are essential,they can significantly diminish a sellers profits;reportedly,Amazon now deducts 45 cents in fees from every dollar of third-party sales.This new fee adds to the array of inventory-based costs that sellers must vigilantly manage,including:Fulfillment costs:These are the costs that Amazon charges to fulfill the order.It varies based on the product size and weight.Storage costs:The fees Amazon charges for the space the inventory takes in its fulfillment center.The fee is calculated based on the average number of units stored in the FBA center per month,varying most notably during Q4.Storage Utilization Surcharge:A charge incurred when a seller keeps inventory units in an Amazon warehouse longer than 26 weeks.Aged Inventory Surcharge:A monthly charge assessed using an inventory snapshot on the 15th day of each month.The Aged Inventory Surcharge is only charged on inventory units stored in an FBA center longer than 180 days.Long-term storage fee:A fee charged to items once the units have been stored for more than a full calendar year,that is,over 365 days in a row.New low-inventory fees penalize sellers for having too little stock,adding to the above existing excess inventory fees.Striking the right balance has become a delicate act akin to walking a tightrope.Protect your profits from storage fees with inventory-aware repricing: AMAZONS STORAGE FEES:ESSENTIAL INVENTORY TACTICS6 FEEDVISORAmazon Inventory ReportingAmazon has also recently upgraded its FBA(Fulfillment by Amazon)Inventory reporting,introducing more dynamic,real-time data and additional metrics for sellers.This enhanced system now categorizes inventory with different states and provides insightful fee forecasts based on these states.Notable improvements include:Fresher Data:The data refresh rate has been increased to 1 day,a significant improvement from the previous 10 days.Inventory Tagging:Items are now tagged with labels such as Healthy,Excess,Low Inventory,and Out of Stock,allowing sellers to assess their stock status quickly.Comprehensive Metrics:Numerous metrics have been incorporated to calculate the inventory states mentioned above,providing sellers with a more comprehensive view of their stock performance.Fee Forecasting:The system now forecasts fees based on inventory states and metrics,helping sellers anticipate costs more accurately.Recommendations:Sellers will benefit from a range of recommendations,including replenishment suggestions,enabling them to optimize their inventory management strategies.These enhancements aim to empower merchants with valuable insights and tools for better decision-making and overall efficiency within the FBA system.With this updated data,Amazon gains improved insights into inventory states,influencing both past and predicted fees.In light of these new capabilities,sellers need to adapt to safeguard their profits swiftly.Failure to do so could lead to:Increased Fees:Amazons charges are directly linked to inventory states.For instance,excessive inventory or low stock levels can impact fees related to storage,fulfillment,and other services.Negative Buy Box Visibility Impact:While current penalties like visibility restrictions or Buy Box(BB)ineligibility may not be in effect,there is a potential for Amazon to introduce such measures in the future.Its crucial for sellers to accurately grasp the inventory status per SKU and take appropriate actions to mitigate fee-related risks.OUTSMARTING AMAZONS STORAGE FEES:ESSENTIAL INVENTORY TACTICS7 FEEDVISORNavigating Amazons recently introduced inventory fee can be perplexing for sellers.However,Feedvisor has created strategies that are able to minimize the risk of finding yourself in a situation with either insufficient or excess inventory.Consider Your Parent ASINsIf you encounter significant stocking issues with certain products,consider placing them in a slower-moving“parent”category to gain some breathing room.Conversely,if a product is dragging down an entire category and you wish to avoid the Low Inventory Fee for each variation,it may be wise to remove the ASIN from that parent category to prevent negative repercussions on the others.7-Day BufferThe majority of Amazons new inventory metrics are calculated over a 7-day cycle,not daily.Consequently,any discrepancies in your estimates may only become apparent on Mondays.To ensure better planning,consider incorporating a 7-day buffer to your“28-day minimum.”Take note that if your Days of Supply dips below the threshold while your Days of Inventory exceeds the threshold,no immediate action is necessary the issue will likely self-correct over time.However,its advisable to set the threshold above Amazons 28 days and ensure a buffer of at least 35 to 42 days of inventory to avoid low-inventory-level fees.Understand Inventory MetricsAmazon recommends having sufficient inventory to cover 30 to 60 days of anticipated sales.This guideline is represented by the metric“Days of Inventory,”calculated by dividing the current inventory by daily units sold.This metric is forward-looking,comparing the current inventory level to the historical average sales velocity.On the other hand,Days of Supply is a backward-looking metric.Instead of considering the current inventory,it examines the historical average units on hand,dividing it by the average daily units shipped(which,over time,is nearly identical to the average units sold).Even though Days of Supply are computed at the parent level,the recommended approach is to maintain forward-looking Days of Inventory at the SKU level.If,for any reason,a seller cannot maintain adequate Days of Inventory at the SKU level,they can utilize aggregated Days of Inventory at the parent level.Sellers should also pay attention to their Storage Utilization ratio.To prevent a Storage Utilization Surcharge,sellers should ensure their Storage Utilization ratio remains below 26 weeks.This ratio is based on storage volumes rather than units.If the ratio runs high,the most effective solution is to expedite sales,optimizing the use of storage space.Our Top Tips and Tricks for Minimizing Inventory FeesOUTSMARTING AMAZONS STORAGE FEES:ESSENTIAL INVENTORY TACTICS8 FEEDVISOREffectively managing stock levels manually,without encountering issues and accruing fees,proves challenging within Amazons dynamic marketplace.Responding to factors like frequent price changes and varying consumer demand demands more than a manual approach.Worse still,achieving a consistently stable selling rate over 30 to 90 days is not guaranteed and often unlikely.Optimize Inventory Velocity Using Repricing TechnologyToo Much Inventory Imagine that low Buy Box visibility is slowing your sales and hindering product movement.While youre conscious of the looming risk of excess charges due to inventory health,youre uncertain about the strategic steps needed to rapidly generate and convert more demand before incurring additional fees.You need a solution that maximizes your Buy Box visibility and evaluates price elasticity to pinpoint the optimal price for increased demand,ultimately boosting sales velocity and expediting inventory turnover.Products at Risk for OverstockSeasonalTrend-DrivenElectronicsConsider the following scenarios that could benefit from advanced,inventory-aware repricing.Win on Amazon with inventory-aware repricing: AMAZONS STORAGE FEES:ESSENTIAL INVENTORY TACTICSWith this in mind,inventory-aware repricing technology is essential for accurately forecasting consumer demand,predicting shifts in your selling rate,and identifying unforeseen issues that may elude manual detection.9 FEEDVISORJust RightIn both scenarios,the crux is optimizing inventory velocity.Given the multitude of factors at play,sellers must automate the process and respond promptly.But while many solutions offer data,the missing link is actionable real-time strategies per Asin that only AI can achieve truly optimizing the pace at which your products move.Navigating Amazons latest fees is no longer about responding to market changes but about predicting and influencing them.This is where Feedvisors advanced repricing technology comes into play,going beyond simple insights to empower sellers with actionable strategies.With its latest update,Feedvisor has enhanced its prowess in optimizing pricing and profitability by now factoring in the pace of product sales.The result:Sellers are able to fine-tune their price velocity,preventing inventory issues.Feedvisors inventory-aware repricing not only allows sellers to competitively price against others but also ensure profitability and increased sales simultaneously.Feedvisors repricing solution is able to merge smart algorithms,competitive signals,and real-time inventory insights.It swiftly adapts to market shifts,intelligently adjusting prices in real time to discover the optimal point for achieving the desired sales and inventory velocity.Too Little InventoryPicture this:youre dealing with unexpectedly high demand for your product.Knowing you need to replenish your inventory quickly,the challenge is determining the right reorder quantity.Worse still,new inventory may not be readily available.You need a solution that bridges this gap,preventing a significant stock shortage without disrupting your sales flow.OUTSMARTING AMAZONS STORAGE FEES:ESSENTIAL INVENTORY TACTICS10 FEEDVISORIf a seller notices a continual decrease in Days of Supply,it is crucial to restock inventory.Feedvisors AI-driven replenishment recommendations leverage historical sales pace and various factors like demand,seasonality,and competition to provide accurate inventory reorder forecasts.Feedvisors AI-driven Dynamic Pricing algorithms adeptly analyze market dynamics,whether you own the Buy Box or compete for it.The algorithmic repricer calculates the optimal sales velocity,adjusting pricing based on the demand curve and price elasticity,ensuring the desired price velocity is achieved.A low Buy Box can hinder inventory velocity in competitive Buy Box scenarios,often due to non-competitive pricing or slow responses to market changes.Feedvisors AI-driven pricing strategies maximize Buy Box share by analyzing competitor behavior,predicting actions,and strategizing in line with the sellers business objectives.These strategies optimize price based on elasticity,increasing demand and sales velocity.For those who already own the Buy Box,Feedvisors dynamic pricing AI automatically learns demand curves and price elasticity,determining the best price point to optimize sales velocity.In other words,Feedvisors powerful repricing solution goes beyond grasping price elasticity nuances.It considers market dynamics and inventory levels at a granular level,empowering sellers to cut fees and boost profits.In Action:How Feedvisors AI repricer solves for low stock levelsIn Action:How Feedvisors AI repricer solves for high stock levelsAvoid profit losses caused by inventory level fluctuations with inventory-aware repricing: AMAZONS STORAGE FEES:ESSENTIAL INVENTORY TACTICS FEEDVISOR11Final ThoughtsIn a landscape where every fee deduction impacts your bottom line,safeguarding your earnings has never been more crucial.The introduction of the new inventory fee and enhanced reporting emphasizes the need for proactive strategies to safeguard your earnings.Successfully navigating the intricate landscape of Amazons fulfillment fees requires a strategic approach,harnessing the power of cutting-edge AI-driven repricing technology available today.From optimizing inventory management to harnessing the power of todays inventory-aware repricing tools,you will uncovered a wealth of insights.As you step forward into the ever-evolving world of Amazon sales,may your strategies be fortified,your fees minimized,and your profits maximized.Your success in this dynamic realm hinges on adaptability,and armed with the insights from this guide,you are well-prepared for the challenges and triumphs that lie ahead.Mitigate fulfillment fees with the most intelligent inventory-aware repricing: Demand and Sales with AI-Powered,Inventory-Aware Repricing and Advertising Optimization,Starting at$100 a MonthThe Top AI-Powered RepricerHarness the power of the most advanced AI technology to gain a competitive advantage and optimize your pricing strategies.Optimal Campaign Performance Leverage impactful advertising optimization,driving keyword harvesting and campaign optimization.Data-Driven Insights Make informed decisions with access to real-time market data and performance analytics.64%increase in revenue 40%increase sales51%improvement in sales rankOur clients see results:Start your 14-day free trial: have used Feedvisor for almost 5 years now.I can clearly say that we would not be as successful as we are on Amazon without Feedvisor.We have been able to reliably grow our sales year over year and stay competitive without increasing our inventory liability,thanks to the AI repricer and reporting features in Feedvisor.-Steven L.,E-Commerce Specialist“REPRICING OPTIMIZATION|ADVERTISING OPTIMIZATION|POWERFUL ANALYTICSExperience the power of Feedvisor with:Increased Profitability Maximize profit margins by automating pricing strategies and identifying revenue opportunities.Pre-Built Optimization Strategies Customize your repricing strategy to your unique business needs with an array of profit to revenue-oriented strategies.Optimize Inventory ManagementManage your inventory levels to steer clear of fulfillment fees with intelligent,inventory-aware repricing.Try Us Free Today

2人已浏览 2024-05-15 12页 5星级

from Microsoft and LinkedIn2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInAI at Work Is Here.Now Comes the Hard PartEmployees want AI,leaders are looking for a path forward.Illustration by Ben Wiseman2 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInThe data is in:2024 is the year AI at work gets real.Use of generative AI has nearly doubled in the last six months,1 with 75%of global knowledge workers using it.And employees,struggling under the pace and volume of work,are bringing their own AI to work.While leaders agree AI is a business imperative,many believe their organization lacks a plan and vision to go from individual impact to applying AI to drive the bottom line.The pressure to show immediate ROI is making leaders inert,even in the face of AI inevitability.Weve come to the hard part of any tech disruption:moving past experimentation to business transformation.Just as we saw with the advent of the internet or the PC,business transformation comes with broad adoption.Organizations that apply AI to drive growth,manage costs,and deliver greater value to customers will pull ahead.At the same time,the labor market is set to shift againwith AI playing a major role.Despite fears of job loss,leaders report a talent shortage for key roles.And as more employees eye a career move,managers say AI aptitude could rival experience.For many employees,AI will raise the bar but break the career ceiling.To help leaders and organizations overcome AI inertia,Microsoft and LinkedIn looked at how AI will reshape work and the labor market broadly,surveying 31,000 people across 31 countries,identifying labor and hiring trends from LinkedIn,and analyzing trillions of Microsoft 365 productivity signals as well as research with Fortune 500 customers.The data points to insights every leader and professional needs to knowand actions they can takewhen it comes to AIs implications for work.1 46%of survey respondents who use generative AI at work have used it for less than six months.3 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn1 Employees want AI at workand they wont wait for companies to catch up.2 For employees,AI raises the bar and breaks the career ceiling.3 The rise of the AI power userand what they reveal about the future.Findings4 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInEmployees want AI at workand they wont wait for companies to catch up.of knowledge workers use AI at work75%Finding 15 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn2 Data represents intentional user Copilot query for meeting summarizations by commercial customers in a rolling 28-day period ending in March 2024.It does not include activity from Teams Intelligent Recap.Heaviest users represent the top 5%of users by number of Copilot queries.Excludes EU usage and education segment.Already,AI is being woven into the workplace at an unexpected scale.75%of knowledge workers use AI at work today,and 46%of users started using it less than six months ago.Its paying off:Users say AI helps them save time(90%),focus on their most important work(85%),be more creative(84%),and enjoy their work more(83%).The heaviest Teams users(the top 5%)summarized 8 hours of meetings using Copilot in the month of March,the equivalent of an entire workday.2While most leaders agree AI is a necessity,the pressure to show immediate ROI is making leaders move slowly.79%of leaders agree their company needs to adopt AI to stay competitive,but 59%worry about quantifying the productivity gains of AI.This uncertainty is stalling vision:60%of leaders worry their organizations leadership lacks a plan and vision to implement AI.“Were at the forefront of integrating AI to not just work faster,but to work smarter.Its our responsibility as organizational leaders to ensure that this technology elevates our teams creativity and aligns with our ethical values.”Karim R.Lakhani,Chair,Digital Data Design Institute at Harvard,and Dorothy&Michael Hintze Professor of Business Administration at Harvard Business School6 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInThree Out of Four People Use AI at WorkUsage nearly doubled in the last six months.46%of them started using it less than 6 months ago75Fu%of people are already using AI at workSurvey Questions:How often do you use generative artificial intelligence(AI)for your work?How long have you been using generative artificial intelligence(AI)at work?7 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInWithout guidance or clearance from the top,employees are taking things into their own hands and keeping AI use under wraps:78%of AI users are bringing their own AI tools to work(BYOAI)its even more common at small and medium-sized companies(80%).And its not just Gen ZBYOAI cuts across all generations.52%of people who use AI at work are reluctant to admit to using it for their most important tasks.53%of people who use AI at work worry that using it on important work tasks makes them look replaceable.This approach means missing out on the benefits that come from strategic AI use at scale.It also puts company data at risk in an environment where leaders#1 concern for the year ahead is cybersecurity and data privacy.of AI users are bringing their ownAI to work(BYOAI)78%8 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInShare of survey respondents who are using AI tools at work not provided by their organizationGen ZMillennials Gen X Boomers 85%(1828)78%(2943)76%(4457)73%(58 )Survey Questions:Are the generative artificial intelligence(AI)tools you use at work provided by your organization?BYOAI Is Not Just for Gen Z Employees across every age group are bringing their own AI tools to work.9 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInAnother driver of BYOAI:work has accelerated faster than employees ability to keep up.68%of people say they struggle with the pace and volume of work,and 46el burned out.Email overload persists85%of emails are read in under 15 seconds,and the typical person has to read about 4 emails for every 1 they send.3 Meetings and after-hours work are holding steady at their post-pandemic highs,and the workday still skews toward communication:in the Microsoft 365 apps,users spend 60%of their time on emails,chats,and meetings,and only 40%in creation apps like Word and PowerPoint.4 As AI use surges ahead,leaders who are“extremely familiar”with AI see its potential to be as transformational as the shift from a typewriter to a computer.Within the next five years,41%of these leaders expect to redesign business processes from the ground up with AI.In the same time frame,they anticipate orchestrating(38%)and training a team of AI bots(42%),and ensuring the ethical use of AI(47%)will be a core part of their job.The data is clear:People are overwhelmed with digital debt and under duress at workand they are turning to AI for relief.The opportunity for every leader is to channel this momentum into ROI.“Thesefindingsalignperfectly with how our brains manage the trade-offs between routine task execution and innovationdifferent kinds of thinking supported by two distinct but interacting neural networks in the brain.When were constantly switching,we dont work as well.AI can help liberate workers from menial work and enable innovation and creativity toflourish.”Michael Platt,neuroscientist and professor at the Wharton School of the University of Pennsylvania3 Data represents intentional email usage by commercial customers in a rolling 28-day period ending in March 2024.Excludes EU usage and education segment.4 Collaboration patterns in Microsoft 365 in a rolling 28-day period ending in March 2024,excluding weekends.Time spent is represented by intentional activity in Microsoft 365 applications including Outlook,Teams,Word,PowerPoint,Excel,and OneNote.Intentional actions include things like attending a meeting,writing an email,analyzing data,and reviewing or editing a document.Includes commercial users and excludes education segment.10 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInFor employees,AI raises the bar and breaks the career ceiling.of leaders say they would not hire someone without AI skills66%Finding 211 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInWe also see AI beginning to impact the job market.While AI and job loss are top of mind for many,the data offers a more nuanced viewone with a hidden talent shortage,employees itching for a career change,and massive opportunity for those willing to skill up on AI.Leaders are hiring:The majority(55%)of leaders say theyre concerned about having enough talent to fill roles in the year ahead.These leaders sit across functions,but the number jumps to 60%or higher for those in cybersecurity,engineering,and creative design.Professionals are looking:While some professionals worry AI will replace their job(45%),about the same share(46%)say theyre considering quitting in the year aheadhigher than the 40%who said the same ahead of 2021s Great Reshuffle.And in the US,LinkedIn studies show a 14%increase in job applications per role since last fall,with 85%of professionals considering a new job this year.55 Research was conducted by Censuswide on behalf of LinkedIn among 1,013 US working professionals between November 24 and December 12,2023.of leaders are concerned about having enough talent to fill roles55 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInMarketing/Public RelationsTechnical ServicesCybersecurity61Engineering61Creative Design60Human Resources58Product Development5858Administrative Support or Services57Customer Service56Supply Chain Management56Finance/AccountingLegalReal EstateSales/Business DevelopmentManufacturingOperationsResearch and Development5554525251514946When thinking of the year ahead,60%of Creative Design leaders have expressed a moderate to major concern about not having enough talent to fill roles.Share of leaders who said they have a moderate to major concern about not having enough talent to fill roles50UEe%Survey Questions:When you think about your company in the year ahead,how much of a concern are each of the following?The Hidden Talent Shortage While employees fear job loss due to AI,most leaders worry they cant fill key roles.13 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn“Over the past few decades,companies have been renegotiating the psychological contractthe why of workwith their employees,influencedbynewgenerations,labor trends,and the pandemic.Now companies must renegotiate the operational contract the how of workwith their employees as AI puts more power into the hands of workers in terms of the way the job gets done.”Constance Noonan Hadley,Organizational Psychologist,Institute for Life at Work and Boston University Questrom School of BusinessLeaders have already made their landgrab for technical AI talent,with hiring up 323%in the past eight years.Now theyre turning their sights to non-technical talent with AI aptitudethe skills to use generative AI tools like ChatGPT and Copilot:66%of leaders say they wouldnt hire someone without AI skills.71%say theyd rather hire a less experienced candidate with AI skills than a more experienced candidate without them.And junior candidates may have a new edge:77%of leaders say,with AI,early-in-career talent will be given greater responsibilities.While leaders recognize the value of bringing on new employees with AI aptitude,theyre missing the value of developing their own people:45%of US executives are not currently investing in AI tools or products for employees.6 Only 39%of people globally who use AI at work have gotten AI training from their company.Only 25%of companies are planning to offer training on generative AI this year,further cementing this training deficit.76 Unpublished data from LinkedIns Executive Confidence Index7 Unpublished data from LinkedIns 2024 Workplace Learning Report14 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInLeaders would not hire someone without AI skills66%Leaders say early-in-career talent will get greater responsibilities due to AILeaders are more likely to hire a less experienced candidate with AI skills than a more experienced one without them77q%Survey Questions:To what extent do you agree or disagree with the following statements about generative artificial intelligences(AIs)impact on skills?IwouldbemorelikelytohirealessexperiencedcandidatewithAIskillsthanamoreexperiencedcandidatewithoutAIskillsInconsideringjobcandidates,IwouldnothiresomeonewithoutAIskillsBecausetheycandelegatemoreworktoAI,early-in-careertalentwillbegivengreaterresponsibilitiesThe New Hiring ImperativeAI aptitude takes center stage.15 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInmarketers topping the list.Marketers are interested for good reason.Two of the top ways B2B marketers say they plan to use generative AI this year include increasing efficiency to focus on higher value work(55%)and creating optimized and engaging content that resonates with target audiences(51%).When it comes to industries,surprisingly,administrative and support services,real estate,and retail lead the wayahead of the tech industry.For the vast majority of people,AI isnt replacing their job but transforming it,and their next job might be a role that doesnt exist yet:Globally,skills are projected to change by 50%by 2030(from 2016)and generative AI is expected to accelerate this change to 68%.More than two-thirds(68%)of this years LinkedIns Jobs on the Rise(fastest-growing roles in the US)didnt exist 20 years ago.12%of recruiters say they are already creating new roles tied specifically to the use of generative AI.Head of AI is emerging as a new must-have leadership rolea job that tripled over the past five years and grew by more than 28%in 2023.Professionals arent waiting for official guidance or trainingtheyre skilling up.76%of people say they need AI skills to remain competitive in the job market.69%say AI can help get them promoted faster,and even more(79%)say AI skills will broaden their job opportunities.In the past six months,the use of LinkedIn Learning courses designed to build AI aptitude has spiked 160%among non-technical professionals,with roles like project managers,architects,and administrative assistants looking to skill up most.Weve also seen a 142x increase in LinkedIn members globally adding AI skills like ChatGPT and Copilot to their profileswith writers,designers,and 16 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInOccupations with the greatest percentage of members on LinkedIn adding AI Aptitude skills to their profiles in 202333$%WebDeveloperOperationsManagerProductDesignerEntrepreneurFront-EndDeveloperMarketingManagerGraphicDesignerContentWriter14count Manager13%Business DevelopmentManagerCreativeSoftwareBusinessAI Aptitude Heats Up Across Roles and IndustriesAI is going mainstream,and creative professionals are skilling up fast.17 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInIndustries with the greatest percentage of members on LinkedIn adding AI Aptitude skills in 202316%HospitalityTechnology,Information,and MediaConstructionProfessional ServicesRetailEntertainment ProvidersReal EstateAdministrative and Support Services15%Consumer Services13%9%WholesaleProfessional ServicesConsumer ServicesTechnologyEntertainmentPropertyAI Aptitude Heats Up Across Roles and IndustriesAI is going mainstream,and creative professionals are skilling up fast.18 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInHuman Resources ManagerMarketing SpecialistFinancial AnalystUser Experience DesignerAccount ExecutiveBusiness ConsultantOperational SpecialistOperations ManagerAccount ManagerGraphic DesignerArchitectGeneral ManagerProgram ManagerProduct ManagerProject ManagerMarketing ManagerAccountantAdministrative AssistantWriterSales Manager617181920Management and ConsultingCreative,Design,and MarketingBusiness Development,Product Development,and SalesHuman Resources,Administration,and OperationsFinanceTop non-technical occupations using LinkedIn Learning to build AI aptitudeAI Aptitude Heats Up Across Roles and IndustriesAI is going mainstream,and creative professionals are skilling up fast.19 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn In fact,22%of recruiters already say theyre updating job descriptions to reflect the usage of generative AI in the role.And future-looking organizations are already taking action.Many of LinkedIns Top Companies this yearincluding JPMorgan Chase,Procter&Gamble,and AT&Tare offering their teams AI learning opportunities to drive transformation at scale.These are signs that AI could be a rising tide that elevates skills across roles and industries.Entry-level workers will take on more strategic projects,while uniquely human skills like management,relationship building,negotiation,and critical thinking will come to the fore for employees at all levels.Organizations that understand this will retain and attract the best talent,and professionals who skill up will have the edge.And just as we saw with flexible work options,offering AI access could help companies attract top talent:LinkedIn job posts that mention artificial intelligence or generative AI have seen 17%greater application growth over the past two years compared to job posts that dont mention them.In another study,54%of early-in-career and individual contributor employeesthe future of the workforcesaid that access to AI would influence their choice of employer.20 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn The rise of the AI power user and what they reveal about the future.Finding 3Frequently experimenting with AI is the#1 predictor of an AI power user.#121 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInIn our research,four types of AI users emerged on a spectrumfrom skeptics who rarely use AI to power users who use it extensively,with novices and explorers in between.When we studied the difference between skeptics and power users we saw notable gaps,not only between how they work but how they feel about work.Power users are familiar to extremely familiar with AI,using it at work at least several times a week and saving more than 30 minutes a day.And its paying off:power users say AI makes their overwhelming workload more manageable(92%),boosts their creativity(92%),and helps them focus on the most important work(93%)and it helps them feel more motivated(91%)and enjoy work more(91%).The path to becoming a power user starts with developing new habits.Power users are 68%more likely to frequently experiment with different ways of using AIin fact,its the#1 predictor of whether someone will be a power user or not.When compared to other survey respondents,theyre also more likely to frequently pause before a task and ask themselves if AI can help( 49%),to keep trying if they dont get the perfect response the first time( 30%),and to research and try new prompts( 56%).Power users also bookend their day with AIusing it to start the day(85%)and get ready for the following workday(85%).Power users have also reoriented their work patterns in fundamental ways.They are 56%more likely to use AI to catch up on missed meetings,to analyze information( 51%),to design visual content( 49%),to interact with customers( 49%),and to brainstorm or problem-solve( 37%).And theyre already moving past individual tasks:theyre 66%more likely to redesign their business processes and workflows with AI.22 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn100uP%0uP%Percent of each group who agreePercent of each group selecting at least occasionallyHow I use AIIt makes my overwhelming workload more manageableIt helps me be more creativeIt helps me be more productiveIt helps me enjoy my work moreIt helps me focus on more fulfilling workIt helps me focus on the most important workIt makes me feel more motivatedIt has improved my work-life balanceI wish AI could do even more on my behalfI dont want to go back to working without AIWhen I dont get the response I want from the first prompt,I try again I use AI to get ready for the following workdayI start my day using AII research and try new promptsI regularly share my prompts/top tips on AI usage with my co-workersI regularly experiment with different ways of using AII make it a priority to learn how to use AI effectivelyI ask co-workers what prompts they find most usefulBefore starting a task,I ask myself,“could AI help me with this?”How AI impacts my experience at workare at least familiar with AI,but they only use it a few times a month(if ever).They say AI saves them 10 minutes or less per day.are only somewhat familiar with AI(if at all)and use it only a few times a month(if ever).They say AI saves them 30 minutes or less per day.are only somewhat familiar with AI(if at all)and use it a few times a month or once a week.They say AI saves them between 5 and 30 minutes per day.are at least familiar with AI and use it at least several times per week.They say it saves them more than 30 minutes per day.SkepticsNovicesExplorersPower usersThe Power User Payoff of AI at WorkPower users are reshaping the workday and reaping the benefits.Survey Questions:When using artificial intelligence(AI)at work,how frequently do you do each of the following?Wed now like you to reflect on how you feel about using artificial intelligence(AI)in your work.To what extent do you agree or disagree with the following statements?23 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInThe research also shows that power users are empowered by a different kind of organization.At their companies:Senior leaders lean in:AI power users are 61%more likely to hear from their CEO about the importance of using generative AI at work,40%more likely to hear from the leader of their department,and 42%more likely to hear from their managers manager.Company culture is change-ready:AI power users are 53%more likely to receive encouragement from leadership to consider how AI can transform their function,and 18%more likely to say their company encourages innovation.They get tailored training:AI power users are 37%more likely to say their company has a virtual learning program.Theyre also more likely to have received training on prompt writing( 37%),how to use AI for their role or function( 35%),or specific use cases such as writing or analyzing data( 32%).AI power users provide a window into the futurerevealing whats possible when employees embrace new ways of working and leaders lean in.“To stay ahead of the curve,weve made AI training a priority to ensure everyone can leverage the power of Copilot for Microsoft 365 and other AI solutions.We also launched the GenAI Academy,supporting employee growth and development with the aim of increasing ambassadors and GenAI power users across the globe.We are already seeingbenefitsthataretransforming the way we work and innovate.”Sheila Jordan,SVP,Chief Digital Technology Officer,Honeywell2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn24 Copilot Study:How AI Could Reshape the Workday Emails:Overall,Copilot users read 11wer individual emails and spent 4%less time interacting with them.The customers who saw the most impact spent 25E%less time reading emails.Meetings:In some companies time spent in meetings increased,in others it decreased.One hypothesis is that AI makes meetings more valuableas stores of information and a shortcut to creation,like a brainstorming meeting,easily turned into a first draft.For some companies,the increased efficiency leads to fewer meetings,and at others the increased value leads to more.As AI capabilities progress,researchers expect this effect to continueallowing us to reduce time in some meetings while making the meetings we do have more valuable.Documents:Overall,Copilot users edited 10%more documents in Word,Excel,and PowerPointthe companies that saw the largest impact noticed a 20%increase.This may suggest that people are repurposing the time they save for high-value focus work like creating and consuming information.Copilot Study:How AI Could Reshape the Workday Microsoft researchers designed a six-month randomized control trial of 60 Copilot customers across industries.The study is the first mass-scale observation of 3,000 individuals using AI in their natural work environment with no interventions to encourage use.Preliminary results show how AI could reshape the anatomy of the workday in fundamental waysreducing time spent in inboxes,making meetings more valuable,and increasing time spent on high-value focus work.25 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInThe opportunity ahead for leaders is to channel employee enthusiasm for AI into business transformation.This will look different for every organization,but heres how to get started.Identify a business problem,then apply AI:There are efficiency gains to be had across every function the key is to pick a process and apply AI.For example,start with customer service and focus on improving call-handling time.Global advertising network dentsu applied AI to its creative development process.Este Lauder is using it to reimagine product development and customer experience.Take a top-down,bottom-up approach:Going from experimentation to transformation requires engagement at every level of the organization,from the CEO to the entry-level employee.Business gains will come when you enlist your business line leaders to activate teams around AI.As weve rolled out Copilot at Microsoft,weve relied on internal champions at all levels to model and spread AI enthusiasm and aptitude.Prioritize training:AI power users arent doing it on their ownthey receive ongoing training,both on universal tasks and uses more tailored to their role and function.LinkedIn Learning is a great place to start to skill up,and the Copilot Scenario Libraryprovidesusecasesforspecificrolesandfunctions.Key takeways26 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInWeve arrived at a pivotal moment for AI at work.Just as we look back at the pre-PC era,well one day wonder how work got done without AI.Already,AI is helping people be more creative and productive,and giving job seekers an edge.Over time,it will change every aspect of work.As we reach the hard part of this tech disruptionturning experimentation into tangible business impactcompanies that face the challenge head-on will surge ahead.In this moment,fortune favors the bold.See how the data compares for small and medium-sized businesses and in US metropolitan areas.Learn how Microsoft and LinkedIn are innovating to help organizations and professionals thrive in the era of AI.Sign up for the WorkLab newsletter for the latest research,insights,and trends on generative AI at work.The path forward27 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInMethodologyWork Trend Index Survey The Work Trend Index survey was conducted by an independent research firm,Edelman Data&Intelligence,among 31,000 full-time employed or self-employed knowledge workers across 31 markets between February 15,2024 and March 28,2024.This survey was 20 minutes in length and conducted online,in either the English language or translated into a local language across markets.One thousand full-time workers were surveyed in each market,and global results have been aggregated across all responses to provide an average.In the US,an additional sample of 2,800 full-time employed or self-employed knowledge workers was collected across nine sub-regions/metros.Global markets surveyed include:Argentina,Australia,Brazil,Canada,China,Colombia,Czech Republic,Finland,France,Germany,Hong Kong,India,Indonesia,Italy,Japan,Malaysia,Mexico,Netherlands,New Zealand,Philippines,Poland,Singapore,South Korea,Spain,Sweden,Switzerland,Taiwan,Thailand,United Kingdom,United States,and Vietnam.Sub-regions/Metros in the United States surveyed include:Atlanta,Austin,Boston,DC Metro,Houston,New York City,North Carolina,Pittsburgh,and the San Francisco Bay Area.Audiences mentioned in the report are defined as follows:Knowledge Workers:those who typically work at a desk(whether in an office or at home).This group includes those who are in person or working remotely in some capacity.AI Power Users:knowledge workers who are at least familiar with generative AI,use it at work at least several times a week,and save more than 30 minutes a day by using it.Business Leaders/Business Decision Makers:knowledge workers in mid to upper job levels(i.e.,SVP,VP,Sr.Director,General Manager,EVP,C-Suite,President,etc.)and have at least some decision-making influence related to hiring,budgeting,employee benefits,internal communications,operations,etc.Employees/Non-Business Decision Makers:knowledge workers who are not in mid to upper job levels or have no influence on decision making related to hiring,budgeting,employee benefits,internal communications,operations,etc.28 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedInLinkedIn Economic Graph Research Institute LinkedIns Economic Graph is a digital representation of the global workforce,covering over 1 billion members,67 million companies,and 134,000 schools.LinkedIns Economic Graph Research Institute(EGRI)drives research focused on answering members and leaders top questions about the economy and the labor market,based on the Economic Graph data.EGRIs metrics in this report include*:AI Aptitude Skills:These are standardized skills referring to the ability to use generative AI tools such as ChatGPT,Copilot,GitHub Copilot,etc.Professionals adding AI Aptitude Skills:We compute the growth in the share of members adding AI Aptitude skills to their profiles,relative to the number of members adding any skill.Top Occupations adding AI Aptitude Skills:For every occupation in the LinkedIn taxonomy,we compute the growth in the share of members adding AI Aptitude skills to their profiles,relative to the number of members adding any skill.Head of AI Roles:We identify members whose job titles include the keywords“AI,”“Artificial Intelligence,”or“Machine Learning”coupled with the keyword“Head,”or LinkedIns standardized seniority levels“Director,”“VP,”and“CXO.”We then build a time series of the number of companies with at least one member in Head of AI roles.LinkedIns Jobs on the Rise(JOTR)that didnt exist 20 years ago(US only):Every year,we publish LinkedIns JOTR,a ranked list of the fastest growing jobs(in terms of number of members holding that title)over the previous three years.Internships,volunteer positions,interim roles,or student roles are excluded.To compute the share of JOTR that did not exist 20 years ago,we compared the list to O*NETs 2000 taxonomy by name or job description.O*NET is the US primary source for occupational information,consisting of a database developed under the sponsorship of the US Department of Labor.It contains hundreds of job definitions and is used extensively in academic research.29 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn Projected Skills Change:We predict how skills will change over time by looking at how they changed in the past and estimating how they will change in the future via linear extrapolation.We also consider the impact of generative artificiaI intelligence(GAI)technology by imagining a scenario where skills that can be easily replicated by GAI become less important compared to other important skills.*Unless otherwise specified,results reported are global,including the UK,Germany,France,India,Singapore,Australia,and Brazil.LinkedIn Executive Confidence Index LinkedIns Executive Confidence Index(ECI)is an online survey taken every quarter by 5,000 LinkedIn members(at the VP level or above).The most recent wave ran from March 419,2024.Members are randomly sampled and must be opted into research to participate.We analyze data in aggregate and will always respect member privacy.Data is weighted by Seniority and Industry to ensure fair representation of executives on the platform.The results represent the world as seen through the lens of LinkedIns membership;variances between LinkedIns membership and the overall market population are not accounted for.LinkedIn Workplace Learning Report The LinkedIn Learning 2024 Workplace Learning Report surveyed 1,636 L&D and HR professionals with L&D responsibilities who have some influence on budget decisions,and 1,063 learners.Surveyed geographies include:North America(United States,Canada);South America(Brazil);Asia-Pacific(Australia,New Zealand,India,Japan,Cambodia,Indonesia,Singapore,Malaysia,Myanmar,Philippines,Thailand,Hong Kong);and Europe(United Kingdom,Ireland,Belgium,Netherlands,Luxembourg,Norway,Finland,Sweden,Iceland,Denmark,France,Germany,Austria).2024 Global Marketing Jobs Outlook Report Insights were leveraged from Ipsos&LinkedIn research conducted in 2023 using a sample of 1,577 senior-level B2B marketing leaders,including 377 CFOs,from various industries in NAMER(US),EMEA(UK,DE,FR),APAC(IN,AU,SG),and LATAM(Brazil).30 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn*Data point unavailable due to low sample size.Data coming soon.Appendix:Key Global Trends1.Employees want AI at workand they wont wait for companies to catch up.75%of knowledge workers around the world use generative AI at work.Aggregated TotalsNorth America:66%Latin America:82%Asia-Pacific:83%Europe:65%By RegionNorth AmericaCanada:62%US:71%Latin AmericaArgentina:Brazil:83%Colombia:81%Mexico:82%Asia-PacificAustralia:84%China:91%Hong Kong:India:Indonesia:Japan:32%Malaysia:New Zealand:84%Philippines:Singapore:88%South Korea:Taiwan:84%Thailand:Vietnam:EuropeCzech Republic:Finland:57%France:56%Germany:69%Italy:60%Netherlands:Poland:61%Spain:68%Sweden:Switzerland:82%UK:69%By Market31 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn*Data point unavailable due to low sample size.Data coming soon.1.Employees want AI at workand they wont wait for companies to catch up.While 79%of leaders believe their company needs to adopt AI to stay competitive,60%of leaders worry their organizations leadership lacks a plan and vision to implement it.Aggregated TotalsNorth America:76%,59%Latin America:80%,57%Asia-Pacific:84%,61%Europe:74%,59%By RegionNorth AmericaCanada:74%,59%US:77%,60%Latin AmericaArgentina:,Brazil:87%,51%Colombia:78%,60%Mexico:80%,57%Asia-PacificAustralia:80%,70%China:78%,54%Hong Kong:,India:,Indonesia:,Japan:67%,49%Malaysia:,New Zealand:77%,74%Philippines:,Singapore:83%,68%South Korea:,Taiwan:78%,73%Thailand:,Vietnam:,EuropeCzech Republic:,Finland:74%,71%France:74%,57%Germany:77%,55%Italy:76%,50%Netherlands:,Poland:69%,49%Spain:77%,59%Sweden:,Switzerland:70%,51%UK:81%,52%By Market32 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn*Data point unavailable due to low sample size.Data coming soon.78%of AI users are bringing their own AI to work(BYOAI).Aggregated TotalsNorth America:70%Latin America:77%Asia-Pacific:79%Europe:80%By RegionNorth AmericaCanada:79%US:63%Latin AmericaArgentina:Brazil:74%Colombia:83%Mexico:76%Asia-PacificAustralia:78%China:66%Hong Kong:India:Indonesia:Japan:78%Malaysia:New Zealand:81%Philippines:Singapore:84%South Korea:Taiwan:79%Thailand:Vietnam:EuropeCzech Republic:Finland:83%France:78%Germany:71%Italy:73%Netherlands:Poland:79%Spain:77%Sweden:Switzerland:83%UK:75%By Market1.Employees want AI at workand they wont wait for companies to catch up.33 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn*Data point unavailable due to low sample size.Data coming soon.66%of leaders say they would not hire someone without AI skills.Aggregated TotalsNorth America:57%Latin America:60%Asia-Pacific:70%Europe:65%By RegionNorth AmericaCanada:50%US:65%Latin AmericaArgentina:Brazil:58%Colombia:57%Mexico:63%Asia-PacificAustralia:74%China:79%Hong Kong:India:Indonesia:Japan:35%Malaysia:New Zealand:73%Philippines:Singapore:71%South Korea:Taiwan:81%Thailand:Vietnam:EuropeCzech Republic:Finland:68%France:58%Germany:69%Italy:62%Netherlands:Poland:53%Spain:64%Sweden:Switzerland:70%UK:57%By Market2.For employees,AI raises the bar and breaks the career ceiling.34 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn*Data point unavailable due to low sample size.Data coming soon.71%of leaders say theyd rather hire a less experienced candidate with AI skills than a more experienced candidate without them.Aggregated TotalsNorth America:67%Latin America:66%Asia-Pacific:76%Europe:67%By RegionNorth AmericaCanada:63%US:71%Latin AmericaArgentina:Brazil:65%Colombia:65%Mexico:68%Asia-PacificAustralia:79%China:82%Hong Kong:India:Indonesia:Japan:51%Malaysia:New Zealand:77%Philippines:Singapore:77%South Korea:Taiwan:84%Thailand:Vietnam:EuropeCzech Republic:Finland:69%France:67%Germany:69%Italy:61%Netherlands:Poland:55%Spain:64%Sweden:Switzerland:74%UK:64%By Market2.For employees,AI raises the bar and breaks the career ceiling.35 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn*Data point unavailable due to low sample size.Data coming soon.AI power users are 40%more likely to frequently ask co-workers what prompts they find most useful and 68%more likely to experiment with different ways of using AI.Aggregated TotalsNorth America: 40%, 75%Latin America: 24%, 76%Asia-Pacific: 31%, 51%Europe: 61%, 86%By RegionNorth AmericaCanada: 33%, 124%US: 40%, 45%Latin AmericaArgentina:,Brazil: 17%, 71%Colombia: 23%, 93%Mexico: 51%, 64%Asia-PacificAustralia: 45%, 19%China: 19%, 29%Hong Kong:,India:,Indonesia:,Japan:*,*Malaysia:,New Zealand: 24%, 33%Philippines:,Singapore: 26%, 38%South Korea:,Taiwan: 35%, 27%Thailand:,Vietnam:,EuropeCzech Republic:,Finland:*,*France: 45%, 68%Germany: 68%, 69%Italy: 93%, 84%Netherlands:,Poland: 13%, 149%Spain: 40%, 81%Sweden:,Switzerland: 84%, 103%UK: 67%, 91%By Market3.The rise of the AI power userand what they reveal about the future.36 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn*Data point unavailable due to low sample size.Data coming soon.AI power users are more likely to hear from their leadership about the importance of generative AICEO(61%more likely),function/department lead(40%more likely),and managers manager(42%more likely).Aggregated TotalsNorth America: 45%, 50%, 51%Latin America: 83%, 54%, 64%Asia-Pacific: 44%, 29%, 27%Europe: 80%, 41%, 53%By RegionNorth AmericaCanada: 65%, 75%, 62%US: 30%, 32%, 40%Latin AmericaArgentina:,Brazil: 75%, 38%, 20%Colombia: 55%, 4%, 50%Mexico: 70%, 53%, 85%Asia-PacificAustralia: 21%, 33%, 39%China: 25%, 10%,-7%Hong Kong:,India:,Indonesia:,Japan:*,*,*Malaysia:,New Zealand: 36%, 33%,-19%Philippines:,Singapore: 44%, 5%, 43%South Korea:,Taiwan: 31%,-6%, 12%Thailand:,Vietnam:,EuropeCzech Republic:,Finland:*,*,*France: 86%, 52%, 14%Germany: 110%, 42%, 70%Italy: 87%, 45%, 77%Netherlands:,Poland: 38%, 21%,-11%Spain: 79%, 9%, 11%Sweden:,Switzerland: 78%, 67%, 89%UK: 79%, 16%, 48%By Market3.The rise of the AI power userand what they reveal about the future.37 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn*Data point unavailable due to low sample size.Data coming soon.AI power users are more likely to get training(42%more likely),especially on prompts(37%more likely)and how to use AI for their specific role or function(35%more likely).Aggregated TotalsNorth America: 33%, 57%, 35%Latin America: 51%, 42%, 39%Asia-Pacific: 36%, 28%, 28%Europe: 39%, 43%, 41%By RegionNorth AmericaCanada: 57%,*,*US: 18%,*,*Latin AmericaArgentina:,Brazil: 48%, 30%, 25%Colombia: 44%, 62%, 30%Mexico: 35%, 21%, 45%Asia-PacificAustralia: 41%,*,*China: 17%, 19%, 24%Hong Kong:,India:,Indonesia:,Japan:*,*,*Malaysia:,New Zealand: 34%,*,*Philippines:,Singapore: 12%, 33%,-10%South Korea:,Taiwan: 17%,*,*Thailand:,Vietnam:,EuropeCzech Republic:,Finland:*,*,*France: 41%,*,*Germany: 53%, 44%, 46%Italy: 69%,*,*Netherlands:,Poland: 20%,*,*Spain: 24%,*,*Sweden:,Switzerland: 41%, 61%, 51%UK: 63%,*,*By Market3.The rise of the AI power userand what they reveal about the future.38 2024 Work Trend Index Annual Reportfrom Microsoft and LinkedIn*Data point unavailable due to low sample size.Data coming soon.85%of AI power users start their day with AI and 85%use it to get ready for the following day.Aggregated TotalsNorth America:79%,83%Latin America:85%,87%Asia-Pacific:88%,87%Europe:80%,81%By RegionNorth AmericaCanada:77%,86%US:80%,82%Latin AmericaArgentina:,Brazil:88%,91%Colombia:80%,79%Mexico:85%,90%Asia-PacificAustralia:89%,88%China:91%,93%Hong Kong:,India:,Indonesia:,Japan:*,*Malaysia:,New Zealand:80%,75%Philippines:,Singapore:87%,82%South Korea:,Taiwan:85%,83%Thailand:,Vietnam:,EuropeCzech Republic:,Finland:*,*France:84%,85%Germany:80%,83%Italy:91%,91%Netherlands:,Poland:75%,80%Spain:82%,83%Sweden:,Switzerland:80%,81%UK:82%,78%By Market3.The rise of the AI power userand what they reveal about the future.

22人已浏览 2024-05-15 38页 5星级

Copyright 2023 Questel All rights reserved 人工智能如何为知识产权管理带来人工智能如何为知识产权管理带来积极变革？积极变革？探索 Questel 数字化转型战略的核心全方位、负责任的人工智能融合；了解人工智能将如何改变您的知识产权管理方法Copyright 2023 Questel All rights reserved 无论您是乐于接受人工智能(AI)的潜力还是忧惧它所带来的影响，人工智能显然已经成为我们日常生活和工作不可分割的一部分。因此，现在的问题不在于要不要使用人工智能，而在于如何以及何时使用人工智能，使它能够受到最合适的管控、为我们带来最大的收益。这本电子书概述了全方位、负责任的人工智能融合策略，这也是 Questel 数字化转型战略的核心。本书探讨以下主题：人工智能的兴起对知识产权所有者和行业顾问意味着什么为什么每一个组织都需要人工智能策略方针Questel 倡导践行的全方位、负责任的人工智能融合现有的人工智能驱动的工具和技术未来实现人工智能融合的路线图如果您对本电子书探讨的主题有任何疑问，包括如何在贵组织中有效部署我们如果您对本电子书探讨的主题有任何疑问，包括如何在贵组织中有效部署我们的人工智能工具，请的人工智能工具，请联系我们的联系我们的知识产权解决方案知识产权解决方案专家专家。2人工智能在知识产权领域的应用人工智能在知识产权领域的应用人工智能技术不仅已经应用于管理知识产权资产和业务流程，并且未来还将有更广泛的应用空间。人工智能的兴起对知识产权领域意味着什么1人工智能已然到来，而且必将继续存在。是否应接受人工智能已经不是一个需要考虑的问题，组织要考虑的是，何时以及如何应用人工智能、释放其巨大潜力Copyright 2023 Questel All rights reserved 人工智能的兴起人工智能的兴起“人工智能”可以是一个积极的词，也可以是一个消极或中性的词，这完全取决于您对于新技术的看法。您可能与我们一样，认为人工智能有望将工作效率、生产力和数据分析能力提升到全新水平，并为此感到振奋不已。或者，您也许满怀忧虑，担心人工智能可能对您的工作、知识产权资产或业务运营带来负面影响。又或者，您可能认为人工智能只是又一个商业炒作的“热词”，一个被企业用来吸引眼球的科幻概念，尚未走进现实。但是，无论您将人工智能视为朋友还是敌人，它绝非只是科幻臆想之物。从客服聊天机器人到互联网搜索算法和语音识别，机器学习(ML)、自然语言处理(NLP)、遗传算法(GA)等人工智能技术已经深深融入我们的工作和日常生活。人工智能已然到来，而且必将继续存在。对于组织而言，要考虑的问题不在于要不要拥抱人工智能，而在于何时以及如何应用人工智能，在释放其潜力来改进技术、软件和系统的同时，确保自己（或客户）不会因此而暴露在潜藏的 IT 漏洞、数据偏见或其他形式的组织风险之中。4将人工智能(AI)融入知识产权管理技术和业务流程，那么知识产权部门的工作效率将有望提升到全新水平。然而，人工智能并不是灵丹妙药，不能一劳永逸地解决系统或服务开发过程中的不足和缺陷。人工智能策略概述2为推进人工智能在知识产权行业的应用，Questel 倡导践行全方位、负责任的人工智能融合策略，旨在以安全、合乎道德和负责任的方式助客户有效利用人工智能，充分释放其潜力。Copyright 2022 Questel All rights reserved 6“全方位”的人工智能融合策略“全方位”的人工智能融合策略Questel 倡导践行的策略是，以全方位、负责任的方式将人工智能工具和技术融入商业智能与知识产权管理系统、门户及平台之中。Questel 坚信，人工智能拥有巨大潜力，能有效帮助客户提升知识产权数据和流程管理效率。但是，我们同样确信，在进行人工智能融合时，必须要透明、负责任、合乎道德，而且必须充分了解人工智能所能产生的影响无论积极还是消极。抓好每个环节，不负客户信任抓好每个环节，不负客户信任于每家企业而言，知识产权(IP)都是独特的，它包含核心商业资产、机密知识资产以及高度敏感的信息资产，对企业具有重要且往往是关键性的业务影响。为此，我们必须能够赢得客户信任，凭借先进的系统、深厚的行业知识和经验，始终如一地竭力为客户提供准确数据、可靠流程及宝贵洞察，助力客户做出明智决策、实现有效掌控并最终收获理想结果。正因如此，我们倡导践行全方位、负责任的人工智能融合策略，以此推进人工智能在知识产权行业的应用，并确保在现在和未来以安全、合乎道德和负责任的方式充分释放人工智能的巨大潜力。Copyright 2023 Questel All rights reserved Questel 人工智能策略的基石人工智能策略的基石Questel 人工智能发展和融合策略背后的关键驱动因素，以及这一策略在实践中对客户的意义。7虽然人工智能是软件和系统开发人员关注的热点，但它并不是灵丹妙药，不能一劳永逸地解决现有知识产权系统、技术或工具中存在的不足和缺陷。如果我们只是突兀地将人工智能作为一种“补丁”来应用到现有工具之上，那么这可能会损害客户所重视的信任感、声誉和系统可靠性。如果这样贸然行事，最好的结果充其量不过是一次夺人眼球、追赶最新技术潮流的尝试。而最坏的结果，可能会使我们和我们的客户暴露在“黑盒”风险之中，在这样的“黑盒”中，人们看不到人工智能和其他深度学习系统如何做出决策，因而会影响数据准确性并造成处理过程中出现偏差。我们相信人工智能技术能够极大改进我们的知识产权情报软件、知识产权管理系统、商标清查和监测平台等解决方案，但同时我们认为，不能只重视人工智能，而忽视其他改进或升级解决方案的机会。因此，我们的研发蓝图立足全局，努力做到统筹兼顾、两全其美。人工智能发展蓝图的核心支柱3在 Questel 人工智能发展蓝图下，我们将采用严格的数据处理规范、流程方法和行业专业知识，来将人工智能融入现有系统。Copyright 2023 Questel All rights reserved Questel 人工智能发展蓝图人工智能发展蓝图了解 Questel 人工智能研发和部署工作的三大支柱。9在 Questel 人工智能发展蓝图下，我们将采用客户当前所信赖的高标准数据处理规范、流程方法和行业专业知识，来将人工智能融入现有系统。我们成立了专门的人工智能专家实验室，负责探索基于人工智能的技术研发(R&D)和部署机会，并依据透明度和问责制标准开展工作。我们对技术合作伙伴进行严格审查，确保其遵守适用的数据安全及其他相关标准。我们的内部 IT 团队根据严格的 IT 安全标准、数据保护政策及其他安全保障政策，对所有人工智能实现方法进行审慎评估。Questel 人工智能部署工作的三大支柱人工智能部署工作的三大支柱Questel 人工智能实验室我们拥有一流的人工智能专家团队，由首席技术官 Laurent Hill 带领，服务于公司所有部门，可以更好地实现技术融合。根据实际需求选择合作伙伴例如，在丰富和总结一般常识方面，我们选择与 OpenAI 合作。全面数据控制与合规在有专人负责质量保证的同时，我们的内部IT 团队也会严密监督基础设施、数据保护和其他安全保障措施。基于人工智能的工具和技术4概念验证：我们已在现有的专利和商标软件中引入一系列“人工智能驱动”的功能，并且还有更多功能正在开发中。Copyright 2023 Questel All rights reserved 12将愿景付诸实践将愿景付诸实践今天，人工智能再次成为热门话题，但值得注意的是，人工智能在知识产权领域的应用并不是刚出现的新现象。Questel 在我们的软件中使用基于人工智能的技术已达十余年。1.完善知识产权数据完善知识产权数据人工智能实现方法：有监督ML、NLP我们通过自动化流程将更加丰富的知识产权数据注入现有系统（包括 Orbit Intelligence、Equinox 知识产权管理软件和Markify 商标清查和监测平台）、更正名称错误、确立专利族关系，并用英语重新翻译文本内容，从而让官方数据源发挥最大价值。2.挖掘和洞察挖掘和洞察人工智能实现方法：NLP、词向量、相关性（嵌入）、ML、GA融入 AI 技术之后，Orbit Intelligence、Orbit Insight 和 Markify Prosearch 这些以人工智能驱动的解决方案能够掌握不同文献和图像在语义上的关联、将字词和文本内容转换为向量，进而精心绘制出我们的数据库，加快查找相关和类似信息的速度。3.结果分析结果分析人工智能实现方法：无监督和有监督ML、贝叶斯神经网络（用于高级分类）我们利用数十年在知识产权领域的专业积淀，构建了多个“分类器”，并将它们用于 Orbit Intelligence 和发票管理等软件解决方案。我们利用多种人工智能技术，例如有监督和无监督机器学习(ML)、自然语言处理(NLP)、遗传算法(GA)及神经网络等，主要在以下三大领域推进创新：Copyright 2023 Questel All rights reserved 概念验证：探索概念验证：探索Questel 的人工智能工具与功能的人工智能工具与功能我们已在现有的专利和商标软件中引入一系列“人工智能驱动”的功能。13专利检索：语义检索专利检索：语义检索人工智能实现方法：NLP、ML、文本挖掘、语义向量提取输入英语文本段落，并在整个专利数据库中检索相关专利文献，包括专利信息、发明披露、科学文献摘要或段落，以及技术说明。另外，还可选择重要概念以加强对检索的控制。专利检索：相似性检索专利检索：相似性检索人工智能实现方法：NLP 概念、ML、文本挖掘、语义向量提取以选定的专利族作为输入，结果将按相关性高低进行排序。检索范围涵盖分类号（CPC、IPC、US PCL）、引用（共同、后向和前向引用）、扩展的专利族（共同的优先权号），且检索结果将根据经过专家整理的相似专利列表来进行验证。利用人工智能得到增强的检索功能可节省时间，并允许扩展检索条件。选择与选定主题最为贴近的相关文献作为输入，可构建相似性检索算法。专利检索：自动分类专利检索：自动分类人工智能实现方法：有监督ML、贝叶斯神经网络（用于高级分类）随着专利文献数量迅速增多，组织必须找到一种更为有效的方法来检索、分析、分类相关数据。AI-Classifier 分类器基于机器学习算法，利用人工智能(AI)技术快速检索专利文献并对其进行分类。用户可以根据需要训练任意数量的 AI 分类器，以帮助区分相关和非相关专利文献，识别与特定专利相关的所有数据，从而快速进行现有技术检索。Copyright 2023 Questel All rights reserved 14专利分析：专利权人信息整理专利分析：专利权人信息整理人工智能实现方法：有监督ML、深度学习数据质量是一切分析的基础，因此我们使用基于深度学习的人工智能方法来整理专利权人信息，包括发现和显示名称错误、在专利族层面整合专利权人以及构建专利族。更正意见以 AI 建议的形式提供，并接受人工核查。这类编辑工作可以提升数据数量，并反过来训练算法。专利分析：专利族构建专利分析：专利族构建人工智能实现方法：无监督和有监督ML、深度学习在人工智能的支持下，FamPat 使用复杂规则来构建专利族并对专利族进行质量控制，包括整合多个优先权、分案和续案。如有需要，FamPat 系统允许进行人工干预。发票管理发票管理人工智能实现方法：无监督和有监督ML、NLP 我们的发票管理模块可按专利生命周期的不同阶段对发票进行分配和分组，从而减少人工审查所需时间。商标检索：图像检索商标检索：图像检索人工智能实现方法：NLP、词向量、相关性（嵌入）、ML、GAMarkify 商标清查和监测平台提供由算法驱动或由专家驱动的图形商标报告，供您自由选择。使用先进的基于人工智能的相似性检索技术，可以检索说明书中的附图，并分离源图以方便查看。Copyright 2023 Questel All rights reserved 15更多基于人工智能的工具更多基于人工智能的工具我们最近部署了更多 AI 功能，包括使用 OpenAI API 为 Orbit Intelligence 新创建的 AI 文本摘要助手文本摘要助手。这项可选功能可根据选定文本，针对专利内容（说明书和权利要求）生成简短的技术摘要。如需进一步了解本书探讨的任何人工智能技术，请联系我们。未来实现人工智能融合的路线图5从预测未来到掌控未来：我们致力于重新定义人机交互，努力提高任务自动化水平，为更多情境下的客户用例提供支持。Copyright 2023 Questel All rights reserved 17未来何去何从？未来何去何从？利用数以百万计的数据点来推进自动化和结果预测是我们一直以来的专长。现在，是时候用我们的工具为客户赋能，助客户提升洞察力和生产力。我们将通过践行全方位、负责任的人工智能策略，循序渐进地将人工智能上的技术突破融入我们的工具，并确保这种融入能够使客户从中获得切实好处。以下三个因素是推动实现 Questel 研发蓝图的核心所在：1.知识产权数据管理的持续数字化转型2.强大资源的持续优化3.生成式人工智能技术的持续发展。我们将立足于这三大领域，重新定义人机交互，努力提高任务自动化水平，为更多情境下的客户用例提供支持。一言以蔽之，我们将使用人工智能来解决长期存在的挑战和限制，包括耗时任务的处理。凭借在人工智能上的大力投入，Questel 实现了自我提升、获得了独特优势，对此我们深感自豪。但这只是开始，我们还有很长的路要走。Copyright 2023 Questel All rights reserved 18试想一下，如果您只用一种语言、或者通过图像和文本的组合，又或者仅仅通过提问就能检索每一个全球知识产权数据库，将会怎么样？如果能自动生成函件、发票或摘要呢？如果还可以快速获得准确的专利权利要求对比分析、文本或概念解释、创建即时指令，又会怎么样？而这些由人工智能驱动的功能只是我们人工智能实验室目前所开展工作的一部分。从预测未来到掌控未来从预测未来到掌控未来Questel 致力于打造衔接技术与业务的桥梁，是知识产权解决方案领域的人工智能融合专家。Copyright 2023 Questel All rights reserved 作者简介Benoit Chevalier 是 Questel 客户成功与市场营销总监，在知识产权行业拥有超过 15 年的丰富经验。在Questel，Benoit 专注于研究新兴技术在知识产权数据和资产管理领域的战略性应用。Questel 是世界一流的端到端知识产权解决方案提供商，为 30 个国家/地区的 20,000 多家客户和 150 万用户提供服务。我们拥有全面的软件套件，可用于检索、分析和管理发明、专利、外观设计、商标和域名。另外，我们还提供覆盖整个知识产权生命周期的全方位服务，包括检索、监测、国际申请、翻译、续展和备案等各个环节。通过将这些解决方案与我们的知识产权成本管理平台相结合，可为客户平均节省全部申请预算的 30-60%。除了知识产权领域，Questel 还在创新管理（创新想法、合作关系、技术)、法务运营管理（合同、法律文件、电子账单和案件）及本地化（生命科学翻译、法律翻译、企业本地化）等领域飞速发展，并成为这些领域的引领者。如需进一步了解本书探讨的主题，包括如何在贵组织中有效部署我们的人工智能工具，请联系我们的知识产权解决方案专家。Copyright 2023 Questel All rights reserved

5人已浏览 2024-05-15 20页 5星级

Real BeautyPrompt Playbook#KeepBeautyRealIntroductionA playbook to Real Beauty in the age of AI/2To help set new digital standards of representation,Dove has worked together with AI experts to create the Real Beauty Prompt Playbook,sharing easy-to-use guidance on how to create images that are representative of Real Beauty on the most popular generative-AI(GenAI)tools.WHAT THIS ISA starting point for generating Real Beauty in its many diverse facets.It is not a definitive guide for generating real beauty.Our aim is to encourage a conversation around inclusive prompting and realistic AI image generation.WHO ITS FORCreators of any kind,plus parents,guardians and anyone interested in learning more about prompting.Images marked with the AI tag are generated by AI.Images of real people come from our ShowUs image bank created in partnership with Getty Images.THE CODEDoves new campaign,The Code,reflects on the impact of AI on beauty but acknowledges the irreversible change Dove has already made;changing imagination to change beauty.We seek a future in which women get to decide and declare what Real Beauty looks like not algorithms.AIIntroductionKey termsThroughout the playbook we use a number of terms relating to AI.Here are their definitions.PROMPTA starting input or instruction given to an AI model to guide its output.Its like asking a question or giving a command that the AI responds to.GENERATIVE AIA type of AI that is capable of creating new content.It can generate text,images,music,and other forms of content that didnt exist before.DATA SETA collection of related data points or information used to train AI models.Its like a textbook from which the AI learns.MODELIn AI,a model is a mathematical representation of a real-world process.It is trained using datasets to make predictions or decisions without being explicitly programmed to perform the task.REAL BEAUTYA term coined in a campaign initiated by Dove that promotes the idea that beauty should be diverse and inclusive./300 Introduction 0501 Where Beauty Meets AI 07/The rise of AI /The inherent bias in AI/AIs impact on beauty/The playbooks ambition02 Beauty&Inclusion 13/Beauty is subjective/Beauty is diverse/Inclusion is essential03 Power of the Prompt 18/Bias is everywhere/Preparing to prompt/Guiding questions04 Writing Real Beauty Prompts 23/Start with the basics/Dos&donts/Specific techniques/Recommended approach 05 The Future of Beauty and AI 6006 Inclusive Prompting Glossary 63 Table of Contents/4This playbook,like everything Dove does,is committed to celebrating Real Beauty.We hope to help you avoid appearance-based stereotypes and toxic beauty standards so that your AI generations help to create a more equitable,inclusive,and diverse representation of beauty and appearance.Were not here to speak on AI because were not the experts.But we do understand the impact it has on perceived beauty and its here that we have a voice.DTPIntroduction/5AI is a technology thats shaping the world around us.With GenAI tools like Midjourney,Stable Diffusion and DALL E giving everyone the ability to create images of just about anything imaginable,its easier than ever for people to generate and share depictions of the human form.The quality and speed at which GenAI tools can recreate lifelike images of people is astounding.However,its rate of improvement is so impressive that it raises ethical concerns regarding the way these tools are used and designed.The core of the issue lies with AI and its inherent bias.Whether in the dataset used to train AI models or the language we use to describe beauty and appearance,there is always some form of bias influencing GenAI image output.For this reason,when prompting to generate images of women and female identifying individuals,the results are often over-sexualised,lacking diversity,non-inclusive and a reflection of narrow definitions of beauty.AIThis is a problem that Dove aims to help solve./6“Even when they know the images are fake or AI-generated,1 in 3 women and girls feel pressure to alter their appearance because of what they see online.”This playbook,like everything Dove does,is committed to celebrating Real Beauty.We hope to help you avoid appearance-based stereotypes and toxic beauty standards so that your AI generations help to create a more equitable,inclusive,and diverse representation of beauty and appearance.Were not experts on AI,but we are experts on beauty,and what matters to us is AIs impact on the representation of women and beauty.Because while AI is a powerful tool full of opportunity,it could also pose one of the greatest threats to depicting Real Beauty.While Dove and creators cannot change the pre-existing biases of the data AI uses to generate images,we can help to change the generated outcome through the power of how we prompt AI to create images.Hence,the Real Beauty Prompt Playbook.1 Dove Global State of Beauty Report./801hat this means to Dove is that much like Photoshop it is a new medium with which people can depict women.This could,and should be a positiveHowever,our current reality is that AI is inherently biased.The output it delivers is problematic on many fronts and will remain this way if not steered in the right direction.PLACEHOLDERImage of problematic AI generation(terrible stereotype)development as it has the potential to be a new technology with which people can express themselves creatively.WIPCOPYIMGPLACEHOLDERImage of a good AI generationW/701Where Beauty Meets AIAIAIAI01The rise of AI/8AIs potential brings both excitement and concern,especially with regards to beauty.Whether youre for or against its use in generating images,an alarming point to consider is that its predicted 90%of content we engage with could be AI-generated by 2025.What this means is that much like digital retouching it is a new medium with which anyone with access can depict and represent women.This could,and should be a positive development as it has the potential to be a new technology which people can express themselves creatively and reflect the amazing diversity of women throughout the world and beyond.Fortunately,through the power of the prompt,we believe this is something that can be achieved.However,our current reality is that AI has an inherent bias.The output it delivers is problematic on many fronts and will remain this way if not steered in the right direction.AIAI2 Nina Schick,“Why 90%of online content could be generated by AI by 2025,”Yahoo Finance,Jan 7,2023,9:55,linkThe inherentbias in AI01GenAI uses huge datasets to create images based on prompts.These datasets,however,often reflect pre-existing societal biases as they are intentionally curated or broadly scraped from the internet.Thats why simple prompts of women often generate unrealistic and problematic results.The way these models are trained can reflect common biases and stereotypes seen in society.The many images that make up any given dataset are given tags,often biased,that are referenced whenever a prompt is requested.Thats why prompts often result in a misrepresentation of beauty and identity,with most generic prompts describing a woman only generate White depictions often from the perspective of the male gaze,while excluding disabilities,varied skin tones,body sizes,facial features and other unique identifiers.When it comes to women,AI-generated images tend to have a bias toward blonde hair,brown eyes,and olive skin.of the images included blonde hair.of the images included brown eyes.of the images included olive skin.370S%/9THE WORRYAI reduces the world to stereotypes,instead of representing diverse cultures and visual identities.If left unchecked,the worry is that it will have a negative impact on social media and other online spaces by perpetuating appearance stereotypes and narrow standards of beauty.AI3 The Bulimia Project,Scrolling Into Bias:Social Medias Effect on AI Art,2023,linkAIs impact on beauty01In the Dove Campaign for Real Beauty 20 years ago,we brought to light the negative impact digital retouching had on the self-esteem of women.Today,we believe AI to be an equivalent threat,as even when women know that imagery is fake,1 in 3 still experience pressure to alter their appearance because of what they see online.Whats more,AIs current output reinforces prejudice.With women and girls perceptions of beauty already heavily influenced by unrealistic online content,the fact that AI can generate images at such incredible rates should ring alarm bells.The current GenAI image landscape is far from ideal.However,with this playbook,we hope to help guide it towards the positive.A move away from over-sexualised,undiverse,and non-inclusive image generations.A shift towards more inclusive language when prompting.By starting the conversation,we hope to move the use of AI in the right direction.Regarding GenAI of women said they experienced responses or content they consider to be biased.said they have received offensive responses.47%/10AI4 Dove Global State of Beauty Report.5 Jennifer Maguire,Applause,Generative AI Use Is Growing Along With Concerns About Bias,September 13,2023,linkThe playbooks ambition01 WHAT WE CAN CONTROL With the right language,we can make prompting more inclusive and better represent the real world.Theres a rule to follow:if you dont mention it in your prompt,AI wont create it.So by being more specific,and expanding our vocabulary with more diverse descriptions of humans,we can generate more realistic forms of beauty.WHAT WE CANT CONTROL Theres a huge need for diverse data if were to create consistent inclusive AI outcomes.However,this isnt something thats easily achieved,nor something this playbook is trying to achieve.Thats not to say that those who create and own datasets shouldnt be asked to improve them but datasets are difficult for individuals to influence alone.There are things we as individuals can control when using AI,such as the way we prompt,as well as things we cant control unless were in the position to do so,such as making AI datasets more inclusive.While Dove will not use AI-generated images to represent or replace real people,our ambition is to better equip everyone to make the most of AI when exploring and generating Real Beauty./11AI01As you can see,untailored prompt results are neither inclusive nor representative of Real Beauty,while tailored prompt results can achieve so much more.The results shown here encompass our ambition with this playbook.We want to bring to light the fact that images generated by AI may have the same effect on people that real images have.Because if we do,we might make a positive impact on AI practices.Well-crafted prompts significantly improve the quality of AI-generated content.Thats why this playbook will cover tips and guides on how you can refine your prompting to get the results youre looking for.Whats more,weve included a list of inclusive language to expand your vocabulary around the human form.6 Dove Global State of Beauty Report./12AIAIUNTAILOREDTAILORED/801hat this means to Dove is that much like Photoshop it is a new medium with which people can depict women.This could,and should be a positiveHowever,our current reality is that AI is inherently biased.The output it delivers is problematic on many fronts and will remain this way if not steered in the right direction.PLACEHOLDERImage of problematic AI generation(terrible stereotype)development as it has the potential to be a new technology with which people can express themselves creatively.WIPCOPYIMGPLACEHOLDERImage of a good AI generationW/1302Beauty and InclusionAIAIAIBeauty is subjective02GenAI uses huge datasets to create images based on prompts.These datasets,however,often reflect societal biases as they are intentionally curated or broadly scraped from the internet.Thats why simple prompts of beautiful women often generate unrealistic and problematic results.The way these models are trained can reflect common biases and stereotypes seen in society.So the language we use to prompt often results in a misrepresentation of beauty and identity,where most generic prompts describing people only generate White depictions while excluding disabilities or other unique identifiers./14While this playbook does not define beauty,it gives you the tools to generate more diversity beyond the current state of AI image generation.Well start with the human form and how you can best approach describing each feature.AIBeauty is diverse02When describing the visual characteristics of the human form,you can break them down into categories.These categories serve as a starting point towards representing the diversity of the human form.AGERACEÐNICITYGENDER&GENDER EXPRESSIONSKINBODYHEADCLOTHING&ACCESSORIESWeve provided examples for each category in our Glossary,which you can find at the end of the playbook.*ALL IMAGERY CREATED BY AI/15Inclusion is essential02A narrow representation of beauty in the media affects millions of people and shapes the same society that brought us the biases we are facing with AI.But its because of this inherent bias that extra attention should be dedicated to depicting inclusively when using AI.From ethnicity to gender expression,better prompting can produce inclusivity and images beyond stereotypes./16AI02/17AITheres also the role of intersectionality.We are not just one thing.Our identity is made up of multiple layers and characteristics.How we look doesnt always define or represent every aspect of who we are.Our appearance can also be fluid depending on how we chose to express ourselves.Therefore the quality of the prompt comes down to what vocabulary and knowledge we have to address beauty,appearance and identity in many different forms and intersections.Thats why the language,tips and techniques in this playbook aim to cover multiple appearance characteristics,while recognizing that its not a definitive list and only a starting point.The beauty of describing humans in our many beautiful forms is that the vocabulary we can use is entirely limitless.AI/18Power of the Prompt03AIAI03In an era where biases and stereotypes pervade both our online and offline environments,society is steadily gaining a better understanding of how they function and shape our perceptions.This helps us become more conscious of how we can reduce bias and influence positive change.So why should this multifaceted view of beauty not extend into the world of GenAI?We believe that everyone has a responsibility to overcome these biases.While we cant change the data,we have the agency to change the outcome of AI tools in a way that doesnt perpetuate existing biases.By asking ourselves simple yet critical questions before we prompt,we take one step closer to generating Real Beauty a more inclusive and diverse representation of women.Bias is everywhere/19AI03The first step is to understand that AI,by default,doesnt provide a realistic depiction of humans,but rather a stereotypical one due to biased training data.Thats why weve designed a framework of guiding questions for you to follow and ask yourself on the next page.They are not rigid rules,but they are there to help you think differently and prompt in a way that breaks away from these stereotypical and biased representations.Preparing to prompt/20These questions serve as a simple way to not just passively use AI,but shape it to a more realistic and inclusive representation of beauty.They are not here to teach people how to approach diversity and inclusion,but to provide a framework for people that are approaching the issue for the first time.AI/2304Writing Effective Beauty PromptsWIPIMGExercise/21TIP:To get better at visual prompting,start observing people in daily life and considering how you would describe them.What does their hair look like?Their eyes?Their smile?Because unless you mention it,AI currently cant generate it.How would you create this person in a detailed visual description?REAL PHOTO OF BELEN/2203Guiding questionsCan I effectively communicate with AI using the correct vocabulary to foster inclusivity?This will help to evaluate my progressive biases and their root causes,but also my true values of beauty.How does society influence my perception of beauty?Who do I personally find beautiful and why?Is the person that I generated closer to a model or the beautiful range of people I see in all areas of my life?Does the AI-generated person have sexualised characteristics?Who is going to feel represented by the image I generated?E.g.a beautiful face=white skin,big eyes&straight nose.Am I making the world a more inclusive place with my AI representation?Whats the purpose of my image?Is it for inspiration,showcasing a specific trait,conveying a mood,or representing a specific demographic?Do I have any preconceived notions about this group or characteristic that would be helpful to check?/23Writing Real Beauty Prompts04AIAIAI/24DisclaimerThis chapter outlines techniques to start your journey towards more inclusive prompting and image generation.Because of the beautifully diverse nature of the human form,we cannot create a definitive list so consider this a starting point.Beyond this chapter,weve included more aspects of the human form in the Glossary.We encourage you to connect with the wider AI community for more advanced techniques.What is a prompt?04Before we dive into the techniques,its important to understand what a prompt is.Imagine youre telling a friend whos a very talented artist(but hasnt seen what youve seen)to draw something from your imagination.Youd describe it in as much detail as possible to help them create that image as closely as they can to whats in your mind.Thats what youre doing when you create a prompt for visual AI:youre describing a scene or concept in detail to get the AI to“draw”it for you.However,instead of an artist using paint and brushes,we use AI models to generate visual content based on the words and descriptions we provide./25PROMPTa black woman with bright blue hair and tattoos writing a novel in a garden wearing smart casual clothingAI/26Think of a prompt as the starting line for the AIs creative process.Youre setting the direction for what you want the AI to visualize./27black womancellulite writing a novelin a gardenwriting a novelmiddle aged womanpink hairshoppingat the mallshoppingmasculine womana prosthetic armcookingat the gymplaying tennisPortrait of awomanwithacne scarsprogrammingat homewearinga hijabsubjectdescriptoractionlocationdescriptortransgender womanfrecklesskateboardingin a parkskateboardingwoman in a wheelchairalbinismrepairing an enginein a garagerepairing an enginemuscular womanblue eyeskickboxingin a studioa gym outfitStart with the basics0404You may split the prompt into sections,with each set of words describing a distinct trait of the image generated.The sample provided above can serve as a framework for you to start creating your image./28Building your prompt04 Weve highlighted a selection of terms from our Glossary that will help you to build your own prompt.Feel free to customize as you need.As you are building your prompt,remember to select the top 2-3 attributes that are most important to show up in the generation and see AI as a collaborator vs.a calculator.EXTRA TIP:Avoid interpretative terms like“beatiful hair,good body,cute face,etc.”because these kind of terms leave up to the AI make the interpretation and often result in stereotypical images.01 TYPE OF SHOT/Half body/Full body/Portrait/Side profile07 MAIN FEATURES/Pale skin with freckles/In a wheelchair/Covered with tattoos/Bald02 BODY TYPE/Height/Weight(fat,slim,curvy)/Physical state03 AGE/Adult/Middle-aged/Old04 RACE/White/Hispanic/Asian05 REPRESENTATION/Female/Masculine/Androgynous06 SKIN TYPE(EXTRA)/Stretchmarks/Cellulite/Body Art08 HAIR TYPE,COLOR,LENGTH/Blonde/Brunette/Bronde/Red/Black09 EMOTIONS(FACIAL FEATURES)/Smiling/Frowning/Gentle Frown10 OUTFIT(COLOR,MATERIAL,STYLE)/T-shirt11 ACTION /Doing exercise /Cycling12 LOCATION AND SURROUNDINGS/At home/At work/29Lets see other examples04Portrait of awomanwithscarsdoing exercisesat homewearinga t-shirtsubjectdescriptoractionlocationdescriptorPortrait of awomanwithwrinkles playing basketball on the streetwearinga jacketsubjectdescriptoractionlocationdescriptorPortrait of awomanwithtattoosmaking a speechat workwearinga suitsubjectdescriptoractionlocationdescriptor*ALL IMAGERY CREATED BY AIOPEN-ENDED PROMPTBe succinct and add more detail as needed with each generation(iterative).Allows for more options for creative variety Can generate results that arent desiredPROMPT EXAMPLEA full body shot of a plus-sized,androgynous person with short curly hair in a skateparkSPECIFIC PROMPTLoosely structured but packs as much detailed and visually-stimulating language as possible.Allows for more options for creative variety Can generate results that arent desiredPROMPT EXAMPLEA full body shot of a plus-sized androgynous person with short curly hair,light-brown skin,wearing baggy black pants and an oversized white t-shirt with a print,white sneakers,they are in a skatepark next to a halfpipe,looking confident to the camera,professional photography,warm spring day/3004The more detailed and descriptive your prompt,the more accurately the AI can generate an image that matches your vision.Describing colors,emotions,setting,objects,and even the atmosphere can help.That said,it is an iterative process so be open to experimenting with different approaches.AIAI/3104AI-generated women should reflect real lifeTo capture beauty in a holistic way that avoids reinforcing gender stereotypes and the objectification of women,its important to consider what movement and environment the generated woman should be placed within.We want to show women in ways that reflect their unique personalities,traits and capabilities.Rarely in our day-to-day lives are we posing passively in front of the camera.Incorporate stories or context into our prompts,give characters personality,actions,purposes,or dilemmas that make them more relatable and dynamic.Steer away from passive or sexualized poses and opt for more every-day scenarios,like playing sports,working or participating in hobbies.AIAIIn a study on AI-image generator outputs,all three AI generators exhibited bias against women.The average percentage of women in portraits of occupations was 23%,35%,and 42%,respectively all significantly lower than that of men.7 Mi Zhou et al.,Bias in Generative AI,March 5,2024,link/32Actively include diverse cultural details in your prompts to ensure broader representation.Lets review,refine and detail our outputs to better reflect this diversity.Check out our Glossary for more examples.DETAILS CAN CHANGE EVERYTHINGIn this example weve generated two images with identical base prompt substituting the word Asian with Filipino.By incorporating specific details,we enhance the diversity of AI-generated images.04FILIPINOBASE PROMPTPortrait of a plus-sized,middle-aged _ woman with short hair,sitting in her wheelchair smiling at the camera,wearing a blouse with a large floral print,with documents on a desk beside her,in front view,in an office setting,with cinematic lighting.FILIPINOASIANFILIPINOEnrich your AI imagery Cultural representation in your images*ALL IMAGERY CREATED BY AI*ALL IMAGERY CREATED BY AI/3304Introduce diverse cultural elements to recognise and counter AIs tendency towards biased outputs.It is also important to add additional terms prior to using a cultural term(ex.sari)to guarantee that the context will counteract AIs bias on stereotypical images where these terms are found.FEATURE:wearing turban working in the officeFEATURE:with a tartan scarf shopping in a farmers market Enrich your AI imagery Cultural representation in your imagesFEATURE:wearing a saricookingFEATURE:wearing a hijabon a bike*ALL IMAGERY CREATED BY AI/3404Like in real life,we are multidimensional individuals with a range of feelings and emotions,and so should our generations to more accurately reflect real life.Lets push our prompts to explore a wider range of emotions and abstract concepts,aiming to create images that resonate on a deeper emotional level.In the examples below,we show how just adding one emotion can change how the individual is generated as.PROMPT:surprisePROMPT:laughing Infusing emotionPROMPT:base promptPROMPT:angerBASE PROMPT:extreme close-up,light brown eyes,middle-aged woman,looking at the camera front view/35Selecting the right words04 Using the right language is key.Make use of the Glossary at the end of the playbook to help you describe traits accurately and build your prompts.HAIR COLOR/TEXTUREDark Brown/Straight/LongEXPRESSIONAND FACIAL FEATURESConfident/looking at cameraBODY TYPETall/BalancedSKIN CONDITIONBurn scarsSKIN TONEIvoryHAIR COLOR/TEXTUREBlack/AfroEXPRESSIONAND FACIAL FEATURESHazel eyes/smilingBODY TYPEPetiteSKIN CONDITIONVitiligo around the eyesSKIN TONEDark skin/EbonyREAL PHOTO OF VERONICAREAL PHOTO OF ZENAZIBeauty features that youd like to shine through the brightest,come first.The features that are most important for the image should be written first,and additional modifiers that add style to the image(ex.depth of field)should be added towards the end.PROMPT:portrait of a Black,masc-presenting woman in a city park wearing a white cotton t-shirtOnce youve selected the right words and considered what person you want to generate,put it all together in a prompt.For this image,lets take a look at an example prompt of what we would write to generate someone similar to this real photo shown on the right./37Identify prompt framework04PROMPTA portrait of an adult black woman with black afro hair and box braids,hazelnut skin,smiling,wearing striped shirt with blue overalls,orange necklace,showing gums and a gap between her front teeth,natural eyebrows,in front of a yellow wall,soft ambient volumetric light,medium close upREAL PHOTO OF NGINAExamplesTo apply what weve covered so far,lets go through 5 examples to demonstrate how AI generates people based on certain terms used.In the first image,we take inspiration from a real person with captured photography.We also pull out key features that we want to generate and add into our prompt.In the second image,we show an AI image generation from an AI tool using the prompt created based on key features.AI/39Examples04PROMPTa mid shot of a black albino woman,looking at the camera defiantly,eyes are slightly squinting,confident,3/4 angle,hip hop style,trap,rap,light blonde afro hair,textured skin,freckles,red white blue short sleeved vintage 90s t-shirt,big gold earrings,pink lipstick,wide nose,blurred background of a street wall with scaffolding and graffiti,cool light filter,high resolution,imperfections and grain textureKEY FEATURES/Black person with albinism/Blonde hair in an afro /90s style outfit/Confident,defiant look*GENERATED WITH MIDJOURNEYAI GENERATEDREAL PHOTO OF CYNTHIAREAL PHOTO OF JULIET/40Examples04PROMPTportrait of young middle aged White woman with uneven crooked teeth a gap between her front teeth with freckles on her skin,slightly smiling with her teeth,relaxed and calm facial expression,uneven crooked teeth,and pink lipstick,with short gray hair,wearing a white cotton shirt and gray pants,reading a book in a library,soft warm natural sunlightingKEY FEATURES/Older adult/60s/Short gray/white hair/White skin with freckles*GENERATED WITH MIDJOURNEYAI GENERATEDREAL PHOTO OF MEHNAZ/41Examples04PROMPTA photo of a confident young Muslim woman,high cheekbones and defined bone structure,textured skin,slight darker pigmentation around her eyes and mouth,wearing simple black sweater,working in her lab looking at some samples,professional,hair is tied back in a black headscarf and wears a white doctor coat over it.The background features shelves filled with various glass vials of different sizes and metallic blue colored lab bars,minimalist shot.KEY FEATURES/Scientist/Head scarf/Lab coat*GENERATED WITH MIDJOURNEYAI GENERATEDREAL PHOTO OF ANNASOPHIA/42Examples04PROMPTa mid body shot,professional portrait,high resolution,slightly chubby,non binary,pro skater,brown skin,textured skin,acne scars,carey glasses,just landed a trick,proud looking,confident,squinted eyes,focused,subtle smirk,septum piercing,dark green hoodie,handkerchief around the neck,cinematic shot,warm summer morning light,blurred orange red background graffiti wallKEY FEATURES/Masc-presenting woman/Androgynous/Dark skin,curly dark hair/Gender neutral outfit*GENERATED WITH MIDJOURNEYAI GENERATEDREAL PHOTO OF LILIYA/43Examples04PROMPTPortrait of a young adult White woman with bald head clean shaved with no hair,light tanned skin,happily smiling with her teeth and round face with soft rounded features and dark wine colored lipstick and bold eyeliner and light eyebrows,wearing a cool leather jacket with metal pins,standing on a subway station next to the wall and looking at people while listening to music in her headphones,soft volumetric light,light bright sceneKEY FEATURES/Bald head/Wide smile with teeth/Leather jacket AI GENERATED*GENERATED WITH MIDJOURNEY/44Dos04Write attributes within the prompt in order of priorityEx.a women playing tennis in a wheelchair with dark hair and arms with celluliteWrite adjectives that are accurate yet inclusive(includes reclaimed terms)Ex.skinny model girlDescribe what is in the compositionEx.a woman wearing kimonoWrite the top 2-3 attributes you want to generateAI/45Donts04Write a string of attributes without contextEx.wheelchair,woman,dark hair,arms with cellulite,tennis courtWrite terms that are stereotypical or abusiveEx.a fat whale-sized woman doing yoga in the parkAvoid long lists of requests and instructionsEx.show me a woman wearing kimonoWrite every aspect of the body in detailAI/46Things to keep in mind04Avoid words that can be interpreted literally (ex.honey hair may be generated as actual hair made of honey)Ex.a women playing tennis in a wheelchair with dark hair and arms with celluliteAvoid exact numbers and over complicated wordsAI/47Need help getting started?Try an Image Analysis toolTIPSUBJECT DETAILSAdult woman with mid-length red hair and fringe,calm facial expression,detailed arm tattoos,wearing a dark tank top and pink geometric-patterned leggings,sitting cross-legged on a purple yoga mat.CONSIDERATIONS FOR BACKGROUNDThe image is taken in a spacious,well-lit studio with wooden floors,mirrored walls,and large windows providing natural light diffusing into the space,which gives a serene and open atmosphere.PROMPT EXAMPLEPortrait,adult woman with short,straight auburn hair and bangs,fair skin,focused forward gaze,featuring prominent tattoos on the arms,clad in a black tank top and bright pink patterned leggings,her body facing the camera,legs crossed and hands resting on her knees in a poised seated posturePROMPT EXAMPLEProfessional photo,adult woman with auburn bob and bangs,pale complexion,looking ahead with a soft expression,with colorful sleeve tattoos,wearing a black top and vibrant pink leggings,seated cross-legged with a straight,yet relaxed posture on a purple yoga mat,in a studio with mirrors and large windowsAIAI*Make sure you have the image rights for the image you want to use as reference.*Legal disclaimer:Some tools train their model based on shared reference images check the tools terms of use.Image analysis tools are a starting point,but they can miss or misrepresent things.Double check before copy/pasting into an AI generation tool.REAL PHOTO OF MARENREAL PHOTO OF LEANDRA/48Try an image reference04PROMPTa high resolution portrait of a transgender woman,masculine features,strong features,trans woman,androgynous woman,red colored curly short hair,wearing a soft pink velvet blouse,she is thin and has a small sized complexion,she is resting on a light blue comfy couch in her modern living room,her skin has freckles and imperfections,dark brown eyes,big boney nose,high cheekbones,stylized thick eyebrows,bow shaped lips,strong defined chin,she is wearing golden earrings,warm spring day vibesAFTER IMAGE REFERENCENO IMAGE REFERENCEAFTER IMAGE REFERENCETRY AN IMAGE REFERENCE WHEN RESULTS ARE NOT GENERATING AS DESIREDNot able to find the right words?Try using an image as a reference you want to iterate with.However,use the pre-prompt checklist to check your own bias and ensure the image reference you are using is not perpetuating any stereotypes or negatively representing a certain population.*Make sure you have the image rights for the image you want to use as reference.*Some tools train their model based on shared reference images check the tools terms of use.*GENERATED WITH MIDJOURNEYAIAI/49Experiment with different AI tools04PROMPTa muscular Black woman in a wheelchair playing basketball in an outdoor basketball courtTOOL ASTILL NO LUCK?TRY A DIFFERENT AI TOOL Different tools have different ways of interpreting the same prompt.For example,Stable Diffusion can be more literal,while Midjourney will do some prompt interpretation in addition to your prompt to help improve the results.TOOL ATOOL BAIAI/50Beauty features that youd like to shine through the brightest,come first.The features that are most important for the image should be written first,and additional modifiers that add style to the image(ex.depth of field)should be added towards the end.PROMPT:portrait of a woman in a city park wearing a white cotton t-shirt running,soft natural light,depth of field/51Enhancing style04Generating a person with AI with your desired inclusive features is an important part of the puzzle.Once youre happy with the generations you are getting,start experimenting with style terms to enhance the visual output of your generation.To get started,pull from popular photography terms and add them to the end of your prompt.We have listed some common terms to get you started,but feel free to explore further.01 TYPE OF SHOT/Half body/Full body/Portrait/Side profile/Closeup05 IMAGE THEMES/Black and white/Photorealistic/Photograph02 LIGHTING/Warm light/Diffuse light/Sunset03 CAMERA TYPE/Fujifilm/DSLR/Nikon04 IMAGE QUALITY/Bokeh/Depth of field/Sharp focus/High resolution/4K,8K06 LENS TYPE/Macro/Zoom/Fish eye07 FEELING /Dramatic/Award-winning/Vivid colors08 SURROUNDINGS /in an outdoor gym/in a lush tulip field/in a large,glamorous ballroom/52Enhancing style Style Prompting04ADD STYLE DESCRIPTORS TO THE END OF THE PROMPT portrait of an extreme close-up middle-aged woman,light skin,eyes gazing away with a thoughtful,introspective look,depth of field,full color,cinematographic,vibrant,indoor studio lighting,8k uhd,dslr,soft lighting,high quality,film grain,telephoto lens,photorealistic,straight-on,realisticIs the person generating well but the image doesnt match the style?*GENERATED WITH MIDJOURNEYWITH NO STYLE PROMPTINGWITH STYLE PROMPTINGAIAIWITH NO STYLE PROMPTING/53Enhancing style Style Prompting04ADD STYLE DESCRIPTORS TO THE END OF THE PROMPT a photograph of a black woman with locs playing video games at an arcade competing against friends,excited,depth of field,bokeh,cinematographic,8k uhd,dslr,soft lighting,high quality,film grainIs the person generating well but the image doesnt match the style?*GENERATED WITH MIDJOURNEYWITH STYLE PROMPTINGWITH NO STYLE PROMPTINGWITH NO STYLE PROMPTINGAIAIBy default,women generated in AI are often NSFW or nude.To combat this,we recommend specifying something like“wearing clothing”or even detail the specific clothing the person is wearing.PROMPT:portrait photography of an older woman wearing a white cotton t-shirt with a subtle gradient backdrop,soft natural light/55Constructingnegative prompts04NEGATIVE PROMPTdark,text,nsfw,nude,nudity,evening,blur,material,waves,soft,distorted,deformed,illustration,cgi,3d,render,sketch,cartoon,drawing,anime,text,cropped,out of frame,worst quality,morbid,low quality,jpeg artifacts,duplicate,blurry,studio photography,white backgroundWITHOUT NEGATIVE PROMPTNegative prompts are helpful when stating what you dont want,especially when it comes to defects or additions of AI.Certain programs have a space to add negative prompts,while others use symbols to state positive or negative prompting.Some common ones unrelated to the person include text,illustration,out of frame and cropped.However,once referring to the person you want to generate,be careful which words you select.Keep it objective and focused on style.*GENERATED WITH MIDJOURNEYWITH NEGATIVE PROMPTAIAI/56Try inpainting for specific features04ORIGINAL PROMPTModern inclusive older slender broad shoulders feminine full body portrait,wearing clothes and light tan skin with veins and frecklesINPAINT PROMPTfreckles and veinsBEFORE INPAINTINGAI GENERATEDTRY INPAINTING WHEN FEATURES ARENT GENERATED AS EXPECTEDCertain features in AI conflict with others when combined together.This is because theres no reference image for the AI to base its generation from,so it relies on the image dataset bias.Inpainting can solve this.*GENERATED WITH MIDJOURNEYAIAIfreckles and veinsNegative promptGenerate/57Try inpainting for specific features04STEP/1Create a generation that is the closest to your desired image.STEP/2Upload that image into an AI tool that supports inpainting and draw over the area where you want the prompt to apply.STEP/3For best results,choose ONE feature you would like to have generated and enter it into the prompt bar.STEP/4Try Inpainting for features that are not generated.STEP/5Regenerate and change Inpainting area as desired.AI/58Visual prompting is as much an art as it is a science.Experimenting with different phrasings,details,and concepts is key to understanding how your AI tool interprets instructions and learns from them.Lets experiment!AIAI*NOTE:some features like vitiligo and down syndrome may not generate correctly(or if so,it is stereotyped).When this happens and none of the steps above solved the problem,try advanced solutions such as a custom trained models,LoRAs and Controlnet(Stable Diffusion only),different tool versions(ex.SDXL vs SD 1.5),Character Reference(Midjourney only),etc.AI/59Recommended approach04STEP/1Create a descriptive prompt(open-ended or specific)based on the image you want to generate in order of priority.Reference the Glossary for a starting point on inclusive terms.STEP/2When possible,add emphasis to certain words as per the tools specifications,such as emphasis brackets in Stable Diffusion.STEP/3Try Img2Img with a reference you want to iterate with(caution:watch out for your own bias).STEP/4Try Inpainting for features that do not generate well.STEP/5Switch to a different AI tool and repeat.AIAIAIConclusion:The Future of Beauty and AI0505AI-image generation is a powerful tool that is here to stay.Without guidance,its use could be detrimental to the self-esteem of women and girls and continue to perpetuate biases and stereotypes.With 90%of the content we engage with expected to be AI-generated by 2025,it could be pose one of the greatest threats to Real Beauty in the last 20 years.So mindfully using it in a way that subverts inherent biases is crucial to promoting and maintaining the Real Beauty we strive to reprepresent.Though we cant control the surface-level,biased datasets that AI-tools pull from,we can use intentional,inclusive language to craft the results in a way that dives deeper into what Real Beauty is.While we commit to never using AI-generated imagery in place of real women in our ads,Dove keeps beauty real even in AI.This playbook is meant to help set new digital standards of representation and be a continuous collective effort to change the future of beauty.We seek a future in which women get to decide and declare what Real Beauty looks like not algorithms.In summaryAIThe outsized value society places on womens appearance has intensified the pressure to be a certain type of beautiful.Women are twice as likely to sacrifice their intelligence for beauty versus 20 years ago(8%in 2004 vs 17%in 2024).9 Dove Global State of Beauty Report.8 Nina Schick,“Why 90%of online content could be generated by AI by 2025,”Yahoo Finance,Jan 7,2023,9:55,link/6105Staying engaged and continuously learning and experimenting with AI prompting can help us break away from AI tools inherent biases.The more we collectively use AI with intention,the more we can use the images we generate today to further train the results of the future.Share your own insights and experiences with other AI users to find ways of helping each other generate the Real Beauty results you strive for in more efficient and effective ways.Be sure to stay up to date with leaders of AI image generation to be on the forefront and right side of this ever-evolving world of AI Real Beauty representation.In summaryAI/62/63Inclusive Prompting Glossary06AIAIAI/64Inclusive Prompting Glossary06PURPOSEThe Glossary is not a definitive or exhaustive list of visual traits,or things you should consider when it comes to creating diverse and inclusive images of people.The intention is to provide a starting point and to help you consider more specific vocabulary when prompting beyond AIs default generations.The Glossarys purpose is to help AI reflect the spectrum of real beauty and the amazing natural diversity of bodies and appearances seen in our real world especially the traits that are considered unique and under-represented.In short,the goal is to get you to prompt with more detail to bypass biased and stereotyped results.HOW TO USEThe Glossary is broken up by the anatomy of the human form,and includes alphabetized sample vocabulary for you to use along with tips weve learned when testing ourselves.HIGHLIGHTED TERMSSome terms included in the Glossary are highlighted.These are terms that AI has trouble generating(or if so,results in stereotyped images).If this occurs during your generations and none of the steps covered in the PDF solved the problem,try more advanced solutions such as custom trained models,LoRAs and Controlnet(Stable Diffusion only),different tool versions(ex.SDXL vs SD 1.5),or Character References(Midjourney only).CELEBRATING REAL BEAUTYWeve included some insights into how to avoid appearance-based stereotypes and toxic beauty standards so that your work is helping to create a more equitable,inclusive,and diverse representation of beauty and appearance.AIIn summary/65Inclusive Prompting Glossary06KEY DEFINITIONSSex is something typically assigned at birth and is based on an individuals physical and biological characteristics.Typically categorized as male or female,though some individuals may not fit neatly into these categories and identify as intersex.Gender is the societal and cultural perception of roles and behaviors,typically viewed as a spectrum,encompassing identities like man,woman,transgender,non-binary and more.Gender expression is how individuals display their gender identity through behavior,clothing,haircut,voice,and other forms of presentation.It does not necessarily align with sex or gender identity.EXAMPLESandrogynous,androgynous presenting,femme,femme-presenting man,femme-presenting woman,female,female presenting,feminine,feminine presenting,gender diverse,gender fluid,gender non-confirming,male presenting,man,man presenting,masc,masc-presenting,masc-presenting man,masc-presenting woman,masculine,masculine presenting,non-binary,non-binary presenting,trans,trans femme,trans fem,trans man,trans masc,trans woman,undefined,woman,woman presenting GENDER&GENDER REPRESENTATION/EXPRESSIONExcluding caucasianEven though it will likely create an image of a white person when used in a prompt,the term caucasian has racist origins,*which is why its excluded from this Glossary.Understanding the differenceRace is often associated with physical characteristics such as skin color.Its a social construct with no biological basis.Ethnicity relates to cultural factors such as nationality,language,and heritage.Its about shared cultural identity.EXAMPLESAboriginal,African,Afro-Latino/Black Hispanic,American Indian,Arab,Bangladeshi,Black,Black British,Brown,Caribbean,Chinese,Filipino,Guamanian,Hispanic,Indian,Indigenous,Indonesian,Islander,Japanese,Korean,Latin American,Latina,Latino,Latinx,Malay,Melanesian,Micronesian,Mixed,Mixed Heritage,Multiracial,Native American,Pacific Islander,Pakistani,Polynesian,Thai,Vietnamese,White.RACEÐNICITYAvoiding appearance stereotypesWe cant accurately ascribe personality characteristics based on appearance alone.Thats why we recommend avoiding terms like“wise”that reinforce appearance stereotypes.TIP:it is better to avoid numbers when prompting age due to AI tools struggle understanding contextual numbers.Use an adjective and noun(e.g.elderly woman)to generate a specific age instead.EXAMPLESadolescent,adult,baby,child,early adult,elderly,kid,middle-aged,mid-life adult,older adult,pre-adolescent,senior,teen,toddler,tween,young adult.AGEIn summary/66Inclusive Prompting Glossary06Avoiding colorismColorism is prejudice or discrimination against individuals with a dark skin tone.It favors lighter skin tones and often has deep roots in societal standards and media portrayals.Colorism is evident in AI datasets,but its something we should avoid by using diverse and inclusive language when prompting.TIP:experiment with different word combinations much like make-up brands do for their foundations.EXAMPLESalabaster,albino,amber,beige,black,blue undertone,bronze,brown,cool undertone,cream,dark,dark brown,deep,fair,golden,golden undertone,ivory,light,light brown,mahogany,medium,neutral undertone,onyx,peach,pink,pink undertone,porcelain,red undertone,rose,sand,suede,tan,warm undertone,warm/cool,white,yellow undertone,umber.SKIN TONEIn summary/67Inclusive Prompting Glossary06FACEEXAMPLESMOUTH&CHINShape,Sizecleft chin,downturned lips,full lips,large chin,medium chin,protruded chin,retracted chin,small chin,tapered chin,thin lips.Unique Identifiersbraces,cleft lip,cleft lip and palate,cleft palate,cleft scar,crowded teeth,dental aligners,dental crown,gap teeth,gold teeth,gummy smile,malocclusion teeth,misshapen teeth,missing teeth,retainer,straight teeth,unaligned teeth.Accessoriesgrill,lip plate,lip ring,lip stud.EARSShape,Sizeattached,folded,large,medium,misshapen,missing outer ear,protruding,small.Accessoriesdecorative gauge,earring,hearing aid,piercings.FOREHEADShapebroad,curved,convex,fuzi-mount,m-shaped,narrow,sloped,straight,wavy.Conditionfrontal bossing.FACIAL HAIRclean-shaven,full beard,full eyebrows,goatee,light mustache stubble,monobrow,mustache,peach fuzz,sideburns,thin eyebrows,wispy eyebrows.FACIAL FEATURESage spots,bindi,birthmarks,craniofacial condition(e.g.,cleft lip and palate),line art,skin condition(e.g.,vitiligo,psoriasis,acne),symbolic ink,tattoos.FACIAL MAKE-UPblush,bold colors,cat eyes,contour,cultural make-up,fake lashes,foundation,gender-neutral make-up,glitter,lipstick,lip gloss,natural look,no make-up,two-tone lips.FACIAL COSMETIC&RECONSTRUCTIVE SURGERY botox,cleft lip and palate scar,eyelid surgery,facelift,genioplasty,lip fillers,rhinoplasty,skin grafts,surgical scar.HEADIn summary/68Inclusive Prompting Glossary06HAIREXAMPLESHAIR COLORSauburn,black,blonde,bronde,brunette,chestnut,dark brown,dark roots,deep red,gray,gray roots,jet black,multi-tonal,pastel hues,platinum blonde,red,salt and pepper,silver,silver gray,vibrant colors,white.HAIR TYPEScoily,curly,fine,natural,straight,strong,textured,thick,voluminous,wavy.HAIR STYLESafro,afro puff,balayage,bald,bantu knots,bob cut,box braids,braided,braid-out,buzz cut,cornrows,curly,fade,fishtail braid,fine,french twist,Fulani braids,goddess locs,highlighted,knot-out,layered,locs,long,natural flow,pineapple,pixie cut,Senegalese twists,shaved designs,shrinkage,short,side part,silk press,sparse,straight,topknot,twist-out,twisted,twists,undercut,updo,wash-and-go,waves.HAIRLINEbald,baby hairs,bell-shaped,cowlick,high hairline,low hairline,m-shaped,middle hairline,receding hairline,straight-lined,triangular hairline,uneven,widows peak.UNIQUE IDENTIFIERSalopecia,bald.You should knowHair-based discrimination is prevalent,and stereotypes around curly and afro hair should be disrupted.HEAD/69Inclusive Prompting Glossary06EXAMPLESBUILDapple-shaped,athletic,balanced,compact,curvy,fat,fuller,hourglass,lithe,muscular,pear-shaped,petite,robust,slender,small fat,statuesque,stocky,super fat,thin,toned.Weight biasWe cant tell how fit or healthy someone is from the way they look.Thats why terms like“fit”and“in-shape”are problematic when prompting,and should be avoided.Whats more,fat has been reclaimed as a neutral term to describe someone.HEIGHTaverage height,dwarfism,gigantism,short,tall.POSTURE&POSEassertive,confronting,confident,expansive,hunched,power pose,reclined,relaxed,sitting,slouching,standing,stiff.DISABILITIESblind,cerebral palsy,colostomy bag,diabetes patch,discreet hearing aid,down syndrome,fashionable hearing aid,kyphosis,limb difference,manual wheelchair,mastectomy bags,muscle dystrophy,powered wheelchair,prosthetic limbs,scoliosis,spinal cord injury,sport wheelchair,visual impairment aids,white cane.SKINacne scar,birthmarks,body art,burn scar,cellulite,cultural scarification,cultural tattoos,eczema,freckles,henna designs,piercings,stretchmarks,surgical scar,tattoos.BODY HAIRabdominal hair,armpit hair,arm hair,black hair,blonde hair,brown hair,chest hair,dark hair,fair hair,foot hair,ginger hair,leg hair,pubic hair,toe hair.UNIQUE IDENTIFIERSbelly piercing.VISIBLE DIFFERENCE,DISFIGUREMENT,ALTERED APPEARANCEachondroplasia,amputation,birthmarks,burns,cleft lip and/or palate,craniofacial conditions,mastectomy scar,neurofibromatosis,paralysis,scarring,skin cancer lesion,skin conditions,surgical scar.On visible differencesMany people have a visible difference that may or may not be concealed.Traditionally,these features are underrepresented in the media.BODYIn summary/70Inclusive Prompting Glossary06BODYEXAMPLESHEADHats and Head Coveringsbandana,baseball cap,burka,dupatta,hat,headband,headscarf,headwrap,hijab,niqab,sheitel,sweatband,visor,wig,weave.BODYTraditional Garmentsabaya,kurta,sari.Diversity of clothingThese lists are of course not exhaustive.But its good to know that clothes can be chosen to express a variety of characteristics specific to an individual,such as religion,culture,gender,profession,personal style,lifestyle,fashion,physical activity,and more.CLOTHING&ACCESSORIESLets make beauty a sourceof happiness and confidence,not anxiety,for every woman.20 years changing beauty/71Real BeautyPrompt Playbook#KeepBeautyReal

12人已浏览 2024-05-15 72页 5星级

Preparing for Generative AI in the 2024 Election:Recommendations and Best Practices Based on Academic Research This white paper is the result of a partnership between the University of Chicago Harris School of Public Policy and the Stanford Graduate School of Business intended to generate non-partisan,expert recommendations on various critical AI governance issues.In late August 2023,the two institutions hosted a convening of experts from academia,technology,industry,and civil society who explored the challenges of generative artificial intelligence for the 2024 U.S.Election and opportunities for establishing best practices and governance guidelines.An initiative of:Preparing for Generative AI in the 2024 Election:Recommendations and Best Practices Based on Academic Research Ethan Bueno de Mesquita*,Brandice Canes-Wrone,Andrew B.Hall,Kristian Lum*,Gregory J.Martin,and Yamil Ricardo Velez Executive Summary The rapid development of generative AI technology is transforming the political landscape,presenting both challenges and opportunities for the 2024 US election.This document provides a research-based overview of the potential impact of generative AI and offers best practices to safeguard the electoral process.The purpose of our review is not to recommend many specific legal or policy actions,but rather to promote clear understanding among voters,journalists,civil society,tech leaders,and other stakeholders about both the risk and promise of AI for electoral democracy in the hope of fostering a more productive public discussion of these issues.Challenges and Opportunities 1.Degrading Information Environment:As has been well documented,generative AI can create highly convincing deepfakes,posing risks of deceptive content,especially when released close to election day.There is also concern that voters will seek factual election information from chatbots that are not reliable sources of such information.2.Manipulation and Microtargeting:There is concern that AI-powered micro-targeting or emotionally manipulative chatbots will persuade voters to behave contrary to their interest or polarize the electorate.However,social scientific evidence suggests mass persuasion or manipulation of voters is unlikely and that the greater concern is the perception of this manipulation,rather than an actual direct effect on electoral outcomes.3.Positive Uses:Generative AI technologies offer opportunities for positive applications in politics,such as generating accessible summaries of policies,helping voters assess candidates,aiding citizen-to-lawmaker communication,and leveling the playing field for under-resourced campaigns.4.Information Centralization:To the extent that generative AI tools concentrate in a small number of tech firms,there will be concerns about the power they wield over political information.This will create thorny issues of content moderation,bias,and distrust.*University of Chicago Stanford University Columbia University Best Practices For tech companies:Continue building on recent efforts to watermark and label AI-generated content while clearly communicating that these efforts are not a panacea.Plan table-top exercises to anticipate best responses to late-breaking“October surprises”that rely on AI-generated content.Study how labeling AI-generated material affects users understanding of the information environment,building on recent academic research in this area.Ensure that AI chatbots point users toward authoritative information from official state sources regarding other narrowly defined issues of clear fact,such as how and where to vote.Monitor uses of chatbots for microtargeting and misleading content intended to deter participationbut primary focus should remain on deepfakes and the information environment.For journalists:Disincentivize misinformation and manipulation by avoiding covering stories whose only case for newsworthiness is the use of AI-generated content.Aid with AI-literacy through non-sensationalist coverage of AIs role in elections.Partner with civil society to evaluate the provenance of widely distributed political content,and participate in tabletop exercises to consider how to cover and rapidly evaluate October surprises.For political actors:Political parties,politicians,and campaigns should publicly pledge not to use deceptive AI-generated content.Political actors should consider partnering with tech in building AI-based tools that empower voters to become better informed about candidates and policy.For voters:Voters should remain skeptical of sensational or scandalous political information,especially when released close to election day.For the future:Both government and big tech companies should limit centralization of power over content generation and moderation in a small number of platforms.Encourage a diversity of generative AI tools and involve users and external stakeholders in setting content guardrails and governance structures.The political risk associated with power centralization should be among the considerations when designing AI safety regulations that might increase market concentration,such as licensing requirements.Introduction The rapid development of generative AI technology over the past year has created new challenges as well as some new opportunities for democracy.This document provides a research-based overview of the potential impact of generative AI and offers best practices to safeguard the electoral process.The purpose of our review is not to recommend many specific legal or policy actions,but rather to promote clear understanding among voters,journalists,civil society,tech leaders,and other stakeholders about both the risk and promise of AI for electoral democracy in the hope of fostering a more productive public discussion of these issues.Democracy relies on electoral accountability.Voters are asked to elect candidates they support and to fire politicians they think are not doing a good job.Democracy therefore requires a healthy information environment in which voters can monitor what politicians are doing,learn what candidates promise to do if elected,and assess what policies might be needed in response to societal challenges.By facilitating the automated creation of highly detailed text,image,and videos that are difficult to distinguish from human-generated content,generative AI could negatively impact the information environment.It could be used to create false or misleading information,feed a general sense of radical skepticism or nihilism about the reliability of information,and even allow political actors to dismiss real,damaging information as AI-generated fake news.By assisting in the creation of micro-targeted political content(for example,for use in online political ads),generative AI could polarize voters or contribute to a sense of a fractured polity in which people live in different informational environments from one another or are manipulated into voting for the wrong candidate or into not voting at all.Generative AI also powers chatbots capable of engaging in human-like conversation.Startups,campaigns,and other actors are likely to use these chatbots to engage in political conversations.This may not be inherently problematicindeed,one could imagine increased engagement leading to better-informed voters.But some may object to the inauthentic nature of these conversations,the potential for emotional manipulation,or the intentional or unintentional spread of false or misleading information.Moreover,extremist groups might use these chatbots in an effort to recruit people to their causes.Finally,and more generally,the growth of generative AI could lead to further centralization of the online information ecosystem,with a small number of large tech companies deciding which ideas and values can be expressed and which are out of bounds.This could threaten free expression and further erode Americans trust in the political environment.As an extraordinarily promising new technology,though,generative AI also holds promise for democratic governance.Researchers are already studying ways to create chatbots that can discuss politics with people.Because generative AI is good at synthesizing large amounts of information,and if conversing through chatbots proves to be a more natural and engaging way for people to consume political information,then training chatbots to understand political issues and the positions of parties and candidates may be an effective way to help Americans become better informed about politics.These tools could also help under-resourced campaigns to communicate more effectively with voters,and could help voters to communicate with their representatives more easily.While its essential that we safeguard the 2024 election and the democratic process more generally in the face of disruptive new technologies,we should also seek to maximize these opportunities for generative AI to improve our democracy.Voters Information Environment Generative AI has the capacity to alter the voters information environment in at least two ways.First,generative AI allows for the creation of highly convincing deepfakes-images and videos that are difficult for non-specialists to distinguish from genuine content.Second,AI chatbots are a new,direct source of information for certain voters,especially younger ones.Deepfakes Unscrupulous actors are likely to disseminate deepfakes,perhaps experimentally tested and tuned for maximal impact,unconstrained by norms of truth telling or public accountability.Early instances of these concerns have already arisen in real world elections.Deepfakes played a role in the recent Turkish elections.At a large political rally,President Recep Tayyip Erdoan showed a fake video linking his chief opponent,Kemal Kldarolu,to the leader of the PKK,a Kurdish group classified by the State Departments as a foreign terrorist organization.Separately,an online Kldarolua supporter used AI to generate a video that appeared to show the candidate delivering a campaign speech in perfect English.And here in America,the Republican National Committee released a campaign video that used AI-generated images of President Biden and Vice President Harris to show a dystopian future following a Biden-Harris victory in 2024.This video was not deceptiveit seems unlikely any viewers thought it showed current realitybut it did use AI to try to manipulate voters perceptions of political opponents and to garner press attention and notoriety.There are several reasons to be concerned about the use of deepfakes in campaigns.First,of course,voters may well be deceived by such content.It is particularly concerning that AI-manufactured content could be released very close to election day in order to generate fake scandals within a time frame that makes fact checking difficult.These“October surprises”may be especially difficult to respond to if they are generated or shared by major political candidates.Tech companies,civil society,and journalists may want to consider plans to rapidly analyze these October surprise deepfakes as they arise,focusing only on the most salient ones that gain the most reach online.Second,wide-spread circulation of manufactured content may undermine voters trust in the broader information environment.If voters come to believe that they cannot trust any digital evidence,it becomes difficult to seriously evaluate those who seek to represent them.Third,politicians may use this undermining of the credibility of the information environment to dismiss genuine information.Late in the Turkish election,a tape came to light showing compromising images of a candidate,Muharrem İnce.While İnce eventually withdrew,he also claimed the video was a deepfake.If voters genuinely cant tell the difference between what is fake and what is real,it is not hard to imagine that such denials will become a commonplace.Much of the public discussion around how to address such concerns is focused on establishing content provenance.The most prominent approach involves watermarking and labeling,something that major AI companies including Meta,Google,and OpenAI have publicly pledged to implement.TikTok has announced a similar approach.The idea is that the large AI companies should build-in code that“watermarks”contentmaking content produced or modified by generative AI detectableand that media and social media outlets should then label such content as“AI generated”.Other approaches involve building technologies that make it possible for creators to cryptographically sign content in ways that are not preserved if the content is altered without permission,thereby allowing users to attribute responsibility for content to a particular creator.The goal of all of these steps is to allow voters to make better inferences about the reliability of information.White watermarking,labeling,and signing are certainly worthwhile,they are not a silver bullet due to several practical constraints.Only a small percentage of online content can be expected to be cryptographically signed.And,while AI companies are exploring a variety of watermarking technologies,all current approaches can be worked around by sophisticated actors.For generative text models,shorter texts are harder to detect.Even advanced cryptographic techniques for watermarking require“a few hundred”tokens for reasonable detection,which is well over the length of a typical Tweet.Moreover,because of the many approaches being pursued,the industry has not agreed on a set of standards;this lack of harmonization makes labeling more difficult for media and social media companies.Finally,labeling content as AI generated requires making judgment about substantial gray areas.In addition to being used to create deceptive or false content,generative AI tools are used for a host of innocuous tasks,such as red-eye reduction,editing for fluency,and the like.Watermarking and labeling any content that has been touched by an AI risks being so over-inclusive that labels become meaningless.But the alternative requires laborious and contentious judgment calls.Moreover,the effects of labeling on human behavior and perception are not yet well understood.It is possible that users will respond to seeing labels alerting them that content is“AI generated”by assuming it is untrue.Such a response would become problematic if there is useful,informative AI-generated content that gets systematically dismissed,or if users fallaciously conclude that any content not AI-generated must therefore be true.Recent research offers helpful evidence on what labels might be most effective,and further research by academics and platforms could help to refine best practices for labeling.Without effective methods to establish the veracity of digital content,an alternative path forward is improved verification for content providers.Even if we cant know whether digital content has been altered,account verification and verifiable content signing can increase confidence that the content that is released by an entity is truly coming from them,not an imposter.If content is determined to be misleading or false,being able to confidently trace the content to its origin is a useful step towards creating accountability.Recent events have shown us the impacts of misleading account verification.In the midst of recent changes to its verification program,X(formerly Twitter)users were able to create accounts that appeared to be verified and official but were,in fact,imposters.One user created a fake but official-looking Eli Lilly account that tweeted“We are excited to announce insulin is now free.”In the wake of this tweet,Eli Lillys stock fell over 4%.Voter Information Another concern in the information environment is that voters might seek technical facts about electionsfor instance,voting dates,polling locations,registration procedures,voting eligibilityfrom AI chatbots.Recent polling suggests that seeking such factual information is the election-related activity voters are most likely to use generative AI for.But research by the bipartisan policy center finds that chatbots are neither a reliable nor an appropriate tool for this use case.In recent years,internet search has been the most common source of such information for voters.To the extent that AI chatbots are viewed as substitutes for search,this could be a substantial concern.Chatbots have not,at this point,displaced search as a source of information.Only about one quarter of adult Americans had accessed ChatGPT by July of this year.However,that number is substantially higher among those of young voting ageover 40%of Americans age 18-29 have done so.The two most common uses were for entertainment and to access new information.Thus,while it is unlikely that chatbots will be a source of widespread misinformation on technical election information,it is important that the creators of such chatbots take steps to reduce the risk.The most straightforward approach is to train generative AIs to inform users that the chatbot is not a reliable source of technical election information and to direct users seeking such information to authoritative sources,such as the websites of state or local election administrators.Several of the large AI companies are already pursuing such an approach.Recommendations and Best Practices Campaigns and political parties should publicly pledge not to use deceptive AI generated content in campaign materials.Tech companies should continue to build on their recent efforts to collaborate around watermarking and labeling AI-generated content,and support further research on the effects of labeling this content on users overall understanding of the information environment.Tech companies should ensure that chatbots inform users that they are not a reliable source of technical election information and point users toward authoritative sources,as they have done in past election cycles.Tech companies,journalists,and civil society should carry out tabletop exercises exploring how to respond to the release of late-breaking deepfake content,especially under scenarios in which the content is generated or promoted by a major political candidate.State election boards should emphasize that existing voter intimidation and deception laws apply to AI generated content an outside group or campaign may use;the fact that the content was generated by AI is not a defense for voter intimidation or deception.Journalists should disincentivize misinformation and manipulation by avoiding covering stories whose only case for newsworthiness is the use of AI-generated content.Journalists and Civil Society should collaborate to provide trustworthy information on content authenticity.Microtargeting and Manipulation In an article published in The Conversation in June,political scientist Archon Fung and law professor Lawrence Lessig describe a dystopian scenario in which political campaigns use generative AI to develop highly persuasive messages tailored to individual voters.AI tools use reinforcement learning to get better and better at changing minds,far surpassing the capability of human campaign strategists.Fong and Lessig warn that well-resourced candidates with access to such technology could win elections despite holding unpopular policy views,undermining electoral accountability.Although the specific AI-fueled context in this scenario is new,the general fear of candidates using persuasive technology to convince voters to vote against their preferences is not.Similar arguments were made about targeted digital advertising when it became widespread in campaigns in the late 2000s through mid 2010s,and about broadcast advertising on television and radio when those technologies were young.Political scientists have evaluated the plausibility of similar claims to Fung and Lessigs in the context of existing persuasive technologies direct mail,television,and non-AI-generated digital ads and have generally found persuasive effects close to zero.While there is some evidence that television advertising can have small but nonzero effects on vote shares in general elections,this effect is believed to operate mainly through changing the composition of the electorate(by motivating partisans to turn out or not),not by persuading voters to change their minds on policy issues.Two further checks on the potential power of any communication technology,including AI,come from the competitive nature of elections which implies that any persuasive arguments developed by one campaign are likely to be countered by its opponentand the fact that any messaging voters receive from campaigns is swamped in volume by information from the mass media,social media,and friends and family.To the extent that generative AI-produced ads are different from human-produced ads,the difference lies in the potential for mass customization on a scale not feasible with human-produced content.Existing technologies do allow for some customization,so this difference is one of degree rather than of fundamental character.Evidence about candidates use of existing targeting and message-tailoring technologies is,therefore,informative about how candidates would be likely to use generative AI.Interestingly,candidates do not appear to take much advantage of the large difference in targeting precision between broadcast TV ads and digital ads on social media platforms like Facebook;candidates run very similar campaign messages in both settings and do not present significantly different versions of their policy positions to different groups of platform users.It does not appear that candidates perceive large gains from targeting,perhaps because of the potential for news outlets or their opponents to expose and broadcast any narrowly-targeted messages outside of their intended audiences.We are,accordingly,skeptical of the potential for generative AI to undermine political accountability by duping voters into supporting candidates whose policy agendas they oppose.While it is possible that AI-enabled campaign advertising is substantially more effective than other existing campaign advertising technology,our accumulated experience and knowledge of previous waves of technological innovation in campaigns suggests that this is unlikely.Nonetheless,there are some potential consequences about which some concern is warranted.First,one reason that campaigns find it difficult to persuade voters is that their opponents and the news media provide a counterweight to the information and arguments they offer.Were either the competitiveness of elections or the quality of political information provided by news media to decline,the scope for campaign persuasion by any means,and in particular through AI-generated targeted messages,would increase.Second,generative AI is costly to use.If it came to be perceived by candidates as a necessary tool to mount a serious campaign,it could raise the financial cost required to enter a race.The arms-race effect of such competitive pressure could impact the pool of candidates willing to run,even in the absence of any net effect on voter behavior.There is now good evidence from multiple settings that increases in campaign spending levels tend to shrink the candidate pool,advantage wealthier candidates,and increase incumbency advantages.Third,AI-enabled campaigning might be perceived by voters as unfair or illegitimate,particularly if its adoption is not symmetric across the parties.News media might contribute to such perceptions by uncritically reporting claims about AI campaigns effectiveness from self-interested technology vendors.Losing candidates could use such claims,were they widely believed,to cast doubt on the legitimacy of their opponents victory.Recommendations and Best Practices Journalists should inform the public that the likelihood of generative AI ads or chatbot conversations massively affecting electoral outcomes is low.Journalists,civil society,and voters should exercise extreme skepticism when startups or other companies claim to be able to use new technology to persuade large numbers of voters to switch their votes or to not turn out.Tech companies should continue to monitor concerning uses of chatbots for microtargeting,persuasion,and particularly misleading content intended to deter participation.Where appropriate,they should consider forbidding such behavior in their terms of services as some already do.However,in the short amount of time before the 2024 election,issues with deepfakes and the information environment are likely to be more pressing and should be the primary focus.Campaigns and political parties should avoid allocating undue resources to microtargeting and chatbots,which may foster mistrust even if they are not effective at political persuasion.Opportunities Though some of the most salient examples of generative AI being used in politics involve nefarious applications such as deepfakes and inauthentic news stories,these technologies also have the potential to be harnessed for civic engagement and education.Positive use cases include summarizing policies and salient political events for lay audiences,developing more accessible voting advice applications,and facilitating communication between citizens and lawmakers.Beyond the potential to empower voters,generative AI could also enable under-resourced campaigns to improve their outreach and communication strategies.Distilling policies and presenting them in an accessible format is a capability of large language models(LLMs)that could enhance voter learning.For example,one can ask Anthropics Claude,an LLM with a 100,000 token context window,to generate summaries of House and Senate resolutions.Doing so for H.R.5745,a 57-page bill introduced in the 118th Congress aimed at regulating digital assets,produces a summary correctly highlighting its aim to“create new regulations for cryptocurrencies,stable coins,and other digital money.”If one continues the chat by claiming to be a“cryptocurrency expert,”Claude can return details about new reporting requirements introduced in the bill.The ability for these tools to tailor information based on user knowledge provides an opportunity for citizens to engage with the legislative process in a more transparent and efficient way.LLMs could also enhance voter learning in electoral settings.Voting advice applications(VAAs)have become ubiquitous in the US and Europe.VAAs solicit voters stances across several issues and match voters to politically congruent candidates.Though previous research has found positive effects on voter turnout and vote choice,VAAs assume that voters possess stable issue preferences,and might appeal to those who are already politically engaged.Integrating generative AI into the development of VAAs could allow lower propensity voters to pose simple questions about political parties(e.g.,“where does the Republican Party stand on abortion?”)and receive information about party positioning within seconds.Instead of responding to an extensive list of policy items,as is the case with existing VAAs,AI-guided conversations could help make interacting with VAAs less intimidating and more accessible to a broader spectrum of voters.In implementing tools such as VAAs or even summarizing policies,a natural question is whether LLMs will be“biased”toward certain viewpoints.Methods like retrieval-augmented generation(RAG)can be used to mitigate these concerns by grounding the generation of content in a variety of sources that span the political spectrum.When a user interacts with an LLM,RAG ensures that relevant sources are fetched from a preloaded database,inserted into the prompt,and used to populate the answer.It is possible to load an external database with sources such as party platforms and instruct the LLM to only summarize the information contained in those sources.This produces outputs that are generally free of editorializing and accurately represent the source material.Outside of electoral settings,extensions of RAG could be used to help voters learn about topics discussed in city council meetings,scour publicly available but underutilized civic data,and understand local policies.Using RAG is akin to using a search engine that retrieves relevant information and summarizes it in an accessible fashion.This makes it an ideal method for simplifying vast amounts of data,which can be useful for voters making choices in political contexts where knowledge is limited due to a lack of media coverage.For example,one could use RAG to summarize recent approvals of housing developments or a list of policies considered by a city council in the previous week.Beyond political learning,generative AI could also be used to facilitate communication between citizens and elected officials.Writing to lawmakers can be an intimidating process for many citizens,as they might know how to articulate their concerns or they may be unsure about the relevant norms for such communication.LLMs can improve this process by enabling citizens to craft more persuasive messages.They can also provide real-time assistance with respect to grammar,style,and tone,allowing citizens to communicate more effectively.In the future,these tools may also be used by legislators to proactively identify common concerns among citizens,further improving responsiveness.Generative AI could also help level the playing field with respect to political campaigns.Under-resourced campaigns may face challenges in creating content that appeals to voters.Generative image and text tools can enable these campaigns to draft more compelling speeches,press releases,social media posts,and other materials.These methods can also be used to create tailored materials for different audiences.To the extent that Generative AI allows financially constrained campaigns to maintain a veneer of professionalism,it could reduce imbalances between lesser-known candidates and more established politicians.In sum,although negative use cases involving generative AI have received significant media attention,there are positive use cases that could enhance civic engagement and education.From powering political information-retrieving chat bots to improving citizen-to-legislator communication,the summarization and style transfer capabilities of LLMs could be used to improve democratic processes.Encouraging the public to use these tools to productively cut through the morass of everyday politics can serve as a powerful counterweight to misinformation,whether human or AI-generated.Recommendations and Best Practices Encourage campaigns,journalistic outlets,and technology companies to create pathways that help voters to use Generative AI to summarize complex policies and political platforms.Political parties,technology companies,and civic organizations should help under-resourced campaigns learn to use AI tools to generate higher quality and more informative content.Lawmakers and other actors should create pathways for citizens to use AI tools to communicate directly with their offices.Information Centralization There are good reasons to believe that the AI market is likely to end up concentrated in the hands of a small number of dominant firms who build and deploy foundation modelsthe large,flexible models that can be used for a wide variety of applications.To the extent that generative AI tools end up clustered in a small number of large tech platforms,it may further exacerbate concerns that tech companies have too much power over the information environment.Already,OpenAI,Microsoft,Meta,and other tech companies offering AI-related services have faced concerns over what content their chatbots and other generative AI tools will and wont countenance,with some critics worrying that the tools will say offensive things,while others worry that the generative AIs exhibit a left-wing political bias.More generally,there are hard questions about(a)what content is allowed to enter a modes training algorithms,(b)what prompts users are permitted to ask and which are rejected for being offensive,dangerous,or otherwise off limits,and(c)what output the tools will and wont provide.As generative AI use expands,the power these companies have over these rules could become problematic in much the same way that the power of social media companies over online speech has over the past 10 years.There are two main risks.First,companies could err,and create content guardrails that are unfair,biased,or confusing in ways that perturb the information environment.Second,people might further lose trust in the information environment,concluding that big tech companies who dont share their values are unduly influencing what ideas are generated or gain widespread distribution.In the US,these concerns could come from both sides of the ideological spectrum.Just as weve seen with regards to social media,the right will worry that generative AI tools are biased against conservative ideas and values,while the left will worry that these tools are biased towards conservative ideas and values.These concerns rest on the widespread use of generative AI and so may not come to fruition before the 2024 election.Indeed,currently,polling shows that there is bipartisan support among Americans for a variety of interventions by government and industry to reduce the risk that generative AI poses to elections.However,it is entirely possible that public attitudes will polarize once Americans experience their first important“AI election”in 2024.As such,these concerns bear careful watching,and companies and society would be wise to think now about how to resist the centralization of information provision before the problem becomes more developed.There are at least two potential ways to mitigate this issue.First,society could take steps to ensure that there are many providers of generative AI tooling,so that no one company has undue power over content generation guardrails.This could include exploring policies to prevent market concentration in the generative AI industry,and perhaps is a reason to be cautious about endorsing policies that envision restricting the set of companies licensed to provide generative AI tools(though these policies may have other important benefits).Second,generative AI platforms could avoid taking on this power over content moderation by giving decision-making power concerning guardrails over to users,industry-level self-regulatory bodies,civil-society based regulatory bodies,or other external stakeholders.Already a number of companies have announced efforts along these lines.Building on their experiment with the Oversight Board to make binding content decisions for the company,Meta has recently announced a“community forum”concerning generative AI guardrails,in which users are randomly recruited and paid to learn about,debate,and make recommendations concerning AI policy issues.OpenAI has announced funding for a similar exploration.Meanwhile,Anthropic has implemented an effort to develop a“constitution”through consultation with the community.While these efforts are interesting,they are still nascent.The recruited users can only consider a small number of issues and,at most,make recommendations rather than binding decisions.For these self governance efforts to reassure skeptical Republicans and Democrats that tech companies are not shaping the expression of values in society,users would have to be given substantially greater power over more issues,to make binding decisions on them,and to communicate these decisions to the public so that the public could understand that tech companies have truly given over this power.Expanding the power of self-governance institutions like these is difficult,though,due to the expense and the practical challenges associated with recruiting and paying users to deliberate and decide.Conclusion We have reviewed a number of essential ways that generative AI will affect the 2024 election,focusing both on the ways that it threatens to disrupt the information environment and affect the outcome of the election and voters faith in the process itself,as well as the ways it can be used to inform voters and improve democratic functioning.If there is a single theme to our review,it is that voters,journalists,and everyone who cares about elections should regard claims about new technology with great skepticism.In some instances,the threat to the election is caused by generative AI itselfsuch as latebreaking“October surprises”driven by highly persuasive fake information.People should be skeptical of these surprises given these threats,and they should find ways to seek out information verification from sources they trust.In other instances,the threat is not from the technology itself but from over-credulousness about its power.When startups claim to be able to use generative AI to change the minds of large numbers of voters,you should approach the claim with a great deal of skepticism.Finally,you should also be skeptical about the promise of quick fixes to new technological problems.While the idea of“watermarking”generative AI content is a valuable one,it is clear it will not be a panacea for the 2024 election.Watermarking is simultaneously too easy to evade,and also aimed at only one part of the problem:nothing about watermarking will tell you whether or not you should believe the claims and information in a piece of content.There is ample misleading content that is not AI-generated,and there will be plenty of perfectly accurate AI-generated content.Ultimately there will be no substitute for your skepticism,common sense,and trusted sources.Author Bios and Disclosures Ethan Bueno de Mesquita is the interim dean and Sydney Stein Professor in the Harris School of Public Policy at the University of Chicago.Bueno de Mesquita discloses that he receives consulting income from Meta Platforms,Inc for work related to governance issues.Brandice Canes-Wrone is Professor of Political Science and Maurice R.Greenberg Senior Fellow of the Hoover Institution,Stanford University.Andrew B.Hall is the Davies Family Professor of Political Economy in the Graduate School of Business at Stanford University,and a Professor of Political Science.He is a Senior Fellow at the Stanford Institute for Economic Policy Research and a Senior Fellow(courtesy)at the Hoover Institution.Hall discloses that he receives consulting income from Meta Platforms,Inc for work related to Augmented Reality strategy,and from Andreessen-Horowitz for work related to web3 governance.Kristian Lum is Research Associate Professor in the Data Science Institute at the University of Chicago.She was previously a Senior Staff Machine Learning Researcher on the ML Ethics,Transparency and Accountability Team at Twitter.Gregory J.Martin is Associate Professor of Political Economy in the Graduate School of Business at Stanford University.Yamil Ricardo Velez is an Assistant Professor of Political Science at Columbia University.

8人已浏览 2024-05-14 14页 5星级

DATA TRENDS 2024DATA TRENDS 20247 Ways Leading Organizations Are Building Toward Advanced AI Success2Executive Summary.3Introduction:Advancing in the AI Age.5Cementing the Data Foundation.7Trend One:Python Is the Language of Choice for AI Programming.8Trend Two:Enterprises Are Tapping Their Unstructured Data.9Trend Three:Enterprises Are Getting More Granular in Their Data Governance.10AI Scales With Apps.12Trend One:The Democratization of AI Is Here.13 Trend Two:The LLM Explosion Is Happening NowProbably at Your Office .14 Trend Three:The Chatbot Is on the Rise.15 Trend Four:Enterprises Want Apps and Data Within a Unified Data Platform.16 From Foundation to Elevation.17 Next Steps.18 Appendix:Methodology.19 TABLE OF CONTENTS2DATA TRENDS 20243DATA TRENDS 20243EXECUTIVE SUMMARYWe looked at how more than 9,000 Snowflake accounts adopted features and capabilities of the Data Cloud over the previous fiscal year to reveal trends,both in terms of the foundational development of data infrastructure and those users first moves into advanced AI.Generally,we compared January 2023 to January 2024 to align with Snowflakes fiscal year,except in cases where features went into public preview during the year.In those cases,we compared the first full month in public preview to January 2024.For the full methodology,see the appendix.Highlights from this report include:FIRMING UP THE DATA FOUNDATION1 Python is the language of choice for AI programming.With its ease of use,active community and ecosystem of libraries and frameworks,Python use grew 571%,considerably more than any other language year over year.Python skills will be increasingly essential to development teams as they venture into advanced AI.2 Enterprises are finally tapping their unstructured data.Most dataas much as 90%by some estimatesis unstructured videos,documents and more.We saw processing of unstructured data grow by 123%.Thats good news for many uses,not the least of which is advanced AI.Proprietary data will give large language models their edge,so unlocking that underutilized 90%has huge value.3 Enterprises are getting fine-grained about their data governance.Were seeing not just more governance measures applied to data;were seeing a more refined approach as organizations embrace a wide range of tagging standards and features.The takeaway:While usage of every data governance feature rose 70%-100%,the number of queries against protected objects is up 142%.Governance is not about locking down your data,its about making it more available for secure,authorized uses,and were seeing exactly that.4DATA TRENDS 2024MAKING AI ACCESSIBLE1 The democratization of AI is here.A major promise of AI is that it will make technology available to less technical users.Weve empowered that through the machine learning functions of Snowflake Cortex,and since public preview of key features began in June 2023,weve seen the number of active accounts adopting ML-based functions grow by 67%.That opens up more possibilities because data scientists and other experts are no longer a bottleneck.2 The LLM explosion is happening nowprobably at your office.What bottleneck?In the last fiscal year in the Streamlit developer community,we saw 20,076 unique developers work on 33,143 LLM-powered apps.That means that the future filled with the power of AI is here.It may not be evenly distributed yet,but its here.3 The chatbot is on the rise.Single-text input LLM apps may be easier to make,but they dont allow refinement through natural conversation.For that you need chatbots,and increasingly thats what the devs are making.From May 2023 through January 2024 in the Streamlit community,chatbots went from 18%of LLM apps to 46%.And climbing.4 Enterprises want apps and data within a unified data platform.We make it possible for users to build applications within our data platform,where their data resides,via the Snowflake Native App Framework.Maybe its the ease of use or the single source of truth.Maybe its the security and governance advantages.But the data shows that people want to bring the work to the data.The number of Snowflake Native Apps grew 311%,and the use of those apps is up 96%,based on January 2024 utilization compared to July 2023(Snowflake Native Apps went into public preview on June 27,2023).5DATA TRENDS 2024Were now a year and a half into the generative AI era,and things are only accelerating.OpenAIs release of ChatGPT and then GPT-4,Metas decision to open source Llama and Llama 2,and a host of other announcements and innovations around the application of advanced AI have stirred more excitement and driven real progress in the development and enterprise adoption of large language models.Tremendous opportunities and challenges lie ahead,and as we analyzed use of the Snowflake Data Cloud to understand the latest trends around data and technology,our chief interest was around how enterprises are preparing for an unfolding era in which advanced AI accelerates and transforms how they do business.The Snowflake Data Cloud encompasses data,models and applications from thousands of organizations across many industries.Looking at how they work within the platform,including which features they use,paints a vivid picture of the decisions being made to deal with current challenges and prepare for future success.ADVANCING IN THE AI AGE6DATA TRENDS 2024A lot of industry research surveys executives and practitioners,asking them to estimate things such as what percentage of their data is unstructured,or to describe how confident they feel about their approach to data governance.This report didnt ask anyones opinion.Instead,we looked at how enterprises worldwide are making decisions and applying their resources to leverage their data.Through that lens,a picture emerges about how the modern,data-forward enterprise is shaping its data strategy on the cusp of an AI revolution.In short,business and technology leaders at these organizations are preparing for the future.They are taking initial steps into the world of large language models and generative AI.More importantly,they are fortifying their data foundation.While the specific technologies around advanced AIthe algorithms and appsare powerful,they dont work alone.To be successful,a business must build the shiny,new AI technology on top of a solid stack of organizational practices and technologies to ensure a companys data is available,secure and properly governed.In other words,the LLM is the dessert,while a solid data infrastructure is the main course.In our predictions report for 2024,our in-house experts advised that the proper response to the new AI age is not to desperately create a new data strategy,but to accelerate the same solid,thoughtful practices you were following before you ever heard of ChatGPT.When we look at how Snowflake users are working with their data,we see exactly that:a focus on silo-busting,refining governance practices,and finally coming to grips with the flood of unstructured data.For starters.The generative AI era does not call for a fundamental shift in data strategy.It calls for an acceleration of the trend toward breaking down silos and opening access to data sources wherever they might be in the organization.”JENNIFER BELISSENT Principal Data Strategist,in Snowflake Data AI Predictions 2024DATA TRENDS 20247Organizations are doing a lot to make more data securely,appropriately available to todays tools and applications as well as tomorrows(or next weeks)AI advance.At the foundation layer,weve identified the following three trends as significant in the past year.On their own,each of these trends is a singular data point about how IT organizations are handling various challenges.Taken together,they suggest a larger story about how CIOs,CTOs and CDOs are modernizing their organizations,embracing AI experimentation,solving data problems and driving resource-stretching efficienciesall necessary steps to meet the opportunities of advanced AI head-on.CEMENTING THE DATA FOUNDATIONTREND ONE:PYTHON IS THE LANGUAGE OF CHOICE FOR AI PROGRAMMING Developers are able to work with a variety of programming languages in Snowflake,and its with interest that we note which languages are growing in popularity.In the past year,Python has surged.Python has a lot going for it,including:Its easy to learn and read,letting developers focus on solving AI problems rather than parsing abstract syntax.It has a vast ecosystem of libraries and frameworks that simplify potentially daunting AI tasks,from implementation of neural networks to natural language processing.It has a big,active community of contributors,which accelerates learning and problem-solving.Its flexible and portable,so developers can deploy AI applications across different platforms,systems and environments.Its extensive data-handling capabilities make it easy to manipulate data,which is a core challenge of any AI/ML project.Overall,Python lets devs focus on the problem,not the language.They can work fast,accelerating prototyping and experimentationand therefore overall learning as dev teams make early forays into cutting-edge AI projects.And in the Snowflake Data Cloud,devs are seriously embracing Python.In Snowpark,which expands programmability in Snowflake,Python use grew considerably faster than both Java and Scala in the last fiscal year:Python grew by 571%,while Scala grew by 387%and Java grew 131%. 571% 387% 131%PYTHONSCALAJAVADATA TRENDS 20248AI/ML IS GROWINGWITH PYTHONAs Python use skyrockets in Snowpark,usage of some of the most popular AI/ML open source Python libraries in Snowpark has increased by 335%,including:Developers are bringing more AI/ML work to Snowflake,because they need a unified data platform and access to huge amounts of data used to build,train and run advanced models.But we believe the increase represents not only a shift of existing work to our platform,but a net increase in experimentation with advanced AI.AI-friendly Python significantly outpaced Scala and Java growth in the Data Cloud.474%SCIKIT-LEARN IS UP357%XGBOOST IS UPMost data is unstructured,and most enterprises struggle to do much with it.This is not a problem thats going to go away.According to IDC,90%of the data generated by organizations in 2022 was unstructured.1Extracting value from that data has been a tech challenge for years,exacerbated by the near-simultaneous arrivals of smartphones and social media,and complicated by evolving regulatory regimes and privacy practices that govern all of an enterprises data,structured or not.That last point is important;even as automation and artificial intelligence help us extract meaning from unstructured data,the actual management of it becomes more difficult.Despite the challenges,Snowflake users are getting value out of unstructured data,especially with the growth of AI/ML.These data types are being processed with Python,Java and Scala,languages commonly used by data engineers,data scientists and app developers.The suite of languages for unstructured data processing became publicly available in public preview or general availability on June 27,2023.Given that Python in particular is the language of choice for many developers,data engineers and data scientists,its fast-growing adoption suggests that these unstructured data workflows are not just for building data pipelines,but also involve AI applications and ML models.TREND TWO:ENTERPRISES ARE FINALLY TAPPING THEIR UNSTRUCTURED DATA9DATA TRENDS 2024 675%1.IDC White Paper,sponsored by Box,“Untapped Value:What Every Executive Needs to Know About Unstructured Data,”IDC#US51128223,Aug 2023 123%UNSTRUCTURED DATA PROCESSING OFFROM JULY 2023 TO JAN.2024The last foundational trend is certainly not the least.Governance is absolutely essential to data strategy broadly,and AI strategy in particular.The outputs of LLMs and generative AI can be inaccurate or inappropriate,and a strong governance regime helps limit negative surprises.In last years trends report,we noted that with both data regulations and consumer privacy concerns on the rise,we had seen increased adoption of data governance features.In short,we saw that our users were applying more tags governing access and use of their data,meaning that they were ensuring that necessary audiences could make use of their data while restricting unauthorized user access.This year,that trend continues and in fact deepens.Weve seen significant increased adoption of governance features in a way that indicates not merely restriction,but control.The wide embrace of multiple governance features suggests that users want granular control over data to make it appropriately available to more users,for more use cases.This refined control is necessary to responsibly unlock the value of sensitive data.TREND THREE:ENTERPRISES ARE MORE GRANULAR IN THEIR DATA GOVERNANCEDATA TRENDS 202410Among the indicators of a more granular approach to data use,we saw use of the following governance features rise year over year:The number of tags applied to an object rose 72%.The number of objects with a directly assigned tag is up almost 80%.The number of applied masking or row-access policies increased 98%.The number of columns with an assigned masking policy grew 97%.The cumulative number of queries run against policy-protected objects is up 142%.That last stat is particularly significant.Theres a popular misconception that governance is about saying no,that it slows down or limits data innovation.While good governance is meant to put the brakes on genuinely unsafe or inappropriate activities,its also an enabler of effective,responsible data usage.Were seeing more and more governance through the use of tags and masking policies,but the amount of work being done with this more carefully governed data is rising rapidly.We expect these trends to continue as more and more enterprises improve how they govern their data,increase their responsible usage of it,and reap the benefits that data provides to their bottom line.CUMULATIVE NUMBER OF JOBS RUN AGAINST POLICY-PROTECTED OBJECTS,11DATA TRENDS 2024 142%AI SCALES WITH APPSWhile the establishment of a solid data platform and a strategy that breaks down silos and finds efficiencies has been a well-understood goal for years,AI is still mostly untapped by the enterprise.In the year that LLMs and generative AI have been in the media glare,many enterprises have begun to experiment,launching initial projects.Within the Snowflake Data Cloud and the Streamlit community,were able to measure activity in the LLM space and around application development,and throughout 2023 we saw great enthusiasm to get to work.As with the foundational section,weve identified four trends in these early days of advanced AI.A challenge of measuring trends in the enterprise AI space is that theres no precedent.In some cases,we made features available during 2023,so we dont have years of previous data to compare.What we have seen is enthusiastic uptake,and patterns of preference that we think point the way for these early days.12DATA TRENDS 2024TREND ONE:THE DEMOCRATIZATION OF AI IS HEREA significant promise of LLMs and generative AI is that you dont have to be a highly trained data scientist to work with them.Natural language interfaces mean that you can talk to the dataor rather,the app that sits on top of the datalike a human,and the data/app will deliver its answers in a reasonable approximation of human conversation,too.That amounts to a“democratization of AI,”as the tech marketers like to say.And its here.While this years report does not have year-over-year statistics,what we saw in 2023 was tremendous,widespread enthusiasm.The fast adoption of the ML-based functions available in Snowflake Cortex shows how fast AI can happen when there is a solid foundation of data in place.These functions make it easier for those who arent data scientists to work with machine learning algorithms.The number of active accounts using ML-based functions2 grew 67tween July 2023(the first full month after public preview)and January 2024.That surge of initial growth,sustained over the remaining six months of the fiscal year,indicates the enthusiasm for,and the utility of,these“democratizing”functions.Comparing July 2023 to January 2024,monthly usage grew 90%.These are early days,and of course that growth surge starts from a relatively small initial point,but were excited to see sustained and growing interest in tools that put more and more of the power of advanced AI into the hands of less-technical users.This frees the relatively small(and overwhelmed)teams of data scientists from being a bottleneck,and allows those experts to concentrate on the most complex and high-value projects.JULY 2023JAN 2024USAGEACCOUNTS13DATA TRENDS 2024 90% 67%2.ML-based functions evaluated for this report include anomaly detection,forecasting and contribution explorer,which all went into public preview on June 27,2023.Anomaly detection and forecasting were subsequently announced into general availability on Dec.18,2023.Since ML-based functions became available in late June,more adoption by user accounts,and rising overall usage,indicate early steps toward the democratization of AI.Note:Growth was not linear.This graphic illustrates the difference between the start and end points.TREND TWO:THE LLM EXPLOSION IS HAPPENING NOWPROBABLY AT YOUR OFFICE20,076DEVS WORKED ON33,143LLM-POWERED APPS IN9MONTHSWhen generative AI and LLMs became the singular topic of tech conversations a year and a half ago,we were assured that this technology would be everywhere,infiltrating every aspect of how we live and work.We cant say that this reality has fully materialized yet,but were definitely seeing a lot of effort to get us there ASAP.Within the Streamlit developer community,between April 27,2023,and Jan.31,2024,we saw 20,076 unique developers work on 33,143 LLM-powered apps(this includes apps that are still in development).Historically,the Streamlit community has had a large percentage of non-corporate users,so we wondered if this massive surge might mostly be solo experimentation.But in a survey of 1,479 respondents,nearly 65%said their LLM projects were for work.And it seems that these developers are steadily improving their creations.Vector databases and vector search help improve the creativity and utility of an LLM app by making connections between related concepts rather than requiring exact word matches.The result is smarter,more accurate outputs,faster.14DATA TRENDS 2024TREND THREE:THE CHATBOT IS ON THE RISEThe great thing about a conversational interface is that you can have a conversation.Weve seen in recent months a decided shift from the easy-to-build,straightforward single-text-input LLM toward the chatbot,which allows refinement through iterative text input.Looking again at the more than 20,000 LLM-powered apps being developed with Streamlit,we see a definite direction for the chatbot,and its up.In the week starting April 30,2023,single-text-input apps peaked at 82%of all LLM apps built with Streamlit,leaving 18%for the chatbots.A SNAPSHOT OF DEV CONCERNSIn a community-wide survey,more than 980 Streamlit users selected their top concern,from a list of four common worries,about working with LLMs.The results were:TRUST:Is the LLM response accurate?36%PRIVACY:Is my data safe?28%COST:AI aint cheap!19%SKILLS:Im still learning 17%From that point,the single-input line trended down and the chatbot line rose.By the end of January 2024,chatbots accounted for 46%of LLM apps,with single-input apps comprising 54%.The steady climb of the chatbot probably does not represent a shift in the markets appetite for LLM apps.More likely,developers are increasingly able to make more complex chatbot apps to offer greater versatility and interactivity to meet both business needs and user expectations.MAY0 %JUNJULAUGSEPTOCTNOVDECJAN2024WEEKLY%OF THE TOTAL USAGEARE CHATBOTS THE FUTURE?SINGLE TEXT INPUTCHATBOTDATA TRENDS 202415TREND FOUR:ENTERPRISES WANT APPS AND DATA WITHIN A UNIFIED DATA PLATFORM FOR BETTER SECURITY AND GOVERNANCEYou dont have to build your LLM application on the same platform as your data,but there are significant advantages to doing so.By having unified data governance and not having to move data across compute environments,application development is faster,deployment is easier,and operational maintenance costs are lower.Therefore,to continue practicing what we preach about bringing the work to the data,rather than vice versa,we introduced the Snowflake Native App Framework in 2023.Snowflake Native Apps let users deploy applications within the Data Cloud,leveraging the Snowflake platform to run all three layers of the app,including data,processing and user interface.But the question is,does anyone actually want that?CYBERSECURITY WORK IS MIGRATING TO THE DATA PLATFORMUnderscoring the trend to bring work to the data,were seeing a rise of cybersecurity workloads being brought to the Snowflake Data Cloud.For cybersecurity connected apps,where a SaaS vendor stores and processes data in the end consumers Snowflake instance,the average number of connected accounts increased 72%year over year.This tells us that cybersecurity teams see the value of doing security work within their companys unified data platform,rather than through externally managed applications.The early answer appears to be“Yes.”The Native App Framework went into public preview on June 27,2023.Comparing July 2023 to January 2024:Weve seen 311%growth in the number of Snowflake Native Apps published.We saw 147%growth in installation/adoption of these applications.Usage of these apps grew 96%.What this means is that,given the choice,users want to build applications within their data platformwhere the data israther than export copies of the data to external technologies.And frankly,it makes sense.Weve seen that a strong data foundation prepares an organization to succeed with AI.That enterprises would want to work within a solid data platform to create their applications is an extension of that principle.We believe this will soon be an industry-wide baseline.DATA TRENDS 202416FROM FOUNDATION TO ELEVATIONIT teams are used to how much work occurs on the backend to provide a positive,painless experience.The simplest application hides a lot of complexity.Thats definitely true with LLMs and generative AI.Were seeing that organizations understand this and are fortifying their data foundation even as they make their first forays into cutting-edge AI.Some of the foundational trends were seeing apply directly to AI:robust,refined governance;increased use of Python;coming to grips with the vast quantities of unstructured data.Others speak to a general excellence and willingness to adopt new practices to accelerate time to value,such as the growth of serverless computing.As organizations progressively improve their foundation,they pave the way for successful AI initiatives that will deliver reliable,ethical,secure and impactful results.And the trends were seeing in the AI and applications spaces suggest progress is being made.Organizations are picking their models,creating more complex LLM applications,making AI more available to a wider range of users,and reaping the benefits of a unified data platform.There has been a lot of hype around the transformational potential of AI,but judging from what were seeing in the Data Cloud,the frenzied fanfare is beginning to materialize into concrete results.DATA TRENDS 202417Learn more about how Snowflake can help you improve your data foundation and launch successful AI initiatives.SNOWFLAKE FOR AI AND MLSee how you can securely build and deploy LLMs and ML models in the Data Cloud.SNOWPARKRuntimes and libraries that securely deploy and process Python and other programming languages in Snowflake.NEXT STEPSSNOWFLAKE HORIZONSnowflakes built-in governance solution provides a unified set of compliance,security,privacy,interoperability and access capabilities in the Data Cloud.STREAMLIT IN SNOWFLAKETurn data and ML models into interactive apps with Pythonnow all in Snowflake.LEARN MORELEARN MORELEARN MORELEARN MORE18DATA TRENDS 202419The Snowflake Data Trends Report 2024 is generated from fully aggregated,anonymized data detailing usage of the Snowflake Data Cloud and its integrated features and tools.In this report,we examine patterns and trends in data and AI adoption across more than 9,000 global Snowflake accounts.The Snowflake Data Cloud provides insight into the state of data and AI,including which technologies are the fastest growing.Note that usage attributable to internal consumption,if any,has been removed and is not reflected in any of the metrics contained herein.The accounts and usage reflected in this report represent every major industry and include both longtime Snowflake users and others who only recently joined the Data Cloud.Except where noted in the text,the data in this report compares monthly averages from January 2024(represented as“this year”)to averages in January 2023(“last year”).When compared,this is depicted as“year over year”growth to align with Snowflakes fiscal year end,though the figures themselves are only representative of January figures to calculate growth.When possible,we have provided these year-over-year comparisons to showcase growth trends over time.Where data was drawn from Snowflake features that became publicly available after the start of the fiscal year,data was collected and compared as of the first full month after which the feature became available in public preview,and that date is noted in the text.Notably,growth figures for features moving into public preview are expected to be considerably higher,as private previews are limited in scope and necessarily restricted to select Snowflake customers.APPENDIX:METHODOLOGYABOUT SNOWFLAKESnowflake enables every organization to mobilize their data with Snowflakes Data Cloud.Customers use the Data Cloud to unite siloed data,discover and securely share data,and execute diverse artificial intelligence(AI)/machine learning(ML)and analytic workloads.Wherever data or users live,Snowflake delivers a single data experience that spans multiple clouds and geographies.Thousands of customers across many industries,including 691 of the 2023 Forbes Global 2000(G2K)as of January 31,2024,use the Snowflake Data Cloud to power their businesses.Learn more at 2024 Snowflake Inc.All rights reserved.Snowflake,the Snowflake logo,and all other Snowflake product,feature and service names mentioned herein are registered trademarks or trademarks of Snowflake Inc.in the United States and other countries.All other brand names or logos mentioned or used herein are for identification purposes only and may be the trademarks of their respective holder(s).Snowflake may not be associated with,or be sponsored or endorsed by,any such holder(s).

15人已浏览 2024-05-13 20页 5星级

S P O N SO R E D C O N T E N T|W H I T E PA P E RData architecture and strategy in the AI eraSPONSORED BY 2024 IDG Communications,Inc.1The AI imperativeIt has been said that data is the new oil,but data is arguably much more valuable.Unlike petroleum,information can be reused,stored,combined innovatively,shared,copied,and used as the foundation for critical decisions.As it is used,data also creates more data and additional value.The ability of organizations to find,classify,and expose data to all who need it,in a safe and compliant manner,will separate the winners from the others.The value of data has been brought home in 2023 by the astonishing popularity of generative AI(GenAI).The ability of large language models(LLMs)to understand and respond to complex questions,generate original content,develop software,and synthesize millions of data sources into practical advice has captivated IT and business leaders.GenAI makes insights available to anyone who can hold a conversation and expands the population of users who can derive value from data-driven insights.Gartner predicts that over 80%of enterprises will adopt GenAI APIs and models or deploy GenAI-enabled applications in production environments by 2028,up from approximately 5%in early 2023.Among the Foundry respondents,three out of five said they are at least in the early stages of adopting AI,with only 8%saying they have yet to make plans for AI-related projects.Those early adopters expect various benefits,including increased productivity,improved operational efficiency,enhanced customer experience,supply chain benefits,robust security,and risk management(see Figure 1).Large organizations understand and appreciate the value of unifying the data lifecycle on a single platform as a springboard to advanced analytics and artificial intelligence(AI).Still,they struggle with managing data volumes and complexity,security concerns,governance issues,and a proliferation of data silos,according to a new study by Foundry on behalf of Cloudera.Survey respondents agreed that cloud computing provides greater flexibility and shorter development times,even though nearly one-quarter of them still process their workloads entirely in their data centers.More than four in five agreed that having one place to run and manage all applications and data across clouds and on-premises infrastructure is critical.A substantial majority said emerging architectures such as data lakehouses which combine the flexibility of data lakes and the performance of structured data warehouses reduce complexity,but many have yet to adopt them.However,the survey found that new concepts such as data mesh and data fabric are quickly catching on and will be in place at about half of large organizations within 18 months.Source:Foundry Figure 1:AI holds potential across the enterpriseEnhancing product and service development27%Driving revenue growth23%Increasing productivity35%Enabling data-driven insights27%Improving risk management23%Improving customer experience33%Enhancing cybersecurity32%Enhancing decision-making24%Enhancing operational efficiency33%Optimizing supply chain and logistics33%CIO|Cloudera|Data architecture and strategy in the AI era2There are numerous challenges to achieving AI proficiency,however.About one-third of the respondents mentioned the quality and availability of data scalability,integration with existing systems,change management,and model transparency as hurdles.Respondents also pointed to skills shortages and questionable return on investment(ROI).The volume,complexity of data,and security concerns also hamper the end-to-end data management needed for AI model development(see Figure 2).Modern data architecture Building a modern data architecture Is significantly accelerated by adopting a single data platform that works seamlessly across cloud and on-premises infrastructure.Whether deployed“privately”on-premises or in a public cloud,cloud-native computing is the preferred architecture for organizations seeking to unify their data platforms and set the stage for AI model training and inferencing.A flexible approach such as utilizing data lakes or data lakehouses is ideally suited for managing the large volumes of unstructured and semistructured data needed for AI model training.IT decision-makers recognize this,as evidenced by the two-thirds who agreed that data lakehouses help reduce pipeline complexity.The fact that fewer than two in five enterprises currently use them serves to illustrate the difficulty of integrating significant new data management platforms.The survey also revealed considerable interest in two emerging data management concepts:data mesh and data fabric.Although they sound similar,the principles are quite different.A data mesh is a data management paradigm based on four principles:decentralization,data as a product,self-service analytics,and federated governance.It distributes data ownership and responsibility across various teams and domains,using the concept of“data products,”which are domain-specific packages of data services.Governance is federated,but ownership is entrusted to the teams closest to the data,and they are encouraged to treat data just like any of the companys other products.A data fabric is distributed and takes a more centralized approach to data management.The objective is to unlock data sources at scale in an automated manner that promotes context and business relevance.Figure 2:The many challenges of AI at scaleLack of AI skills and expertise32%Contextual data(Trusted data)26ta quality and availability36%Return on investment(ROI)31%Integration with existing systems and processes35%Transparency and interpretability34%Ethical and legal considerations26%Scalability and deployment challenges36%Change management and organizational culture34%The road to successOrganizations that want to achieve the promise of AI need three things:a modern data architecture;unified data management;and versatile,secure data platforms.The survey indicated that companies leading the way toward AI adoption are implementing the following structures.CIO|Cloudera|Data architecture and strategy in the AI era3Based on that insight,data can be made available in a safe,compliant,and self-service manner across the organization,using a single abstraction layer that hides the complexity of the underlying data sources.Enthusiasm for the data mesh concept is pronounced.Even though the approach was defined only two years ago,54%of the respondents said they expect to have a mesh in place by the end of 2024;nearly half(48%)also plan to implement a data fabric in that time frame.Interestingly,organizations with entirely on-premises infrastructure have already deployed a data mesh by a 45%-to-35%margin over those using public cloud.This may indicate that a mesh is more straightforward to implement when resources are confined to local infrastructure instead of being spread across multiple locations.A significant 85%also said their data strategy effectively enables AI/machine learning(ML).Respondents in the northern European region of Europe,the Middle East,and Africa(EMEA)were more likely than those in other regions to rate their strategy as“very effective.”On an industry basis,manufacturing and financial services firms lead the way;about two-thirds have a data strategy.Healthcare,retail,and telecommunications firms are the least likely to have a plan.EMEA respondents led their North American and APAC counterparts in strategy adoption by about a five-to-four margin.Although not essential to AI development,federated data strategies enable data understanding at an enterprise scale and accelerate business decisions by putting them in the hands of those best equipped to use them in an agile and flexible manner unfettered by reliance on centralized IT.Data mesh vs.data fabricData meshData fabric It uses“data products,”domain-specific packages of data services.Ownership and governance are entrusted to the teams closest to the data.Data owners are encouraged to treat data like any of the companys other products.It takes a centralized approach to data management.It creates a unified data architecture in which data is seamlessly connected and accessible,using a single abstraction layer The abstraction layer hides the complexity of the underlying data sources.Enterprise data strategy across industries and regions About half of the organizations surveyed reported having a formal enterprise-wide data strategy,but the prevalence varies widely by industry.Those using the public cloud are likelier to have a strategy than those with primarily on-premises computing infrastructure.Current status of enterprise data strategy Total51#&%Retail&CPG417%Energy/Utiilities/Mines55#%FinServ63 %Mftg.66$%Healthcare30S%Media&Ent560%Telco45#2%CurrentPlannedNo PlansCIO|Cloudera|Data architecture and strategy in the AI era4Source:Foundry Figure 3:How do you manage data?Data integration and ETL tools32%AI/ML26%Analytics and business intelligence(BI)36ta lakehouse31ta cataloging and metadata management35%Streaming data collection34ta lakes26%Master data management36ta warehousing34%“Data lakehouse architecture reduces the complexity of data pipelines”agree:While fewer than two-in-five enterprises use data lakehouses,two-thirds of decision-makers agree they help reduce pipeline complexity67%Unified data managementAn overwhelming 90%of all respondents agreed that unifying the data lifecycle on a single platform is critical for analytics and AI.Nearly all perform fundamental data tasks such as ingestion,monitoring,and data pipeline processing,and 97%use traditional business intelligence tools.About 80%of organizations have reached the predict and/or publish phases of data and analytics,meaning that they have conducted at least some modeling and have deployed analytics models throughout the organization.Almost half of the respondents(46%)reported that their organization interacts with all stages of the data lifecycle process.Complete control of and visibility into every aspect of data give them the capabilities required to drive AI-fueled innovation.A slightly smaller but still significant proportion of the respondents,three-quarters,also conducts modeling,training,and data visualization.Organizations see a wide variety of benefits to modern data architectures,including:Simplifying data/analytics processes(40%)Gaining flexibility in handling all types of data(38%)Enhancing data governance and security (37%)Enabling easier integration with new tools and models for AI(35%)Improved scalability(32%)Source:Foundry Figure 4:Whats holding end-to-end data management back?Lack of talent and time35%Volume and complexity of data62%Governance&compliance52%Lack of agile data ingestion tools43ta security56%Fragmented datasets/Data silos50%CIO|Cloudera|Data architecture and strategy in the AI era5Figure 5:Where is data prep done:On-premises vs.public cloud *Some companies have deployed across hybrid and clouds,causing the total to exceed 100%.Data ingestion and monitoring75Ilivering traditional business intelligence74Hta pipeline processing,aggregation,storage,and management 74Hployment of analytics and data models throughout the organization50(%On-premises Public Versatile and secure processing platformsAn overwhelming 89%of the IT decision-makers use the public cloud to manage data and ML analytics,whereas just 35%still rely on on-premises or private cloud processing(some use both,causing the total to exceed 100%),according to the Foundry study.A hybrid data management approach comprising both on-premises and public cloud infrastructure is the preferred data management strategy for the long term.Although only one-third of the respondents currently deploy multicloud/hybrid data architectures,almost all agree that they offer significant benefits,with 93%agreeing that“multicloud/hybrid capabilities for data and analytics are key for an organization to adapt to change.”Companies with at least some operations in the cloud reported higher overall use of the advanced data management systems needed for AI than those entirely on-premises.This is probably because this leading-edge software can be quickly deployed in the cloud without incurring the expense and long lead times of local installation.However,companies whose infrastructure is primarily on-premises reported much higher overall use of technologies and processes in preparing data for analysis than those using a single public cloud(see Figure 5).This may be due to differences in data sources,compliance/security regulations,or industry standards.Source:Foundry Moving to the cloud isnt without its challenges,however.Difficulties migrating data across different platforms and environments were cited by 35%of the respondents,followed by 28%who mentioned disaster recovery/business continuity,integration and interoperability,data visibility and data analytics,and orchestration for AI use cases.CIO|Cloudera|Data architecture and strategy in the AI era6Nearly one-fifth of the organizations also reported planning to repatriate data from the public cloud back to on-premises infrastructure over the next 18 to 36 months.A hybrid platform provides a choice of where to deploy analytics and AI,based on the needs of different workloads,teams,and departments as well as business and regulatory environment changes.Data security,cloud cost,and compliance governance were also noted by at least one-quarter of the respondents,indicating difficulties in implementing hybrid and multicloud environments,depending on the organization and the use case.6Migrating data:differences by regionThere were some notable regional variances regarding migrating data:EMEA respondents cited data security as a significantly lesser issue than did their North American counterparts.More than twice as many EMEA as Asia-Pacific(APAC)respondents mentioned cloud costs as an impediment.Just half as many North American as EMEA executives said balancing the needs of different stakeholders within the organization is a problem.North American respondents were much less likely to say data silos are an issue than did their EMEA or APAC counterparts.Orchestrating multiple sourcesDelivering business outcomes and building high-quality AI models typically involve integrating information from multiple sources but also introduce complexity.Again,the survey showed that organizations with one or more clouds can orchestrate data more smoothly from various sources.Enterprises currently focus on critical data sources holding customer/prospect data,supply chain data,and customer sentiment data.More than 70%of the respondents reported using these types of data sources within their organization.More than half said they also use other data sources,led by economic data,sensor data,market data,voice/images/text,and publicly available data.Volume and complexity challenges grow as more sources are employed.Companies that use multiple clouds reported slightly higher overall usage of all data sources than those that deploy only a single public cloud or exclusively on-premises infrastructure.For example,93%of the organizations that use multiple clouds incorporate customer and prospect data into their analytical models,compared to 75%of the on-premises users.APAC respondents reported higher overall use of every data source than those in other geographies.Managing data complexityAI model training and fine-tuning require huge amounts of data.Enterprises use a variety of solutions to manage data,such as:Analytics/business intelligence(62%)Master data management(58%)Data cataloging(57%)CIO|Cloudera|Data architecture and strategy in the AI era7Machine learning and data lakes ranked lowest,with a 34%usage rate,but those technologies are less well established than others.APAC residents indicated above-average use of all but one of the nine suggested data management categories:data warehousing.Not quite ready for real timeMany AI use cases fraud detection,online shopping recommendations,advertising,healthcare monitoring require real-time streaming data.The survey indicated that many organizations dont see real-time capability as critical,at least not yet.Almost half(45%)rely primarily on historical data to make business-critical decisions,and 81%use batch data collection.About one-quarter process near-real-time data,and only one-quarter are equipped to work with streaming data.Half of the IT and data leaders said their organizations data management architecture doesnt meet the needs of real-time use cases.They may not think it necessary.Of the 51%of respondents whose organization doesnt currently process streaming data,just 4%said they plan to add that capability in the next 18 months;that percentage is probably so low because business conditions dont require it.Conditions are changing,however.IDC expects the stream processing market to grow at a compound annual growth rate(CAGR)of more than 21%through 2028,driven by data volumes,the need for real-time analytics,and the growing adoption of intelligent internet of things(IoT)devices.Among the top roadblocks to moving and collecting data at high speed,according to respondents,are difficulty managing pipelines,security/governance challenges,and the need for extensive customization.Security and governance are seen as more significant challenges in EMEA and APAC than in North America.Metrics,value and impactThe metrics that organizations use to measure the success of a data strategy relate primarily to bottom-line results,with revenue growth and cost savings at the top of the list.However,many other factors received numerous mentions,including achieving environmental,social,and corporate governance goals;reducing business risk;increasing customer satisfaction;achieving shorter time to market;and improving business agility.Companies that employ primarily an on-premises or hybrid architecture pointed to revenue growth and cost savings as critical metrics much more than those using cloud resources.Conversely,just 9%of the respondents with a hybrid cloud strategy said business agility is a crucial success metric,compared to 48%of those who use public cloud only.This illustrates how much infrastructure choices are influenced by business strategy.Public cloud appeals to organizations that value speed and flexibility,whereas owned or leased data centers appeal more to those that value security and control.7“The research shows that treating data as a critical asset is an essential organizational skill,and creating a data architecture grounded in business strategy is the foundation.”CIO|Cloudera|Data architecture and strategy in the AI era8The bottom line The research shows that treating data as a critical asset is an essential organizational skill.A modern data architecture grounded in business strategy is the foundation.Flexible and scalable cloud management technologies provide the tools to turn information into insights and facilitate AI model training and inferencing.A single data platform that spans local and cloud infrastructure gives organizations the power to process data wherever its needed and to share it seamlessly with stakeholders and business partners.It provides for unified governance,consistent data quality,and the scalability needed to adopt AI models of increasing size and sophistication.Trusted data is the foundation for trusted analytics and AI models.That factor is significant at this time of transition,when concerns about transparency,privacy,and respect for intellectual property are major points of concern.A global study of 17,000 people by KPMG and the University of Queensland found that over 60%are wary about trusting AI systems and only half believe that the benefits of AI outweigh the risks.And yet Clouderas research shows a huge shift in attitudes toward AI,ML,and data analytics and“great cause for optimism in how it can be used to shape the future through creating wider opportunities and supporting communities.”The organizations that achieve the full potential of AI will be the ones that capitalize on these opportunities by demonstrating high levels of confidence in training data,model integrity,and respect for security and privacy.They will be in the best position to respond to change and drive innovation.About the studyThe Foundry research surveyed more than 600 IT decision-makers in North America,the northern Europe region of EMEA,and APAC.The target company size was organizations with annual revenue of more than$500 million or more than 1,000 employees globally.All participants were data leaders and IT decision-makers with titles of director and above(or equivalent).They had to have a prominent role in the selection of data-related products and services,including,but not limited to,infrastructure.For more information,visit is great cause for optimism on how AI can be used to shape the future through creating wider opportunities and supporting communities.”2024 IDG Communications,Inc.SPONSORED BY

12人已浏览 2024-05-11 9页 5星级

Adrienn Lawson,Linux Foundation Marco Gerosa,Linux Foundation Stephen Hendrick,Linux Foundation Matt White,Linux Foundation Lucy Hyde,Linux FoundationForeword by Stella Biderman,EleutherAIDecember 2023In partnership with2023 Open Source Generative AI Survey ReportEnterprise perspectives and survey-based insights at the intersection of open source innovation and generative AI advancementsCopyright 2023 The Linux Foundation|December 2023.This report is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International Public License.Open source GenAI is considered better at supporting collaboration,innovation,and ease of integration over proprietary solutions,according to our respondents.Open source GenAI leads to increased data control and transparency,according to 69%of respondents.Openness is important.63%of respondents are extremely or moderately concerned by the openness of GenAI systems their companies are using or developing.Proprietary and open source solutions are equally preferred by respondents when it comes to the scalability and accuracy of GenAI technologies.Neutrality is a key aspect of GenAI governance,according to almost all of our respondents(95%).For the long-term sustainability of GenAI,open source solutions(43%)are preferred over proprietary(32%)solutions.The majority of businesses surveyed intend to tailor GenAI technologies to their needs,embedding them in existing products or creating new products around it.In general,41%of organizations surveyed would prefer open source GenAI technologies,compared with 9%who would prefer proprietary solutions.Security is the primary reason why organizations do not plan to deploy GenAI-related projects,but proprietary solutions are not considered more secure than open ones.A majority(60%)of companies surveyed plan to significantly invest in GenAI,allocating a large percentage of their IT budgets to the technology.Generative AI(GenAI)is a key component for businesses,with 50%of respondents organizations using it in a production context.GenAI is a key factor in future planning.63%of companies surveyed feel it is extremely or moderately important to the future.2023 Open Source Generative AI Survey ReportContentsForeword 4Introduction 5Context 6High involvement and financial commitment 6Diverse application areas and usage strategies 7Generative AI openness 9Security and trust 12Security is a major barrier to deploying GenAI 12No evidence found for proprietary preference in security considerations 13Transparency and accessibility 14Open source GenAI increases data control and transparency 14Evaluating open source as a solution for accessibility and reproducibility of GenAI 15Neutral governance and responsible innovation 16A neutral governance approach is important for GenAI technologies 16Performance and business needs 17Accuracy and scalability are deemed to be at similar levels of open source and proprietary GenAI 17Conclusions 18Businesses are concerned by the openness of the GenAI technologies they are using 18Survey respondents generally lean in the direction of open source18A neutral governance approach is key to GenAI development 18About this study 19Methodology 19Demographics 19DataWorld access 19About the authors 20Acknowledgments 20ForewordWhen GPT-3 came out in May 2020,the world of artificial intelli-gence was forever changed.What began as a revolution in language modeling research has expanded to image generation,protein synthesis,video editing,and more.Unfortunately these revolutions were largely kept from the world writ large:only eight of the thirty-four language models released in the two years since GPT-3 had their weights released under an open source license,and only three non-profit or academic institutions in the world successfully trained models more powerful than the previous generation of closed models(GPT-2).2023,however,marked a turning point in this trend.We witnessed an unprecedented surge in the release of open source AI models,with thirty new base models being made available under open source licenses.This shift was not just in quantity but also in the quality and diversity of these models,trained on 15 languages and coming from 13 different countries across four continents.Moreover,these base models served as the foundation for thousands of fine-tuned models,each tailored for specific appli cations.This explosion in open source AI has democratized access to cutting-edge technology,enabling a broader range of researchers,developers,and organizations to contribute to and benefit from these advancements.A commitment to open source AI is more than just a commitment to permissively licensed weights however.The core tenants of the open source movementthe freedom to use,modify,study,and share computer systemsrequires access to large amounts of computing resources,highly optimized HPC libraries to carry out the training,reproducible and transparent evaluation frameworks,and large permissively licensed training corpora among other things.Some of these barriers are beginning to fall,with GPT-NeoX,OpenCLIP,training libraries seeing widespread use beyond their respective creators and evaluation frameworks such as the Language Model Evaluation Harness and Open LLM Leaderboards providing unprecedented access to state-of-the-art tools for creating and studying these models.Still,a broad commitment to increased access to both the technological and the material means of production of generative AI systems is essential to a healthy and thriving open source AI ecosystemThe world has a lot to gain from the recent revolution in AI tech-nology,but it also has a lot to lose.As society,legal systems,and regulators to grapple with this technology its essential that the open source community builds on our historical successes of securing widespread access to technology such as encryption to build a world where AI is not held in a de facto monopoly by a handful of companies.It is essential that people continue to be empowered to compute what they want,how they want,and according to their own values,rather than having their economic and social freedoms be at the whims of a few technology companies.In 2024 I look forward to seeing the continued democratization of this technology.I look forward to seeing new models trained in countries that have never trained generative AI systems before,models that speak their creators languages and reflect their values.I look forward to broader notions of responsible AI that go beyond what is expedient for large corporations.And I look forward to building all this alongside you.STELLA BIDERMAN EXECUTIVE DIRECTOR,ELEUTHERAI42023 OPEN SOURCE GENERATIVE AI SURVEY REPORTIntroductionGenerative AI,commonly referred to as GenAI,stands at the forefront of a technological revolution,profoundly altering diverse sectors by synthesizing vast amounts of data and generating new outputs.From creating intricate artworks and composing music to designing novel pharmaceutical compounds and simulating realistic human language,the potential applications of GenAI are vast and transformative.GenAI has undoubtedly become a focal point of both excitement and scrutiny.The open source approach,rooted in principles of transparency,collaboration,and shared innovation,holds transformative potential for the advancement of GenAI technologies.By democra-tizing access to AI algorithms and datasets,open source initiatives allow a broad and diverse pool of developers to contribute to,refine,and critique GenAI systems.This collective intelligence accelerates the pace of innovation and uncovers and rectifies biases or vulnerabilities that might otherwise go unnoticed in closed development environments.As the integration of GenAI into business operations gains momen-tum,understanding its intricacies and its relation to open source becomes paramount.To understand how open source GenAI can impact the market,LF AI&Data,in partnership with Linux Foundation Research,launched a worldwide survey.This report provides an in-depth exploration of this surveys results,with a special focus on the current state of GenAI in enterprise and GenAI openness.Through comprehensive analysis,we aim to offer insights,highlight best practices,and chart a path forward that ensures sustainable,ethical,and innovative development in this exciting frontier.To clarify the terminology present in this paper,we refer to GenAI as a broad category for a type of AI that can create new content based on some input.GenAI tools are built on underlying AI models,such as a large language model(LLM).LLMs are a subset of GenAI with a specialized focus on text.In this survey,we have covered open source GenAI technologies not limited to models but including databases,applications,and frameworks.Although at the time of the writing of this paper,the Open Source Initiative(OSI)had not yet released an open source AI definition,a draft 0.0.3 version is available and uses four freedoms to define an open source AI system:Study how the system works and inspect its components.Use the system for any purpose and without having to ask for permission.Modify the system to change its recommendations,predictions,or decisions to adapt to the users needs.Share the system with or without modifications,for any purpose.52023 OPEN SOURCE GENERATIVE AI SURVEY REPORTContextHigh involvement and financial commitmentIn the following section,the report lays out the most important features of the survey sample.The varied data and figures reveal that the sample comprises companies that are highly involved in GenAI.As observed in Figure 1,88%of survey participants indicate that GenAI is important to the future of their companies.This data evidences the strategic importance of GenAI.Figure 2 shows that the surveyed companies show high involvement in GenAI technolo-gies(80%)and will invest heavily in their GenAI strategies(60%).This investment distribution is nearly identical for both end-user and vendor organizations,suggesting that all organizations in our sample are anticipating heavy investment.This considerable invest ment reflects a major commitment,indicating a significant impact on several projects and infrastructure changes within these companies.FIGURE 1 HIGH IMPORTANCE FOR GENAI FOR THE FUTURE PLANS OF COMPANIES2023 GenAI Survey,Q11,Sample Size=280How important is GenAI to the future of the company you work for?(select one)Extremely importantModerately importantSlightly importantNeither important or unimportantUnimportantDont know or not sure21B%1%9%3%Extremely involved(GenAI is business critical to key aspects of what our company does)Very involved(GenAI is being used in production in selected areas)Involved(experimenting with how GenAI can add value in selected areas)Slightly involved(researching or evaluating GenAI)My organization has evaluated and banned all use of GenAI toolsNot involved at allDont know or not sure31I%5%1%0%0%A majority:almost entirely focused on GenAI strategiesA large percentage:a major commitment encom-passing several projects or infrastructure changesA moderate percentage:significant but not a major portion of the IT budgetA small percentage:for pilot projects or specific initiativesNo investmentDont know or not sure9Q)%8%2%0%FIGURE 2 HIGH INVOLVEMENT AND LARGE INVESTMENT IN GENAI TECHNOLOGIES WITHIN THE SURVEYED COMPANIESTo what extent is your company involved with GenAI?(select one)2023 GenAI Survey,Q2,Sample Size=284How much is your company planning to invest in its GenAI strategies in the next 12 months as a percentage of its overall IT budget?(select one)2023 GenAI Survey,Q16,Sample Size=249 62023 OPEN SOURCE GENERATIVE AI SURVEY REPORTDiverse application areas and usage strategiesGenAI significantly impacts operations,as shown in Figure 3,particularly in product development and enhancement.Key areas include software quality assurance(35%),software testing(34%),and cybersecurity(31%),demonstrating its potential in risk mitigation and ensuring product and service quality.Additionally,software development(29%)and documentation FIGURE 3 DIVERSE APPLICATION AREAS FOR GENAI UTILIZATION2023 GenAI Survey,Q12,Sample Size=280Please identify those areas where your organization expects to develop or use GenAI.(select all that apply)Quality Assurance:anomaly detection and mitigation strategySoftware Testing:test case generation,unit testing,and UXDocumentation:generation of documents for code,applicationsCybersecurity:vulnerability analysis,risk mitigation,adaptation to attacksSoftware Development:code generation,code assistance,and auditsMarketing:sales collateral,image generation,blogs and articlesCustomer Service:chatbots,support and recommendationsKnowledge Management:access to company data and knowledge with chat interfaceLanguage:language understanding and translationCustomer Sentiment:customer satisfaction analysisPersonal Assistants:manage tasks,schedule appointments,make recommendationsEducation and Training:adaptive learning,dynamic contentResearch:market,scientific and analyticalFinance:decisioning,investment optimization,predictionsLogistics:optimal routes,economics,engineeringHealthcare:assist in diagnosis,drug discovery,personal medicineDisaster response:prediction,analysis,mitigationOther(please specify)Dont know or not sure35441)# %9%6%2%1%0r023 OPEN SOURCE GENERATIVE AI SURVEY REPORT(34%)are notable applications,with organizations using GenAI to automate code generation and create dynamic documentation for applications and source code.Our survey assessed companies stages in their GenAI journey by examining how they plan to use GenAI,as shown in Figure 4.We grouped companies by their most advanced GenAI usage on two dimensions.The row totals reveal that organizations in our sample aim not only to enhance their internal processes with GenAI but also to embed GenAI into products and services(29%)or create new GenAI-based products or solutions(55%).In terms of customi-zation level,the column totals show that many organizations plan to customize and enhance GenAI foundation models(57%),potentially through methods such as fine-tuning or RAG(retrieval-augmented generation).A significant number also intend to develop in-house GenAI technologies(30%).Developing in-house solutions does not necessarily mean building LLMs or other large foundation models from scratch,as it can require expensive and scarce resources and might not serve specific use cases well.Companies also have an opportunity to build small,domain-specific GenAI models from their own datasets by leveraging expertise in data science.Both customization and the development of in-house solutions will likely rely on the open-source community,which has been creating solutions to the challenges of GenAI customization with techniques such as LongLoRA,a fine-tuning approach with limited computation cost.FIGURE 4 THE MAJORITY OF BUSINESSES INTEND TO TAILOR GENAI TECHNOLOGIES TO THEIR SPECIFIC NEEDS2023 GenAI Survey,Q10 and Q14,Sample Size=245,cells add up to 100%How does your company use or plan to use GenAI technologies?(select all that apply)Use out-of-the-box GenAI technologies with little to no customizationUse GenAI technologies and customize them extensively to fit our needsDevelop our own in-house GenAI technologies4%7%5%6%6%33%Rowtotals16)UW0%Employ GenAI to enhance internal processesEmbed GenAI into products and servicesCreate new products based on GenAI or create GenAI solutions for third partiesColumn totals82023 OPEN SOURCE GENERATIVE AI SURVEY REPORTGenerative AI openness1Andreas Liesenfeld,Alianda Lopez,and Mark Dingemanse.2023.Opening up ChatGPT:Tracking openness,transparency,and accountability in instruction-tuned text generators.In Proceedings of the 5th International Conference on Conversational User Interfaces(CUI 23).Association for Computing Machinery,New York,NY,USA,Article 47,16.https:/doi.org/10.1145/3571884.3604316Open source software provides significant benefits by ensuring that software is developed in the open.This attribute removes barriers to learning,using,sharing,and improving software.This can also result in more autonomy,transparency,and collabor-ation,which,if applied to GenAI,could ensure that users have the free dom to develop reliable and transparent AI systems.The following section delves into the results of the surveys GenAI openness questions.The level of openness can vary greatly between the different GenAI models currently available,but most of them would likely not earn the open source title,since availability and access to the underlying code,data,model,and documentation are rare.1 However,the GenAI ecosystem is not limited to models but includes applications from vector and graph databases to agent frameworks.To illustrate,companies have the opportunity to leverage open source application development frameworks FIGURE 5 CONCERNS OVER OPENNESS IN EXISTING GENAI SYSTEMS ESPECIALLY AMONG COMPANIES CUSTOMIZING OR DEVELOPING IN-HOUSE SOLUTIONS2023 GenAI Survey,Q14 by Q13,Sample Size=247How does your company employ or plan to employ GenAI technologies?(select all that apply)segmented by How concerned is your organization about the openness of the GenAI systems you are developing or using?(select one)Develop our own in-house GenAI technologiesUse GenAI technologies and customize them extensively to fit our needsUse out-of-the-box GenAI technologies with little to no customizationExtremely concernedModerately concernedSlightly concernedNeither concerned or unconcernedUnconcerned20Q%8%5%6%6)E2023 OPEN SOURCE GENERATIVE AI SURVEY REPORT(e.g.,LangChain)on top of closed models to integrate their appli-cations,back their office systems and innovate with new platforms.Therefore,openness can be leveraged across a wide range of GenAI.The open approach is vital,as confirmed by our survey respondents concerns about the openness of the GenAI technolo-gies they are using or developing.Figure 5 shows that,across the three ways in which organizations intend to employ GenAI technologies(develop in-house,customize to their needs,and use with little or no customization),concern over the openness of the GenAI is correlated with the level of organizational involvement.In Figure 5,71%of organizations are moderately or extremely concerned about the openness of the GenAI they will be developing.This may be due to the wide variations in openness today and the risk of betting on an approach that the industry dismisses as the market matures.A similar situation exists for organizations that intend to customize GenAI systems to better fit their needs,where 62%of organiza tions are moderately or extremely concerned about the need for openness.By contrast,only 48%of organizations are moderately or extremely concerned about the openness of out-of-the-box AI technologies that are used with little or no customization.Presumably,this is because organizations have already done due diligence in their selection process and the vendor/supplier is also ultimately responsible for the quality and reliability of the product or service.Concern about the openness of GenAI translates into organizational preferences between open source and proprietary GenAI techno-logies.Figure 6 shows that 41%of organizations lean toward open source GenAI technologies,compared with 9voring proprietary ones.Twenty-two percent of organizations are inclined to use both types of solutions while 28%are indifferent,indicating that their choice of technology will ultimately be influenced by factors beyond these preferences.FIGURE 6 IN GENERAL,OPEN SOURCE GENAI TECHNOLOGIES ARE PREFERRED OVER PROPRIETARY SOLUTIONS ACCORDING TO SURVEY RESPONDENTS2023 GenAI Survey,Q17,Sample Size=249 Which distribution model does your organization prefer for GenAI,proprietary or open source?(select one)41%9(%We are or will use both proprietary and open source GenAI technologiesWe prefer proprietary GenAI technologiesWe do not have a preferenceboth types of GenAI technologies are important to usWe prefer open source GenAI technologies102023 OPEN SOURCE GENERATIVE AI SURVEY REPORTWhile the open source software definition revolves around the source code2,an open source AI system definition will have to consider the various layers that make up the GenAI stack.In our survey,we outlined three primary layers:the application layer,the model layer,and the infrastructure layer.Figure 7 shows that respondents appreciate open datasets most(47%).Open datasets for GenAI can accelerate innovation,promote collabo-ration,and mitigate bias through data availability.Survey respondents further mentioned that open source technologies 2 Open Source Initiative:The Open Source Definition,available at https:/opensource.org/osd/FIGURE 7 ACROSS THE THREE PRIMARY LAYERS OF THE GENAI STACK,OPEN DATASETS AT THE MODEL LAYER WOULD BE THE MOST FAVORED OPEN SOURCE TECHNOLOGY2023 GenAI Survey,Q22,Sample Size=249The GenAI stack can generally be divided into three primary layers:the Application Layer,the Model Layer,and the Infrastructure Layer.Which components of these layers,if any,do you believe should be based on open source technologies?(select all that apply)Application layer:deploymentApplication layer:frameworkApplication layer:AI applicationsModel layer:software for training and testing,inference,and analysisModel layer:raw data and curated datasets for model training and validationInfrastructure layer:measuring and monitoring performanceInfrastructure layer:hostingDont know or not sure50150D7G6%2%could improve the applications based on GenAI models(44%),the software for training and testing(37%),and the tools for measuring and monitoring performance in the infrastructure layer(36%).Other ways exist to deconstruct GenAI systems and assess their open ness:Researchers have developed an openness tracker for various LLMs.112023 OPEN SOURCE GENERATIVE AI SURVEY REPORTSecurity and trustSecurity is a major barrier to deploying GenAISecurity(49%)is by far the most relevant obstacle to employing GenAI,as observed in Figure 8.Some examples of security concerns regarding GenAI are privacy,trust,unintended consequences,data breaches,and misuse.GenAI systems,by design,ingest vast amounts of data to train and operate optimally.This data may include sensitive,insecure,incorrect,or biased information.There is also the challenge of ensuring that the model or other parts of the infrastructure do not inadvertently disclose informa-tion introduced during the training,testing,or validation process,which could lead to leakage of confidential information.Ensuring the security of GenAI technologies is not just a technical necessity but crucial for maintaining trust and regulatory compliance.This is further complicated by the complexity of these black-box models that can obscure vulnerabilities,making it challenging for organizations to fully understand and mitigate potential security risks.As one of the respondents answered in an open-FIGURE 8 SECURITY CONCERNS ARE THE PRIMARY REASON WHY COMPANIES DO NOT INITIATE GENAI RELATED PROJECTS2023 GenAI Survey,Q15,Sample Size=249If your company does not plan to deploy or initiate any GenAI-related projects in the next 12 months,what are the primary reasons?(select all that apply)SecurityCostTechnology maturityNo AI expertise in houseNo compelling business caseDoes not apply to usOther(please specify)Dont know or not sure4931%0%22023 OPEN SOURCE GENERATIVE AI SURVEY REPORTended question on the challenges of GenAI:“Data security concerns are the biggest problem at our company since GenAI needs to adopt security measures more effectively to protect consumer data and guarantee compliance with privacy regulations.”No evidence found for proprietary preference in security considerationsWhile it is crucial to address the security concerns mentioned when discussing Figure 8,it is not guaranteed that proprietary solutions will effectively resolve these issues.We asked our survey respond-ents to consider whether they would prefer open source or proprietary GenAI solutions across four discrete security concerns.Figure 9 reveals that when it comes to the vital considerations of security,privacy,and regulatory compliance in GenAI technologies,there is no substantial evidence of a prevailing preference for proprietary solutions over open source options among companies.Figure 9 shows that respondents lean toward preferring open source over proprietary,but the surveys margin of error does not show a significant difference between the two alternatives.This finding challenges the arguments that claim that proprietary solutions are more compliant with regulation and safer for GenAI development.FIGURE 9 WHEN CONSIDERING SECURITY MATTERS,NO EVIDENCE FOUND THAT COMPANIES PREFER PROPRIETARY GENAI TECHNOLOGIES TO OPEN SOURCE SOLUTIONS2023 GenAI Survey,Q18 and Q19,Sample Size=249For each of the following considerations,which type of GenAI solution would you prefer?(one response per row)Open sourceThe sameProprietary463!B7B4$%PrivacySecurityTrustworthy data and modelsRegulatory compliance398#2023 OPEN SOURCE GENERATIVE AI SURVEY REPORTTransparency and accessibilityOpen source GenAI increases data control and transparencyThe openness of GenAI models provides opportunities for the public and academics to scrutinize AI models.A lack of under-standing or transparency about how GenAI models make decisions can hinder individuals rights to know how their data is being used.Without proper mechanisms for accountability,it is challenging to ensure that privacy is consistently upheld.A survey respondent answered an open-ended question on transparency by saying,“Our company must prioritize building trust with their customers by being transparent about their use of AI technology and providing clear explanations of how AI systems make decisions()some customers may be hesitant to interact with AI systems,preferring human interaction.”As observed in Figure 10,a significant 69%of companies believe that their organizations data control and transparency would see an improvement if they were to use open source GenAI technologies.FIGURE 10 AGREEMENT ON THE INCREASE IN DATA CONTROL AND TRANSPARENCY BY OPEN SOURCE GENAI TECHNOLOGIES2023 GenAI Survey,Q21,Sample Size=249How much do you estimate your organizations data control and transparency could change if the GenAI technologies you use were open source?(select one)33%6%8%1%2%2%SignificantlyincreaseModerately increaseSlightly increaseStay the sameSlightly decreaseModerately decreaseSignificantly decreaseDoes not apply to my organizationDont know or not sure142023 OPEN SOURCE GENERATIVE AI SURVEY REPORTOpen sourceThe sameProprietary426!B5#B7!%Widespread adoptionAccess to diverse data and modelsTransparency and reproducibilityCost and budget412%Evaluating open source as a solution for accessibility and reproducibility of GenAIFigure 11 shows preferences for four considerations related to GenAI adoption.Open source models may be perceived as more favorable for widespread adoption of GenAI due to their accessibility and the collaborative opportunities they offer,allowing for rapid dissemination and iteration across a broad user base,as shown.With 42voring open source for access to diverse data and models compared with 35%for proprietary,there is an implication that open source is associated with a richer variety of data and modeling options.This is critical in AI development,where diversity in datasets can lead to more robust and less biased AI systems.The result that 42%prefer open source for transparency and reproducibility underscores the value placed on openness in the AI community.Transparency is key to building trust and allowing for independent verification of AI systems,while reproducibility is essential for scientific progress and validation of results.The preference for open source(41%)over proprietary(32%)in terms of cost and budget considerations indicates that open source solutions are perceived as more cost-effective.This is particularly relevant in a context where organizations are seeking to maximize the efficiency of their investments in AI technologies,especially when budget constraints are a factor.FIGURE 11 EVALUATING OPEN SOURCE AS A SOLUTION FOR ADOPTION,ACCESSIBILITY,AND REPRODUCIBILITY OF GENAI2023 GenAI Survey,Q18 and Q19,Sample Size=249For each of the following considerations,which type of GenAI solution would you prefer?(one response per row)152023 OPEN SOURCE GENERATIVE AI SURVEY REPORTNeutral governance and responsible innovationA neutral governance approach is important for GenAI technologiesAs important as transparency and accessibility are for GenAI technologies,open source might not be enough to mitigate the risks that we associate with GenAI.Figure 12 shows that a neutral governance approach is important for our survey respondents,with 88%indicating that it is extremely or very important when developing GenAI technologies.Neutral governance is another aspect of true open source models and can benefit GenAI tech-nologies in multiple ways.Neutral governance is important to ensure innovation is not subject to only a few companies futures.In addition,neutral governance can help set ethical standards and guidelines to prevent misuse of the technology.Neutral governance is tied to various considerations explored in our survey.Figure 13 shows a lean toward open source solutions in the realms of collaboration and community involvement(43%),long-term sustainability(42%),and responsible AI and ethical considerations(40%).Such governance provides an impartial framework that likely encourages diversity and inclusion in the development process as it is not tied to the interests of proprietary systems.Neutral governance can ensure that innovation and iteration are not only rapid but also ethically aligned and sustainable over time,making the technology more accessible and potentially leading to more equitable outcomes in the GenAI space.FIGURE 13 OPEN SOURCE GENAI TECHNOLOGIES,UNDER NEUTRAL GOVERNANCE,HAS THE POTENTIAL TO ACHIEVE RESPONSIBLE INNOVATION2023 GenAI Survey,Q18 and Q19,Sample Size=249For each of the following considerations,which type of GenAI solution would you prefer?(one response per row)Collaboration and community involvementEase of integrationLong-term sustainabilityResponsible AI and ethical considerationsOpen sourceThe sameProprietaryRapid iteration and innovation437 C3$B996%&2%FIGURE 12COMPANIES FOCUSING ON THE DEVELOPMENT OF GENAI TECHNOLOGIES CONSIDER THE ADOPTION OF A NEUTRAL GOVERNANCE APPROACH TO BE OF SIGNIFICANT IMPORTANCE2023 GenAI Survey,Q24,Sample Size=72How important is having a neutral governance open source approach to developing GenAI technologies?(select one)46B%7%3%Extremely importantVery importantImportantSlightly importantNot important at allDont know or not sure162023 OPEN SOURCE GENERATIVE AI SURVEY REPORTPerformance and business needsAccuracy and scalability are deemed to be at similar levels of open source and proprietary GenAIThe effectiveness of GenAI is often evaluated by companies based on performance indicators such as accuracy and speed.Figure 14 highlights the comparative preferences for open source versus proprietary GenAI technologies in relation to key business needs.It is evident from the data that the preference for open source and proprietary solutions is closely matched across various technical considerations.For example,open source and proprietary solutions are almost equally preferred in terms of their accuracy,with 36%for proprietary and 35%for open source.Similar patterns are observed in other categories,such as support and maintenance and performance/scalability.In terms of user experience,slightly more respondents prefer proprietary solutions(41%)to open source ones(38%).This balanced distribution of preferences acknowledges a competitive landscape where open source solutions are considered nearly as favorable as proprietary ones in meeting critical technical needs.FIGURE 14 SIMILAR LEVELS OF PREFERENCE OF OPEN SOURCE GENAI TECHNOLOGIES AND PROPRIETARY SOLUTIONS REGARDING BUSINESS NEEDS,SUCH AS SCALABILITY AND ACCURACY2023 GenAI Survey,Q18 and Q19,Sample Size=249For each of the following considerations,which type of GenAI solution would you prefer?(one response per row)Ability to align withbusiness needsUserexperienceSupport andmaintenancePerformance/scalabilityOpen sourceThe sameProprietaryAccuracy413&8A!97656( A2023 OPEN SOURCE GENERATIVE AI SURVEY REPORTConclusionsBusinesses are concerned by the openness of the GenAI technologies they are usingThe survey reveals a strong concern among respondents regarding the openness of GenAI systems.Around two-thirds of respondents are either extremely or moderately concerned about this aspect,reflecting the importance of transparency and control in technology deployments.Open source GenAI,according to 69%of respondents,leads to increased data control and transparency,which are critical for ethical and responsible AI development.Survey respondents generally lean in the direction of open sourceThe findings from our survey provide compelling insights into the current attitudes and preferences of organizations toward GenAI,particularly highlighting a notable inclination toward open source solutions.This finding highlights a recognition of the benefits associated with open source technologies,including transparency,reproducibility,access to diverse data and models,and ease of integration.Security,an important concern for any technology deployment,does not appear to be a deterrent for open source GenAI adoption.In fact,most respondents do not view proprietary solutions as more suitable for security considerations than open ones.A neutral governance approach is key to GenAI developmentThe importance of neutral governance in GenAI was supported by 95%of respondents in the survey.This governance framework ensures a more ethical and equitable development of GenAI tech nologies through community involvement and collaboration.Neutral governance is not only crucial for fostering responsible growth of GenAI but also for ensuring that its benefits are wide spread and aligned with societal values.This approach is vital in maintaining the integrity and sustainability of GenAI advancements,ensuring that they serve both communities and stakeholders.182023 OPEN SOURCE GENERATIVE AI SURVEY REPORTAbout this studyDuring September and October 2023,LF AI&Data and Linux Foundation Research fielded an online survey of individuals at organizations on a range of questions related to GenAI.The survey was promoted via LF social media and at LF events.We also sourced qualified respondents from a third-party panel provider to craft a more diverse sample.MethodologyWe received 284 valid survey starts,and 249 respondents completed all relevant questions.The margin of error for the sample size of 249 is 5.2%at the 90%confidence level.This sample size reflects those respondents who met a variety of screening and filtering criteria.The primary screening criteria included employment(respondents who were students,unem-ployed or retired were disqualified)and familiarity with the organizations adoption of GenAI(not familiar at all,slightly familiar,and those responding“Dont know or not sure”were also disqualified).The percentage values in this report may not total exactly 100%due to rounding.DemographicsFigures 15 and 16 provide selected demographics of the survey sample.In the left-hand panel of Figure 15,we see that 42%of our respond-ents were extremely familiar with GenAI,44%were very familiar,and just 14%were familiar.The lack of respondents who were either slightly familiar or not familiar or didnt know or were not sure was intentional.This is because this question was part of our screening process so that respondents would be capable of FIGURE 15 SELECTED DEMOGRAPHIC DATA2023 GenAI Survey,Q1,Q3 and Q4,Sample Size=284How familiar are you with your organizations adoption of Generative AI(GenAI)?(select one)Which of the following best describes your professional role?(select one)What best describes the company you work for?(select one)I work for a company that primarily offers products and services outside the IT industryI work for a company that operates in the Information Technology(IT)industryOther579%4%Extremely familiarVery familiarFamiliarSlightly familiarNot familiar at allDont know or not sure42D%0%0%0%AI or ML engineerSenior/executive management(non-IT)IT management(eg.,VIP,CIO,CISO,CTO)Data scientistProduct managerMarketing/communicationsDeveloper/software engineerOther31 %6%6%4%32023 OPEN SOURCE GENERATIVE AI SURVEY REPORTproviding us with reliable perspectives and insights.Because 86%of respondents were either very or extremely familiar with GenAI,we believe this higher level of expertise will improve the quality and insight provided by this survey.The central panel in Figure 15 shows that the respondents are well distributed across industries,with 57%working in end-user organizations(those companies that use or even embed IT but primarily offer products and services focused on industries outside of IT itself)and 39%working for IT vendors or service providers.The right-hand panel of Figure 15 shows that respondents are distributed across a variety of roles,including AI or ML engineer(31%),non-IT senior/executive manager(20%),IT managers(17%),and data scientists(13%).Figure 16 is a continuation of this demographic data.The left-hand panel of Figure 16 shows a distribution by region.We did not make an effort to stratify by region,and,as a result,most responses come from the U.S.or Canada(92%).The center panel in Figure 16 shows the distribution of respondent organizations by company size in employees.Respondents are reasonably well distributed across three groups:1 to 999(29%),1,000 to 9,000(47%),and 10,000 or more(24%).The right-hand panel in Figure 16 shows that most organizations are reliant on open source software,with 53%reporting being very reliant and 35ing extremely reliant.DataWorld accessLF Research makes each of its empirical project datasets available on Data.World.Included in this dataset are the survey instrument,raw survey data,screening and filtering criteria,and frequency charts for each question in the survey.LF Research datasets,including this project,can be found at data.world/thelinuxfoundation.FIGURE 16 SELECTED DEMOGRAPHIC DATA2023 GenAI Survey,Q5,Q6 and Q7,Sample Size=284In which region does your company have its headquarters?(select one)How reliant is your company on open source software(OSS)?(select one)Please estimate how many total employees are in your company.(select one)United States or CanadaEuropeOther92%5%3%1 to 9991,000 to 9,99910,000 or more29G$%Extremely OSS-reliantVery OSS-reliantModerately OSS-reliantSlightly OSS-reliantNot OSS-reliant at allDont know or not sure35S%7%4%1%0 2023 OPEN SOURCE GENERATIVE AI SURVEY REPORTAbout the authorsADRIENN LAWSON is a data analyst at the LF.Adrienn obtained a masters degree from the University of Oxford in social data science.She supports LF Research with survey development,analysis,and report writing.Adrienn has previously conducted research at the University of Oxford,the Budapest Institute for Policy Analysis,and the U.K.s Office for National Statistics.Dr.MARCO GEROSA is a full professor in computer science at Northern Arizona University and a research analyst at LF Research.His main areas of investigation are software engineering and open source software.He is currently investigating the use of GenAI as a tool to support computer science education and the onboarding of new developers in OSS communities.These projects are supported by the National Science Foundation and have been featured in publications in top-tier venues.He has published over 200 papers and serves on the program committee of important conferences,such as ICSE,FSE,and MSR,and as a reviewer for several journals.He graduated several Ph.D.and M.Sc.students who are now researchers in top institutions and have more than 20 years of teaching experience.For more information,visit http:/.STEPHEN HENDRICK is vice president of research at the Linux Foundation,where he is the principal investigator on a variety of research projects core to the Linux Foundations understanding of how OSS is an engine of innovation for producers and consumers of IT.Steve specializes in primary research techniques developed over 30 years as a software industry analyst.Steve is a subject matter expert in application development and deployment topics,including DevOps,application management,and decision analytics.Steve brings experience in a variety of quantitative and qualitative research techniques that enable deep insight into market dynamics and has pioneered research across many application develop ment and deployment domains.Steve has authored over 1,000 publi cations and provided market guidance through syndicated research and custom consulting to the worlds leading software vendors and high-profile start-ups.MATT WHITE is the Director of the Generative AI Commons at the Linux Foundations AI&Data Foundation.He is Head of AI&Data at Amdocs,as well as the Founder of the AI research group Berkeley Synthetic.He teaches graduate students Data Science at UC Berkeley.He is also the Co-Founder and Chair of the Open Metaverse Foundation a part of the Linux Foundation and a Board Director at the Metaverse Standards Forum.He has over 25 years of experience in AI and data and open source.He holds a Master of Data Science from UC Berkeley,an MBA from the University of Denver and a BSc IT from York University.For more information,visit www.matt-.LUCY HYDE is a Senior Program Manager speciali-zing in Machine Learning supporting open source innovation in artificial intelligence and data.As an accomplished professional,she is highly regarded for technical expertise working in roles focusing on data science,software engineering,and technical exploitation.She started her career with the Department of Defense as an active duty service member and as a government civilian,and continued in private sector digital forensics.She graduated with undergraduate degrees in Psychology,the Arabic language,and Intelligence Operations;an MS in Analytics;and is pursuing a Ph.D.in Computational Science/Informatics from George Mason University and a second MS degree in Artificial Intelligence from Johns Hopkins University.AcknowledgmentsWe thank all the participants of the survey for kindly sharing their insights and experience on the 2023 state of GenAI.Special thanks to peer reviewers and LF colleagues for their involvement in the various stages of the research process:Hilary Carter,Michael Dolan,Ibrahim Haddad,and Anna Hermansen.212023 OPEN SOURCE GENERATIVE AI SURVEY REPORTFounded in 2021,Linux Foundation Research explores the growing scale of open source collaboration,providing insight into emerging technology trends,best practices,and the global impact of open source projects.Through leveraging project databases and networks,and a commitment to best practices in quantitative and qualitative methodologies,Linux Foundation Research is creating the go-to library for open source insights for the benefit of organizations the world over.Copyright 2023 The Linux FoundationThis report is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International Public License.To reference this work,please cite as follows:Adrienn Lawson,Marco Gerosa,and Stephen Hendrick,”2023 Open Source Generative AI Survey Report:Enterprise perspectives and survey-based insights at the intersection of open source innovation and generative AI advancements”,foreword by Stella Biderman,The Linux Foundation,December 2023.lfaidata.foundation|genaicommons.org

3人已浏览 2024-05-11 22页 5星级

点击查看更多天津大学：2024人工智能驱动的分布式光伏数据虚拟采集技术报告（英文版）（22页）.pdf精彩内容。

8人已浏览 2024-05-11 22页 5星级

IBM Institute for Business Value|Research InsightsSecuring generative AIWhat matters now2IBM Security works with you to help protect your business with an advanced and integrated portfolio of enterprise cybersecurity solutions and services infused with AI.Our modern approach to security strategy uses zero-trust principles to help you thrive in the face of uncertainty and cyberthreats.For more information,please visit:https:/ IBM can helpHow AWS can helpFor over 15 years,Amazon Web Services has been the worlds most comprehensive and broadly adopted cloud offering.Today,we serve millions of customers,from the fastest growing startups to the largest enterprises,across a myriad of industries in practically every corner of the globe.Weve had the opportunity to help these customers grow their businesses through digital transformation efforts enabled by the cloud.In doing so,we have worked closely with the C-suite,providing a unique vantage point to see the diverse ways executives approach digital transformationthe distinct thought processes across C-suite roles,their attitudes and priorities,obstacles to progress,and best practices that have resulted in the most success.For more information,please visit:https:/1Only 24%of current generative AI projects are being secured.While a majority of executives are concerned about unpredictable risks impacting gen AI initiatives,they are not prioritizing security.A changing threat landscape demands a new approach to securing AI.Built on a foundation of governance,risk,and compliance,securing AI infrastructure means securing applications,data,models,and model usage.Organizations are turning to third-party products and partners for over 90%of their gen AI security requirements.Just as with the transition to cloud,partners can help assess needs and manage security outcomes.Generative AI solutions can be as vulnerable as they are valuable if security is an afterthought.Key takeaways23Innovation versus security:Its not a choice,its a testAs organizations rush to create value from generative AI,many are speeding past a critical element:security.In a recent study of C-suite executives,the IBM Institute for Business Value (IBM IBV)found that only 24%of current gen AI projects have a component to secure the initiatives,even though 82%of respondents say secure and trustworthy AI is essential to the success of their business.In fact,nearly 70%say innovation takes precedence over security.This perceived trade-off contrasts with executives views of the wide-ranging risks of gen AI.Security vulnerabilities are among their biggest areas of concern(see Figure 1).These worries are well-founded.Cybercriminals are already benefitting from both generative and traditional AI(see Perspective,“Understanding the generative AI threat landscape”).More realistic email phishing tactics and deepfake audios are making headlines,as are data leaks from employees careless use of public tools such as ChatGPT.1 Looking ahead,potential threats to critical AI systems are even more troubling.As AI-powered solutions become more capable and more ubiquitous integrated within critical infrastructure such as healthcare,utilities,telecommunications,and transportationthey could be as vulnerable as they are valuable,especially if security is an afterthought.Q.What are you most concerned about in adopting generative AI?FIGURE 1Executives expressed a broad spectrum of concerns regarding their adoption of gen AI.IntroductionQ2.What are you most concerned about in adopting generative AI?Increased potential for business disruptionLoss of creative thinking and problem-solvingUnpredictable risks and new security vulnerabilities arising as a result of generative AIDifficulty in attracting,retaining,or developing talent with appropriate skillsNew attacks targeting existing AI models,data,and servicesUncertainty about where and how much to invest56RQHGG%4While a consolidated AI threat surface is only starting to form,IBM X-Force researchers anticipate that once the industry landscape matures around common technologies and enablement models,threat actors will begin to target these AI systems more broadly.2 Indeed,that convergence is well underway as the market is maturing rapidly,and leading providers are already emerging across hardware,software,and services.3 The gap between executives angst and action underscores the need for cybersecurity and business leaders to commit to securing AInow.With new IBM IBV research showing many organizations are still in the evaluation/pilot stages for most generative AI use cases such as information security(43%)and risk and compliance(46%),this is the time to get ahead of potential threats by prioritizing security from the start.4To address the need for more specific guidance on where to begin,the IBM IBV and IBM Security have teamed with Amazon Web Services(AWS)experts to share leading practices and recommendations based on recent research insights.Part one of this report provides a framework for understanding the gen AI threat landscape.In part two,we discuss the three primary ways organizations are consuming gen AI and the related security considerations.Part three explores resource challenges and the role of partners.Part four offers an action guide of practical steps leaders can take to secure AI across their organizations.With many organizations still evaluating and piloting generative AI solutions,now is the time to get ahead of new security threats.5PerspectiveUnderstanding the generative AI threat landscape5 Generative AI introduces new potential threat vectors and new ways to mitigate them.While the technology lowers the bar even further for low-skill threat actors,helping them develop more sophisticated exploits,it also enhances defenders capacity to move faster with greater efficiency and confidence.5Red teamBlue teamAllows more targeted,convincing phishing messages on a mass scaleEnables autonomous theft of sensitive data and intellectual property,and evasion of antivirus software through AI-enhanced malwareMakes it easier to pass through online filters and enable illegal activities such as fraudulent account creation Removes the guardrails on gen AI chatbots,so they trick victims into giving away personal data or login credentials Uses publicly available data to generate possible passwordsProvides a real-time view into security and compliance posture and automates compliance tasksGenerates summaries of security cases and incidents,and identifies similar cases for improved forensic analysisDetects threats based on natural language descriptions of cyber incident behaviors and patternsAccelerates analysis of event inputs/outputs and generation of test scenariosCollates telemetry data across sources,and speeds analysts understanding of security log dataSocial engineering and fraudData theftIdentify theft and impersonationAI jailbreaksPassword crackingContinuous regulatory complianceCase managementAccelerated threat huntingIncident simulation and pen testingData interpretation*Application,data,model,or infrastructure vulnerabilities,such as misconfigurations,accidental disclosures,and policy/controls oversightsTransforms automation using API discovery,testing,and protectionVulnerability exploitsAPI securityapi67For generative AI to deliver value,it must be secure in the traditional sensein terms of the confidentiality,integrity,and availability of data.6 But for gen AI to transform how organizations workand how they enable and deliver valuemodel inputs and outputs must be reliable and trustworthy.While hallucinations,ethics,and bias often come to mind first when thinking of trusted AI,the AI pipeline faces a threat landscape that puts trust itself at risk.Each aspect of the pipelineits applications,data,models,and usagecan be a target of threatssome familiar and some new(see Figure 2).7Part oneSeeing threats in a new lightFIGURE 2Some emerging threats look familiar while others are entirely new.Source:IBM Security.Some emerging threats look familiar while others are entirely new.FIGURE 2New threat landscapeConventional threats Conventional threats that take on new meaningare business-as-usual such as social engineeringsuch as more professional-looking phishing tacticsspecific to AI/gen AI,such as model extraction or inversion exploits1238Conventional threats,such as malware and social engineering,persist and require the same due diligence as always.For organizations that may have neglected their security fundamentals or whose security culture is still in the formative stages,these kinds of threats will continue to be a challenge.Given the increasing adoption of AI and automation solutions by threat actors,organizations without a strong security foundation will also be ill-prepared to address the new twists on conventional threats introduced by gen AI.Take phishing emails as an example.With gen AI,cybercriminals can create far more effective,targeted scamsat scale.8 IBM Security teams have found gen AI capabilities facilitate upwards of a 99.5%reduction in the time needed to craft an effective phishing email.9 This new breed of email threats should moderately impact companies with mature approaches to identity management,such as standard practices for least privilege and multifactor authentication as well as zero-trust architectures that restrict lateral movement.But those who lag in these areas run the risk of incidents with potentially devastating reach.10 The reality is that security deficiencies are indeed impacting a significant number of organizations,as results from an IBM IBV survey of more than 2,300 executives suggest.Most respondents reported their organiza-tions capabilities in zero trust(34%),security by design(42%),and DevSecOps(43%)are in the pilot stage.11 These organizations will need to continue investing in core security capabilities as they are critical for protecting generative AI.Organizations without a strong security foundation will also be ill-prepared to address the new twists on conventional threats introduced by gen AI.9Lastly,a set of fundamentally new threats to organizations gen AI initiatives is also emerginga fact recognized by nearly half(47%)of respondents in our survey(see Figure 3).Prompt injection,for instance,refers to manipulating AI models to take unintended actions;inversion exploits cull information about the data used to train a model.These techniques are not yet widespread but will proliferate as adversaries become more familiar with the hardware,software,and services supporting gen AI.12 As organizations move forward with gen AI solutions,they need to update their risk and governance models and incident response procedures to reflect these emerging threats.In a recent AWS Executive Insights podcast,security subject-matter experts emphasized that threat actors will go after low-hanging fruit firstthreats with the greatest impact for the least amount of effort.13 When choosing security investments,leaders should prioritize those use cases,such as supply chain exploits and data exfiltration.FIGURE 3Emergent threats to AI operations require updates to organizations risk and governance models.Source:IBM Security.Exploit difficultyPotential impactPrompt injectionSupply chainexploitsModel evasionModel extractionData poisoningChange the behavior of AI models by altering the data used to train themInversionexploitsReveal information on the data used to train a model,despite only having access to the model itselfSteal a models behavior by observing the relationships between inputs and outputsManipulate AI models into performing unintended actions by dropping guardrails and limitations put in place by the developersGenerate harmful models that hide malicious behavior,or target vulnerabilities in systems connected to the AI modelsData exfiltrationAccess and steal sensitive data used in training and tuning models through vulnerabilities,phishing,or misused privilege credentialsCircumvent the intended behavior of an AI model by crafting inputs that trick itBackdoor exploitsAlter a model subtly during training to cause unintended behaviors under certain triggers1011A simple framework outlines an effective approach to securing the AI pipelinestarting with updating governance,risk,and compliance(GRC)strategies(see Figure 4).Getting these principles right from the beginningas core design considerationscan accelerate innovation.A governance and design-oriented approach to generative AI is particularly important in light of emerging AI regulatory guidance such as the EU AI Act(see Perspective,“A glimpse into new and proposed AI regulations around the world”).14 Those who integrate and embed GRC capabilities in their AI initiatives can differentiate themselves while also clearing their path to value,capitalizing on investments knowing they are building on a solid foundation.Part twoThree AI enablement models,three risk profilesFIGURE 4Securing the AI value stream starts with updating risk and governance models.Source:IBM Security.Securing the AI value stream starts with updating risk and governance models.FIGURE 4Governance,risk,and complianceSecure the data collection and handlingSecure the applications using and enabling AISecure the model inference and live useSecure the model development and trainingSecure the infrastructure12PerspectiveA glimpse into new and proposed AI regulations around the world15 AI regulations are evolving as quickly as gen AI models and are being established at virtually all levels of government.Organizations can look to automated AI governance tools to help manage compliance with changing policy requirements.A sampling of regulations includes:Europe EU AI ActUS Maintaining American Leadership in AI Executive Order Promoting the Use of Trustworthy AI in the Federal Government Act Executive Order AI Training Act National AI Initiative ActCanada AI and Data Act Directive on Automated Decision-MakingBrazil AI BillChina Algorithmic Recommendations Management Provisions Ethical Norms for New Generation AI Opinions on Strengthening the Ethical Governance of Science and Technology Draft Provisions on Deep Synthesis Management Measures for the Management of Generative AI ServicesJapan Guidelines for Implementing AI Principles AI Governance in Japan Ver.1.1India Digital India ActAustralia Uses existing regulatory structures for AI oversight1213Next,leaders can shift their attention to securing infrastructure and the processes comprising the AI value stream:data collection,model development,and model use.Each presents a distinct threat surface that reflects how the organization is enabling AI:using third-party applications with embedded gen AI capabilities;building gen AI solutions via a platform of pre-trained or bespoke foundation models;or building gen AI models and solutions from scratch.16 Each adoption route encompasses varying levels of investment,commitment,and responsibility.Working through the risks and security for each helps build resilience across the AI pipeline.While some organizations have already anchored on an adoption strategy,some are applying multiple approaches,and some may still be finding their way and formalizing their strategy.From a security perspective,what varies with each option is who is responsible for whatand how that responsibility may be shared (see Figure 5).17Source:AWS Security,IBM Security.FIGURE 5The principles of shared responsibility extend to securing generative AI models and applications.Access controls to data and modelsGenerative AI as an applicationUsing“public”services or an application or SaaS product with embedded generative AI featuresGenerative AI as a platformBuilding an application using a pre-trained model,or a model fine-tuned on organization-specific dataBuild your ownTraining a model from scratch on an organizations own dataTraining data and data managementPrompt controlsModel developmentModel inferenceModel monitoringInfrastructureService userService provider14Using third-party applications embedded with generative AIOrganizations that are just getting started may be using consumer-focused services such as OpenAIs ChatGPT,Anthropics Claude,or Google Gemini,or they are using an off-the-shelf SaaS product with gen AI features built in,such as Microsoft 365 or Salesforce.18 These solutions allow organizations that have fewer investment resources to gain efficiencies from basic gen AI capabilities.The companies providing these gen AI-enabled tools are responsible for securing the training data,the models,and the infrastructure housing the models.But users of the products are not free of security responsibility.In fact,inadvertent employee actions can induce headaches for security teams.Similar to how shadow IT emerged with the first SaaS products and created cloud security risks,the incidence of shadow AI is growing.With employees looking to make their work lives easier with gen AI,they are complicating the organizations security posture,making security and governance more challenging.19 First,well-meaning staff can share private organizational data into third-party products without knowing whether the AI tools meet their security needs.This can expose sensitive or privileged data,leak proprietary data that may be incorporated into third-party models,or expose data artifacts that could be vulnerable should the vendor experience a cyber incident or data breach.20 Second,because the security team is unaware of the usage,they cant assess and mitigate the risks.21 Third-party softwarewhether or not sanctioned by the IT/IS teamcan introduce vulnerabilities because the underlying gen AI models can host malicious functionality such as trojans and backdoors.22 One study found that 41%of employees acquired,modified,or created technology without their IT/IS teams knowledgeand predicts this percentage will climb to 75%over the next three years,exacerbating the problem.23 Key security considerations include:Have you established and communicated policies that address use of certain organizational data(confidential,proprietary,or PII)within public models and third-party applications?Do you understand how third parties will use data from prompts(inputs/outputs)and whether they will claim ownership of that data?Have you assessed the risks of third-party services and applications and know which risks they are responsible for managing?Do you have controls in place to secure the application interface and monitor user activity,such as the content and context of prompt inputs/outputs?15Using a platform to build generative AI solutionsTraining foundation models and LLMs for generative AI applications demands tremendous infrastructure and computing resourcesoften beyond what most organizations can budget.Hyperscalers are stepping in with platforms that allow users to tap into a choice of pre-trained foundation models for building gen AI applications more specific to their needs.These models are trained on a large,general-purpose data set,capturing the knowledge and capabilities learned from a broad range of tasks to improve performance on a specific task or set of tasks.Pre-trained models can also be fine-tuned for a more specific task using a smaller amount of an organizations data,resulting in a new specialized model optimized around distinct use cases,such as industry-specific requirements.24 The open-source community is also democratizing gen AI with an extensive library of pre-trained LLMs.The most popular of thesesuch as Metas Llama and Mistral AIare also available via general-purpose gen AI platforms(see Perspective,“Risk or reward?Adopting open-source models”).Platforms offer the advantage of having some security and governance capabilities baked in.For example,infrastructure security is shared with the vendor,similar to any cloud infrastructure agreement.Perhaps the organizations data already resides with a specific cloud provider,in which case fine-tuning the model may be as simple as updating configurations and API calls.Additionally,a catalogue of enhanced security products and services is available to complement or replace the organizations own(see case study,“EVERSANA and AWS advance artificial intelligence apps for the life sciences industry”).However,when organizations build gen AI applications integrated with pre-trained or fine-tuned models,their security responsibilities grow considerably compared to using a third-party SaaS product.Now they must tackle the unique threats to foundation models and LLMs referenced in part one of this report.Risks to training data as well as the model development and inference fall squarely on their radar.Applying the principles of ModelOps and MLSecOps(machine learning security operations)can help organizations secure their gen AI applications.25Key security considerations include:Have you conducted threat modeling to understand and manage the emerging threat vectors?Have you identified open-source and widely used models that have been thoroughly scanned for vulnerabilities,tested,and vetted?Are you managing training data workflows,such as using encryption in transit and at rest,and tracking data lineage?How do you protect training data from poisoning exploits that could introduce inaccuracies or bias and compromise or change the models behavior?How do you harden security for API and plug-in integrations to third-party models?How do you monitor models for unexpected behaviors,malicious outputs,and security vulnerabilities that may appear over time?Are you managing access to training data and models using robust identity and access management practices,such as role-based access control,identity federation,and multifactor authentication?Are you managing compliance with laws and regulations for data privacy,security,and responsible AI use?16Case studyEVERSANA and AWS advance artificial intelligence apps for the life sciences industry26 Given regulatory requirements,life sciences companies need generative AI solutions that combine security,compliance,and scalability.EVERSANA,a leading provider of commercial services to the global life sciences industry,is turning to AWS to accelerate gen AI use cases across the life sciences industry.The objective is to harness the power of gen AI to help pharmaceutical and life science manufacturers drive efficiencies and create business value while improving patient outcomes.EVERSANA will apply its digital and AI innovation capabilities coupled with Amazon Bedrock managed gen AI services to leverage best-of-breed foundation models.EVERSANA maintains full control over the data it uses to tailor foundation models and can customize guardrails based on its application requirements and responsible AI policies.In its first applicationin partnership with AWS and TensorIoT,the team sought to automate processes associated with medical,legal,and regulatory(MLR)content approvals.EVERSANAs strategy to leverage gen AI to solve complex challenges for life sciences companies is part of what EVERSANA calls“pharmatizing AI.”Jim Lang,chief executive officer at EVERSANA,explained,“Pharmatizing AI in the life sciences industry is about leveraging technology to optimize and accelerate common processes that are desperate for innovation and transformation.”This approach has led to streamlining critical processes from months to weeks.EVERSANA anticipates that once it automates its MLR capabilities,it can further improve time-to-approval from weeks to mere days.EVERSANA anticipates automation of MLR processes can improve approval time from weeks to days.1617PerspectiveRisk or reward?Adopting open-source models27 In contrast to proprietary LLMs that can only be used by customers who purchase a license from the provider,open-source LLMs are free and available for anyone to access.They can be used,modified,and distributed with far greater flexibility than proprietary models.Designed to offer transparency and interoperability,open-source LLMs allow organizations with minimal machine learning skills to adapt gen AI models for their own needsand on their own cloud or on-premises infra-structure.They also help offset concerns about the risk of becoming overly reliant on a small number of proprietary LLMs.Risks with using open-source models are similar to proprietary models,including hallucinations,bias,and accountability issues with the training data.But the trait that makes open source popularthe community approach to developmentcan also be its greatest vulnerability as hackers can more easily manipulate core functionality for malicious purposes.These risks can be mitigated by adopting security hygiene practices as well as software supply chain and data governance controls.Open-source LLMs allow organizations with minimal machine learning skills to adapt gen AI models for their own needs.1718Building your own generative AI solutions A few large organizations with deep pockets are building and training LLMsand smaller,more tailored language models(SLMs)28from scratch based solely on their data.Hyperscaler tools are helping accelerate the training process,while the organization owns every aspect of the model.This can afford them performance advantages as well as more precise results.29 In this scenario,on top of the governance and risk management outlined for applications based on pre-trained and fine-tuned models,the organizations own data security posture takes on greater importance.As the organizations data is now incorporated into the AI model itself,responsible AI becomes essential to reducing risk exposure.Being the primary source for AI training data,organizations are responsible for making sure that dataand the outcomes based on itcan be trusted.That means protecting the source data following strict data security practices(see Perspective,“Why responsible AI starts with security ABCs”).And it means protecting the models from being compromised or exploited by malicious actors.Access controls,encryption,and threat detection systems are critical pieces in preventing data from being manipulated.The trustworthiness of an AI solution may be measured by its ability to offer unbiased,accurate,and ethical responses.If organizations do not practice responsible AI,they risk damage to their brands from faultyeven dangerousoutput from their gen AI models.Despite these risks,fewer than 20%of executives say they are concerned about a potential liability for erroneous outputs from gen AI.In other IBM IBV research,only 30%of respondents said they are validating the integrity of gen AI outputs.30If secure and trustworthy data is the basis for value generationand much of our research indicates it isleaders should focus on the security implications of(ir)responsible AI.31 Doing so can highlight the various ways AI models may be manipulated.In the absence of bias or explainability controls,such manipulation can be hard to recognize.This is why organizations need a strong foundation in governance,risk,and compliance.As an extension of the organizations data security posture,software supply chain security also becomes more consequential when creating LLMs.These models are built on top of complex software stacks that include multiple layers of software depen-dencies,libraries,and frameworks.Each of these components can introduce vulnerabilities that can be exploited by attackers to compromise the integrity of the AI model or the underlying data.Unfortunately,adoption of software supply chain security best practices is still nascent at many organi-zations,according to recent IBM IBV research.For example,only 29%of executives indicated they have adopted DevSecOps principles and practices to secure their software supply chain,and only 32%have implemented continuous monitoring capabilities for their software suppliers.32 Both practices are vital to helping prevent cyber incidents throughout the software supply chain.Key security considerations include:Do you need to bolster data security practices to help prevent theft and manipulation and support responsible AI?How can you shore up third-party software security awareness and practices;for example,ensuring that zero-trust principles are in place?Do you require procurement teams to check supplier contracts for security vulnerability controls and risk-related performance measures?19PerspectiveWhy responsible AI starts with security ABCsAs AI moves from experimentation into production,the ABCs of securityawareness,behavior,and culturebecome even more important for helping ensure responsible AI.For AI to be designed,developed,and deployed with good intent for the benefit of society,trust is an imperative.33 Consistent with many emerging technologies,well-informed employees and partners can be an assetespecially in light of new multimodal and rich-media-based phishing tactics enabled by gen AI.Enhancing employee awareness of the new risks leads to proactive behaviors and,over time,a more robust security culture.As AI solutions become more integral to operations,a standard practice should be to communicate new functionality and associated security controls to employees,while reiterating the policies in place to protect proprietary and personal data.Established controls should be updated to address new threats,with the core principles of zero trust and least privilege limiting lateral movement.Emphasizing a sense of ownership about security outcomes can reinforce security as a common,shared endeavor connecting virtually all stakeholders and partners.Responsible AI is about more than policies its a commitment to safeguard the trust thats critical to the organizations continuing success.Enhancing employee awareness of new risks from AI can lead to proactive behaviors and,over time,a more robust security culture.192021Developing and securing generative AI solutions requires capacity,resources,and skillsthe very things organizations dont have enough of.34 In fragmented IT environ-ments,security takes on higher levels of complexity that require even more capacity,resources,and skills.Leaders quickly find themselves in a dilemma.AI-enhanced toolsAI-powered security products can bridge the skills gap by freeing overworked staff from time-consuming tasks.This allows them to focus on more complex security issues that require expertise and judgment.By optimizing time and resources,AI effectively adds capacity and skills.With improved insights,productivity,and economies of scale,organizations can adopt a more preventive and proactive security posture.Indeed,leading security AI adopters cut the time to detect incidents by one-third and the costs of data breaches by at least 18%.35 New capabilities are also emerging that automate management of compliance within a rapidly changing regulatory environment.The shift to AI security tools is consistent with how cybersecurity demand is changing.While the market for AI security products is expected to grow at a CAGR of nearly 22%over the next five years,providers are focusing on developing consolidated security software solutions.To facilitate better efficiency and governance,solution providers are rationalizing their toolsets and streamlining data analysis.36 This more holistic approach to security enhances visibility across the operations lifecyclesomething 53%of executives are expecting to gain from gen AI.AI-experienced partnersBusiness partners can also help close security skills gaps.Just as with the transition to cloud,partners can assist with assessing needs and managing security outcomes.Amid the ongoing security talent shortage thats exacerbated by a lack of AI skills,organizations are seeking partners that can facilitate training,knowledge sharing,and knowledge transfer(76%).They are also looking for gen AI partners to provide extensive support,maintenance,and customer service(82%).Finally,they are choosing partners that can guide them across the evolving legal and regulatory compliance landscape(75%).Part threeThe leadership dilemma generative AI requires what organizations have least22Executives are also in search of partners to help with strategy and investment decisions(see Figure 6).With around half(47%)saying they are uncertain about where and how much to invest,its no surprise that three-quarters(76%)want a partner to help build a compelling cost case with solid ROI.More than half also seek guidance on an overall strategy and roadmap.Q.How important are these when choosing a partner for your generative AI security needs?FIGURE 6Executives are turning to partners to help deliver and support generative AI security solutions.76%Helps us build a compelling cost case with solid ROI70%Spurs innovation and future readiness58%Offers guidance on our overall strategy and roadmapStrategy82%Offers extensive support,maintenance,and customer serviceOperational76%Offers training,knowledge sharing,and knowledge transfer75%Focuses on emerging guidelines around legal and regulatory compliance73%Enhances data privacy and security around generative AI solutionsExpertiseRisk®ulatory posture23Our results indicate that most organizations are turning to partners to enable generative AI for security.While many respondents are purchasing security products or solutions with gen AI capabilities,nearly two-thirds of their security generative AI capabilities are coming through some type of partnermanaged services,ecosystem/supplier,or hyperscaler(see Figure 7).Similar to cloud adoption,leaders are looking to partners for comprehensive security supportwhether thats informing and advising about generative AI or augmenting their delivery and support capabilities.Q.How are you enabling generative AI for security capabilities?Note:percentages do not add to 100%due to rounding.FIGURE 7More than 90%of security gen AI capabilities are coming from third-party products or partners.31 %Through a security product or solution(such as a security solution with embedded capabilities)21%Through a managed services provider(outsourcing)Through an ecosystem partner or other supplierThrough an infrastructure partner(such as AWS,Azure,and Google)Through an internally developed solution9%Q.How are you enabling generative AI for security capabilities?Note:Percentages do not add to 100%due to rounding.24 Whether just starting to experiment with generative AI,building models on your own,or somewhere in between,the following guidance can help organizations secure their AI pipeline.These recommendations are intended to be cross-functional,facilitating engagement across security,technology,and business domains.Part fourAction guide 01Assess Define an AI security strategy that aligns with the organizations overall AI strategy.Ask how your organization is using AI todayfor which use cases,in what applications,through which service providers,and serving which user cohorts.Once you answer these questions,then quantify the associated sources of risk.Evaluate the maturity of your core security capabilities,including infrastructure security,data security,identity and access management practices,threat detection and incident response,regulatory compliance,and software supply chain management.Identify where you must be better to support the demands of AI.Decide where partners can supplement and complement your security capabilities and define how responsibilities will be shared.Uncover security gaps in AI environments using risk assessment and threat modeling.Determine how policies and controls need to be updated to address emergent threat vectors driven by generative AI.02Implement Establish AI governance working with business units,risk,data,and security teams.Prioritize a secure-by-design approach across the ML and data pipeline to drive safe software development and implementation.Manage risk,controls,and trustworthiness of AI model providers and data sources.Secure AI training data in line with current data privacy and regulatory guidelines,and adopt new guidelines when published.Secure workforce,machine,and customer access to AI apps and subsystems from anywhere.2503Monitor Evaluate model vulnerabilities,prompt injection risks,and resiliency with adversarial testing.Perform regular security audits,penetration testing,and red-teaming exercises to identify and address potential vulnerabilities in the AI environment and connected apps.04Educate Review cyber hygiene practices and security ABCs(awareness,behaviors,and culture)across your organization.Conduct persona-based cybersecurity awareness activities and education,particularly as they relate to AI as a new threat surface.Target all stakeholders involved in the development,deployment,and use of AI models,including employees using AI-powered tools.26Clarke RodgersDirector,AWS Enterprise S SahaSenior Security Partner Solutions Architect,AWS AhluwaliaVice President and Global Managing PartnerIBM Consulting Cybersecurity S Kevin SkapinetzVice President,Strategy and Product ManagementIBM S ParhamGlobal Research Leader,Security and CIOIBM Institute for Business V contributorsHeather DeguzmanSenior Executive Marketing Manager,ContentAmazon Web S DoughertyProgram Director,Product Management,Emerging Security TechnologyIBM S GrayBrand and Content Strategy,SecurityIBM M HectorProduct Manager,Emerging Security TechnologyIBM S MassimiGlobal Principal,Cloud Security Services for AWS ConsultingIBM C MinaProgram Director,Product ManagementEmerging Security Technology and VenturesIBM S NagarajanGlobal Cyber Trust Partner,Portfolio LeaderIBM Consulting Cybersecurity S PrassinosSecurity CommunicationsIBM M TestermanManager,AI and Platform Product ManagementIBM C TummalapentaDistinguished Engineer and CTOMaster InventorIBM Consulting Cybersecurity S Institute for Business Value editorial and design teamSara Aboulsohn,Visual DesignerKris Biron,Visual DesignerJoanna Wilkins,Editorial Lead28Related reportsThe CEOs guide to generative AI:CybersecurityThe CEOs guide to generative AI:Cybersecurity.IBM Institute for Business Value.October 2023.https:/ibm.co/ceo-generative-ai-cybersecurityData security as business accelerator?Data security as business accelerator?The unsung hero driving competitive advantage.IBM Institute for Business Value and Amazon Web Services.June 2023.https:/ibm.co/data-securityAI and automation for cybersecurityAI and automation for cybersecurity:How leaders succeed by uniting technology and talent.IBM Institute for Business Value.June 2022.https:/ibm.co/ai-cybersecurityStudy methodology and approachIn Q3 2023,the IBM Institute for Business Value partnered with Oxford Economics to survey 200 executives about their generative AI security strategy and enablement.Respondents are based in the US and responsible for operations at either US-based organizations or multinational organizations with a significant US presence.Respondents include CEOs,CISOs,CIOs,and Chief Data Officers.Respondents were screened for several inclusion criteria.They indicated whether they are either moderately familiar or very familiar with generative AI.Respondent organizations are either in the piloting or implementation phases of generative AI.Respondents described their familiarity with their organizations security spending and investments as either“aware and consistently involved”or“working on projects and influencing investments.”Respondents represent the following industries:consumer banking,consumer products,energy and utilities,financial markets,government(federal),government(state/provincial),healthcare providers,industrial manufacturing(industrial products),insurance,IT services,life sciences/pharmaceuticals,manufacturing(non-industrial),oil and gas,retail,telecommuni-cations,transportation,and travel.About the AWS-IBM Security partnershipIBM is an AWS Premier Tier Consulting Partner,including three security competencies and a total of 16 AWS competencies across IBM Technology and IBM Consulting.Together,IBM and AWS bring fast,security-rich,open software capabilities to the cloud platform for more than one million customers every day.The power of cloud-native AWS capabilities,combined with 50 IBM solutions available on AWS Marketplace,enables clients to access AI-powered IBM Software with turnkey delivery and integration.For more information,visit https:/ Institute for Business ValueFor two decades,the IBM Institute for Business Value has served as the thought leadership think tank for IBM.What inspires us is producing research-backed,technology-informed strategic insights that help leaders make smarter business decisions.From our unique position at the intersection of business,technology,and society,we survey,interview,and engage with thousands of executives,consumers,and experts each year,synthesizing their perspectives into credible,inspiring,and actionable insights.To stay connected and informed,sign up to receive IBVs email newsletter at can also find us on LinkedIn at https:/ibm.co/ibv-linkedin.The right partner for a changing worldAt IBM,we collaborate with our clients,bringing together business insight,advanced research,and technology to give them a distinct advantage in todays rapidly changing environment.About Research InsightsResearch Insights are fact-based strategic insights for business executives on critical public-and private-sector issues.They are based on findings from analysis of our own primary research studies.For more information,contact the IBM Institute for Business Value at .30Notes and sources1 Britton,Mike.“Uncovering AI-Generated Email Attacks:Real-World Examples from 2023.”Abnormal Blog.December 19,2023.https:/ and Kathleen Magramo.“Finance worker pays out$25 million after video call with deepfake chief financial officer.”CNN.February 4,2024.https:/ bans use of A.I.like ChatGPT for employees after misuse of the chatbot.”CNBC.May 2,2023.https:/ X-Force Threat Intelligence Index 2024.IBM Security.February 2024.https:/ Sabin,Sam.“Generative AI puts GPU security in the spotlight.”Axios.March 22,2024.https:/ players set to shape the AI landscape in 2024.”Digitalis.March 2024.https:/ IBM Institute for Business Value survey of 2,500 global,cross-industry executives on AI adoption.2024.Unpublished data.5 Isola,Laurie.“How cybercriminals are using gen AI to scale their scams.”Okta Blog.January 4,2024.https:/ are creating a darker side to AI.”Cyber Magazine.October 24,2024.https:/ the World of AI Jailbreaks.”SlashNext Blog.September 12,2023.https:/ Prompts You Dont Want Employees Putting in Microsoft Copilot.”BleepingComputer.April 3,2024.https:/ of servers hacked in ongoing attack targeting Ray AI framework.”Ars Technica.March 27,2024.https:/ 2 of 10:Cybersecurity Architecture Fundamentals.”IBM Technology YouTube video.July 2023.https:/ an AI pipeline?”Squark Blog.Accessed April 11,2024.https:/ Attack Trends:How phishing attacks are becoming more sophisticated and harder to identify.”Darktrace Blog.March 20,2024.https:/ X-Force Threat Intelligence Index 2024.IBM Security.February 2024.https:/ Attack Trends:How phishing attacks are becoming more sophisticated and harder to identify.”Darktrace Blog.March 20,2024.https:/ McCurdy,Chris,Sholmi Kramer,Gerald Parham,and Jacob Dencik,PhD.Prosper in the cyber economy:Rethinking cyber risk for business transformation.November 2022.Unpublished data.12 Hector,Sam.“Mapping attacks on generative AI to business impact.”Security Intelligence.January 30,2024.https:/ Value(and Threat)of Generative AI for Security Teams.”AWS podcast.Accessed April 22,2024.https:/ The EU Artificial Intelligence Act website.Accessed April 11,2024.https:/artificialintelligenceact.eu/15 Ponomarov,Kostiantyn.“Global AI Regulations Tracker:Europe,Americas&Asia-Pacific Overview.”Legal Nodes.March 20,2024.https:/ Saner,Matt and Mike Lapidakis.“Securing generative AI:An introduction to the Generative AI Security Scoping Matrix.”AWS Security Blog.October 19,2023.https:/ Manral,Vishwas.“Generative AI:Proposed Shared Responsibility Model.”Cloud Security Alliance Blog.July 28,2023.https:/cloudsecurityalliance.org/blog/2023/07/28/generative-ai-proposed-shared-responsibility-model3118 Ibid.19 Salvin,Steve.“What managers should know about the secret threat of employees using shadow AI.”Fast Company.October 26,2023.https:/ Ibid.21 Ibid.22 Hector,Sam.“Mapping attacks on generative AI to business impact.”Security Intelligence.January 30,2024.https:/ Unveils Top Eight Cybersecurity Predictions for 2023-2024.”Gartner Newsroom.March 28,2023.https:/ Saner,Matt and Mike Lapidakis.“Securing generative AI:An introduction to the Generative AI Security Scoping Matrix.”AWS Security Blog.October 19,2023.https:/ Kerner,Sean Michael.“Exclusive:What will it take to secure gen AI?IBM has a few ideas.”VentureBeat.January 25,2024.https:/ MLSecOps:Industry calls for new measures to secure AI.”TechTarget News.September 13,2023.https:/ Web Services to Pharmatize Artificial Intelligence across the Life Sciences Industry.”EVERSANA news release.July 24,2023.https:/ Bedrock website.Accessed April 11,2024.https:/ Collaborates with AWS and TensorIoT to Automate the Regulatory Review Process.”AWS case study.Accessed April 12,2024.https:/ source large language models:Benefits,risks and types.”IBM Think Blog.September 27,2023.https:/ Javaheripi,Mojan and Sbastien Bubeck.“Phi-2:The surprising power of small language models.”Microsoft Research Blog.December 12,2023.https:/ AWS Trainium website.Accessed April 11,2024.https:/ IBM Institute for Business Value survey of 2,000 global executives responsible for supplier management,supplier sourcing,and ecosystem partner relationships.2023.Unpublished data.31 IBV C-suite Series.Turning data into value:How top Chief Data Officers deliver outsize results while spending less.IBM Institute for Business Value.March 2023.https:/ibm.co/c-suite-study-cdo 32 IBM Institute for Business Value survey of 2,000 global executives responsible for supplier management,supplier sourcing,and ecosystem partner relationships.2023.Unpublished data.33“What is responsible AI?”IBM website.Accessed April 11,2024.https:/ Suggests Growth in Enterprise Adoption of AI is Due to Widespread Deployment by Early Adopters,But Barriers Keep 40%in the Exploration and Experimentation Phases.”IBM Newsroom.January 10,2024.https:/ CEOs Need to Know About the Costs of Adopting GenAI.”Harvard Business Review.November 15,2023.https:/hbr.org/2023/11/what-ceos-need-to-know-about-the-costs-of-adopting-genai35 Fisher,Lisa and Gerald Parham.AI and automation for cybersecurity:How leaders succeed by uniting technology and talent.IBM Institute for Business Value.May 2022.https:/ibm.co/ai-cybersecurity36“Artificial Intelligence in Cybersecurity Market by Offering(Hardware,Solution,and Service),Security Type,Technology(ML,NLP,Context-Aware and Computer Vision),Application(IAM,DLP,and UTM),Vertical and Region Global Forecast to 2028.”Markets and Markets.December 2023.https:/ is a Cybersecurity Platform?”Trend Micro.Accessed April 11,2024.https:/ Copyright IBM Corporation 2024IBM Corporation New Orchard Road Armonk,NY 10504Produced in the United States of America|May 2024IBM,the IBM logo,and IBM X-Force are trademarks of International Business Machines Corp.,registered in many jurisdictions worldwide.Other product and service names might be trademarks of IBM or other companies.A current list of IBM trademarks is available on the web at“Copyright and trademark information”at: document is current as of the initial date of publication and may be changed by IBM at any time.Not all offerings are available in every country in which IBM operates.THE INFORMATION IN THIS DOCUMENT IS PROVIDED“AS IS”WITHOUT ANY WARRANTY,EXPRESS OR IMPLIED,INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT.IBM products are warranted according to the terms and conditions of the agreements under which they are provided.This report is intended for general guidance only.It is not intended to be a substitute for detailed research or the exercise of professional judgment.IBM shall not be responsible for any loss whatsoever sustained by any organization or person who relies on this publication.The data used in this report may be derived from third-party sources and IBM does not independently verify,validate or audit such data.The results from the use of such data are provided on an“as is”basis and IBM makes no representations or warranties,express or implied.2L73BYB4-USEN-01

6人已浏览 2024-05-09 35页 5星级

1A I R E A D I N E S S R E P O R T 2 0 2 4ii01AI Year in ReviewApply AIBuild AI Evaluate AI ConclusionMethodology41326384849IntroductionThe hype for generative AI has reached its peak.Developers continue to push the limits,exploring new frontiers with increasingly sophisticated models.At the same time,without a standardized blueprint,enterprises and governments are grappling with the risks vs.rewards that come with adopting AI.Thats why in our third edition of Scale Zeitgeist:AI Readiness Report,we focused on what it takes to transition from merely adopting AI to actively optimizing and evaluating it.To understand the state of AI development and adoption today,we surveyed more than 1,800 ML practitioners and leaders directly involved in building or applying AI solutions and interviewed dozens more.In other words,we removed responses from business leaders or executives who are not equipped to know or understand the challenges of AI adoption first-hand.Our findings show that of the 60%of respon-dents who have not yet adopted AI,security concerns and lack of expertise were the top two reasons holding them back.This finding seems to validate the“AI safety”narrative that dominates todays news.Among survey respondents who have adopted AI,many feel they lack the appro-priate benchmarks to effectively evaluate models.Specifically,48%of respondents referenced lacking security benchmarks,and 50sired industry-specific benchmarks.Additionally,while 79%of respondents cited improving operational efficiency as the key reason for adopting AI,only half are measuring the business impact of their AI initiatives.And while performance and reliability(each at 69%)were indicated as the top reasons for evaluating models,safety ranked lower(55%),running counter to popular narratives.This report presents expert insights from Scale and its partners across the ecosystem,including frontier AI companies,enterprises,and govern-ments.Whether you are developing your own models(building AI),leveraging existing foun-dation models(applying AI),or testing models(evaluating AI),there are actionable insights and best practices for everyone.Table of Contents0203“The rapid evolution of AI offers both immense opportunities and challenges.Embracing it responsibly,with robust infrastructure and rigorous evaluation protocols,unlocks the potential of AI while safeguarding against the risks,known and unknown.”Alexandr Wang,FO U N D E R&C E O,S CA L E0405Year in ReviewAdvancements in generative AI continued to accelerate in 2023.After the release of OpenAIs ChatGPT in November 2022,the platform reached an estimated 100 million users in just two months.In March 2023,OpenAI released GPT-4,a large language multimodal model that demon-strated human-level performance across industry benchmarks.Other model builders joined the launch party last year.Google launched Bard,initially running on the LaMDA model and replaced shortly after by PaLM 2(with improved domain-specific knowledge-including coding and math).Anthropic introduced Claude 2 in the summer with a 100K context window.A week later,Meta unveiled Llama 2 and Code Llama,and included model weights and code for the pretrained model.Google DeepMind closed out 2023 with the release of Gemini-repre-senting a significant improvement in performance as the first model to outperform human experts on the Massive Multitask Language Under-standing(MMLU)test.Newer open source model families like Falcon,Mixtral,and DBRX demonstrated the possibility for local inference while innovating on model architecture to use far less compute.This year,in March 2024,Anthropic launched the family of Claude 3 models,doubling the context window.Just a few days later,Cohere released their Command R generative model-designed for scalability and long context tasks.Frontier research underlies many of these model advancements.Some significant advancements include:1.Open AI achieved improvements in mathematical reasoning through rewarding chain-of-thought reasoning.Scale contributed to the creation of PRM800K,the full process supervision dataset released as part of this paper.2.Anthropic uncovered an approach for better model interpretabil-ity through analysis of feature activation compared to individual neurons.3.The Microsoft Research team discovered that a model with a smaller number of parameters relative to state-of-the-art models can demon-strate impressive performance on task-specific benchmarks when fine-tuned with high-quality textbook data.Generative AI continues to reshape our worldOrganizations applying AI are seeking to extract additional value by optimizing AI through prompt-en-gineering,fine-tuning models,and retrieval augmented generation(RAG).Despite the desire to optimize foun-dational models,65%of organizations use models out-of-the-box,43%of organizations fine-tune models and 38%use RAG.Fine-tuning can customize models for specific tasks or datasets,significantly enhancing their performance and accuracy on targeted applications.RAG further enhances this by dynamically incorporat-ing external information during the generation process,enabling the model to produce more relevant and con-textually rich outputs.Organizations reporting generative AI forced the creation of an AI strategy:Organizations planning to increase investment in commercial and closed-source models over the next three years:Organizations that consider AI to be very or highly critical to their business in the next three years:Organizations with no plans to work with generative AI:Organizations with generative AI models in production:20232024202320240607Do you customize generative AI models or use them out of the box?Key findings,2023 to 2024To illustrate the evolving landscape,we see the following changes as important trends in AI over the past year.Model preferences continue to evolve and remain a key decision for an organizations AI strategy.The largest increase in usage came from closed-source models with 86%of organizations using these models compared to 37%the year prior.This is likely due to a combi-nation of factors.Many organiza-tions have existing contracts with cloud service providers who in turn have partnerships with closed-source model developers,making usage of closed-source models easier.Many closed-source models also outperform open source models out-of-the-box.Despite that,open-source model usage still increased from 41%to 66%.This is likely due to the flexibility open-source models provide for fine-tun-ing and hosting.The smallest change in model preferences were organizations that trained their own models at 24%in 2024.Similar to last year,61%of orga-nizations stated improved oper-ational efficiency as the leading driver behind adopting generative AI.Improved customer experience came in second at 55%.Despite growing adoption,there are still a number of challenges that stall widespread use of generative AI.61%of respondents cited infrastructure,tooling,or out-of-the-box solutions not meeting their specific needs.Processes like RAG and fine-tuning introduce the complexity of integrat-ing external data sources in real-time,ensuring the relevance and accuracy of retrieved information,managing additional computation-al costs,and addressing potential biases or errors.Fine-tuning requires careful selection of data to avoid overfitting and ensuring models remain generalizable to new,unseen information.Proprietary data is a key ingredient to power performance enhance-ments for generative AI models.While Scales machine learning team proved how fine-tuning can enhance model capabilities,41%of organizations lack the ML expertise to execute the data transformations and measure and evaluate results to justify the initial investment.What positive outcomes have you seen from generative AI adoption?How do you work with generative AI models?0809What to Expect in 2024Increasingly Capable Foundation ModelsIn the coming year,we expect notable advancements in generative AI foundation models to continue.Models like Claude 3 have demonstrated improved performance on various benchmarks,such as scoring 86.8%on the MMLU dataset and 95.0%on the GSM8K math problem set,indicating enhanced capabilities in reasoning and problem-solving.We also expect to see the emergence of more sophisticated multimodal models that can seamlessly integrate and generate content across various modalities,including text,images,audio,and video as both inputs and outputs.As researchers continue to refine these models,we can also anticipate improvements in accuracy and reduced latency,making models more reliable and efficient.The size of these foundation models is also likely to grow,allowing them to capture and leverage even more knowledge and nuance from the vast amounts of data they are trained on.Expert Insight Will Power Performance ImprovementsHuman experts will play an increasingly crucial role in model advancements and evaluation.As models start to exhaust the corpus of general information widely available on the internet,models will require addi-tional data to improve their capabilities.While some organizations may look to replace human-generated data with synthetic data for training,models reliant on synthetic data can be susceptible to model collapse.A hybrid human and synthetic data approach can mitigate biases from synthetic data and still reflect nuanced human preferences.The domain-specific knowledge of experts allows them to provide data that captures the nuance,complexity,and diversity to supplement model training.Experts are also critical for testing and eval-uation alongside reinforcement learning from human feedback,with the knowledge to identify subtle errors,inconsistencies,or biases in order to provide reliable guidance to preferred model outputs.While experts are necessary to improve model capabili-ties,we anticipate organizations defining new roles that are centered around generative AI.Prompt engineers,machine learning researchers,and generative AI experts will collaborate with subject matter experts to ensure AI initiatives are successful.Generative AI will fundamentally change the nature of work.Evolving Proof-of-Concepts to Scaling Production DeploymentsImprovements in model performance and capabilities will motivate leaders to quickly iterate from proof-of-concepts to pilots to production deployments.More user friendly RAG and fine-tuning solutions will emerge as on-ramps to improve adoption so that organizations can more easily customize models.As start up costs taper,model effectiveness improves,and more robust evaluation strategies emerge,organizations will be able to more clearly capture and define return on invest-ment.Increasing Emphasis on Test&Evaluation PracticesNearly every major model release usurps a different leading model on various benchmarks.Enterprises will want to create their own evaluation methodology consisting of industry benchmarks,automated model metrics,and measures for return on investment to continuously evaluate their preferred model.As model capabilities grow,model builders will place more importance on guardrails,steerability,safety,security,and transparency.Public sector institutions now must consider the White Houses OMB Policy and test and evaluate AI systems to ensure that AI is safe.MathMultivariate CalculusApplying Gradient TheoremCreative WritingMetaphorical StoriesLyrical SonnetsScienceBiologyGenetic ExpressionCodingDebuggingCode OptimizationEvolution of generative AI capabilities:domain and functional capabilities are rapidly growing1011Apply AI12131213Adoption TrendsIn a world where innovation moves at the speed of thought,generative AI has emerged as a transformative force.En-terprises and governments are deploying resources,capital,and teams to not just embed models into business processes,but also transform the paradigm of industry operations.This section highlights trends in enter-prise AI,including stages of adoption,model preferences,and investment themes for model categories.Well also dig into leading enterprise AI use-cases,the challenges behind AI adoption,and uncover the barriers that prevent organi-zations from using AI.Which of the following describes how your company works with generative AI models?1415The Evolution of AI Adoption22%of organizations have one model in production with 27%of total respondents reporting multiple models in production.Deploying multiple generative AI models in production allows orga-nizations to leverage specialized capabilities,avoid vendor lock-in,and scale multiple use-cases.By comparing performance across models and maintaining flexibility,businesses can adapt to evolving requirements while mitigating risks associated with relying on a single model.The growing number of models in production reflects the progression of proof-of-concepts to production deployments.49%of organizations are still either evaluating use cases or develop-ing the first model or application.Many organizations are increasingly dedicating time to evaluating use cases to ensure alignment with business objectives.Thorough use case evaluation allows companies to identify applications with high ROI potential,assess feasibility and risk,and prioritize implementation efforts.25%Plan on working with generative AI models 33%Experimented with generative AI models 25%Evaluating use cases 26veloping the first model/application22%One model/application deployed to production27%Multiple models/applications deployed to productionApplication and model develop-ment follows use case selection.Deploying generative AI in an enterprise setting involves a multi-step process,including data preparation and pre-processing,model selection and architecture design,hyperparameter tuning and training,API development for integration,monitoring feedback,and test and evaluation.Technical organizations are ahead of the curve with genera-tive AI adoption.Software and internet companies are leading the pack with 48%of organizations reporting generative AI models in production.Conversely,only 24%of government and defense entities have generative AI models in pro-duction.4%No plans to work with generative AI models38%Generative AI models in productionWhat is the current stage of your AI/ML project?No model deployed to productionOne or more models deployedWhich generative AI models do you work with?1617Our respondents indicate that their preferred model is the latest version of OpenAI GPT-4 with 58%of enter-prises using the latest version and 44%of enterprises using GPT-3.5.Trailing closely behind,39%of enterprises use Google Gemini.Theres a notable drop-off in model selection following these three models with OpenAI GPT-3 at 26%.Model Preferences Model selection is critical for generative AI devel-opment,as it determines the systems performance,scalability,and alignment with specific task require-ments,data characteristics,computational resources,and trade-offs between model complexity and inference speed.Organizations also evaluate model selection through cost trade-offs-comparing investments tied to infrastructure,managed services,and per token inputs and outputs.OpenAI is overwhelmingly the preferred model vendor.Virality and the ongoing rollout of advanced features positioned OpenAI as the preferred model vendor even as other models demonstrate com-parable performance.Note-at the time of the survey,Claude 3,Grok,and DallE3 were not released and thus not included in the survey.How does your company plan on investing in generative AI over the next 3 years?In which ways has your company implemented AI?1819Model Investment Just as the leading preferred models are closed-source commercial models,planned investments in these categories of models reflect usage trends.72%of organizations plan to increase investments in commercial closed-source models.A lower percentage of organiza-tions plan to invest in open-source models at 67%.While open-source models provide organiza-tions with greater control,many leading commercial closed-source models are closely tied to leading cloud-service providers.Enter-prises can draw down from cloud spend commitments through use of partner models(e.g.,Amazon and Anthropic,Microsoft and Open AI).Last year,organizations referenced the ability to develop new products or services as the leading reason to adopt generative AI.This year,improved operational efficiency is the key driver behind adopting generative AI.Generative AI use cases reflect this shift in priorities.The leading use-cases for generative AI adoption are computer program-ming and content generation.Deploying and Customizing AI Use CasesCoding copilots are becoming mainstream with technical users being early adopters of solutions like GitHub Copilot,CodeLlama,and Devin.Model vendors have responded to demand for content generation with prompt templates that guide users to effective content creation questions for functions including Marketing,Product Man-agement,and Public Relations.Organizations can optimize genera-tive AI models for specific use cases through the following techniques:Prompt-engineering-guiding the models output through carefully crafted input prompts Fine-tuning-training the model on domain-specific data Retrieval-Augmented Generation(RAG)-enhancing the models knowledge by integrating infor-mation from external sources during the generation process.Teams are likely to maximize their AI investments by adopting these techniques.For organizations that already fine-tune their own models,39%saw improved performance on domain-specific tasks compared to out-of-the-box models.2021“With fine-tuning,theres always the issue of data that we fine-tune on and compute.We can address hallucination and bias with better data.Frequency of fine-tuning helps but its an expensive procedure,most of the work that happens is on the data-side.Were always on the search for more volume of data and better annotations.”Mohammed Minhaas,DATA E N G I N E E R2223Barriers to AI Adoption and ImplementationDespite rapid advancements in the field,organizations still face challeng-es with AI implementation.61%of organizations specified that infra-structure,tooling,or out-of-the-box solutions dont meet their needs.Insufficient tooling for tasks such as data preparation,model training,and deployment,combined with the lack of standardized frameworks for integrating generative AI into existing systems,can hinder the scalability and efficiency of AI implementations,leading to increased complexity and higher costs.54%of organizations struggle with insufficient budget.Finding a home on the balance sheet for new gener-ative AI projects limits the pace of adoption.52%also have concerns about data privacy.Fine-tuning can use vast amounts of potentially sensitive training data.The risk of data breaches,unauthorized access,or misuse of personal information during the data collection,storage,and processing stages can expose organizations to legal liabilities and reputational damage,particularly in industries with stringent data protec-tion regulations.For example,certain health and human service providers must ensure their AI models abide by federal non-discrimination laws and privacy laws.Beyond these obstacles,organiza-tions grapple with how to effectively employ fine-tuning and RAG tech-niques.32%of organizations pinpoint evaluating performance as the top obstacle to fine-tuning,with 31%of respondents citing data transforma-tion as an issue.Similarly,the leading challenge for employing RAG is evaluating performance,as stated by 28%of respondents.Some organizations are still not adopting AI.Most organizations have not adopted AI due to data and security concerns(28%)or a lack of expertise(26%).Other initiatives that take priority was the leading reason software and internet companies did not adopt AI.Overcoming privacy and security concerns will require organizations to implement test and evaluation protocols to ensure that models are safe to use.79%of organizations assert that they already test or evaluate(T&E)models.Participants responded that the leading reason for T&E was to measure performance and reliabili-ty-both at 67%.The leading reason for evaluation was to measure business impact(59%of respon-dents).While 42%of respondents used benchmarks to evaluate model performance,there are still short-comings in existing benchmarks.Specifically,48%of respondents referenced lacking security bench-marks and 50%of respondents cited missing industry specific bench-marks.Instead,to address safety and reliability of generative models,56%of organizations use industry standards by following leaderboards for public benchmarks.The adoption of generative AI in enterprise organizations presents both opportunities and chal-lenges.Careful model selection,fine-tuning,prompt-engineering,and data augmentation techniques are essential for optimizing per-formance and tailoring models to specific use cases.However,enter-prises must also navigate complex challenges related to infrastructure,tooling,data security,privacy,and safety.Addressing these concerns requires significant investment in data management,model transpar-ency,and governance frameworks to ensure responsible and effective deployment.What are the top challenges in implementing AI technologies at your company?If you have not yet adopted AI,why have you not adopted it?2425“RAG aims to address a key challenge with LLMs-while they are very creative,they lack factual understanding of the world and struggle to explain their reasoning.RAG tackles this by connecting LLMs to known data sources,like a banks general ledger,using vector search on a database.This augments the LLM prompts with relevant facts.However,implementing RAG presents its own challenges.It requires creating and maintaining the external data connection,setting up a fast vector database,and designing vector representations of the data for efficient search.Companies need to consider if they require a purpose-built database optimized for vector search.Keeping this vectorized representation of truth up-to-date is tricky.As the underlying data sources change over time and users ask new questions,the vector database needs to evolve as well.Deciding if and how to incorporate user assumptions into the vector representations is a philosophical question that also has practical implications for implementation.The industry is still grappling with how to design RAG systems that can continually improve over time.”Jon Barker,C U STO M E R E N G I N E E R,G O O G L E2726Build AIPushing the Boundaries:AIs Rapid Advancement Across Domains As highlighted in the Year In Review section of this report,weve seen a significant leap in model capabilities in the past year.The latest models have revolutionized programming,writing clean,efficient code from natural language prompts with an almost human-like understanding of intent.But the advancements dont stop there.Were not far away from a world where AI agents effortlessly communicate across language barriers,solve complex mathematical equations,explain scientific concepts,and even make new discoveries.Moreover,AI is rapidly advancing in its ability to perceive and generate content across multiple modalities,including text,images,audio,and video.2829The race between leaders like OpenAI,Anthropic,Google,Meta,and others is driving the rapid advancement of foun-dation models.Each lab is pushing the boundaries of whats possible,releasing new models that leapfrog the capabilities of predecessors.However,the pace of releases is not constant.The survey data reveals that it typically takes companies three to six months to develop a model and deploy it to production.For the top labs,major releases are often spaced six to nine months apart,waiting until achieving a significant step-change in performance before unveiling a new model.We expect this six to nine month release cadence to continue over the coming year.However,the pace could decelerate as organizations encounter data limita-tions and struggle to achieve meaningful improvements over current models performance.The following sections will explore the key pillars needed to build effective models,including model architecture innovations,computational resource trends,and the high-quality data imper-ative.Well also discuss future invest-ments and priorities in the AI landscape providing insights into the advance-ments shaping the future of AI.The key pillars of effective AI models Developing industry-leading AI requires a combination of:THOUGHTFUL MODEL ARCHITECTURES VAST COMPUTATIONAL RESOURCES CAREFULLY CURATED DATASETS 2002220232024PaLM ImagenOPT-175BMed-PaLM BardClaude 1LLaMAPaLM 2Claude 3Segment Anything GeminiClaude Instant BERT MetaOpen AIGoogleAnthropicGPT-2RoBERTaBlenderBotGPT-3CLIPDALL-ECODEXDALL-E-2WhisperPaLM-SayCanChatGPTGalacticaGPT-4Claude 2InstructGPTConstitutional AICodeyMinervaTimeline of Model Releases3031Model ArchitectureNew neural network designs and techniques are enabling the development of larger,more capable models that can tackle increasingly complex tasks.One new promising approach is the use of sparse expert models,which allows for efficient training of massive networks by activating only relevant subsets of neurons for each input.This enables models to spe-cialize in different domains while still maintaining the ability to generalize across tasks.Recent open-source models like Falcon,Mixtral,and DBRX demonstrate the potential of these architectures,scoring high on performance benchmarks with significantly fewer pa-rameters and computational resources when compared to traditional models.Similarly,AI21 Labs Grok model showcases the power of sparse expert models in natural language processing,excelling across a wide range of language tasks while maintaining high efficiency.Key challenges in training and developing advanced AI models.Computational Resources TrendsDemand for compute continues to grow,with model training requiring huge clusters of specialized accelera-tors like GPUs and TPUs.However,the industry is un-dergoing a significant shift away from traditional CPUs towards these accelerator architectures optimized for AI workloads.This transition brings significant chal-lenges in terms of infrastructure,tooling,and resource management.The survey highlights the magnitude of this shift,with over 48%of respondents rating compute resource man-agement as“most challenging”or“very challenging”.“CPUs consume about 80%of IT workloads today.GPUs consume about 20%.Thats going to flip in the short term,meaning 3 to 5 years.Many industry leaders that Ive talked to at Google and elsewhere believe that in 3 to 5 years,80%of IT workloads will be running on some type of architec-ture that is not CPU,but rather some type of chip architec-ture like a GPU.”-Jon Barker,Customer Engineer,GoogleThis rapid transition towards more costly GPU and TPU-centric workloads presents a number of chal-lenges.While these accelerators offer unparalleled performance for AI tasks,they also require a different programming model,tooling ecosystem,and set of optimization techniques compared to tradition-al CPU-based workloads.Further,large models are usually trained across many accelerators and distribut-ed across many machines in parallel,requiring complex orchestration frameworks.To address these challenges,PyTorch introduced the Fully Shared Data Parallel(FSDP).FSDP is a data parallelism paradigm that shards model parameters,gradients,and optimizer states across data-parallel workers,enabling more efficient memory usage and training of larger models.In addition to the challenge of compute resource management,model builders also face obstacles due to a lack of suitable tools and frameworks.38%of respondents indicated that the absence of AI-spe-cific libraries,frameworks,and platforms is a major challenge holding back their AI projects.These tools are crucial for abstracting away the complexities of distributed computing and accelerator programming,allowing researchers to focus on model development and experimentation.3233Unlocking AI Potential:Domain-Specific,Human-Generated DatasetsData is the fuel that powers AI models,and the quality,quantity,and diversity of that data is critical to building effective,unbiased systems.The survey results highlight the importance of high-quality datasets,with labeling quality as the top challenge in preparing data for training models.Obtaining extremely high-quality labels while minimizing the time required to get that labeled data is a significant hurdle for model builders.This highlights the need for efficient data labeling processes and tools that can maintain high standards while expediting the labeling process.Large,web-scraped datasets have been instrumental in pre-training foundation models.The next leap in capabilities will require more targeted,domain-specific data that captures the nuances and edge cases that only human experts can provide.The advent of generative AI and large language models(LLMs)has fundamentally changed what it means to create high-quality training and evaluation data.For open-ended use cases,such as question answering,coding,and agentic use cases,ad-vancements in AI capabilities will be bottlenecked by the supervision we can feed into these models.Even if you train long enough with enough GPUs,youll get similar results with any modern model.Its not about the model,its about the data that it was trained with.The difference between performance is the volume and quality of data,especially human feedback data.You absolutely need it.That will determine your success.-Ashiqur Rahman,Machine Learning Researcher,Kimberly-ClarkHuman-labeled data plays a critical role in aligning models with user preferences and real-world requirements.Techniques like reinforcement learning from human feedback(RLHF)can help guide models towards desired behaviors and outputs,but they require a steady stream of high-quality,human-generated labels and rankings.Future Investments&Priorities69%of respondents rely on unstructured data like text,images,audio,and video to train their models.However,data quality emerges as the top challenge in acquiring training data,ranked as the largest obstacle by 35%of respondents.To address this,55%of organizations are leveraging internal labeling teams,while 50%engage specialized data labeling services and 29%leverage crowdsourcing.Organizations are scaling their annotation efforts with managed labeling services,with 40%of users receiving high-quality labeled data within one week to one month.Managed labeling services allow companies to scale up labeling operations,reduce overhead,and access expert annotators on-demand.Managed labeling services also handle project management,quality assurance,annotator recruiting,and increasingly offer specialized expertise in areas like coding,mathematics,and languages.Common approaches for data annotation.Top challenges in preparing high-quality training data for AI models.3435The demand for specific types of Scales Data Streams provides insights into the priorities and use cases driving AI development.Among the most sought-after Data Streams are:1.Coding,Reasoning,and Precise Instruction Following2.Languages3.Multimodal DataGoing forward,we expect to see increased adoption of human-in-the-loop pipelines that leverage subject matter experts to refine model outputs and provide targeted feedback.This creates a virtuous“data flywheel”effect,where model usage results in new high-quality training data for continuous improvement.Multimodal data collection spanning text,speech,images,and video will also be a key priority as organiza-tions seek to build AI systems that can perceive,reason and interact more naturally.One new notable trend is the acquisition of proprietary data from platforms like Reddit,as exemplified by the recent multi-year data partnership between Reddit and Google.This deal,reportedly valued at$60 million per year,emphasizes the value placed on unique,hu-man-generated content for training the next generation of models.However,simply acquiring vast amounts of data is not enough.To truly stay ahead of the curve,organizations must also invest in robust human-in-the-loop(HITL)pipelines that can process and label data across an ever-expanding range of modalities.As AI systems become more sophisticated,they will require not just text,but also speech,images,video,and even more complex data types like 3D scenes and sensor data.Moreover,the rise of reinforcement learning from human feedback(RLHF)has fundamentally changed how models are evaluated.RLHF requires“on-policy”human supervision,where human raters provide feedback on the actual outputs generated by the model during the training process.Additionally,traditional evaluation methods that rely on fixed sets of labels are no longer sufficient.Instead,organizations must conduct side-by-side comparisons of their old and new model responses across a large number of prompts before each release.This approach captures the nuances and edge cases that emerge as models become more sophisticated and ensures that improvements are aligned with user expectations.Building scalable labeling programs that address mul-timodal capabilities is a critical challenge for model builders.It will require a combination of advanced tooling,specialized annotator training,and close collaboration between domain experts and machine learning teams.Managed labeling services with expertise across a wide range of modalities will be increasingly sought after to help organizations navigate this complex landscape.By fusing diverse input modalities and investing in hu-man-in-the-loop pipelines,models can develop richer,more contextual representations that mirror how humans process information and engage with their en-vironments.Organizations that can effectively harness multimodal data and scale their labeling capabilities will be well-positioned to unlock new frontiers in AI.HUMAN FEEDBACKDATAMODEL TRAINING&OUTPUTData Flywheel3637Evaluate AIEvaluating Model PerformanceEvaluation critera for models in useAs foundation models grow in capability and impact,compre-hensive model evaluation has become paramount whether you are building or applying models.In contrast to common headlines,assessing foundation models is not just about safety.In fact,perfor-mance,reliability,and security were indicated as the top three reasons survey respondents evaluate models-with safety ranking as a lower priority.Despite this focus on evalua-tion,developing robust evalua-tion frameworks is an evolving challenge.Models must be assessed holistically,accounting for perfor-mance on real-world use cases as well as potential risks.Traditional academic benchmarks are generally not representative of production scenarios,and models have been overfitted to these existing bench-marks due to their presence in the public domain.Leading or-ganizations are moving towards comprehensive private test suites that probe model behavior across diverse domains and capabilities.Universally agreed upon 3rd party benchmarks are crucial for objec-tively evaluating and comparing the performance of large language models.Researchers,develop-ers,and users can select models based on standardized transparent metrics.68%Reliability 67%Performance62%Security 54%Safety 6%N/A383987%Model builders who apply AI indicated that they evaluate models or applications.72%Enterprises who apply AI indicated that they evaluate models or applications.To understand current evaluation practices,the survey asked respondents how they measure model performance.The top approaches are illustrated in the figure,left.The data shows that automated model metrics and human preference ranking are the fastest ways to identify issues,with over 70%of respondents discov-ering problems within one week.This highlights the value of quantitative and qualitative evaluation approaches to rapidly surface model performance problems.The prevalence of human evaluations is notable(41%),reflecting the importance of subjective judgments in assessing generative outputs.Techniques like preference ranking,where human raters compare model samples,can capture nuanced quality distinctions.The survey results suggest that a multi-faceted evaluation strategy is necessary,as no single approach dominates.While automated metrics and business impact assessments are widely used,the data indicates the need to incorporate a variety of quantitative and qualitative techniques to compre-hensively evaluate models.When asked why they conduct model evaluations,69%of respondents selected performance,another 69%selected reli-ability and 63%selected security as main objectives.Stress testing models is an important defense against failure modes such as hallucination and bias.Evaluation practices for model performance.4041Techniques like red teaming,where expert testers try to elicit unsafe behaviors,can surface vulnerabilities.Careful prompt engineering can also help assess models resilience against malicious prompts or out-of-distribution inputs.The results highlight the importance of con-tinuous monitoring,as models can degrade or exhibit new issues over time.Over 40%of re-spondents evaluate their models following any changes or prior to major releases,highlighting the shift towards a continuous evaluation that goes beyond one-time assessments.While model evaluation plays a crucial role in measuring AI performance,leaders responsible for applying AI in their organizations must also initiatives also need to demonstrate tangible business outcomes.Almost half of respondents evaluate models based on their direct impact on KPIs like operational efficiency or customer satisfaction.Grounding evaluations in down-stream outcomes ensures that models are not just technically proficient but actually valuable in practice.4243“Evaluating generative AI performance is complex due to evolving benchmarks,data drift,model versioning,and the need to coordinate across diverse teams.The key question is how the model performs on specific data and use cases.Centralized oversight of the data flow is essential for effective model evaluation and risk management in order to achieve high acceptance rates from developers and other stakeholders.”Babar Bhatti,I B M,A I C U STO M E R S U C C E S S L E A DChallenges with model evaluation todayDespite progress,many gaps remain in current model evaluation practices.Performance and usability benchmarks are critical to ensure models meet rising user expectations while vertical-specific standards will be key as AI permeates different sectors.Industry groups like the National Institute of Standards and Technology(NIST)are working to define comprehensive evaluation standards.Scales Safety,Evaluations,and Analysis Lab(SEAL)is also working to develop robust evaluation frameworks.The data reveals room for improvement in measuring the business impact of AI models.For key outcomes like revenue,profitability,and strategic decision-mak-ing,only half of the organizations are assessing business impact.This represents an opportunity for enterprises to more clearly link model performance to tangible business results,ensuring that AI investments are delivering real value.Model evaluation challenges:gaps in benchmarking for model builders and enterprises applying AI4445Evaluating AI Systems in ProductionRobust evaluation practices are essential not just during model development,but also when deploying and monitoring AI systems in real-world production environments.The survey highlights how both model builders and en-terprises are investing in evaluation capabilities.On the“Build”side,organizations recognize the importance of comprehensive evaluations and employ a combination of internal dashboards and external platforms to gain a holistic understanding of model performance.46%of organizations have internal teams with dedicated test and evaluation platforms,while 64%leverage internal proprietary platforms.Adoption of third-party evaluation consultancies(23%)and platforms(40%)is also prevalent,demonstrating the value of external expertise and tools in the evaluation process.For enterprises focused on“Applying”AI,the invest-ment patterns are similar but with a blend of internal and external solutions.42%have internal teams using external evaluation platforms,49%use proprietary internal platforms,38opt third-party platforms and 21%engage external consultants.These results underscore the complexity of validating AI system performance,safety,and alignment with re-al-world operating conditions and business objectives.Effective evaluation requires a blend of skilled in-house teams,robust tools and frameworks,and external spe-cialist support.Looking ahead,evaluation methodology must evolve in lockstep with AI capabilities.Multidisciplinary research at the intersection of machine learning,software engi-neering,and social science is needed to define rigorous standards.Scalable infrastructure for human-in-the-loop evaluation pipelines will also be critical.With sustained effort and investment,the industry can build generative models that are not only powerful but truly reliable and beneficial.Practices for evaluating AI systems in production“As AI systems become more advanced and influential,its crucial that we prioritize AI safety.The rapid progress in large language models and generative AI is both awe-in-spiring and sobering-while these technologies could help solve some of humanitys greatest challenges,they also pose catastrophic risks if developed without sufficient safeguards.At the Center for AI Safety,our research focuses on the important problem of AI safety:mitigating the various risks posed by AI systems.We also need proactive governance strategies to navigate the high-stakes landscape of powerful AI,including estab-lishing international cooperation,safety standards,and regulatory oversight.While the era of advanced AI presents tremendous potential,we must not underestimate the risks and challenges ahead.Its crucial that the AI community comes together to prioritize safety,so we can chart a course towards a future where AI is a profound positive force for the world.”Dan Hendrycks,C E N T E R FO R A I SA F E T Y (C A I S)4647Whether you are building or applying AI,model optimization and evaluation is key to unlock performance and ROI.The pace of innovation for generative AI continues to accelerate.While the 2023 AI Readiness Report focused on how enterprises could adopt AI,this years report examined challenges and best practices to apply,build,and evaluate AI.The two most significant trends to emerge in our analysis are:1.The growing need for model eval-uation frameworks and private benchmarks 2.The continued challenges of optimizing models for specific use cases without sufficient tooling for data preparation,model training,and deploy-ment.At Scale,our mission is to accelerate the develop-ment of AI applications.The Scale Zeitgeist:AI Readiness Report supports that mission.We will continue to shed light on the latest trends,challenges,and what it really takes to build,apply,and evaluate AI.About ScaleScale is fueling the generative AI revolu-tion.Built on a foundation of high-quality data and expert insight,Scale powers the worlds most advanced models.Our years of deep partnership with every major model builder enables our platform to empower any organization to apply and evaluate AIMethodologyThis survey was conducted online within the United States by Scale AI from February 20,2024,to March 29,2024.We received 2,302 responses from ML prac-titioners(e.g.,ML engineers,data scientists,devel-opment operations,etc.)and leaders involved with AI in their companies.Participants who reported no involvement in AI or ML projects were excluded from the dataset,resulting in a final sample size of 1800 respondents.A quarter of the respondents identified themselves as belonging to the Software and Internet/Telecommu-nications industry(28%),with the Financial Services/Insurance Industry following closely behind at 15%.Business Services accounted for 7%,while the Gov-ernment and Defense Industry represented 4%of the respondents.Among these industries,a majority of respondents specified their employment within the Information Technology department(33%).In terms of seniority within their organizations,nearly a quarter of respondents(24%)identified themselves as Team Leads,22%as department heads,and 5%as owners.Sixty-six percent (66%)of respondents report involvement in AI model application and customization(applying AI),while 34%are directly engaged in de-veloping foundational generative AI models(building AI).Consequently,a significant portion of respondents(46%)represent organizations at an advanced stage of AI/ML adoption,with one to multiple models deployed to production and undergoing regular retraining.Approximately 26%are in the process of developing their inaugural model,while 23%are in the phase of evaluating potential use cases,underscoring the significance and enthu-siasm for AI/ML project development.Conclusion

17人已浏览 2024-05-08 25页 5星级

Zscaler ThreatLabz 2024 AI Security ReportThe AI revolution has arrived.Discover key trends,risks,and best practices in enterprise AI adoption,with insights into AI-driven threats and key strategies to defend against them.2024 Zscaler,Inc.All rights reserved.2024 Zscaler,Inc.All rights reserved.2024 Zscaler,Inc.All rights reserved.02ZSCALER THREATLABZ REPORT 2024Contents03 Executive Summary04 Key Findings05 Key GenAI and ML Usage Trends05 AI transactions continue to accelerate06 Enterprises are blocking more AI transactions than ever07 Industry AI breakdown09 Healthcare and AI10 Finance11 Government12 Manufacturing13 Education and AI14 ChatGPT usage trends15 AI usage by country Regional breakdown:EMEA Regional breakdown:APAC18 Enterprise AI Risk and Real-World Threat Scenarios18 Enabling AI in the enterprise:top 3 risks20 AI-driven threat scenarios AI impersonation:deepfakes,misinformation,and more21 AI-generated phishing campaigns From query to crime:creating a phishing login page using ChatGPT22 Dark chatbots:uncovering WormGPT and FraudGPT on the dark web23 AI-driven malware and ransomware across the attack chain24 AI worm attacks and“viral”AI jailbreaking25 AI and US elections26 All Eyes on AI Regulations26 United States27 European Union28 AI Threat Predictions31 Case Study:How to Securely Enable ChatGPT in the Enterprise31 5 Steps to integrate and secure generative AI tools33 How Zscaler Delivers AI Zero Trust and Secures Generative AI33 The key to AI-driven cybersecurity:high-quality data at scale34 Leveraging AI across the attack chain35 Summary of Zscalers AI-infused offerings36 Enabling the enterprise AI transition:the control is in your hands37 Appendix37 ThreatLabz research methodology37 About Zscaler ThreatLabz2024 Zscaler,Inc.All rights reserved.03ZSCALER THREATLABZ REPORT 2024Executive SummaryAI is more than a pioneering innovationits now business as usual.As generative AI tools like ChatGPT transform business in large and small ways,AI is being woven deep into the fabric of enterprise life.However,questions about how to securely adopt these AI tools while defending against AI-driven threats are not settled.Enterprises are rapidly adopting AI and ML tools across departments like engineering,IT marketing,finance,customer success,and more.Yet,they must balance the numerous risks that come with AI tools to reap their fullest rewards.Indeed,to unlock the transformative potential of AI,enterprises must enable secure controls to protect their data,prevent the leakage of sensitive information,mitigate Shadow AI sprawl,and ensure the quality of AI data.These AI risks to enterprises are bidirectional:outside enterprise walls,AI has become a driving force for cyberthreats.Indeed,AI tools are allowing cybercriminals and nation state-sponsored threat actors to launch sophisticated attacks,more quickly,and at greater scale.Despite this,AI holds promise as a key piece of the cyber defense puzzle as enterprises grapple with a dynamic threat landscape.The ThreatLabz 2024 AI Security Report offers key insights into these critical AI challenges and opportunities.Drawing on more than 18 billion transactions from April 2023 to January 2024 across the Zscaler Zero Trust Exchange,ThreatLabz analyzed how enterprises are using AI and ML tools today.These insights reveal key trends across business sectors and geographies in how enterprises are adapting to the shifting AI landscape and securing their AI tools.Throughout,youll find insights into top-of-mind AI topics including business risk,AI-driven threat scenarios and adversary tactics,regulatory considerations,and predictions for the AI landscape in 2024 and beyond.Just as critically,this report offers best practices on two fronts:how enterprises can securely embrace generative AI transformation while protecting critical data,and how AI-powered tools are working to deliver layered,zero trust security to face the new landscape of AI-driven threats.2024 Zscaler,Inc.All rights reserved.04ZSCALER THREATLABZ REPORT 2024Key FindingsNOTE:The Zscaler Zero Trust Exchange tracks ChatGPT transactions independently from other OpenAI transactions at large.AI/ML tool usage skyrocketed by 594.82%,rising from 521 million AI/ML-driven transactions in April 2023 to 3.1 billion monthly by January 2024.The most widely used AI applications by transaction volume are ChatGPT,Drift,OpenAI*,Writer,and LivePerson.The top three blocked applications by transaction volume are ChatGPT,OpenAI,and F.The top 5 countries generating the most AI and ML transactions are the US,India,the UK,Australia,and Japan.Enterprises are sending significant volumes of data to AI tools,with a total of 569 TB exchanged between AI/ML applications between September 2023 and January 2024.AI is empowering threat actors in unprecedented ways,including for AI-driven phishing campaigns,deepfakes and social engineering attacks,polymorphic ransomware,enterprise attack surface discovery,automated exploit generation,and more.Enterprises are blocking 18.5%of all AI/ML transactionsa 577%increase in blocked transactions over nine monthsreflecting growing concerns around AI data security and companies reluctance to establish AI policies.Manufacturing generates the most AI traffic with 20.9%of all AI/ML transactions in the Zscaler cloud,followed by Finance and Insurance(19.9%)and Services(16.8%).ChatGPT usage continues to soar,with 634.1%growth,even though it is also the most-blocked AI application by enterprises,based on Zscaler cloud insights.2024 Zscaler,Inc.All rights reserved.05ZSCALER THREATLABZ REPORT 2024Key GenAI and ML Usage TrendsAI transactions continue to accelerateFrom April 2023 to January 2024,enterprise AI and ML transactions grew by nearly 600%,rising to more than 3 billion monthly transactions across the Zero Trust Exchange in January.This underscores the fact that,despite a rising number of security incidents and data risks associated with enterprise AI adoption,its transformative potential is too great to ignore.Note that while AI transactions saw a brief lull over the December holidays,transactions continued at an even greater pace at the start of 2024.Even as AI applications proliferate,however,the majority of AI transactions are being driven by a relatively small set of market-leading AI tools.Overall,ChatGPT accounts for more than half of all AI and ML transactions,while the OpenAI application itself comes in third place,with 7.82%of all transactions.Meanwhile,Drift,the popular AI-powered chatbot,generated nearly one-fifth of enterprise AI traffic(the LivePerson and BoldChat Enterprise chatbots also breached the top apps in spots 5 and 6).Meanwhile,Writer remains a favored generative AI tool in the creation of written enterprise content,such as marketing materials.Finally,Otter,an AI transcription tool often used in video calls,drives a significant portion of AI traffic.4000M3000M2000M1000M0MMayJulSepMonthTransactionsNovJanChatGPTDriftOpenAIWriterLivePersonBoldChat EnterprisesOtter AI52.23.51%7.82%3.86%2.78%2.06%1.29%AI and ML Transaction TrendsTop AI ApplicationsThe enterprise AI revolution is far from its peak.Enterprise AI transactions have surged by nearly 600%and show no signs of slowing.Still,blocked transactions to AI apps have also risen by 577%.FIGURE 1 AI transactions from April 2023 to January 2024FIGURE 2 Top AI applications by transaction volume2024 Zscaler,Inc.All rights reserved.06ZSCALER THREATLABZ REPORT 2024Meanwhile,the volumes of data that enterprises send and receive from AI tools adds nuance to these trends.Hugging Face,the open-source AI developer platform often described as“the GitHub of AI,”accounts for nearly 60%of enterprise data transferred by AI tools.Since Hugging Face allows users to host and train AI models,it makes sense that it captures significant data volumes from enterprise users.While ChatGPT and OpenAI make expected appearances on this list,two notable additions are Veedan AI video editor often used to add subtitles,imagery,and other text to videosand Fotor,a tool used to generate AI images,among other uses.Since videos and images entail large file sizes compared to other kinds of requests,its not surprising to see these two applications represented.Enterprises are blocking more AI transactions than everEven as enterprise AI adoption continues to surge,organizations are increasingly blocking AI and ML transactions because of data and security concerns.Today,enterprises block 18.5%of all AI transactions,a 577%increase from April to January,for a total of more than 2.6 billion blocked transactions.Some of the most popular AI tools are also the most blocked.Indeed,ChatGPT holds the distinction of being both the most-used and most-blocked AI application.This indicates that despiteor even because ofthe popularity of these tools,enterprises are working actively to secure their use against data loss and privacy concerns.Another notable trend is that ,which has an AI-enabled Copilot functionality,is blocked from April to January.In fact, accounts for 25.02%of all blocked AI and ML domain transactions.Fotor0.8%VEED4.4%OpenAI4.7%ChatGPT27.9%Hugging Face57.1ta transferred by AI/ML Traffic Sep 2023-Jan 2024800M600M400M200M0MMaySepMonthTransactionsNovJanJulBlocked AI transaction trends Apr 2023-Jan 2024KEY GENAI AND ML USAGE TRENDSFIGURE 3 Top AI/ML apps by the percentage of total data transferredFIGURE 4 Number of AI/ML transactions blocked over time2024 Zscaler,Inc.All rights reserved.07ZSCALER THREATLABZ REPORT 2024Industry AI breakdownEnterprise industry verticals show notable differences in their overall adoption of AI tools as well as the proportion of AI transactions they block.Manufacturing is the clear leader,driving more than 20%of AI and ML transactions across the Zero Trust Exchange.Still,the finance and insurance,technology,and services sectors follow closely behind.Together,these four industries have pulled ahead of others as the most aggressive AI adopters.TOP MOST-BLOCKED AI TOOLS01 ChatGPT02 OpenAI03 F04 Forethought05 Hugging Face06 ChatBot07 Aivo08 Neeva09 infeedo.ai10 JasperTOP BLOCKED AI DOMAINS01 B02 Divo.ai03 D04 Q05 Compose.ai06 O07 Qortex.ai08 Sider.ai09 T10 securiti.aiEducation1.7%Energy,Oil&Gas1.7%Government3.3%Retail&Wholesale4.9%Healthcare5.5%Others7.6%Technology15.6%Services16.8%Finance&Insurance19.9%Manufacturing20.90MManufacturingFinance&InsuranceTechnologyServicesRetail&WholesaleHealthcareGovernmentEducation600M400M200M0MMaySepNovJanJulShare of AI Transactions by Industry VerticalAI Transaction Trends by VerticalKEY GENAI AND ML USAGE TRENDSFIGURE 6 Industries driving the largest proportions of AI transactionsFIGURE 5 Top blocked AI applications and domains by volume of transactionsFIGURE 7 AI/ML transaction trends among the highest-volume industries,April 2023January 2024Vertical%of AI transactions blockedFinance&Insurance37.16Manufacturing15.65Services13.17Technology19.36Healthcare17.23Retail&Wholesale10.52Others8.93Energy,Oil&Gas14.24Government6.75Transportation7.90Education2.98Communication4.29Construction4.12Basic Materials,Chemicals&Mining2.92Entertainment1.33Food,Beverage&Tobacco3.66Hotels,Restaurants&Leisure3.16Religious Organizations6.06Agriculture&Forestry0.18Average across all verticals18.53FIGURE 8 Top industry verticals by percentage of AI transactions blocked2024 Zscaler,Inc.All rights reserved.08ZSCALER THREATLABZ REPORT 2024Securing AI/ML transactionsPaired with the sharp rise in AI transactions,industry sectors are blocking more AI transactions.Here,certain industries diverge from their overall adoption trends,reflecting differing priorities and levels of maturity in terms of securing AI tools.The finance and insurance sector,for instance,blocks the largest proportion of AI transactions:37.2%vs.the global average of 18.5%.This is likely due in large part to the industrys strict regulatory and compliance environment,combined with the highly sensitive financial and personal user data these organizations process.Meanwhile,manufacturing blocks 15.7%of AI transactions,despite its outsized role in driving overall AI transactions.The technology sector,one of the earliest and most eager adopters of AI,has taken something of a middle path,blocking an above-average 19.4%of AI transactions as it works to scale AI adoption.Surprisingly,the healthcare industry blocks a below-average 17.2%of AI transactions,despite these organizations processing a vast wealth of health data and personally identifiable information(PII).This trend likely reflects a lagging effort among healthcare organizations to protect sensitive data involved in AI tools,as security teams play catch-up to AI innovation.Overall AI transactions in healthcare remain comparatively low.KEY GENAI AND ML USAGE TRENDSPercent of Blocked AI Transactions by VerticalHealthcare and AIRanking as the sixth biggest AI/ML user,the healthcare industry blocks 17.23%of all AI/ML transactions.THE TOP AI APPS IN HEALTHCARE ARE:Vital signs of progress in AI healthcareWhile the healthcare industry is typically cautious when putting innovations like AI into practice,as seen by its current 5%contribution to AI/ML traffic in the Zscaler cloud,its only a matter of time before AI has a greater impact on healthcare operations,patient care,and medical research and innovation.1Indeed,AI promises to help not only save time,but also save lives.Already,AI-powered technologies are enhancing diagnostics and patient care.By analyzing medical images with remarkable accuracy,AI helps radiologists detect abnormalities more quickly and facilitates faster treatment decisions.2The potential benefits are vast.AI algorithms can use patient data to personalize treatment plans and accelerate drug discovery by efficiently analyzing biological data.Administrative tasks can be automated with generative AI as well,alleviating burdens on short-staffed healthcare teams.These advancements underscore AIs capacity to transform health provision and healthcare delivery.01 ChatGPT02 Drift03 OpenAI04 Writer05 Intercom06 Zineone07 Securiti08 Pypestream09 Hybrid10 VEED2024 Zscaler,Inc.All rights reserved.09ZSCALER THREATLABZ REPORT 2024Key Healthcare Risks:Healthcare organizations should acknowledge the potential risks and challenges associated with AI,including concerns about data privacy and security,especially for personal identifiable information(PII),as well as ensuring that AI algorithms and their outputs are highly reliable and unbiased when aiding in the administration of patient care.1.Statista,Future Use Cases for AI in Healthcare,September 2023.2.The Hill,AI already plays a vital role in medical imaging and is effectively regulated,February 23,2024.KEY GENAI AND ML USAGE TRENDS2024 Zscaler,Inc.All rights reserved.010ZSCALER THREATLABZ REPORT 2024Finance&AIIn second place for total AI/ML usage,the finance industry blocks 37.16%of all AI/ML traffic.THE TOP AI APPS IN FINANCE ARE:Financial institutions bank on AIFinancial services companies have been leading early adopters in the AI era,with the sector accounting for nearly a quarter of AI/ML traffic in the Zscaler cloud.Whats more,McKinsey projects a potential annual revenue of US$200 billion to$340 billion from generative AI initiatives in banking,largely driven by increased productivity.3 AI quite literally represents a wealth of opportunity for banks and financial services.While AI-powered chatbots and virtual assistants are nothing new to finance(Bank of Americas“Erica”was launched in 2018),generative AI enhancements are elevating these customer service tools to new levels of personalization.Other AI capabilities like predictive modeling and data analysis are poised to deliver massive productivity advantages to financial operationstransforming fraud detection,risk assessments,and more.01 ChatGPT02 Drift03 OpenAI04 BoldChat Enterprise05 LivePerson06 Writer07 Hugging Face08 Otter Ai09 Securiti10 IntercomKey Finance&Insurance Risks:Integrating AI into financial services and products also raises security and regulatory concerns about data privacy,biases,and accuracy.The significant 37%of blocked AI/ML traffic reported by ThreatLabz reflects that perspective.Addressing these concerns will require astute oversight and planning to maintain trust and integrity in banking,financial services,and insurance.3.McKinsey,Capturing the full value of generative AI in banking,December 5,2023.KEY GENAI AND ML USAGE TRENDS2024 Zscaler,Inc.All rights reserved.011ZSCALER THREATLABZ REPORT 2024Government and AIAlthough it falls in the top 10 of AI/ML usage,the government sector blocks just 6.75%of AI/ML transactions.THE TOP AI APPLICATIONS*IN GOVERNMENT ARE:01 ChatGPT02 Drift03 OpenAI04 ZineoneGlobal governments navigate AI practices and policies Two critical AI discussions have emerged in government:one on implementing AI technologies and another on establishing governance to manage them securely.The advantages of AI adoption by government and public sector entities are substantial,particularly where chatbots and virtual assistants can give citizens faster access to essential information and services across sectors like public transportation and education.AI-driven data analysis can help address societal challenges through data-driven decision-making processes,leading to more efficient policy development and resource allocation.Notable progress is already underway.For example,the US Department of Justice appointed its inaugural Chief AI Officer,confirming a commitment to using AI systems.ThreatLabz data indicates that government customers are increasingly using AI/ML platforms like ChatGPT and Drift.Key Government Risks:Despite these trends,key concerns about AI-related risks and data privacy underscore the continued need for regulatory frameworks and governance across federal organizations.In general,policymakers worldwide have taken significant steps toward AI regulation in the past year,signaling a collective effort to drive responsible development and deployment of AI/ML technologies.KEY GENAI AND ML USAGE TRENDS*AI applications with at least 1M transactions2024 Zscaler,Inc.All rights reserved.012ZSCALER THREATLABZ REPORT 2024Manufacturing and AIAs the top AI/ML vertical,the manufacturing vertical blocks 15.65%of all AI/ML applications.TOP APPLICATIONS ARE:01 ChatGPT02 Drift03 OpenAI04 Writer05 Securiti06 Google Search07 Zineone08 Pypestream09 Hugging Face10 FotorManufacturing builds on AI momentumUnsurprisingly,the highest influx of AI/ML traffic(18.2%)in our research comes from manufacturing customers.AI adoption in manufacturing stands as a cornerstone of Industry 4.0,a.k.a.the Fourth Industrial Revolutionan era marked by the convergence of digital technologies and industrial processes.From preemptively detecting equipment failures by analyzing vast amounts of data from machinery and sensors to optimizing supply chain management,inventory,and logistics operations,AI is proving instrumental to manufacturers.Additionally,AI-driven robotics and automation systems can significantly enhance manufacturing efficiency.They can execute tasks at far greater speed and accuracy than humansall while reducing costs and errors.Key Manufacturing AI Risks:As for the 16%of blocked traffic from AI/ML applications by manufacturing customers,some manufacturers are approaching generative AI/ML with caution.This may arise from concerns regarding the security of manufacturing organizations data as well as the need to selectively vet and approve a smaller set of AI applications while blocking applications that incur greater risk.KEY GENAI AND ML USAGE TRENDS2024 Zscaler,Inc.All rights reserved.013ZSCALER THREATLABZ REPORT 2024Education and AIComing in 11th in overall AI/ML usage,the education vertical blocks 2.98%of all AI/ML traffic.TOP APPLICATIONS ARE:01 ChatGPT02 Character.AI03 Pixlr04 Forethought05 Deepai06 Drift07 OpenAIEducation embraces AI as a learning toolWhile the education sector is not a top producer of AI traffic,it blocks a comparatively low percentage(2.98%)of AI and ML transactions:approximately 9 million,from a total of more than 309 million transactions.Its clear that,despite popular narratives that education institutions typically block AI applications like ChatGPT among students,the sector has mostly embraced AI applications as learning tools.Notably,five of the most popular AI apps in education(ChatGPT,Character.AI,Pixlr,and OpenAI)are explicitly or frequently focused on creative outputs for writing and image generationwhile Forethought,meanwhile,can be used as an instructional chatbot aid.Adding nuance to this narrative,it may also be that many educators block tools like ChatGPT as a matter of classroom policy,but that educational institutions have lagged behind other sectors in implementing technology solutions like DNS filtering that allow organizations to block AI and ML tools in more specific ways.Key Education AI Risks:In education,data privacy concerns will likely grow as the sector continues to embrace AI tools,specifically surrounding protections afforded to students personal data.In all likelihood,the education sector will increasingly adopt technological means to block selective AI applications,while providing greater data protection measures for personal data.KEY GENAI AND ML USAGE TRENDS2024 Zscaler,Inc.All rights reserved.014ZSCALER THREATLABZ REPORT 2024ChatGPT usage trendsChatGPT adoption has soared.Since April 2023,global ChatGPT transactions grew by more than 634%,an appreciably faster rate than the overall 595%increase in AI transactions.From these findings and the broad industry perception of OpenAI as the premier AI brand,its clear that ChatGPT is the favored generative AI tool.In all likelihood,the adoption of OpenAI products will continue to grow,driven in part by the expected release of newer ChatGPT versions and the companys text-to-video generative AI product,Sora600M400M200MMaySepTotal TransactionsNovJanJulMonth0MConstruction2.8%Entertainment2.7%Government4.3%Transportation5.3%Others3.9%Energy,Oil&Gas4.7%Healthcare4.3%Retail&Wholesale5.3%Technology10.7%Services13.4%Finance&Insurance14.0%Manufacturing21.2%Communication2.6%Transactions by Industry VerticalAI Transactions Trends by VerticalKEY GENAI AND ML USAGE TRENDSIndustry usage of ChatGPT closely maps to overall adoption patterns of AI tools in general.In this case,manufacturing is the clear industry leader,again followed by finance and insurance.Here,the technology sector lags slightly in fourth place,with 10.7%of ChatGPT transactions vs.third place and 14.6%overall.This is likely due in part to the tech sectors status as a fast innovator,which may mean tech companies are more willing to embrace a broader variety of generative AI tools.FIGURE 9 ChatGPT transactions from April 2023 to January 2024FIGURE 10 Industries driving the largest proportions of ChatGPT transactions2024 Zscaler,Inc.All rights reserved.015ZSCALER THREATLABZ REPORT 2024AI usage by countryAI adoption trends differ markedly worldwide,influenced by regulatory requirements,technological infrastructure,cultural considerations,and other factors.Heres a look at the top countries driving AI and ML transactions in the Zscaler cloud.As expected,the US produces the lions share of AI transactions.India,meanwhile,has emerged as a leading generator of AI traffic,driven by the countrys accelerated commitment to technology innovation.The Indian government also provides a useful example of how fast AI regulation is evolving,with its recent efforts to enact and then drop a plan that would require regulatory approval of AI models before they launch.44.TechCrunch,India reverses AI stance,requires government approval for model launches,March 3,2024.Philippines1.7%Singapore1.9%Malaysia1.9nada3.0%Germany3.4%France3.5%Japan3.6%Australia4.1%United Kingdom5.5%India16.0%United States40.9%Transactions by CountryKEY GENAI AND ML USAGE TRENDSFIGURE 11 Countries driving the largest proportions of AI transactions2024 Zscaler,Inc.All rights reserved.016ZSCALER THREATLABZ REPORT 2024Germany12.6%France13.5%UAE6.4%United Kingdom20.4%Syria0.0%Turkey1.3%Poland2.6%Switzerland3.5%Spain5.3%Netherlands6.0%MonthTransactions(millions)SepAprMayOctAugNovDecJanJunJul8,0006,0004,0002,0000EMEA Country BreakdownTransactions(millions)vs.MonthKEY GENAI AND ML USAGE TRENDSCountryTransactions%of regionUnited Kingdom76341328920.47%France50418547013.53%Germany47170068312.66%United Arab Emirates2385576806.40%Netherlands2227838175.98%Spain1986237395.30%Switzerland1290590973.46%Italy975444122.62%Region breakdown:EMEATaking a closer look at the Europe,the Middle East,and Africa(EMEA)region,there are clear divergences in rates of AI and ML transactions between countries.While the UK accounts for only 5.5%of AI transactions globally,it represents more than 20%of AI traffic in EMEA,making it the clear leader.And while France and Germany unsurprisingly rank second and third as AI traffic generators in EMEA,rapid tech innovation in the United Arab Emirates has solidified the country as a top AI adopter in the region.FIGURE 13 EMEA countries by percentage of total AI transactions in regionFIGURE 14 Growth in AI transactions in EMEA over timeFIGURE 12 EMEA countries by total transactions2024 Zscaler,Inc.All rights reserved.017ZSCALER THREATLABZ REPORT 2024CountryTransactions%of regionIndia241431949048.30%Australia50156239510.01%Japan4764254239.52%Singapore2848913845.70%Malaysia2680432635.36%Philippines2437545784.87%Hong Kong2021198144.04%China1045456552.09%Region breakdown:APACDiving deeper into the Asia-Pacific region(APAC),ThreatLabz research shows clear and noteworthy trends in AI adoption.Although the region represents far fewer countries,TheatLabz observed nearly 1.3 billion(135%)more AI transactions in APAC than EMEA.This growth is almost single-handedly being driven by India,which generates nearly half of all AI and ML transactions in the APAC region.China2.1%Hong Kong4.0%Philippines4.9%Thailand1.5%Indonesia1.5%Malaysia5.4%Singapore5.7%Japan9.5%Australia10.0%India48.3%MonthTransactions(millions)SepAprMayOctAugNovDecJanJunJul10,0007,5005,0002,5000APAC Country BreakdownTransactions(millions)vs.MonthKEY GENAI AND ML USAGE TRENDSFIGURE 16 APAC countries by percentage of total AI transactions in regionFIGURE 17 Growth in AI transactions in APAC over timeFIGURE 15 APAC countries by total transactions2024 Zscaler,Inc.All rights reserved.018ZSCALER THREATLABZ REPORT 2024REAL-WORLD AI RISK AND THREAT SCENARIOSEnterprise AI Risk and Real-World Threat ScenariosEnterprise AI riskProtecting intellectual property and non-public informationGenerative AI tools can lead to inadvertent leakage of sensitive and confidential data.In fact,sensitive data disclosure is number six on the Open Worldwide Application Security Project(OWASP)Top Ten for AI Applications.5 The past year has seen numerous instances of accidental data leakages or breaches of AI training data,including from cloud misconfigurations,from some of the largest AI tool providerssome exposing terabytes of customers private data.In one example,researchers exposed thousands of GitHub secrets from GitHubs Copilot AI by exploiting a vulnerability called prompt injectionusing AI queries designed to manipulate the AI to divulge training datawhich incidentally is the number one OWASP Top 10 risk.6ACCESS CONTROL AND SEGMENTATION RISKAccess controls,such as role-based access control(RBAC),can be misconfigured or abused for AI applications.This can lead to circumstances where,for instance,an AI chatbot generates the same responses for a CEO as for any other enterprise user,which poses particular risks when chatbots are trained on historical data from that users inputs.This could be used to infer information about the queries that executives have sent using AI chatbots.Here,enterprises should take care to appropriately configure AI application access controls,enabling both data security and access segmentation based on user permissions and roles.5.OWASP,OWASP Top 10 For LLM Applications,Version 1.1,October 16,2023.6.The Hacker News,Three Tips to Protect Your Secrets from AI Accidents,February 26,2024.7.The Hacker News,Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets,March 5,2024.For enterprises,AI-driven risks and threats fall into two broad categories:the data protection and security risks involved with enabling enterprise AI tools;and the risks of a new cyber threat landscape driven by generative AI tools and automation.A related risk is the threat of model inversion,whereby attackers use the outputs of an LLM paired with knowledge about its model structure to make inferences about,and eventually extract,its training data.Of course,there is also the risk that AI companies themselves will be breached.There have been cases where the credentials of AI company employees have led directly to data leaks.Meanwhile,there is the chance that adversaries will launch secondary malware attacks,using information stealers like Redline Stealer or LummaC2,to steal employee login credentials and gain access to their AI accounts.In fact,it was recently disclosed that roughly 225,000 ChatGPT user credentials are listed for sale on the dark web,stemming from this type of attack.7 While privacy and data security remain top priorities at AI tool providers,these risks remain in play,and they extend equally to smaller AI companies,SaaS providers that have enabled AI functionality,and the like.Finally,there is the risks stemming from enterprise AI users themselves.There are numerous ways a user may unknowingly expose valuable intellectual property or non-public information into the data sets used to train LLMs.For instance,a developer requesting optimization of source code or a sales team member seeking sales trends based on internal data could unintentionally disclose protected information outside the organization.It is crucial for enterprises to be aware of this risk and implement robust data protection measures,including data loss prevention(DLP),to prevent such leaks.12024 Zscaler,Inc.All rights reserved.019ZSCALER THREATLABZ REPORT 2024REAL-WORLD AI RISK AND THREAT SCENARIOSData privacy and security risks of AI applicationsAs the number of AI applications grows dramatically,enterprises must consider that all AI applications are not equal when it comes to data privacy and security.Terms and conditions can vary greatly from one AI/ML application to another.Enterprises must consider whether their queries will be used to further train language models,mined for advertising,or sold to third parties.Additionally,the security practices of these applications and the overall security posture of the companies behind them can vary.To ensure data privacy and security,enterprises need to assess and assign risk scores to the multitude of AI/ML applications they use,taking into account factors like data protection and the companys security measures.Data quality concerns:garbage in,garbage outFinally,the quality and scale of data used to train AI applications must always be scrutinized,as it is tied directly to the value and trustworthiness of AI outputs.Although large AI vendors like OpenAI train their tools on widely available resources like the public internet,vendors with AI products in specialized or verticalized industries,including cybersecurity,must train their AI models on highly specific,large-scale,often private data sets to drive reliable AI outcomes.Thus,enterprises need to carefully consider the question of data quality when evaluating any AI solution,as“garbage in”really does translate to“garbage out.”More broadly,enterprises should be aware of the risks of data poisoningwhen training data is contaminated,impacting the reliability or trustworthiness of AI outputs.8 Regardless of the AI tool,enterprises should establish a strong security foundation to prepare for such eventualities while continually evaluating whether AI training data and GenAI outputs meet their quality standards.AI DECISION POINT:WHEN TO BLOCK AI,WHEN TO ALLOW AI,AND HOW TO MITIGATE SHADOW AI RISKEnterprises are at a crossroads:enabling AI applications to transform productivity vs.blocking them to protect sensitive data.To take an informed and secure approach to this transition,enterprises should know the answers to five critical questions:01 Do we have deep visibility into employee AI app usage?Enterprises must have total visibility into the AI/ML tools in use as well as corporate traffic to those tools.Just the same as“Shadow IT”,“Shadow AI”tools will proliferate in the enterprise.02 Can we create granular access controls to AI apps?Enterprises should be able to enable granular access and microsegmentation for specified,approved AI tools at the department,team,and user levels.Conversely,enterprises should use URL filtering to block access to unsecure unwanted AI applications.03 What data security measures do specific AI apps enable?There are thousands of AI tools in everyday use.Enterprises should know the data security measures each provides.On a spectrum,certain AI tools can enable a private,secure data server in the enterprise environmenta best practicewhile others will retain all user data,use input data to further train the LLM,or even sell user data to third parties.04 Is DLP enabled to protect key data from being leaked?Enterprises should enable DLP to prevent sensitive information,like proprietary code or financial,legal,customer,and personal data,from leaving the enterpriseor even being entered into AI chatbotsparticularly where AI apps have looser data security controls.05 Do we have appropriate logging of AI prompts and queries?Finally,enterprises should collect detailed logs that provide visibility into how their teams are using AI toolsincluding the prompts and data being used in tools like ChatGPT.8.SC Magazine,Concerns over AI data quality gives new meaning to the phrase:garbage in,garbage out,February 2,2024.232024 Zscaler,Inc.All rights reserved.020ZSCALER THREATLABZ REPORT 2024AI-driven threat scenariosEnterprises face a continuous barrage of cyberthreats,and today,that includes attacks driven by AI.The possibilities of AI-assisted threats are essentially limitless:attackers are using AI to generate sophisticated phishing and social engineering campaigns,create highly evasive malware and ransomware,identify and exploit weak entry points in the enterprise attack surface,and overall increase the speed,scale,and diversity of attacks.This puts enterprises and security leaders in a double bind:they must expertly navigate the fast-evolving AI landscape to reap its revolutionary potential,yet they must also face down the unprecedented challenge of defending and mitigating risk against AI-powered attacks.AI impersonation:deepfakes,misinformation,and moreThe era of AI-generated videos,live avatars,and voice impersonations that are near-indistinguishable from reality has arrived.In 2023,Zscaler successfully thwarted an AI vishing and smishing scenario where threat actors impersonated the voice of Zscaler CEO Jay Chaudhry in WhatsApp messages,which attempted to deceive an employee into purchasing gift cards and divulging more information.ThreatLabz then identified this as part of a widespread campaign targeting other tech companies.Although these attacks can often be stopped in simple ways,such as confirming the validity of a message directly with colleagues over a separate trusted channel,they can be very convincing.In a high-profile example,attackers using AI deepfakes of a company CFO convinced an employee at a Hong Kong-based multinational firm to wire the equivalent of US$25 million to an outside account.While the employee suspected phishing,their fears were calmed after joining a multi-person video conference that included the company CFO,other staff,and outsiders.The calls attendees were all AI fakes.AI threats will come in many flavors.With the notable trend toward vishing(voice vishing)in 2023,one key trend will be the use of AI to carry out identity-driven social engineering attacks seeking administrative user credentials.Recent ransomware attacks by Scattered Spider,an affiliate group of BlackCat/ALPHV ransomware,showed how effective voice communications can be in gaining a foothold in target environments to subsequently deploy further ransomware attacks.AI-generated attacks will pose even greater challenges in detecting and defending against these attacks.Enterprises must approach security in 2024 with the expectation that employees will be targeted by AI deepfake and phishing campaigns.Employee training will be an essential piece of the cybersecurity puzzlemaking the immediate reporting of any suspicious activity the norm.As part of this arms race,enterprises should also evaluate the rapidly evolving set of AI-powered cyber defenses that can identify AI-generated phishing attacks as a key part of their arsenal.REAL-WORLD AI RISK AND THREAT SCENARIOSNOTE:For demonstration purposes,this example shows lightly abbreviated prompts and includes a ChatGPT code response for one query before showing the final rendered phishing page.2024 Zscaler,Inc.All rights reserved.021ZSCALER THREATLABZ REPORT 2024User prompt:create an HTML login pageChatGPT:Sure,heres a basic example of an HTML login page:User prompt:add a page background that is similar to the microsoft login pageChatGPT:FIGURE 19 Screenshot of the final rendered Microsoft phishing login page,using the ChatGPT code responseNext,ThreatLabz provided a short series of prompts to improve the page before rendering the final Microsoft phishing login page.These included asking ChatGPT to make the page look like a Microsoft login,adjusting the logo size,and adding and removing UI elements before submitting the final query to generate the final code output.AI-generated phishing campaignsIn a similar fashion,threat actors are using generative AI to launch sophisticated,highly convincing phishing and social engineering attacks at greater speed and scale.At the simplest level,AI chatbots like ChatGPT allow cybercriminals to instantly craft phishing emails in perfect prose,with persuasive language that can mimic any speaker,regardless of the native language of the attacker.That is,typical“tells”that can give away standard phishing emails(e.g.,incorrect grammar,awkward syntax,or out-of-place language)will largely cease to exist.From query to crime:creating a phishing login page using ChatGPTNot only that:LLMs have also made it significantly easier for cybercriminals,even with relatively little coding experience,to carry out multiple stages of a sophisticated phishing attack.For instance,in just a few prompts using a generative AI chatbot like ChatGPT,its almost trivial to create fake phishing login pages that mimic popular enterprise applications to steal employee login credentials.The following example from ThreatLabz shows how simple it is to create a convincing fake Microsoft login page with just a few conversational prompts.FIGURE 18 Screenshot of a rendered login page using the ChatGPT code responseTHIS WAS THE FIRST RESULT:IN 7 QUERIES,THE FINAL RESULT:REAL-WORLD AI RISK AND THREAT SCENARIOS2024 Zscaler,Inc.All rights reserved.022ZSCALER THREATLABZ REPORT 2024REAL-WORLD AI RISK AND THREAT SCENARIOSDark chatbots:uncovering WormGPT and FraudGPT on the dark webPopular AI chatbots like ChatGPT have security controls in place thatin most casesprevent users from generating malicious code.Less constrained versions of generative AI,so-called“dark chatbots,”have no such guardrails.As a result,sales of the most popular dark chatbots,including WormGPT and FraudGPT,have proliferated on the dark web.While many of these tools are billed as aids to security researchers,they are predominantly used by threat actors to generate malicious code like malware with AI.To uncover how easy it is to acquire these tools,ThreatLabz delved into dark web listings.ThreatLabz found how,rather appropriately,the creators of these tools leverage generative AI chatbots to make their purchase surprisingly simple:with a single prompt on the WormGPT purchasing page,for instance,users are prompted to buy a trial version by sending payment to a bitcoin wallet.Note that the creators specifically state that,in theory,WormGPT is geared toward security research and defense.However,with one download,anyone can get access to a fully featured generative AI tool that can be used to create,test,or optimize any variety of malicious code,including malware and ransomware,with no security guardrails.While researchers have shown that popular AI tools like ChatGPT can be jailbroken for malicious purposes,their defenses against these actions have grown continuously.As a result,sales of tools like WormGPT and FraudGPT will only continue to grow,as will best practice examples of how to effectively create and optimize malware among threat actor communities on the dark web.FIGURE 20 Screenshot of the dark chatbot WormGPT2024 Zscaler,Inc.All rights reserved.023ZSCALER THREATLABZ REPORT 2024REAL-WORLD AI RISK AND THREAT SCENARIOSAI-driven malware and ransomware across the attack chainFIGURE 21 How threat actors can leverage AI across the ransomware attack chainGain initial entryReconnaissanceGen AI discovery of attack surface:vulnerabilities for exposed assets(e.g.VPNs)Initial compromiseAI-generated polymorphic malwareAI-driven phishing and vishing attacksLateral movement Escalate privilege&Identify crown-jewels Steal credentials&compromise additional systemsDomain controller Data loss&malware delivery Steal data and deployAI-powered exfltrationmodules(likely emergent)Steal dataInstall ransomware&demand paymentEstablish foothold Deliver malware InstallmalwareAI-driven ransomware attacksAI is helping threat actors and state-sponsored adversaries launch ransomware attacks with greater ease and sophistication across multiple stages of the attack chain.Before the advent of AI,when launching an attack,threat actors had to spend considerable time identifying an enterprises attack surface and internet-facing vulnerabilities in services and applications.Now,using generative AI,that information is instantly queryable with a prompt such as:“Create a table showing the known vulnerabilities for all firewalls and VPNs in this organization.”Next,attackers can use the LLM to generate or optimize code exploits for those vulnerabilities with customized payloads for the target environment.Beyond that,generative AI can also be used to identify weaknesses among enterprise supply chain partners while highlighting optimal routes to connect to the core enterprise network;even if enterprises maintain a strong security posture,downstream vulnerabilities can often pose the greatest risks.As attackers continuously experiment with generative AI,this will form an iterative feedback loop for improvement that results in more sophisticated,targeted attacks that are even more challenging to mitigate.The following diagram illustrates some of the key ways attackers can leverage generative AI across the ransomware attack chainfrom automating reconnaissance and code exploitation for specific vulnerabilities,to generating polymorphic malware and ransomware.By automating critical portions of the attack chain,threat actors are able to generate faster,more sophisticated,and more targeted attacks against enterprises.2024 Zscaler,Inc.All rights reserved.024ZSCALER THREATLABZ REPORT 2024REAL-WORLD AI RISK AND THREAT SCENARIOSFIGURE 22 Using ChatGPT to generate a code exploit for CVE-2021-44228Using ChatGPT to create vulnerability exploits for Apache HTTPS Server and Log4j2Diving deeper,the following case study shows how threat actors can leverage these capabilities in practice.ThreatLabz used ChatGPT to quickly generate code exploits for two noteworthy CVEs:the Apache HTTP server path traversal vulnerability(CVE-2021-41773)and the Apache Log4j2 remote code execution vulnerability(CVE-2021-44228).Our researchers were able to generate working code with ChatGPT using only conversational prompts that require low levels of coding knowledge,such as,“Can you give me a POC in python for CVE-2021-41773”.As a note,for demonstration purposes,ThreatLabz referred to known-exploited CVEs from CISA that were added before December of 2021.In general,the free version of ChatGPT limits information related to CVEs that were documented before January,2022.AI worm attacks and“viral”AI jailbreakingGenerative AI tools even give threat actors entirely new avenues of attack,including attacks focused on extracting data from generative AI tools themselves.For instance,researchers have demonstrated the viability of“AI worm”attacks.9,10 These self-propagating malware attacks can spread organically through an AI ecosystem(in particular third-party AI tools and assistants that leverage popular generative AI tools)and extract sensitive user data.In one case,researchers targeted generative AI email assistants that leverage Gemini Pro,ChatGPT 4.0,and the Microsoft-developed LLM LLaMa.The researchers found that AI worm attacks can send users spam emails with zero-click malwarewhich doesnt require users to follow a malicious linkto exfiltrate their personal data.While such attacks have been limited to research environments for the time being,the researchers validated their effectiveness against numerous AI models,and enterprises can expect these kinds of attacks to propagate among cyberthreat groups eventually.Elsewhere,researchers have shown how adversarial images and prompts can be used to spread virally and jailbreak multimodal LLMs(MLLMs),which are GenAI tools that leverage many LLM agents.11MLLMs are becoming popular due to their potential to improve the performance of a generative AI tool.In one study,a single malicious image shown to one large language-and-vision assistant(LLaVA)agent was able to spread exponentially to its connected agents,jailbreaking up to one million LLaVA agents in short order.These threats pose significant risks to this particular variety of LLM,so enterprises should exercise caution in adopting them before robust,best practice defenses are clearly established.9.Wired,Here Come the AI Worms,March 1,2024.10.ComPromptMized,Unleashing Zero-click Worms that Target GenAI-Powered Applications,accessed March 12,2024.11.arXiv,Agent Smith:A Single Image Can Jailbreak One Million Multimodal LLM Agents Exponentially Fast,February 13,2024.2024 Zscaler,Inc.All rights reserved.025ZSCALER THREATLABZ REPORT 2024REAL-WORLD AI RISK AND THREAT SCENARIOSAI and US electionsThe impact of AI on US elections is a growing concern.The emergence of deefakes,for instance,makes it significantly easier for bad actors to spread misinformation and influence the voting public.In the current election cycle,we have already witnessed AI-generated robocalls impersonating incumbent President Joe Biden to discourage voter turnout in an early primary.Alarming incidents like this are likely just the beginning for AI-driven disinformation strategies.Its important to note that the use of AI in these schemes may not be limited to domestic actors;state-sponsored entities could also exploit AI to create confusion and undermine trust in the electoral process.In reports to the Senate Intelligence Committee,US intelligence agencies have warned that Russia and China will likely leverage AI as part of attempts to influence US elections.Even outside of politics,the social media circulation of deepfake images featuring celebrities like Taylor Swift highlights how easily manipulated content can spread before it can be effectively moderated.AI companies are taking steps to help mitigate this risk;Google Gemini,for instance,has enacted guardrails that prevent users from asking about upcoming elections in any country.As AI continues to advance,steps must be taken to address the potential risks it poses to the integrity of US elections and to ensure the publics trust in the democratic process.2024 Zscaler,Inc.All rights reserved.026ZSCALER THREATLABZ REPORT 2024All Eyes on AI RegulationGiven its substantial economic impact potential,governments worldwide are actively working to regulate AI and foster its safe usage.To date,there have been at least 1,600 AI policy initiatives from 69 countries and the EU spanning AI regulations,national strategies,grants and investments,and more.14,15 14.OECD,Policies,data and analysis for trustworthy artificial intelligence,accessed March 12,2024.15.Deloitte,The AI regulations that arent being talked about,accessed March 12,2024.16.White House,Executive Order on the Safe,Secure,and Trustworthy Development and Use of Artificial Intelligence,October 30,2023.17.NAIRR Pilot,The National Artificial Intelligence Research Resource(NAIRR)Pilot,accessed March 12,2024.18.Reuters,Healthcare providers to join US plan to manage AI risks-White House,December 14,2023.19.Pennsylvania Office of Attorney General,FTC Bans Use of A.I.to Impersonate Government Agencies and Businesses,February 26,2024.United StatesIn the US,the focus has been on the White House Executive Order on the Safe,Secure,and Trustworthy Development and Use of Artificial Intelligence,16 which compels developers of the largest AI systems to report safety test results to the Department of Commerce as well as disclose when large new compute resources are used to train AI models.It further required nine federal agencies to complete risk assessments on the impact of AI on critical infrastructure.The White House is also focused on AI innovation:as part of the EO,the US government established the National Artificial Intelligence Research Resource(NAIRR)pilot program to connect US researchers to computational power,data,and other tools to develop AI.17It remains to be seen whether the US government will seek more binding regulations around AI.As of now,at least 15 leading AI companies and nearly 30 healthcare companies have signed on to voluntary White House commitments to safeguard AI.18 Meanwhile,the FTC has banned the use of AI to impersonate a governmental agency or business,with plans to expand the rule to include protections for private individuals and agencies.19 The White House is also reportedly exploring the possibility of requiring watermarks for AI-generated contenBroadly speaking,these efforts seek to understand AI impacts,spur innovation,and shape its responsible development through policy.AI regulations will continue to develop and evolve rapidly,but a few recent regulatory changes can provide a useful snapshot for enterprises seeking to understand these trends.2024 Zscaler,Inc.All rights reserved.027ZSCALER THREATLABZ REPORT 2024ALL EYES ON AI REGULATIONSEuropean UnionThe European Parliament has recently approved the AI Act,which will establish the worlds first comprehensive AI legislation,with a stringent set of laws and guidelines for different types of AI applications,categorized by risk across many industries.Expected to take effect in 2026,the laws will require,for instance,general-purpose AI tools such as ChatGPT to comply with transparency requirements,such as that content was generated by AI,that training models were designed to prevent generating illegal content,and that companies provide summaries of copyrighted materials used for training.The regulations will apply stricter policies to“high risk”AI applications,such as those used in consumer products,including toys,aviation,medical devices,and vehicles,as well as AI that impacts particular areas such as critical infrastructure,employment,legal affairs,immigration,and more.Meanwhile,the EU will outright ban AI applications deemed unacceptably risky,including those that use sensitive biometric information,seek to manipulate human behavior to circumvent free will,use emotional recognition for hiring and education,or scrape untargeted facial images from the internet or CCTV.20Many countries are also prioritizing AI investments.Singapore,for instance,has announced a$740 million AI investment plan as part of the countrys National AI Strategy 2.0.21 This plan will work to drive AI innovation,enabling access to advanced chips required for AI while ensuring that enterprises are poised to capitalize on the AI revolution with Singapore-based AI centers of excellence.20.European Parliament,EU AI Act:first regulation on artificial intelligence,December 19,2023.21.CNBC,Singapores AI ambitions get a boost with$740 million investment plan,February 19,2024.2024 Zscaler,Inc.All rights reserved.028ZSCALER THREATLABZ REPORT 2024AI Threat Predictions22.World Economic Forum,Global Risks Report 2024:The risks are growing but so is our capacity to respond,January 10,2024.23.ZDNet,Cybercriminals are using Metas Llama 2 AI,February 21,2024.Nation-states AI dilemma:driving AI threats while blocking AI accessState-sponsored threat groups are poised to develop a complex relationship with AI,using it to generate more sophisticated threats while also striving to block access to anti-regime content.Use of AI tools by state-sponsored threat groups is not a new phenomenon,but its anticipated trajectory points to significant growth in both scale and sophistication.Reports from Microsoft and OpenAI validate this concern,revealing that threat actor groups supported by nations like Russia,China,North Korea,and Iran have actively delved into and exploited ChatGPT functionality.This extends across various use cases,including spear phishing,code generation and review,and translation.Dark chatbots and AI-driven attacks:the scourge of“AI for bad”will growAI-driven attacks are likely to surge throughout the year as the dark web serves as a breeding ground for malicious chatbots like WormGPT and FraudGPT to amplify cybercriminal activities.These insidious tools will become instrumental in executing enhanced social engineering,phishing scams,and various other threats.The dark web has seen an upswing in discussions among cybercriminals delving into the illicit deployment of ChatGPT and other generative AI tools for a spectrum of cyberattacks.More than 212 malicious LLM applications have been identified,representing only a fraction of what is availableand that number is expected to steadily grow.Mirroring developers who use generative AI for efficiency gains,threat actors employ these tools to uncover and exploit vulnerabilities,fabricate convincing phishing schemes,execute vishing and smishing campaigns,and automate attacks with greater speed,sophistication,and scale.For example,the threat actor group Scattered Spider recently used Metas LLaMa 2 LLM to exploit Microsoft PowerShell functionality,enabling unauthorized download of user credentials.23 The trajectory of these advancements indicates that cyberthreats will begin to evolve more quickly than ever,taking on new forms that are more difficult to recognize or defend against with traditional security measures.AI-generated misinformation and cyber attacks represent#2 and#5 of the top 10 global risks in 2024,per the World Economic Global Risk Report.22 As the field of AI continues to rapidly evolve,including in the area of AI-generated videos and images,these risks will only growas will our ability to harness AI to mitigate them.Looking to the rest of 2024 and beyond,these are the top AI risk and threat predictions we see on the horizon.Although targeted intervention has stopped some of these attacks,enterprises should brace for the persistence of state-backed AI initiatives.The scope encompasses the deployment of popular AI tools,the creation of proprietary LLMs,and the emergence of unconstrained ChatGPT-inspired variants,such as the aptly-named FraudGPT or WormGPT.The evolving landscape paints a challenging picture in which state-sponsored actors continue to leverage AI in novel ways to create complex new cyberthreats.122024 Zscaler,Inc.All rights reserved.029ZSCALER THREATLABZ REPORT 2024AI THREAT PREDICTIONSFighting AI with AI:security roadmaps and spend will include AI-driven defensesEnterprises will increasingly adopt AI technologies to combat AI-driven cyberattacks,including a focus on using deep learning and AI/ML models to detect malware and ransomware hidden in encrypted traffic.Traditional detection methods will continue to struggle with new AI-driven zero-day attacks and polymorphic ransomware(which can evolve its code to evade detection),so AI-based indicators will be crucial in identifying potential threats.AI will also play a vital role in swiftly identifying and stopping convincing AI-generated phishing and other social engineering attacks.Enterprises will increasingly incorporate AI in their cybersecurity strategies.AI will be seen as a critical means to gain visibility into cyber risk as well as create actionable,quantifiable playbooks to prioritize and remediate security vulnerabilities.Translating noise into practical signals has long been a top challenge for CISOs,because correlating risk and threat information across dozens of tools can take a month or more.As such,in 2024,enterprises will look eagerly to generative AI as a way to bring order to chaos,defray cyber risk,and drive leaner,more efficient security organizations.Data poisoning in AI supply chains:the risk of garbage AI data will growData poisoning will become a top concern as AI supply chain attacks gain momentum.AI companies as well as their training models and downstream suppliers will be increasingly targeted by malicious actors.The OWASP Top 10 for LLM Applications highlights training data poisoning and supply chain attacks as significant risks,running the risk of compromising the security,reliability,and performance of AI applications.Simultaneously,vulnerabilities in AI application supply chainsincluding technology partners,third-party data sets,and AI tool plugins or APIsare ripe for exploitation.Enterprises reliant on AI tools will face heightened scrutiny as they assume these tools are secure and produce accurate results.Greater vigilance in ensuring the quality,integrity,and scalability of training data sets will be essential,particularly in the realm of AI cybersecurity.432024 Zscaler,Inc.All rights reserved.030ZSCALER THREATLABZ REPORT 2024AI THREAT PREDICTIONSTo leash or unleash:enterprises will weigh productivity vs.security in their use of AI toolsBy now,many enterprises are past the early phases of AI tool adoption and integration,and many will have carefully considered their AI security policies.Even so,this is a fluid situation for most companies,and questions around which AI tools they will allow,which they will block,and how they will secure their data remain open.As the number of AI tools continues to skyrocket,enterprises will need to pay close attention to the security concerns of eachat a minimum,seeking deep insight into their employees AI usage,with an ability to enable granular access controls by department,team,and even at the user level.Enterprises may also seek more granular security controls over AI apps themselves,such as by enforcing data loss prevention policies in AI appspreventing sensitive data from leakingor preventing user actions such as copy and paste.AI-driven deception and distortion:viral deepfakes will fuel election interference and disinformation campaignsEmerging technologies like deepfakes pose significant threats,including election interference and the spread of misinformation.AI has already been implicated in misleading tactics during US elections,such as generating robocalls impersonating candidates to discourage voter turnout.These instances,while alarming,likely represent the tip of the AI-driven disinformation iceberg.Furthermore,the use of AI in such schemes may not be limited to domestic actors.State-sponsored entities could also exploit these tactics to sow confusion and undermine trust in the electoral process.In a notable case,attackers utilized AI-generated deepfakes to trick an employee into transferring$25 million,demonstrating the real-world impact of this technology.Similarly,illicit deepfake images of celebrities like Taylor Swift have gone viral on social media,calling attention to how easily manipulated content can spread before content moderation measures can catch up.562024 Zscaler,Inc.All rights reserved.031ZSCALER THREATLABZ REPORT 2024Case Study:Securely Enable ChatGPT in the EnterpriseBest practices for AI integration and enterprise security policy.5 steps to integrate and secure generative AI toolsEnterprises seeking to securely adopt AI applications should take a measured approach.Broadly speaking,they can first block all AI applications to eliminate the risk of data leakage,and then take thoughtful steps to adopt specific,vetted AI applications with tight security controls and access control measures to maintain complete control over enterprise data.For simplicitys sake,the following journey focuses on OpenAIs LLM ChatGPT.Block all AI and ML domains and applicationsTo eliminate known and unknown risks associated with the thousands of AI applications available,enterprises can take a proactive zero trust approach,blocking all AI and ML domains and applications at the global enterprise level.This way,they can focus on adopting a minimum set of transformative AI applications while closely controlling their risks.Selectively vet and approve generative AI applicationsNext,the organization should identify a set of generative AI applications that exceed high standards for certain criteria,such as the ability to create robust data protection,security,and contractual measures to protect enterprise and customer data,as well as the transformative potential of the applications themselves.For many enterprises,ChatGPT will be one of these applications.Create a private ChatGPT server instance in the corporate/DC environmentTo ensure complete control over their data,organizations should host ChatGPT in a dedicated,secure tenant(such as a private Microsoft Azure AI server)hosted fully within the organization.Then,through security controls and contractual obligations,enterprises should ensure that neither Microsoft and OpenAI(in this example)has access to enterprise By now,enterprises have had plenty of exposure to AI tools.But as the number of AI applications continues to grow dramatically and adoption continues apace,enterprises can adopt certain best practices to keep their data,employees,and customers safe.Overall,enterprises must proactively and continually adapt their AI usage and security strategies to stay ahead of evolving risks while ushering in the transformative potential of AI.CASE STUDYStep 1:Step 2:Step 3:2024 Zscaler,Inc.All rights reserved.032ZSCALER THREATLABZ REPORT 2024ZSCALERS AI JOURNEYAI best practicesIn general,enterprises can adopt a few key best practices when it comes to integrating AI tools into the business.Continually assess and mitigate the risks that come with AI-powered tools to protect intellectual property,personal data,and customer information.Ensure that the use of AI tools complies with relevant laws and ethical standards,including data protection regulations and privacy laws.Establish clear accountability for AI tool development and deployment,including defined roles and responsibilities for overseeing AI projects.Maintain transparency when using AI toolsjustify their use and communicate their purpose clearly to stakeholders.AI policy guidelinesEnterprises should go behind these best practices and establish a clear policy framework that governs enterprise-wide acceptable use,integration and product development,security and data policies,and employee best practices when using AI tools.The following best practices can form a useful starting point for establishing clear AI policies.Do not provide AI models with personally identifiable information(PII)or any non-public,proprietary,or confidential information.AI cannot replace a human being,and it should not be used to make decisions without appropriate human intervention.AI-generated content should not be used without human review and approval,especially when the content represents your organization.Development and integration of AI tools should follow a Secure Product Lifecycle Framework to guarantee the highest level of security.Perform thorough product due diligence before implementing AI solutions,making sure to evaluate their security and ethical implications.or customer data,nor will enterprise user queries be used to train ChatGPT at large.This ensures the organization retains control over its training data,allowing for highly relevant,accurate answers for enterprise users while minimizing the risk of data poisoning from a public data lake.Move the LLM behind single sign-on(SSO)with strong multifactor authentication(MFA)Next,the organization should move ChatGPT behind a zero trust cloud proxy architecture,such as the Zscaler Zero Trust Exchange,to enforce zero trust security controls over access to ChatGPT.This might also include moving ChatGPT behind an identity provider(IdP)with SSO authentication and strong MFA that includes biometric authentication.This will enable secure and fast user login to ChatGPT while also allowing the enterprise to configure granular access controls at the user,team,and department levels.This also ensures a separation of concerns between user queries at those same user,team,and departmental levels.Placing ChatGPT behind a cloud proxy like the Zero Trust Exchange further enables the organization to inspect all TLS/SSL traffic between users and ChatGPT to detect cyberthreats and data leakage while applying seven distinct layers of zero trust security.Enforce the Zscaler DLP engine to prevent data leakagesFinally,the organization should enforce a DLP engine for the ChatGPT instance to prevent accidental leakage of critical information,including proprietary data and code,customer data,personal data,financial and legal data,and more.This ensures that any highly sensitive data will never leave the production environment.By following this journey,enterprise users can reap the full benefits of a generative AI tool like ChatGPT while eliminating the most critical data risks of adopting an AI application.Step 5:Step 4:2024 Zscaler,Inc.All rights reserved.033ZSCALER THREATLABZ REPORT 2024How Zscaler Delivers AI Zero Trust and Secures Generative AIThe transformative power of AI in cybersecurity lies in its ability to be harnessed to combat the evolving landscape of AI-driven threats.At Zscaler,were leveraging AI to help enterprises stop attacks across all stages of the attack chain as well as easily diagnose and mitigate risk.The key to AI-driven cybersecurity:high-quality data at scaleEnterprises generate a vast wealth of log data that can contain high-fidelity signals that may indicate likely avenues for a breach.However,signal-to-noise challenges have historically made it a challenge to isolate these signals quickly.Using generative AI,Zscaler can leverage this data to effectively enhance triage and protection measures by understanding the vulnerabilities and weaknesses attackers are likely to exploit.This not only allows Zscaler to predict breaches before they happen,but also gives executives a holistic way to visualize and quantify cyber maturity and risk while prioritizing cybersecurity remediation steps with Zscaler Risk360.Generative AI capabilities not only extend to meta-analysis of enterprise cyber riskthey are also directly inserted into cybersecurity products to better detect and disrupt advanced threats across the attack chain.Directly integrated into the worlds largest security cloud,Zscaler LLMs and AI models take advantage of a data lake that sees more than 390 billion daily transactions,with more than 9 million blocked threats and 300 trillion signals.Far from“garbage in,garbage out,”this is“large-scale,high-fidelity data and threat intelligence in,finely-tuned,hyper-aware AI cybersecurity out.”All of this translates to more powerful,more effective cybersecurity outcomes for IT and security practitioners.2024 Zscaler,Inc.All rights reserved.034ZSCALER THREATLABZ REPORT 2024HOW ZSCALER DELIVERS AI ZERO TRUST AND SECURES GENERATIVE AILeveraging AI across the attack chainWeve discussed numerous ways threat actors are using AI to launch sophisticated threats at greater speed and scale.Zscaler deploys AI capabilities across the Zero Trust Exchange platform and cyber product suite to identify and stop both AI-driven and conventional attacks at each stage of the attack chain.Attack surface discoveryThe first stage of a cyberattack typically involves threat actors probing the internet-connected enterprise attack surface to identify exploitable weaknesses.Often,this includes things like VPN or firewall vulnerabilities and misconfigurations or unpatched servers.Generative AI has made this once-arduous task significantly easier for attackers,who can simply query a list of known vulnerabilities associated with these assets.Leveraging AI-driven insights in Zscaler Risk360,enterprises can instantly see these discoverable(and thus risky)applications and assetstheir internet-connected attack surfaceand hide them from the public internet behind the Zero Trust Exchange.This instantly and dramatically reduces the enterprise attack surface while preventing attackers from ever discovering weak entry points.Risk of compromiseDuring the compromise stage,attackers work to exploit vulnerabilities to gain unauthorized access to enterprise systems or applications.Zscaler AI innovations help reduce the risk of compromise,breaking up sophisticated attacks while prioritizing productivity.AI-POWERED PHISHING AND C2 PREVENTIONZscaler AI models detect known and patient-zero phishing sites to prevent credential theft and browser exploitation,as well as analyze traffic patterns,behavior,and malware to detect never-before-seen command-and-control(C2)infrastructure in real time.These models draw on a combination of threat intelligence,ThreatLabz research,and dynamic browser isolation to detect suspicious sites.As a result,enterprises are even more efficient and effective in detecting new phishing attacks,including AI-generated attacks,and C2 domains.FILE-BASED AI SANDBOX DEFENSEThe AI-powered inline Zscaler Sandbox instantly detects malicious files while keeping employees productive.Traditional sandbox technologies make users wait while files are analyzed,or else assume patient-zero risk when files are allowed on first pass.Our AI Instant Verdict technology instantly identifies,quarantines,and prevents high-confidence malicious filesincluding zero-day threatswhile removing the need to wait for analysis on these files.This includes threats that are delivered over encrypted channels(TLS and HTTPs)and other file transfer protocols.Meanwhile,benign files are delivered safely and instantly.AI TO BLOCK WEB THREATSAI-powered Zscaler Browser Isolation blocks zero-day threats while ensuring employees can access the right sites to do their jobs.In practice,enterprise URL filtering often requires more granular controls than allow/block;blocked sites are often safe and required for work,resulting in needless help desk tickets.Our AI Smart Isolation can identify when a site may be risky and open it in isolation for the usersafely streaming the site as pixels in a secure,containerized environment.This effectively stops web-based threats like malware,ransomware,phishing,and drive-by downloads,creating a strong web security posture without requiring enterprises to overblock sites as a default.Stage 1:Stage 2:2024 Zscaler,Inc.All rights reserved.035ZSCALER THREATLABZ REPORT 2024HOW ZSCALER DELIVERS AI ZERO TRUST AND SECURES GENERATIVE AI Lateral movementOnce attackers have a foothold inside an organization,they will try to move laterally to access sensitive data and applications.And for many organizations,user access is vastly overprovisioned to dozens of critical applicationsmeaning that their internal attack surface is substantial.Zscaler AI capabilities reduce the potential blast radius of attacks by analyzing user access patterns and recommending intelligent application segmentation policies to limit lateral risk.For example,its common to see that only 200 users out of 30,000 with access to a finance application actually need it.Zscaler can automatically create an application segment that limits access to only those 200 employees,reducing threat actors lateral movement opportunities by more than 99%.Data exfiltrationIn the final stage of an attack,threat actors work to exfiltrate sensitive data.Zscaler uses AI to allow organizations to deploy data protections more quickly.AI-driven data discovery eliminates the time-consuming task of data fingerprinting and classification,which can otherwise delay or prevent deployment.Zscaler AI automatically discovers and classifies all data across an organization right out of the box,enabling enterprises to immediately classify sensitive information while configuring Data Loss Prevention(DLP)policies to prevent that data from ever leaving the organization in an attack or breach.MOREOVER,ZSCALER BLOCKS:URLs and IPs observed in the Zscaler cloud as well as natively integrated open source and commercial threat intel sources.This includes policy-defined,high-risk URL categories commonly used for phishing,such as newly observed and newly activated domains.IPS signatures developed from ThreatLabz analysis of phishing kits and pages.Zscaler Risk360 delivers a comprehensive and actionable risk framework that helps security and business leaders to quantify and visualize cyber risk across the enterprise.Data Protection with DLP and CASB delivers AI-powered data classification and data protection across all channels,including endpoint,email,workloads,BYOD,and cloud posture.Advanced Threat Protection blocks all known C2 domains.Zscaler ITDR(Identity Threat Detection and Response)mitigates the risk of identity-based attacks without ongoing visibility,risk monitoring,and threat detection.Zscaler Firewall extends C2 protection to all ports and protocols,including emerging C2 destinations.DNS Security defends against DNS-based attacks and exfiltration attempts.Zscaler Private Access safeguards applications by limiting lateral movement with least-privileged access,user-to-app segmentation,and full inline inspection of private app traffic.AppProtection with Zscaler Private Access provides high-performance,inline security inspection of the entire application payload to expose threats.Zscaler Deception detects and contains attackers attempting to move laterally or escalate privileges by luring them with decoy servers,applications,directories,and user accounts.Summary of Zscalers AI-infused offeringsZscaler Internet Access provides AI-powered protection for enterprise users,devices,and web and SaaS applications across all locations as part of the Zero Trust Exchange,delivering:AI-powered phishing and C2 detection against never-before-seen phishing sites and C2 infrastructure,using inline AI-based detection from the Zscaler Secure Web Gateway(SWG).AI-powered sandboxing with comprehensive malware and zero-day threat prevention.Dynamic,risk-based policy with continuous analysis of user,device,application,and content risk to fuel dynamic security and access policy.AI-powered segmentation with Zscaler Private Access,with automated access policy recommendations to minimize the attack surface and stop lateral movement using user context,behavior,location,location,and private app telemetry.AI-powered browser isolation,which creates a safe gap between users and malicious web categories,rendering content as a stream of picture-perfect images to eliminate data leaks and delivery of active threats.Stage 3:Stage 4:2024 Zscaler,Inc.All rights reserved.036ZSCALER THREATLABZ REPORT 2024HOW ZSCALER DELIVERS AI ZERO TRUST AND SECURES GENERATIVE AIEnabling the enterprise AI transition:control is in your handsZscaler provides a way for enterprises to foster innovation,creativity,and productivity with AI applications while keeping users and data safe among emerging channels for data exfiltration.This empowers enterprises to embrace the transformative potential of AI to accelerate their business without outright blocking AI applications and domains.Enterprise and security leaders are at a crossroads:they must work to embrace AI to drive innovation and stay competitive,but they must also ensure that their data only powers the business,not breaches.Zscaler empowers enterprises to navigate this transition with confidence,leveraging a full-suite of AI-powered zero trust security controls that protect against AI-driven attacks while offering fine-tuned AI policies and data protections required to harness the full potential of generative AI.ZSCALER ENABLES ENTERPRISES TO:01 Drive full visibility into AI tool usage Detailed logs provide complete visibility into how enterprise teams are using AI,including the applications and domains theyre visiting as well as the data and prompts being used in tools like ChatGPT.02 Create flexible policies to fine-tune the use of AI Powerful,tailored URL filtering for AI and ML applications let enterprises easily define and enforce granular AI access controls and segmentationblocking access when necessary,while allowing access with acceptable levels of risk using AI App Risk Scoring.Enterprises can allow access at the enterprise,department,team,and user levels as well as enable caution-based access that coaches users on the risks of generative AI tools.AI-driven segmentation makes it easy to identify appropriate user segments for access to particular AI applications while minimizing the internal attack surface associated with AI tools.03 Enforce granular data security for ChatGPT and other AI applications Enterprises can prevent the leakage of sensitive data uploaded to AI applications with granular Zscaler Cloud Application controls for generative AI.By enforcing the Zscaler DLP engine,enterprises can ensure that no data is accidentally shared when using any AI tool.Meanwhile,AI-powered data discovery and classification lets enterprises easily identify and create DLP policies around their most critical data,including their corporate code base,financial and legal documents,personal data,customer data,and more.This video demonstrates how the DLP engine prevents users from inputting credit card information into ChatGPT.04 Enable powerful controls using Browser Isolation Zscaler Browser Isolation renders AI applications in a secure environment,adding a layer of protection that allows user prompts and queries to AI tools while restricting copy/paste,uploads,and downloads.This helps mitigate the risk of sensitive data being accidentally shared with generative AI tools.AI AppsCompany-wide visibility of AI app usageAI APP Risk scoring for security&privacySelective access controlsAI/ML URL Category-3200 domain,100 Cloud AppsPrevent Data Loss to Generative AI AppsInline DLP:Blocks IP,PII,etc.from leaking out(ChatGPT Prompts)Remote Browser Isolation:restrict uploads,downloads,clipboard controlsSecuring the use of AI/ML appsFIGURE 23 Zscaler delivers innovative,fine-tuned security controls designed for enterprise AI0 Zscaler,Inc.All rights reserved.037ZSCALER THREATLABZ REPORT 2024AppendixAbout Zscaler ThreatLabzThreatLabz research methodologyThe Zscaler global security cloud processes over 300 trillion daily signals and blocks 9 billion threats and policy violations per day,with over 250,000 daily security updates.Analysis of 18.09 billion AI and ML transactions from April 2023 to January 2024 in the Zscaler cloud,the Zero Trust Exchange.ThreatLabz is the security research arm of Zscaler.This world-class team is responsible for hunting new threats and ensuring that the thousands of organizations using the global Zscaler platform are always protected.In addition to malware research and behavioral analysis,team members are involved in the research and development of new prototype modules for advanced threat protection on the Zscaler platform,and regularly conduct internal security audits to ensure that Zscaler products and infrastructure meet security compliance standards.ThreatLabz regularly publishes in-depth analyses of new and emerging threats on its portal,. 1 408.533.0288Zscaler,Inc.(HQ)120 Holger Way San Jose,CA About Zscaler Zscaler(NASDAQ:ZS)accelerates digital transformation so that customers can be more agile,efficient,resilient,and secure.The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users,devices,and applications in any location.Distributed across more than 150 data centers globally,the SASEbased Zero Trust Exchange is the worlds largest inline cloud security platform.To learn more,visit .2024 Zscaler,Inc.All rights reserved.Zscaler,Zero Trust Exchange,Zscaler Internet Access,ZIA,Zscaler Private Access,ZPA and other trademarks listed at are either(i)registered trademarks or service marks or(ii)trademarks or service marks of Zscaler,Inc.in the United States and/or other countries.Any other trademarks are the properties of their respective owners.Experience your world,secured.

10人已浏览 2024-05-07 38页 5星级

Responsible AI Transparency ReportHow we build,support our customers,and growMay 20242TABLE OF CONTENTS2RESPONSIBLE AI TRANSPARENCY REPORTContentsForeword34Key takeaways5How we build generative applications responsibly6Govern:Policies,practices,and processes9Map:Identifying risks10Measure:Assessing risks and mitigations11Manage:Mitigating AI risks16How we make decisions about releasing generative applications17Deployment safety for generative AI applications20Sensitive Uses program in the age of generative AI22How we support our customers in building responsibly23AI Customer Commitments 24Tools to support responsible development25Transparency to support responsible development and use by our customers26How we learn,evolve,and grow27Governance of responsible AI at Microsoft:Growing our responsible AI community30Building safe and responsible frontier models through partnerships and stakeholder input32Using consensus-based safety frameworks33Supporting AI research initiatives34Investing in research to advance the state of the art in responsible AI 35Tuning in to global perspectives36Looking ahead37Sources and resourcesSOURCES AND RESOURCES3MICROSOFT TRANSPARENCY REPORT 20243RESPONSIBLE AI TRANSPARENCY REPORT3FOREWORDRESPONSIBLE AI TRANSPARENCY REPORTForewordIn 2016,our Chairman and CEO,Satya Nadella,set us on a clear course to adopt a principled and human-centered approach to our investments in Artificial Intelligence(AI).Since then,we have been hard at work to build products that align with our values.As we design,build,and release AI products,six valuestransparency,accountability,fairness,inclusiveness,reliability and safety,and privacy and securityremain our foundation and guide our work every day.To advance our transparency practices,in July 2023,we committed to publishing an annual report on our responsible AI program,taking a step that reached beyond the White House Voluntary Commitments that we and other leading AI companies agreed to.This is our inaugural report delivering on that commitment,and we are pleased to publish it on the heels of our first year of bringing generative AI products and experiences to creators,non-profits,governments,and enterprises around the world.As a company at the forefront of AI research and technology,we are committed to sharing our practices with the public as they evolve.This report enables us to share our maturing practices,reflect on what we have learned,chart our goals,hold ourselves accountable,and earn the publics trust.Weve been innovating in responsible AI for eight years,and as we evolve our program,we learn from our past to continually improve.We take very seriously our responsibility to not only secure our own knowledge but to also contribute to the growing corpus of public knowledge,to expand access to resources,and promote transparency in AI across the public,private,and non-profit sectors.In this inaugural annual report,we provide insight into how we build applications that use generative AI;make decisions and oversee the deployment of those applications;support our customers as they build their own generative applications;and learn,evolve,and grow as a responsible AI community.First,we provide insights into our development process,exploring how we map,measure,and manage generative AI risks.Next,we offer case studies to illustrate how we apply our policies and processes to generative AI releases.We also share details about how we empower our customers as they build their own AI applications responsibly.Lastly,we highlight how the growth of our responsible AI community,our efforts to democratize the benefits of AI,and our work to facilitate AI research benefit society at large.There is no finish line for responsible AI.And while this report doesnt have all the answers,we are committed to sharing our learnings early and often and engaging in a robust dialogue around responsible AI practices.We invite the public,private organizations,non-profits,and governing bodies to use this first transparency report to accelerate the incredible momentum in responsible AI were already seeing around the world.Brad Smith Vice Chair&PresidentNatasha Crampton Chief Responsible AI Officer4MICROSOFT TRANSPARENCY REPORT 20244KEY TAKEAWAYSRESPONSIBLE AI TRANSPARENCY REPORTKey takeawaysIn this report,we share how we build generative applications responsibly,how we make decisions about releasing our generative applications,how we support our customers as they build their own AI applications,and how we learn and evolve our responsible AI program.These investments,internal and external,continue to move us toward our goaldeveloping and deploying safe,secure,and trustworthy AI applications that empower people.We created a new approach for governing generative AI releases,which builds on our Responsible AI Standard and the National Institute of Standards and Technologys AI Risk Management Framework.This approach requires teams to map,measure,and manage risks for generative applications throughout their development cycle.30Weve launched 30 responsible AI tools that include more than 100 features to support customers responsible AI development.33Weve published 33 Transparency Notes since 2019 to provide customers with detailed information about our platform services like Azure OpenAI Service.We continue to participate in and learn from a variety of multi-stakeholder engagements in the broader responsible AI ecosystem including the Frontier Model Forum,the Partnership on AI,MITRE,and the National Institute of Standards and Technology.We support AI research initiatives such as the National AI Research Resource and fund our own Accelerating Foundation Models Research and AI&Society Fellows programs.Our 24 Microsoft Research AI&Society Fellows represent countries in North America,Eastern Africa,Australia,Asia,and Europe.16.6%In the second half of 2023,we grew our responsible AI community from 350 members to over 400 members,a 16.6 percent increase.99%Weve invested in mandatory training for all employees to increase the adoption of responsible AI practices.As of December 31,2023,99 percent of employees completed the responsible AI module in our annual Standards of Business Conduct training.5RESPONSIBLE AI TRANSPARENCY REPORTSection 1.How we build generative applications responsibly AI is poised to shape the future.Generative AIartificial intelligence models and applications capable of creating original content,including text,image,and audiohas accelerated this transformation.At Microsoft,we recognize our role in shaping this technology.We have released generative AI technology with appropriate safeguards at a scale and pace that few others have matched.This has enabled us to experiment,learn,and hone cutting-edge best practices for developing generative AI technologies responsibly.As always,we are committed to sharing our learnings as quickly as possible,and generative AI is no exception.1.HOW WE BUILD GENERATIVE APPLICATIONS RESPONSIBLY61.HOW WE BUILD GENERATIVE APPLICATIONS RESPONSIBLYRESPONSIBLE AI TRANSPARENCY REPORTIn 2023,we regularly published resources to share best practices for developing generative applications responsibly.These include an overview of responsible AI practices for OpenAI models available through Azure OpenAI Service,1 a Transparency Note2 describing how to deploy Azure OpenAI models responsibly,examples relevant to generative AI in the HAX toolkit,3 best practices4 and a case study5 for red teaming large language model(LLM)applications,and system messageor metaprompt guidance.6 In March 2024,we released additional tools our customers can use to develop generative applications more responsibly.This includes prompt shield to detect and block prompt injection attacks,7 safety evaluation in Azure AI Studio to evaluate AI-generated outputs for content risks,8 and risks&safety monitoring in Azure OpenAI Service to detect misuse of generative applications.9In the following sections,we outline some of our recent innovations to map,measure,and manage risks associated with generative AI.First,we cover specific requirements for generative applications,based on our Responsible AI Standard.Next,we discuss how AI red teaming plays an important role in mapping generative AI risks at the model and application layers.Then,we discuss the role of systematic measurement and how it provides metrics that inform decision making.2341Finally,we describe some of our approaches to managing generative AI risks.This includes using technology to reinforce trust in democratic processes and manage generative AIs impact on the information ecosystem by implementing provenance tools to label AI-generated content.Govern:Policies,practices,and processesPutting responsible AI into practice begins with our Responsible AI Standard.The Standard details how to integrate responsible AI into engineering teams,the AI development lifecycle,and tooling.In 2023,we used our Responsible AI Standard to formalize a set of generative AI requirements,which follow a responsible AI development cycle.Our generative AI requirements align with the core functions of the National Institute for Standards and Technology(NIST)AI Risk Management Frameworkgovern,map,measure,and managewith the aim of reducing generative AI risks and their associated harms.Govern,map,measure,manage:An iterative cycleIdentify and prioritize AI risks Align roles and responsibilities and establish requirements for safe,secure,and trustworthy AI deploymentMapManageManage or mitigateidentified risksSystematically measure prioritized risks to assess prevalence and the effectiveness of mitigationsMeasureGovernPLATFORM APPLICATIONS71.HOW WE BUILD GENERATIVE APPLICATIONS RESPONSIBLYRESPONSIBLE AI TRANSPARENCY REPORTGovernGovernance contextualizes the map,measure,and manage processes.Weve implemented policies and practices to encourage a culture of risk management across the development cycle.Policies and principles:Our generative applications are designed to adhere to company policies,including our responsible AI,security,privacy,and data protection policies.We update these policies as needed,informed by regulatory developments and feedback from internal and external stakeholders.Procedures for pre-trained models:For the use of pre-trained generative AI models,teams must review available information about the model,its capabilities,and its limitations,then map,measure,and manage relevant risks.Stakeholder coordination:Our policies,programs,and best practices include input from a diverse group of internal and external stakeholders.Cross-functional teams work together to map,measure,and manage risks related to generative applications.Documentation:We provide transparency materials to customers and users that explain the capabilities and limitations of generative applications,as well as guidelines to help them use generative applications responsibly.Pre-deployment reviews:We require teams to map,measure,and manage generative AI risks pre-deployment and throughout their development cycle.This includes identifying high-impact uses of generative AI for additional review by experts within the company.MapMapping risks is a critical firstand iterativestep toward measuring and managing risks associated with AI,including generative AI.Mapping informs decisions about planning,mitigations,and the appropriateness of a generative application for a given context.Responsible AI Impact Assessments:The development of generative applications begins with an impact assessment as required by the Responsible AI Standard.The impact assessment identifies potential risks and their associated harms as well as mitigations to address them.Privacy and security reviews:Processes for identifying and analyzing privacy and security risks,like security threat modeling,inform a holistic understanding of risks and mitigations for generative applications.Red teaming:We conduct red teaming of generative AI models and applications to develop a deeper understanding of how the identified risks manifest and to identify previously unknown risks.MeasureWeve implemented procedures to measure AI risks and related impacts to inform how we manage these considerations when developing and using generative applications.Metrics for identified risks:We have established metrics to measure identified risks for generative applications.Mitigations performance testing:We measure how effective mitigations are in addressing identified risks.ManageWe manage or mitigate identified risks at the platform and application levels.We also work to safeguard against previously unknown risks by building ongoing performance monitoring,feedback channels,processes for incident response,and technical mechanisms for rolling applications back.Finally,we release and operate the application.Weve learned that a controlled release to a limited number of users,followed by additional phased releases,helps us map,measure,and manage risks that emerge during use.As a result,we can be confident the application is behaving in the intended way before a wider audience accesses it.User agency:We design our generative applications to promote user agency and responsible use,such as through user interfaces that encourage users to edit and verify AI-generated outputs.Transparency:We disclose the role of generative AI in interactions with users and label AI-generated visual content.Human review and oversight:We design generative applications so that users can review outputs prior to use.Additionally,we notify users that the AI-generated outputs may contain inaccuracies and that they should take steps to verify information generated by the tool.Managing content risks:We build generative applications to address potential content risks,such as by incorporating content filters and processes to block problematic prompts and AI-generated outputs.Ongoing monitoring:Our teams also implement processes to monitor performance and collect user feedback to respond when our applications dont perform as expected.Defense in depth:We use an approach to risk management that puts controls at every layer of the process,including platform-and application-level mitigations.We map,measure,and manage generative AI risks throughout the development cycle to reduce the risk of harm.81.HOW WE BUILD GENERATIVE APPLICATIONS RESPONSIBLYRESPONSIBLE AI TRANSPARENCY REPORTBecause there is no finish line for responsible AI,our framework is iterative.Teams repeat processes to govern,map,measure,and manage AI-related risks throughout the product development and deployment cycle.As we expand and evolve our responsible AI program,each new improvement builds on the foundation of the Responsible AI Standard.For example,we recently updated our Security Development Lifecycle(SDL)to integrate Responsible AI Standard governance steps.We also enhanced internal guidance for our SDL threat modeling requirement,which integrates ongoing learnings about unique threats specific to AI and machine learning(ML).10 Incorporating responsible AI requirements into existing security guidance embodies our unified approach to developing and deploying AI responsibly.Threat modeling is key to mapping potential vulnerabilities,enabling us to measure and manage risks,and closely evaluate the impacts of mitigations.Evolving our cybersecurity development cycle in the new age of AIWeve developed and deployed technology using our state-of-the-art cybersecurity practices for decades.In our efforts to develop robust and secure AI infrastructure,we build on our extensive cybersecurity experience and work closely with cybersecurity teams from across the company.Our holistic approach is based on thorough governance to shield AI applications from potential cyberattacks across multiple vectors.Defense strategies include governance of AI security policies and practices;identification of potential risks in AI applications,data,and supply chains;protection of applications and information;detection of AI threats;and response and recovery from discovered AI issues and vulnerabilities,including through rapid containment.We take valuable learnings from these strategies,customer feedback,and external researcher engagement to continuously improve our AI security best practices.All Microsoft products are subject to Security Development Lifecycle(SDL)practices and requirements.11 Teams must execute threat modeling to map potential vulnerabilities,measure and manage risks,and closely evaluate the impacts of mitigations.Central engineering teams and our Digital Security and Resilience team facilitate and monitor SDL implementation to verify compliance and secure our products.Additional layers of security include centralized and distributed security engineering,physical security,and threat intelligence.Security operations teams drive implementation and enforcement.We synthesize and organize learnings about AI threats into security frameworks,such as:The Adversarial Machine Learning Threat Matrix,which we developed with MITRE and others.12Our Aether13 Security Engineering Guidance,which added AI-specific threat enumeration and mitigation guidance to existing SDL threat modeling practices.14Our AI bug bar,which provides a severity classification for vulnerabilities that commonly impact AI and ML applications.15 Further,we apply SDL protection,detection,and response requirements to AI technology.Specifically for our products that leverage pre-trained models,model weights are encrypted-at-rest and encrypted-in-transit to mitigate the potential risk of model theft.We apply more stringent security controls for high-risk technology,such as for protecting highly capable models.For example,in our AI product environments where highly capable proprietary AI models are deployed,we employ strong identity and access control.We also use holistic security monitoring(for both external and internal threats)with rapid incident response and continuous security validation(such as simulated attack path analysis).91.HOW WE BUILD GENERATIVE APPLICATIONS RESPONSIBLYRESPONSIBLE AI TRANSPARENCY REPORTMap:Identifying risksAs part of our overall approach to responsible development and deployment,we identify AI risks through threat modeling,16 responsible AI impact assessments,17 customer feedback,incident response and learning programs,external research,and AI red teaming.Here,we discuss our evolving practice of AI red teaming.Red teaming,originally defined as simulating real-world attacks and exercising techniques that persistent threat actors might use,has long been a foundational security practice at Microsoft.18 In 2018,we established our AI Red Team.This group of interdisciplinary experts dedicated to thinking like attackers and probing AI applications for failures19 was the first dedicated AI red team in industry.20 Recently,we expanded our red teaming practices to map risks outside of traditional security risks,including those associated with non-adversarial users and those associated with responsible AI,like the generation of stereotyping content.Today,the AI Red Team maps responsible AI and security risks at the model and application layers:Red teaming models.Red teaming the model helps to identify how a model can be misused,scope its capabilities,and understand its limitations.These insights not only guide the development of platform-level evaluations and mitigations for use of the model in applications but can also be used to inform future versions of the model.Red teaming applications.Application-level AI red teaming takes a system view,of which the base model is one part.This helps to identify failures beyond just the model,by including the application specific mitigations and safety system.Red teaming throughout AI product development can surface previously unknown risks,confirm whether potential risks materialize in an application,and inform measurement and risk management.The practice also helps clarify the scope of an AI applications capabilities and limitations,identify potential for misuse,and surface areas to investigate further.For generative applications we characterize as high-risk,we implement processes to ensure consistent and holistic AI red teaming by experts independent from the product team developing the application.We are also building external red teaming capacity to enable third-party testing before releasing highly capable models,consistent with our White House Voluntary Commitments.21 Externally led red teaming for highly capable models will cover particularly sensitive capabilities,including those related to biosecurity and cybersecurity.In 2018We established the first dedicated AI red team in industry.101.HOW WE BUILD GENERATIVE APPLICATIONS RESPONSIBLYRESPONSIBLE AI TRANSPARENCY REPORTMeasure:Assessing risks and mitigationsAfter mapping risks,we use systematic measurement to evaluate application and mitigation performance against defined metrics.For example,we can measure the likelihood of our applications to generate identified content risks,the prevalence of those risks,and the efficacy of our mitigations in preventing those risks.We regularly broaden our measurement capabilities.Some examples include:22Groundedness,to measure how well an applications generated answers align with information from input sources.Relevance,to measure how directly pertinent a generated answer is to input prompts.Similarity,to measure the equivalence between information from input sources and a sentence generated by an application.Content risks,multiple metrics through which we measure an applications likelihood to produce hateful and unfair,violent,sexual,and self-harm related content.Jailbreak success rate,to measure an applications resiliency against direct and indirect prompt injection attacks that may lead to jailbreaks.We also share capabilities and tools that support measurement of responsible AI concepts and development of new metrics.We share some of these tools as open source on GitHub and with our customers via Azure AI,which includes Azure Machine Learning and Azure AI Studio.Azure AI Content Safetyuses advanced language and vision models to help detect content risks such as hateful,sexual,violent,or self-harm related content.Safety evaluations in Azure AI StudioMany generative applications are built on top of large language models,which can make mistakes,generate content risks,or expose applications to other types of attacks.While risk management approaches such as safety system messages and content filters are a great start,its also crucial to evaluate applications to understand if the mitigations are performing as intended.With Azure AI Studio safety evaluations,customers can evaluate the outputs of generative applications for content risks such as hateful,sexual,violent,or self-harm related content.Additionally,developers can evaluate their applications for security risks like jailbreaks.Since evaluations rely on a robust test dataset,Azure AI Studio can use prompt templates and an AI-assisted simulator to create adversarial AI-generated datasets to evaluate generative applications.This capacity harnesses learning and innovation from Microsoft Research,developed and honed to support the launch of our own first-party Copilots,and is now available to customers in Azure as part of our commitment to responsible innovation.111.HOW WE BUILD GENERATIVE APPLICATIONS RESPONSIBLYRESPONSIBLE AI TRANSPARENCY REPORTManage:Mitigating AI risksOnce risks have been mapped and measured,they need to be managed.We evaluate and improve our generative AI products across two layers of the technology to provide a defense in depth approach to mitigating risks.1Platform:Based on the products intended use,model-level mitigations can guide the application to avoid potential risks identified in the mapping phase.For example,teams can experiment with and fine-tune different versions of many generative AI models to see how potential risks surface differently in their intended use.This experimentation allows teams to choose the right model for their application.In addition,platform-level safety measures such as content classifiers reduce risks by blocking potentially harmful user inputs and AI-generated content.For example,Azure AI Content Safety provides API-level filters for content risks.Harmful user input or content risks generated by the AI model will be blocked when flagged by Azure AI Content Safety.2Application:A number of mitigations implemented in a specific application can also further manage risks.For example,grounding a models outputs with input data alongside safety system messages to limit the model within certain parameters helps the application align with our responsible AI Standard and user expectations.For example,a safety system message guides Microsoft Copilot in Bing to respond in a helpful tone and cite its sources.23 Additionally,user-centered design is an essential aspect of our approach to responsible AI.Communicating what the technology is and is not intended to do shows the applications potential,communicates its limitations,and helps prevent misuse.For example,we include in-product disclosures of AI-generated content in our Copilots,FAQs on responsible AI for our applications like GitHub Copilot,24 and Transparency Notes for our platform products such as Azure OpenAI Service.25As part of our commitment to build responsibly and help our customers do so as well,we integrate content filtering across Azure OpenAI Service.26 We regularly assess our content filtering systems to improve accuracy and to ensure theyre detecting as much relevant content as possible.Over the past year,we expanded our detection and filtering capabilities to include additional risk categories,such as jailbreaks,and improved the performance of our text,image,multimodal,and jailbreak models.These improvements rely on expert human annotators and linguists who evaluate offline evaluation sets.We also anonymously sample online traffic to monitor for regressions while leveraging the at-scale annotation capabilities of OpenAIs GPT-4.Importantly,weve made these detection and evaluation tools available to our customers with the October 2023 general release of Azure AI Content Safety.Customers can choose to use our advanced language and vision models to help detect hate,violent,sexual,and self-harm related content,plus added jailbreak protections.When problematic content is detected,the models assign estimated severity scores to help customers efficiently tackle prioritized items and take action to reduce potential harm.27 The models are offered in Azure AI Content Safety as standalone APIs,and customers can configure the filters to detect content with defined severity scores to fit their specific goals and policies.The application of AI in our safety systems empowers organizations to monitor and support product safety at a scale that would be impossible for humans alone.These same tools are also offered in Azure AI Studio,Azure Open AI,and Azure AI Content safety where customers can discover,customize,and operationalize large foundation models at scale.121.HOW WE BUILD GENERATIVE APPLICATIONS RESPONSIBLYRESPONSIBLE AI TRANSPARENCY REPORTA new jailbreak risk detection modelBecause generative AI models have advanced capabilities,they can be susceptible to adversarial inputs that can result in safety system bypass.These could provoke restricted behaviors and deviations from built-in safety instructions and system messages.This kind of adversarial technique is called a“jailbreak attack,”also known as a user prompt injection attack(UPIA).In October 2023,to increase the safety of large language model deployments,we released a new jailbreak risk detection model,now called prompt shield.Prompt shield was integrated with existing comprehensive content safety filtering systems across Azure OpenAI Service and made available in Azure AI Content Safety as an API.When a jailbreak attempt is detected,customers can choose to take a variety of steps best suited for their application,such as further investigations or banning users.Types of jailbreak attacksPrompt shield recognizes four different classes of UPIA.CategoryDescriptionAttempt to change application rules This category includes requests to use a new unrestricted application without rules,principles,or limitations,or requests instructing the application to ignore,forget,or disregard rules,instructions,or previous turns.Embedding a conversation mockup to confuse the model This attack takes user-crafted conversational turns embedded in a single user query to instruct the application to disregard rules and limitations.Role-play This attack instructs the application to act as another persona without application limitations or assigns anthropomorphic human qualities to the application,such as emotions,thoughts,and opinions.Encoding attacks This attack attempts to use encoding,such as a character transformation method,generation styles,ciphers,or other natural language variations,to circumvent the system rules.In March 2024,prompt shield was expanded to include protections against indirect prompt injection attacks,where a generative application processes malicious information not directly authored by the application developer or the user,which can result in safety system bypass.28Limited Access for customized service safety settings Because safety is a priority for us,our Azure OpenAI Service is offered with default content safety settings and safeguards.Customers must complete registration under our Limited Access policy framework29 and attest to approved use cases to gain access to Azure OpenAI Service.Customized settings for content filters and abuse monitoring are only allowed for approved use cases,and access to the broadest range of configurability is limited to managed customers.Managed customers are those who are working directly in trusted partnerships with Microsoft account teams.Managed customers must also attest their use cases for customized content filtering and abuse monitoring.All customers must follow the Azure OpenAI Service Code of Conduct,30 which outlines mitigations and content requirements that apply to all customer uses to support safe deployment.In the next section,we use a specific example of an identified riskinformation integrity risks in the age of generative AIto illustrate how we manage risks by combining technological advancements with policies and programs.131.HOW WE BUILD GENERATIVE APPLICATIONS RESPONSIBLYRESPONSIBLE AI TRANSPARENCY REPORTManaging information integrity risks in the age of generative AI Amid growing concern that AI can make it easier to create and share disinformation,we recognize that it is imperative to give users a trusted experience.As generative AI technologies become more advanced and prevalent,it is increasingly difficult to identify AI-generated content.An image,video,or audio clip generated by AI can be indistinguishable from real-world capture of scenes by cameras and other human-created media.As more creators use generative AI technologies to assist their work,the line between synthetic content created by AI tools and human-created content will increasingly blur.Labeling AI-generated content and disclosing when and how it was made(otherwise known as provenance)is one way to address this issue.In May 2023,we announced our intent to build new media provenance capabilities that use cryptographic methods to mark and sign AI-generated content with metadata about its source and history.Since then,weve made significant progress on our commitment to deploy new state-of-the-art tools to help the public identify AI-generated audio and visual content.By the end of 2023,we were automatically attaching provenance metadata to images generated with OpenAIs DALL-E 3 model in our Azure OpenAI Service,Microsoft Designer,and Microsoft Paint.This provenance metadata,referred to as Content Credentials,includes important information such as when the content was created and which organization certified the credentials.To apply Content Credentials to our products AI-generated images,we use an open technical standard developed by the Coalition for Content Provenance and Authenticity(C2PA),which we co-founded in 2021.The industry has increasingly adopted the C2PA standard,which requires cryptographic methods to sign,seal,and attach metadata to the file with a trusted identity certificate.This means C2PA Content Credentials can deliver a high level of trust with information that is tamper-evident while also preserving privacy.Certification authorities issue identity certificates to vetted organizations,and individual sources within those organizations can be anonymized.The C2PA coalition and standard body builds on our early efforts to prototype and develop provenance technologies and our collaboration with the provenance initiative Project Origin,31 which we founded alongside the British Broadcasting Corporation,the Canadian Broadcasting Corporation,and the New York Times to secure trust in digital media.Beyond Microsoft,we continue to advocate for increased industry adoption of the C2PA standard.There are now more than 100 industry members of C2PA.In February 2024,OpenAI announced that they would implement the C2PA standard for images generated by their DALL-E 3 image model.This is in addition to completing pre-deployment risk mapping and leveraging red-teaming practices to reduce potential for harman approach similar to ours.While the industry is moving quickly to rally around the C2PA standard,relying on metadata-based provenance or even watermarking approaches alone will be insufficient.It is important to combine multiple methods,such as embedding invisible watermarks,alongside C2PA Content Credentials and fingerprinting,to help people recover provenance information when it becomes decoupled from its content.Additionally,authentication,verification,and other forensic technologies allow people to evaluate digital content for generative AI contributions.No disclosure method is foolproof,making a stacked mitigation approach especially important.We continue to test and evaluate combinations of techniques in addition to new methods altogether to find effective provenance solutions for all media formats.For example,text can easily be edited,copied,and transferred between file formats,which interferes with current technical capabilities that attach Content Credentials to a files metadata.We remain committed to investing in our own research,sharing our learnings,and collaborating with industry peers to address ongoing provenance concerns.In May 2023we announced our intent to build new media provenance capabilities that use cryptographic methods to mark and sign AI-generated content with metadata about its source and history.End of 2023we began to automatically apply Content Credentials to AI-generated images from Microsoft Designer,Microsoft Paint,and DALL-E 3 in our Azure OpenAI Service.141.HOW WE BUILD GENERATIVE APPLICATIONS RESPONSIBLYRESPONSIBLE AI TRANSPARENCY REPORTThis work is especially important in 2024,a year in which more people will vote for their elected leaders than any year in human history.A record-breaking elections year combined with the fast pace of AI innovation may offer bad actors new opportunities to create deceptive AI content(also known as“deepfakes”)designed to mislead the public.To address this risk,we worked with 19 other companies,including OpenAI,to announce the new Tech Accord to Combat Deceptive Use of AI in 2024 Elections at the Munich Security Conference in February 2024.32 These commitments include advancing provenance technologies,innovating robust disclosure solutions,detecting and responding to deepfakes in elections,and fostering public awareness and resilience.Since signing the Tech Accord,we continue to make progress on our commitments.We recently launched a portal for candidates to report deepfakes on our services.33 And in March,we launched Microsoft Content Integrity tools in private preview,to help political candidates,campaigns,and elections organizations maintain greater control over their content and likeness.The Content Integrity tools include two components:first,a tool to certify digital content by adding Content Credentials,and second,tools to allow the public to check if a piece of digital content has Content Credentials.34In addition to engaging in external research collaborations35 and building technical mitigations,its equally important to consider policies,programs,and investments in the broader ecosystem that can further manage information integrity risks associated with generative AI.We know that false or misleading information is more likely to spread in areas where there is limited or no local journalism.A healthy media ecosystem acts as a virtual town square where people gather reliable information and engage on the most pressing issues facing society.We support independent journalism to advance free,open coverage of important issues on a local and national scale.Our Democracy Forward Journalism Initiative provides journalists and newsrooms with tools and technology to help build capacity,expand their reach and efficiency,distribute trustworthy content,and ultimately provide the information needed to sustain healthy democracies.36In addition to the commitments made in the Tech Accord,we continue to build on our existing programs to protect elections and advance democratic values around the world.We support the rights of voters,candidates,political campaigns,and election authorities through a variety of programs and investments.These include our partnership with the National Association of State Election Directors,our endorsement of the Protect Elections from Deceptive AI Act in the United States,and our Elections Communications Hub.37Case Study:Content Credentials for Microsoft DesignerMicrosoft Designer allows users to input text prompts to generate images,such as the one below which was generated using the prompt:“people using an AI system for farming in a corn field.”Each image,like this one generated by Designer,is automatically marked and signed with Content Credentials,displayed in the right pane of the product interface.The Content Credentials indicate the date and time of creation using AI.Because Content Credentials are cryptographically signed and sealed as part of the image files metadata,this information is tamper-evident and can be examined with tools such as Content Authenticity Initiatives open source Verify tool38 and our Content Integrity Check tool.39 Both tools are available as websites where users can upload files to check Content Credentials.For example,the image to the right shows that when examined with Verify or Check,Content Credentials for images generated by Designer indicate that they were created by a Microsoft product and the date of generation.We continue to build provenance capabilities into our products,including most recently in the DALL-E 3 series models hosted in Azure OpenAI Service.AI-generated images from Azure OpenAI Service using DALL-E 3 now include provenance information that attach source and generation date through Content Credentials.40151.HOW WE BUILD GENERATIVE APPLICATIONS RESPONSIBLYRESPONSIBLE AI TRANSPARENCY REPORTThird-party evaluation of Microsoft DesignerThe work of AI risk management cannot be done by companies alone.This is why we are committed to learning from stakeholders in academia,civil society,and government whose perspectives,evaluations,and concerns we consider as we build.Below is an example of how weve exercised this commitment through an external assessment of Microsoft Designer.Designer is a general use text-to-image generative AI tool.Its many uses can make it vulnerable to adversarial use,including the generation of images that can be used for information operations.While we cant control what happens to images generated by our applications once they leave our platform,we can mitigate known risks at the user input and image output stages.This is why weve put in place safeguards to restrict what the application will generate,including deceptive images that could further information operations.To better understand the risk of misleading images,reduce potential harms,and promote information integrity,we partnered with NewsGuard to evaluate Designer.NewsGuard is an organization of trained journalists that scores news sources for adherence to journalistic principles.As part of their analysis,NewsGuard prompted Designer to create visuals that reinforced or portrayed prominent false narratives related to politics,international affairs,and elections.Of the 275 images created:Mitigations worked in 88 percent of the attempts and the output images contained no problematic content.12 percent of the output images contained problematic content.To enhance performance related to information integrity,we regularly improve prompt blocking,content filters,and safety system message mitigations.Following the mitigation improvements,we input the same prompts developed by NewsGuard which had previously resulted in problematic content and reevaluated the images generated by Designer.We found that only 3.6 percent of the output images contained problematic content.NewsGuards analysis and our mitigation improvements were steps in the right direction,but there is more work to be done.Evaluating and managing risks of our generative applications is an ongoing process and inherently iterative in nature.As new issues surfaceidentified by our internal responsible AI practices,external evaluations,and feedback submitted by userswe take action to address them.In addition,the question of how to build scaled measurement for evaluating information integrity in images is still an open research question.To address this challenge,we are excited to announce a new collaboration with researchers from Princetons Empirical Studies and Conflict Project to advance this research.96.4%of test prompts successfully mitigated following improvements to the Designer safety system.16RESPONSIBLE AI TRANSPARENCY REPORTSection 2.How we make decisions about releasing generative applications2.HOW WE MAKE DECISIONS ABOUT RELEASING GENERATIVE APPLICATIONS2.HOW WE MAKE DECISIONS ABOUT RELEASING GENERATIVE APPLICATIONS17RESPONSIBLE AI TRANSPARENCY REPORTDeployment safety for generative AI applicationsAt each stage of the map,measure,and manage process for generative AI releases,weve built best practices,guidelines,and tools that reflect our learnings from the last year of releasing generative applications.For example,when teams are asked to evaluate the potential for generative applications to produce ungrounded content,they are provided with centralized tools to measure that risk alongside patterns and best practices to guide their design of specific mitigations for their generative application.After teams complete their initial analysis,senior experts review the evaluations and mitigations and make any further recommendations or requirements before products are launched.These reviews ensure that we apply a consistent and high bar to the design,build,and launch of our generative AI applications.When gaps are identified,these experts dive deep with product teams and leaders to assess the problems and agree on further mitigations and next steps.This oversight by senior leadership provides important touch points throughout a products development cycle to manage risks across the company.This process improves each AI product and generates important lessons to apply to our map,measure,and manage approach.As we learn more about how generative AI is used,we continue to iterate on our requirements,review processes,and best practices.In this section,we share what weve learned through two examples.These short case studies demonstrate how weve improved our products through our work to map,measure,and manage risks associated with generative AI.Our collaboration with OpenAIWhile we often build and deploy state-of-the-art AI technology,we also partner with other companies building advanced AI models,including OpenAI.Our most recent agreement with OpenAI41 extends our ongoing collaborations in AI supercomputing and research.The agreement also allows both OpenAI and Microsoft to independently commercialize any advanced technologies developed by OpenAI.We deploy OpenAIs models across several consumer and enterprise products,including Azure OpenAI Service,which enables developers to build cutting-edge AI applications through OpenAI models with the benefit of Azures enterprise-grade capabilities.Microsoft and OpenAI share a commitment to building AI systems and products that are trustworthy and safe.OpenAIs leading research on AI Alignment,42 their preparedness framework,43 and our Responsible AI Standard establish the foundation for the safe deployment of our respective AI technologies and help guide the industry toward more responsible outcomes.2.HOW WE MAKE DECISIONS ABOUT RELEASING GENERATIVE APPLICATIONS18RESPONSIBLE AI TRANSPARENCY REPORTCase Study:Safely deploying Copilot StudioIn 2023,we released Copilot Studio,which harnesses generative AI to enable customers without programming or AI skills to build their own copilots.44 Natural language processing enables the cloud-based platform to interpret customer prompts and create interactive solutions that customers can then deploy to their users.It also enables customers to test,publish,and track the performance of copilots within the platform so they remain in control of the experience.As with all generative applications,the Copilot Studio engineering team mapped,measured,and managed risks according to our governance framework prior to deployment.Map.As part of their process,the engineering team mapped key risks associated with the product in their Responsible AI Impact Assessment as well as security and privacy reviews,including the potential for copilots to provide ungrounded responses to user prompts.Measure and Manage.The Copilot Studio team worked with subject matter experts to measure and manage key risks iteratively throughout the development and deployment process.To mitigate AI-generated content risks,the Copilot Studio team included safety system message mitigations and leveraged Azure OpenAI Services content filtering capabilities to direct copilots to generate only acceptable content.One of the key risks for this product is groundedness,or potential for AI-generated output to contain information that is not present in the input sources.By improving groundedness mitigations through metaprompt adjustments,the Copilot Studio team significantly enhanced in-domain query responses,increasing the in-domain pass rate from 88.6 percent to 95.7 percent.This means that when a user submits a question that is in-domainor topically appropriatecopilots built with Copilot Studio are able to respond more accurately.This change also resulted in a notable 6 percent increase in answer rate within just one week of implementation.In other words,the improved groundedness filtering also reduced the number of queries that copilots declined to respond to,improving the overall user experience.The team also introduced citations,so copilot users have more context on the source of information included in AI-generated outputs.By amending the safety system message and utilizing content filters,the Copilot Studio team improved citation accuracy from 85 percent to 90 percent.Following the map,measure,and manage framework and supported by robust governance processes,the Copilot Studio team launched an experience where customers can build safer and more trustworthy copilots.Case Study:Safely deploying GitHub CopilotGitHub Copilot is an AI-powered tool designed to increase developer productivity through a variety of features,including code suggestions and chat experience to ask questions about code.45 Code completion is a feature that runs in the integrated development environment(IDE),providing suggested lines of code as developers work on projects.GitHub Copilot Chat can be used in different environments,including the IDE and on GitH,and provides a conversational interface for developers to ask coding questions.GitHub Copilot runs on a variety of advanced Microsoft and OpenAI technologies,including OpenAIs GPT models.In developing the features for GitHub Copilot,the team worked with their Responsible AI Championsresponsible AI experts within their organizationto map,measure,and manage risks associated with using generative AI in the context of coding.Map.The team completed their Responsible AI Impact Assessment as well as security and privacy reviews to map different risks associated with the product.These risks included 1)the generation of code that may appear valid but may not be semantically or syntactically correct;2)the generation of code that may not reflect the intent of the developer;and 3)more fundamentally,whether GitHub Copilot was actually increasing developer productivity.The last category,generally referred to as fitness for purpose,is an important concept for establishing that an AI application effectively addresses the problem its meant to solve.Measure.In addition to assessing performance,like the quality of responses,and running measurement sets to evaluate risks like insecure code or content risks,the GitHub Copilot team set out to understand if Copilot improved developer productivity.Research on how 450 developers at Accenture used the GitHub Copilot code completion feature over six months found that:4694 percent of developers reported that using GitHub Copilot helped them remain in the flow and spend less effort on repetitive tasks.90 percent of developers spent less time searching for information.90 percent of developers reported writing better code with GitHub Copilot.95 percent of developers learned from Copilot suggestions.2.HOW WE MAKE DECISIONS ABOUT RELEASING GENERATIVE APPLICATIONS19RESPONSIBLE AI TRANSPARENCY REPORTCase Study:Safely deploying GitHub Copilot,cont.In a follow-on study of GitHub Copilot Chat,the team saw similar improvements in productivity.47 In this study,researchers recruited 36 participants that had between five and ten years of coding experience.Participants were asked to a)write code,being randomly assigned to use or not use GitHub Copilot Chat and b)review code,being randomly assigned to review code that was authored with assistance from GitHub Copilot Chat or not.The researchers created a framework to evaluate code quality,asking participants to assess if code was readable,reusable,concise,maintainable,and resilient.In analyzing the data,researchers found that:85 percent of developers felt more confident in their code quality when authoring code with GitHub Copilot and GitHub Copilot Chat.Code reviews were more actionable and completed 15 percent faster than without GitHub Copilot Chat.88 percent of developers reported maintaining flow state with GitHub Copilot Chat because they felt more focused,less frustrated,and enjoyed coding more.This research indicates that not only is GitHub Copilot making developers more productive,it also increases developer satisfaction.Manage.As weve shared throughout the report,risks often need to be mitigated at multiple levels,and mitigations often work to manage multiple risks.Human oversight.Responsible AI is a shared responsibility,and our goal is to empower users to use GitHub Copilot in a safe,trustworthy,and reliable way.To support developer oversight of AI-generated code,GitHub Copilot was designed to offer suggested lines of code,which a developer reviews and accepts.In GitHub Copilot Chat,developers can review and copy code suggestions generated in the chat window into their coding environment.Importantly,the developer remains in control of the code theyre writing.48Staying on topic.While the models behind GitHub Copilot can generate a wide range of content,one key approach to mitigate AI-generated content risks is to keep conversations limited to coding.The GitHub Copilot team built a classifier to reduce the number of off-topic conversations on the platform to keep conversations on topic and to protect users.In addition to the off-topic classifier,GitHub Copilot runs a variety of content filters,including to block content related to self-harm,violence,and hate speech.Transparency.The transparency documentation we provide on our GitHub Copilot features provides developers with important information about how best to use the features responsibly.49,50 We also bake transparency right into the experience.GitHub Copilot discloses that code suggestions are AI-generated and may contain mistakes,empowering developers to make informed decisions about how best to use GitHub Copilot features.2.HOW WE MAKE DECISIONS ABOUT RELEASING GENERATIVE APPLICATIONS20RESPONSIBLE AI TRANSPARENCY REPORTSensitive Uses program in the age of generative AIThe generative AI release process integrates with existing responsible AI programs and processes,such as our Sensitive Uses program,established in 2017 to provide ongoing review and oversight of high-impact and higher-risk uses of AI.Employees across the company must report AI uses to our Sensitive Uses program for in-depth review and oversight if the reasonably foreseeable use or misuse of AI could have a consequential impact on an individuals legal status or life opportunities,present the risk of significant physical or psychological injury,or restrict,infringe upon,or undermine the ability to realize an individuals human rights.Particularly high-impact use cases are also brought before our Sensitive Uses Panel.Professionals from across our research,policy,and engineering organizations with expertise in human rights,social science,privacy,and security lend their expertise to the Sensitive Uses team and the Sensitive Uses Panel to help address complex sociotechnical issues and questions.After review and consultation,the Sensitive Uses team delivers directed,concrete guidance and mitigation requirements tailored to the project.Since 2019,the Sensitive Uses team has received over 900 submissions,including 300 in 2023 alone.In 2023,nearly 70 percent of cases were related to generative AI.The increase in generative AI cases led to new insights about emerging risks,such as the capability of generative applications to make ungrounded inferences about a person.In some scenarios,our teams observed that a chatbot could provide realistic sounding but incorrect responses to questions that were outside the scope of their grounding data.Depending on the context,these ungrounded responses could misattribute actions or information about individuals or groups.For example,a chatbot designed to answer questions about workplace benefits shouldnt answer questions about employee performance when that information is not included in the grounding data.Some of the mitigations that can prevent ungrounded inferences include safety system message provisions to guide which questions chatbots should respond to,ensuring that application responses are grounded in the right source data,and isolating private data.Once risks are assessed by the Sensitive Uses team,guidance is given to product teams on the mitigations for the use case.900submissions have been received by the Sensitive Uses team since 2019,including 300 in 2023 alone.Nearly 70%of cases in 2023 were related to generative AI.2.HOW WE MAKE DECISIONS ABOUT RELEASING GENERATIVE APPLICATIONS21RESPONSIBLE AI TRANSPARENCY REPORTSensitive Uses in action:Microsoft Copilot for SecurityOne example of a product that underwent Sensitive Uses review is Copilot for Security,51 an AI-powered tool that helps security professionals respond to threats and assess risk exposure faster and more accurately.Copilot for Security uses generative AI to investigate analysts digital environments,flag suspicious activity or content,and improve analysts response to incidents.It generates natural language insights and recommendations from complex data,which helps analysts catch threats they may have otherwise missed and helps organizations potentially prevent and disrupt attacks at machine speed.Through a Responsible AI Impact Assessment and with the support of their Responsible AI Champion,the Copilot for Security team identified that the project could meet the threshold for Sensitive Uses.They submitted the project to the Sensitive Uses program as part of early product development.The Sensitive Uses team confirmed that Microsoft Copilot for Security met the criteria for a Sensitive Uses review.They then worked with the product team and Responsible AI Champion to map key risks associated with the product,including that analysts could be exposed to potential content risks as part of their work.The team landed on an innovative approach to address risks,which,due to the nature of routine security work,are different than those for consumer solutions.For example,security professionals may encounter offensive content or malicious code in source information.To allow analysts to stay in control of when they encounter potentially harmful content,the team made sure that Microsoft Copilot for Security surfaces these risks when requested by the security professionals.While Microsoft Copilot for Security suggests next steps,analysts ultimately decide what to do based on their organizations unique needs.The Copilot for Security team worked closely with subject matter experts to validate their approach and specific mitigations.They improved in-product messaging to avoid overreliance on AI-generated outputs.They also refined metrics for grounding to improve the products generated content.Through required ongoing monitoring of the product over the course of its phased releases,the team triaged and addressed responsible AI issues weekly.This process led to a more secure,transparent,and trustworthy generative AI product that empowers security professionals to protect their organizations and customers,furthering our pursuit of the next generation of cybersecurity protection.5222RESPONSIBLE AI TRANSPARENCY REPORTSection 3.How we support our customers in building AI responsiblyIn addition to building our own AI applications responsibly,we empower our customers with responsible AI tools and features.We invest in our customers responsible AI goals in three ways:1We stand behind our customers deployment and use of AI through our AI Customer Commitments.2We build responsible AI tools for our customers to use in developing their own AI applications responsibly.3We provide transparency documentation to customers to provide important information about our AI platforms and applications.3.HOW WE SUPPORT OUR CUSTOMERS IN BUILDING RESPONSIBLY3.HOW WE SUPPORT OUR CUSTOMERS IN BUILDING RESPONSIBLY23RESPONSIBLE AI TRANSPARENCY REPORTAI Customer Commitments In June 2023,we announced our AI Customer Commitments,53 outlining steps to support our customers on their responsible AI journey.We recognize that ensuring the right guardrails for the responsible use of AI will not be limited to technology companies and governments.Every organization that creates or uses AI applications will need to develop and implement governance systems.We made the following promises to our customers:We created an AI Assurance Program to help customers ensure that the AI applications they deploy on our platforms meet the legal and regulatory requirements for responsible AI.This program includes regulator engagement support,along with our promise to attest to how we are implementing the NIST AI Risk Management Framework.We continue to engage with customer councils,listening to their views on how we can deliver the most relevant and compliant AI technology and tools.We created a Responsible AI Partner program for our partner ecosystem and 11 partners have joined the program so far.These partners have created comprehensive practices to help customers evaluate,test,adopt,and commercialize AI solutions.54 We announced,and later expanded,the Customer Copyright Commitment55 in which Microsoft will defend commercial customers who are sued by a third party for copyright infringement for using Azure OpenAI Service,our Copilots,or the outputs they generate and pay any resulting adverse judgments or settlements,as long as the customer met basic conditions such as not attempting to generate infringing content and using our required guardrails and content filters.56Ultimately,we know that these commitments are an important start,and we will build on them as both the technology and regulatory conditions evolve.We are excited by this opportunity to partner more closely with our customers as we continue on our responsible AI journey together.11partners have joined since we created the Responsible AI Partner program.3.HOW WE SUPPORT OUR CUSTOMERS IN BUILDING RESPONSIBLY24RESPONSIBLE AI TRANSPARENCY REPORTTools to support responsible developmentTo empower our customers,weve released 30 responsible AI tools that include more than 100 features to support customers responsible AI development.These tools work to map and measure AI risks and manage identified risks with novel mitigations,real-time detection and filtering,and ongoing monitoring.Tools to map and measure risksWe are committed to developing tools and resources that enable every organization to map,measure,and manage AI risks in their own applications.Weve also prioritized making responsible AI tools open access.For example,in February 2024,we released a red teaming accelerator,Python Risk Identification Tool for generative AI(PyRIT).57 PyRIT enables security professionals and machine learning engineers to proactively find risks in their generative applications.PyRIT accelerates a developers work by expanding on their initial red teaming prompts,dynamically responding to AI-generated outputs to continue probing for content risks,and automatically scoring outputs using content filters.Since its release on GitHub,PyRIT has received 1,100 stars and been copied more than 200 times by developers for use in their own repositories where it can be modified to fit their use cases.After identifying risks with a tool like PyRIT,customers can use safety evaluations in Azure AI Studio to conduct pre-deployment assessments of their generative applications susceptibility to generate low-quality or unsafe content,as well as to monitor trends post-deployment.For example,in November 2023 we released a limited set of generative AI evaluation tools in Azure AI Studio to allow customers to assess the quality and safety of their generative applications.58 The first pre-built metrics offered customers an easy way to evaluate their applications for basic generation quality metrics such as groundedness,which measures how well the models generated answers align with information from the input sources.In March 2024,we expanded our offerings in Azure AI Studio to include AI-assisted evaluations for safety risks across multiple content risk categories such as hate,violence,sexual,and self-harm,as well as content that may cause fairness harms and susceptibility to jailbreak attacks.59 Recognizing that evaluations are most effective when iterative and contextual,weve continued to invest in the Responsible AI Toolbox(RAI Toolbox).60 This open-source tool,which is also integrated with Azure Machine Learning,offers support for computer vision and natural language processing(NLP)scenarios.The RAI Toolbox brings together a variety of model understanding and assessment tools such as fairness analysis,model interpretability,error analysis,what-if exploration,data explorations,and causal analysis.This enables ML professionals to easily flow through different stages of model debugging and decision-making.As an entirely customizable experience,the RAI Toolbox can be deployed for various functions,such as holistic model or data analysis,comparing datasets,or explaining individual instances of model predictions.On GitHub,the RAI Toolbox has received 1,200 stars with more than 4,700 downloads per month.Tools to manage risks Just as we measure and manage AI risks across the platform and application layers of our generative products,we empower our customers to do the same.For example,Azure AI Content Safety helps customers detect and filter harmful user inputs and AI-generated content in their applications.Importantly,Azure AI Content Safety provides options to detect content risks along multiple categories and severity levels to enable customers to configure settings to fit specific needs.Another example is our system message framework and templates,which support customers as they write effective system messagessometimes called metapromptswhich can improve performance,align generative application behavior with customer expectations,and help mitigate risks in our customers applications.61In October 2023,we made Azure AI Content Safety generally available.Since then,weve continued to expand its integration across our customer offerings,including its availability in Azure AI Studio,a developer platform designed to simplify generative application development,and across our Copilot builder platforms,such as Microsoft Copilot Studio.We continue to expand customer access to additional risk management tools that detect risks unique to generative AI models and applications,such as prompt shield and groundedness detection.Prompt shield detects and blocks prompt injection attacks,which bad actors use to insert harmful instructions into the data processed by large language models.62 Groundedness detection finds ungrounded statements in AI-generated outputs and allows the customer to implement mitigations such as triggering rewrites of ungrounded statements.63In March 2024,we released risks&safety monitoring in Azure OpenAI Service,which provides tools for real-time harmful content detection and mitigation,offering insights into content filter performance on actual customer traffic and identifying users who may be abusing a generative application.64 Customers can use these insights to fine-tune content filters to align with their safety goals.Additionally,the potentially abusive user detection feature 3.HOW WE SUPPORT OUR CUSTOMERS IN BUILDING RESPONSIBLY25RESPONSIBLE AI TRANSPARENCY REPORTanalyzes trends in user behavior and flagged content to generate reports for our customers to decide whether to take further action in Azure AI Studio.The report includes a user ranking and an abuse report,enabling customers to take action when abuse is suspected.As we continue to improve our tools to map,measure,and manage generative AI risks,we make those tools available to our customers to enable an ecosystem of responsible AI development and deployment.Transparency to support responsible development and use by our customersBeginning in 2019,weve regularly released Transparency Notesdocumentation covering responsible AI topicsfor our platform services which customers use to build their own AI applications.Since then,weve published 33 Transparency Notes.Required for our platform services,these follow a specific template to provide customers with detailed information about capabilities,limitations,and intended uses to enable responsible integration and use.Some examples include Transparency Notes for Azure AI Vision Face API,65 Azure OpenAI Service,66 and Azure Document Intelligence.67In 2023,we expanded our transparency documentation beyond Transparency Notes.We now require our non-platform services,such as our Copilots,to publish Responsible AI Frequently Asked Questions(FAQs)and include user-friendly notices in product experiences to provide important disclosures.For example,Copilot in Bing provides users with responsible AI documentation68 and FAQs69 that detail our risk mapping,measurement,and management methods.In addition,when users interact with Copilot in Bing,we provide in-product disclosure to inform users that they are interacting with an AI application and citations to source material to help users verify information in the responses and learn more.Other important notices may include disclaimers about the potential for AI to make errors or produce unexpected content.These user-friendly transparency documents and product integrated notices are especially important in our Copilot experiences,where users are less likely to be developers.Transparency documentation and in-product transparency work together to enable our customers to build and use AI applications responsibly.And as with our other responsible AI programs,we anticipate that the ways we provide transparency for specific products will evolve as we learn.26RESPONSIBLE AI TRANSPARENCY REPORTSection 4.How we learn,evolve,and growAs weve prioritized our company-wide investments in responsible AI over the last eight years,people remain at the center of our progress.From our growing internal community to the global responsible AI ecosystem,the individuals and communities involved continue to push forward whats possible in developing AI applications responsibly.In this section,we share our approach to learning,evolving,and growing by bringing outside perspectives in,sharing learnings outwards,and investing in our community.4.HOW WE LEARN,EVOLVE,AND GROW4.HOW WE LEARN,EVOLVE,AND GROW27RESPONSIBLE AI TRANSPARENCY REPORTGovernance of responsible AI at Microsoft:Growing our responsible AI communityAt Microsoft,no one team or organization can be solely responsible for embracing and enforcing the adoption of responsible AI practices.Rather,everyone across every level of the company must adhere to these commitments in order for them to be effective.We developed our Responsible AI Standard to communicate requirements and guidance so all teams can uphold our AI principles as they develop AI applications.Specialists in research,policy,and engineering combine their expertise and collaborate on cutting-edge responsible AI practices.These practices ensure we meet our own commitments while also supporting our customers and partners as they work to build their own AI applications responsibly.Research:Researchers in Aether,70 Microsoft Research,71 and our engineering teams keep the responsible AI program on the leading edge of issues through thought leadership.They conduct rigorous AI research,including on transparency,fairness,human-AI collaboration,privacy,security,safety,and the impact of AI on people and society.Our researchers actively participate in broader discussions and debates to ensure that our responsible AI program integrates big-picture perspectives and input.Policy:The Office of Responsible AI(ORA)collaborates with stakeholders and policy teams across the company to develop policies and practices to uphold our AI principles when building AI applications.ORA defines roles and responsibilities,establishes governance systems,and leads Sensitive Use reviews to help ensure our AI principles are upheld in our development and deployment work.ORA also helps to shape the new laws,norms,and standards needed to ensure that the promise of AI technology is realized for the benefit of society at large.Engineering:Engineering teams create AI platforms,applications,and tools.They provide feedback to ensure policies and practices are technically feasible,innovate novel practices and new technologies,and scale responsible AI practices throughout the company.Our engineering teams draw on interactions with customers and user research to address stakeholder concerns in the development of our AI applications.Our responsible AI journey2016Satya NadellasSlate article2017Aether Committee establishedSensitive Uses of AI defined and program established2018AI Red TeamestablishedFacial RecognitionPrinciples adoptedAI Principlesadopted2019Responsible AI Standard v1Office of Responsible AI established2020Error Analysis Open Source tool released2021Responsible AI Dashboard released2022Responsible AI Standard v22023Launched Global PerspectivesCopyright CommitmentsCo-founded the Frontier Model Launched Azure AI Forum Content SafetyPublished White House Governing AI Voluntary BlueprintCommitments2024PyRIT,prompt shield,risks&abuse monitoring and more released 4.HOW WE LEARN,EVOLVE,AND GROW28RESPONSIBLE AI TRANSPARENCY REPORTMicrosoft BoardResponsible AI CouncilOffice of Responsible AIResearchPolicyEngineeringApplying lessons from previous efforts to address privacy,security,and accessibility,weve built a dedicated responsible AI program to guide our company-wide efforts.72 We combine a federated,bottom-up approach with strong top-down support and oversight by company leadership to fuel our policies,governance,and processes.From a governance perspective,the Environmental,Social,and Public Policy Committee of the Board of Directors provides oversight and guidance on responsible AI policies and programs.Our management of responsible AI starts with CEO Satya Nadella and cascades across the senior leadership team and all of Microsoft.At the senior leadership level,the Responsible AI Council provides a forum for business leaders and representatives from research,policy,and engineering.The council,co-led by Vice Chair and President Brad Smith and Chief Technology Officer Kevin Scott,meets regularly to grapple with the biggest challenges surrounding AI and to drive progress in our responsible AI policies and processes.Executive leadership and accountability are key drivers to ensure that responsible AI remains a priority across the company.At the community level,weve nurtured a unique Responsible AI Champion program that engages our engineering and global field teams in our responsible AI work.The Responsible AI Champion program is guided by a defined structure,with clear roles and responsibilities that empower our Champions and enable a culture of responsible AI across the company.Senior leaders accountable for responsible AI identify members of their organization to serve as Responsible AI Champions.These Champions enable their organizations to carry out our AI commitments by working together and learning from one anothers expertise.This company-wide network troubleshoots problems,offers guidance,and advises on how to implement the Responsible AI Standard.Our combined bottom-up and top-down approach empowers individuals,teams,and organizations and facilitates a culture of responsible AI by design.The collaborative and multidisciplinary structure embedded in our responsible AI program leverages the incredible diversity of the company73 and amplifies what we can achieve.Our engineering,policy,and research teams bring a wealth of passion,experience,and expertise,which enables us to develop and deploy safe,secure,and trustworthy AI.A dedicated responsible AI program Our combined bottom-up and top-down approach empowers individuals,teams,and organizations and facilitates a culture of responsible AI by design.4.HOW WE LEARN,EVOLVE,AND GROW29RESPONSIBLE AI TRANSPARENCY REPORTGrowing a responsible AI communityWe strongly believe that AI has the potential to create ripples of positive impact across the globe.Over the years,we have matched that belief with significant investments in new engineering systems,research-led incubations,and,of course,people.We continue to grow and now have over 400 people working on responsible AI,more than half of whom focus on responsible AI full-time.In the second half of 2023,we grew our responsible AI community 16.6 percent across the company.We increased the number of Responsible AI Champions across our engineering groups and grew the number of full-time employees who work on centralized responsible AI infrastructure,AI red teaming,and assessing launch readiness of our products.We continue to grow a diverse community to fulfill our commitments to responsible AI and to positively impact the products and tools that millions of people use every day.Some responsible AI community members provide direct subject matter expertise,while others build out responsible AI practices and compliance motions.Our community members hold positions in research,policy,engineering,sales,and other core functions,touching all aspects of our business.They bring varied perspectives rooted in their diverse professional and academic backgrounds,including liberal arts,computer science,international relations,linguistics,cognitive neuroscience,physics,and more.11,000attendees welcomed at SkillUp AI events.30,000employees reached through more than 40 events by our AI/ML connected community.Supporting our responsible AI community through trainingWe have an enormous opportunity to integrate AI throughout the products and services we offerand are dedicated to doing so responsibly.This journey begins with educating all of our employees.The 2023 version of our Standards of Business Conduct training,a business ethics course required companywide,covers the resources our employees use to develop and deploy AI safely.As of December 31,2023,99 percent of all employees completed this course,including the responsible AI module.For our responsible AI community members,our training goes even deeper.We provide extensive training for our over 140 Responsible AI Champions,more than 50 of whom joined the program in 2023.In turn,Responsible AI Champions help scale the implementation of responsible AI practices by training other members of the responsible AI community in their respective Microsoft organizations.This cascade strengthens peer relationships,builds trust among employees,and enables Champions to customize instruction to their specific organizations or divisions.We continue to refine our training to keep pace with rapid developments in AI,particularly for responsible AI-focused professionals.Weve developed learning sessions and resources for educating employees on responsible AI skills,our internal processes,and our approach to responsible AI.Ongoing education helps to keep our responsible AI subject matter experts current so they can disseminate up-to-date best practices throughout the company.We also provide training on general AI topics so our employees can improve their knowledge and abilities as AI becomes more important for both our society and our business.Throughout 2023,more than 100,000 employees attended conferences and events such as the AI/ML Learning Series and Hackathon,which has incubated more than 11,000 AI-focused projects.At these events,they learn the latest technologies and ways to apply responsible AI principles through company communities and channels.Our employees also lead by sharing their experiences and expertise.For example,our AI/ML connected community.reached nearly 30,000 employees through more than 40 events in 2023,and our SkillUp AI events welcomed more than 11,000 attendees.4.HOW WE LEARN,EVOLVE,AND GROW30RESPONSIBLE AI TRANSPARENCY REPORTBuilding safe and responsible frontier models through partnerships and stakeholder inputAI sits at the exciting intersection of technological breakthrough and real-world application.We are continually discovering new ways to push the limits with AI,innovating solutions to address societys biggest problems.Frontier models,highly capable AI models that go beyond todays state-of-the-art technologies,offer significant opportunities to help people be more productive and creative as well as hold major potential to address global challenges.Alongside these benefits,they also present risks of harm.That is why we are engaging in a number of partnerships across industry,civil society,and academia to share our learnings and learn from others.An important example of how we can lead through partnership is our co-founding of the Frontier Model Forum alongside Anthropic,Google,and OpenAI.The Frontier Model Forum is an industry non-profit dedicated to the safe and secure development of frontier AI models by sharing information,developing best practices,and advancing research in frontier AI safety.By leveraging the expertise of the founding members,as well as other organizations committed to developing and deploying frontier models safely,the Frontier Model Forum works toward four priorities:1Advance AI safety research.We must question,investigate,and collaborate on how to responsibly develop and deploy frontier models to address the challenges of frontier AI.We will collaborate to develop standardized approaches to enable independent evaluations of models capabilities and safety,where appropriate.2Contribute to the development and refinement of best practices.We are working with partners to identify best practices for the responsible development and deployment of frontier models and how to improve our practices as we continuously learn.3Share information and seek input.We work with policymakers,academics,civil society organizations,and the private sector to share knowledge about safety risks and continuously earn trust.We strongly believe that AI will touch virtually every aspect of life,so frontier models will need input from all corners of society to operate responsibly.4Support efforts to develop applications that can help meet societys greatest challenges.Innovation must play a central role in tackling complex and persistent issues,from human-caused climate change to global health.We continue to support the work of the Frontier Model Forum as it advances understanding of how to address frontier AI risks in a way that benefits organizations and communities around the world.4.HOW WE LEARN,EVOLVE,AND GROW31RESPONSIBLE AI TRANSPARENCY REPORTWe are also a founding member of the multi-stakeholder organization Partnership on AI(PAI).We consistently contribute to workstreams across its areas of focus,including safety-critical AI;fair,transparent,and accountable AI;AI,labor,and the economy;and AI and media integrity.In June 2023,we joined PAIs Framework for Collective Action on Synthetic Media.74 This set of practices guides the responsible development,creation,and sharing of media created with generative AI.We also participated in PAIs process to develop Guidance for Safe Foundation Model Deployment.75 We shared insights from our research on mapping,measuring,and mitigating foundation model risks and benefited from a multi-stakeholder exchange on this topic.We continually look for ways to engage with stakeholders who represent specific concerns.Since early 2023,we have been actively engaging with news publishers and content creators globally,including in the Americas,Europe,and Australia.We listen to feedback from creators and publishers to learn how creative industries are using generative AI tools and to understand concerns from creative communities.We have engaged in public and private consultations,roundtables,and events.For example,we participated in Creative Commons community meetings on generative AI and creator empowerment.We also sponsored the Creative Commons Global Summit on AI and the Commons held in Mexico City.76 This summit brought together a diverse set of artists,civil society leaders,technology companies,and academics to address issues related to AI and creative communities.We participated in the inaugural Centre for News Technology and Innovation roundtable on Defining AI in News.Attendees included news organizations,technology companies,and academics from the United States,the United Kingdom,Brazil,and Nigeria.A report from the event highlights areas of opportunity and further multi-stakeholder collaboration.77 In Australia,we also participated in government-led roundtables engaging with content and creative industries on addressing the issue of copyright and AI.We support creators by actively engaging in consultations with sector-specific groups to obtain feedback on our tools and incorporate their feedback into product improvements.For example,news publishers expressed hesitation around their content being used to train generative AI models.However,they did not want any exclusion from training datasets to affect how their content appeared in search results.In response to that feedback,we launched granular controls to allow web publishers to exercise greater control over how content from their websites is accessed and used.78 We are committed to responsibly scaling AI to empower every person on the planet to achieve more.Our engagements with the broader community of concerned artists,civil society organizations,and academics reflect our investment in learning as we evolve our approach to responsible AI.4.HOW WE LEARN,EVOLVE,AND GROW32RESPONSIBLE AI TRANSPARENCY REPORTUsing consensus-based safety frameworksTechnology sector-led initiatives comprise one important force to advance responsible AI.Industry and others stand to significantly benefit from the key role that governments can also play.From within the U.S.Department of Commerce,the National Institute for Standards and Technology(NIST)built and published a voluntary framework to develop AI applications and mitigate related risks.Extensive consultation with industry,civil society organizations,and academic stakeholders helped NIST refine this AI Risk Management Framework(AI RMF).We contributed to NIST consultations and have applied learnings from NISTs work ourselves,including our application of the NIST RMF in our generative AI requirements.To implement its tasks in Executive Order(EO)14110(on the Safe,Secure,and Trustworthy Development and Use of AI),NIST will consult with stakeholders to develop additional guidance,such as a generative AI-specific version of the AI RMF.Federal agencies and their AI providers can leverage the NIST AI RMF and NISTs additional reference materials to meet obligations required by the implementation of EO 14110.The NIST-led AI Safety Institute Consortium(AISIC),which we have joined,has launched five working groups.79 These working groups will contribute further guidance,datasets,frameworks,and test environments to advance the field of AI safety.Governments,industry,and other stakeholders can also partner to develop standards,including in international forums.Within the International Standards Organization(ISO),there are ongoing efforts to develop standards to support AI risk management,including the recent publication of ISO/IEC 42001,AI Management System(AIMS).Companion standards will also define controls and support assessments of their implementation.International standards help bring together global expertise in defining widely applicable practices that can serve as the basis for requirements in an interoperable ecosystem.We have also partnered with the national security and innovation nonprofit MITRE to incorporate security guidance for generative applications into its ATLAS framework.80 A recent update of the ATLAS framework includes the vulnerabilities of and adversarial attack tactics targeting generative AI and LLMs so organizations can better protect their applications.81 The framework also highlights case studies of real-world incidents,including how AI red teams and security professionals mitigated identified issues.Finally,the ATLAS update integrates feedback and best practices from the wider community of government,industry,academia,and security experts.This resource provides an actionable framework so security professionals,AI developers,and AI operators can advance safety in generative applications.We welcome these and other multi-stakeholder initiatives to advance responsible AI,knowing that these efforts produce results that address a broad range of concerns from a variety of stakeholders.4.HOW WE LEARN,EVOLVE,AND GROW33RESPONSIBLE AI TRANSPARENCY REPORTSupporting AI research initiativesIn addition to governmental and private sector investment in responsible AI,academic research and development can help realize the potential of this technology.Yet academic institutions do not always have the resources needed to research and train AI models.The National AI Research Resource(NAIRR)seeks to address this challenge.82 It intends to provide high-quality data,computational resources,and educational support to make cutting-edge AI research possible for more U.S.academic institutions.We would also welcome and support an extension of the NAIRR to provide access to academic institutions among partners globally.We believe that this comprehensive resource would enable the United States and like-minded nations to continue to lead in AI innovation and risk mitigation.As currently proposed,a U.S.-focused NAIRR will support a national network of users in training the most resource-intensive models on a combination of supercomputer and commercial cloud-based infrastructure.This centralized resource would enable academics to pursue new lines of research and development without individual institutions needing to heavily invest in computing.Democratizing AI research and development is an essential step toward diversifying the field,leading to a greater breadth in background,viewpoints,and experience necessary to build AI applications that serve society as fully as possible.In short,NAIRR will enable the country to innovate at scale.In 2023,we announced our support of the NAIRR pilot led by the National Science Foundation(NSF).83 For this pilot,we committed$20 million worth of Azure compute credits and access to leading-edge models including those available in Azure OpenAI Service.In the spirit of advancing AI research,we have developed the Accelerating Foundation Models Research(AFMR)program.84 The AFMR program assembles an interdisciplinary research community to engage with some of the greatest technical and societal challenges of our time.Through the AFMR,we make leading foundation models hosted by Microsoft Azure more accessible to the academic research community.So far,we have extended access to Azure OpenAI Service to 212 AFMR principal investigators from 117 institutions across 17 countries.These projects focus on three goals:Aligning AI with shared human goals,values,and preferences via research on models.Projects will enhance safety,robustness,sustainability,responsibility,and transparency,while exploring new evaluation methods to measure the rapidly growing capabilities of novel models.Improving human interactions via sociotechnical research.Projects will enable AI to extend human ingenuity,creativity,and productivity;reduce inequities of access;and create positive benefits for people and societies worldwide.Accelerating scientific discovery in natural sciences through proactive knowledge discovery,hypothesis generation,and multiscale multimodal data generation.In the next call for proposals,we will seek projects in the areas of AI cognition and the economy,AI for creativity,evaluation and measurement,and AI data engagement for natural and life sciences.We also launched an AFMR grant for AI projects advanced by Minority Serving Institutions,focused on Historically Black Colleges and Universities(HBCUs)and Hispanic-Serving Institutions(HSIs),with 10 inaugural grant recipients.85In 2023,we announced the Microsoft Research AI&Society Fellows program to foster research collaboration between Microsoft Research and scholars at the intersection of AI and societal impact.86 We recognize the value of bridging academic,industry,policy,and regulatory worlds and seek to ignite interdisciplinary collaboration that drives real-world impact.In the fall of 2023,Microsoft Research ran a global call for proposals to seek collaborators for a diverse set of thirteen research challenges.The 24 AI&Society Fellows were announced in early 2024.These fellows will join our researchers for a one-year collaboration with the goal of catalyzing research and contributing publications that advance scholarly discourse and benefit society more broadly.$20 millionworth of Azure compute credits committed to the NAIRR pilot,in addition to access to leading-edge models.4.HOW WE LEARN,EVOLVE,AND GROW34RESPONSIBLE AI TRANSPARENCY REPORTInvesting in research to advance the state of the art in responsible AI Microsoft researchers are also advancing the state of the art in generative AI,frequently in partnership with experts outside of the company.Researchers affiliated with Microsoft Research87 and Aether88 published extensive research in 2023 to advance our practices for mapping,measuring,and managing AI risks,89 some of which we summarize here.Identifying risks in LLMs and their applicationsOne of our approaches for identifying risks is the Responsible AI Impact Assessment,which includes envisioning the benefits and harms for stakeholders of an AI application.To address the challenge of identifying potential risks before AI application development or deployment,researchers introduced AHA!(anticipating harms of AI),90 a human-AI collaboration for systematic impact assessment.Our researchers also contributed greatly to advancing red teaming knowledge through the production of tools,like AdaTest ,91 that augment existing red teaming practices.Our researchers uncovered and shared novel privacy and security vulnerabilities,such as privacy-inferencing techniques,92 or attack vectors when integrating LLMs for AI-assisted coding.93 These researchers play a key role in shaping the emerging practice of responsible AI-focused red teaming and in producing resources to share this practice more broadly.94Research to advance our practices for measuring risksAfter weve identified potential risks,we can measure how often risks occur and how effectively theyre mitigated.For scaling measurement practices,our researchers developed a framework that uses two LLMs.95 One LLM simulates a users interaction with a generative application,and one LLM evaluates the applications outputs against a grading scheme developed by experts.Another area explored by our researchers is measurement validity.Thinking beyond measuring model accuracy,researchers are advancing metrics that align more appropriately with user needsfor example,when capturing productivity gains.96Our researchers have also made advancements in the emerging field of synthetic data for training and evaluating generative AI models.These include an English-language dataset for evaluating stereotyping and demeaning harms related to gender and sexuality97 and a framework for increasing diversity in LLM-generated evaluation data.98Managing AI risks through transparencyResponsible use of AI applications is a shared responsibility between application developers and application users.As application developers,its important that we design mitigations that enable appropriate use of our generative applicationsin other words,to minimize users risk of overreliance 99 on AI-generated outputs.100Our researchers have developed a number of tools and prototypes to assess AI-generated outputs and improve our products.These include an Excel add-in prototype that helps users assess AI-generated code,101 a case study of how enterprise end users interact with explanations of AI-generated outputs,102 and research on when code suggestions are most helpful for programmers.103In setting out a roadmap for transparency in the age of LLMs,104 our researchers argue that human-centered transparency is key to creating better mitigations and controls for AI applications.Their contributions to further a human-centered approach include research on how users interact with AI transparency features,such as explanations of AI-generated outputs,105 and how to communicate model uncertainty when interacting with AI-generated code completions.106Here,weve just scratched the surface of the contributions our researchers are making to advance our understanding and practice of responsible AI.4.HOW WE LEARN,EVOLVE,AND GROW35RESPONSIBLE AI TRANSPARENCY REPORTTuning in to global perspectivesLike many emerging technologies,if not managed deliberately,AI may either widen or narrow social and economic divides between communities at both a local and global scale.Currently,the development of AI applications is primarily influenced by the values of a small subset of the global population located in advanced economies.Meanwhile,the far-reaching impact of AI in developing economies is not well understood.When AI applications conceived in advanced economies are used in developing ones,there is considerable risk that these applications either will not work or will cause harm.This is particularly the case if their development does not carefully consider the nuanced social,economic,and environmental contexts in which they are deployed.Both real and perceived AI-related harms are primary drivers behind increasing calls for AI regulation.Yet developing countries are often left out of multistakeholder regulatory discussions related to AI,even though they are pursuing AI regulation themselves.We affirm that to be responsible by design,AI must represent,include,and benefit everyone.We are committed to advancing responsible AI norms globally and adapting to the latest regulations.As our AI footprint continues to grow in developing countries,we must ensure our AI products and governance processes reflect diverse perspectives from underrepresented regions.In 2023,we worked with more than 50 internal and external groups to better understand how AI innovation may impact regulators and individuals in developing countries.Groups included the United Nations Conference on Trade and Development(UNCTAD),the U.S.Agency for International Development(USAID),the U.S.Department of State,and the Microsoft Africa Research Institute.What we learned informed two goals:1Promote globally inclusive policy-making and regulation.AI regulation is still in its infancy,especially in developing countries.We must recruit and welcome diverse perspectives,such as representatives from the Global South,in the global AI policy-making process.As our AI presence expands globally,we will continue to make our AI services,products,and responsible AI program more inclusive and relevant to all.We are pursuing this commitment via several avenues.2Develop globally relevant technology.We must work to ensure the responsible AI by design approach works for all the worlds citizens and communities by actively collaborating with stakeholders in developing countries.UNESCO AI Business Council:Microsoft and Telefonica co-chair the UNESCO AI Business Council.This public-private partnership promotes the implementation of UNESCOs Recommendation on the Ethics of AI,which has been adopted by 193 countries so far.For example,we showcase resources and processes to align with responsible AI standards in webinars and UNESCO events.We expect this effort to bring more companies and countries under a cooperative,globally relevant regulatory framework for responsible AI.Global Perspectives Responsible AI Fellowships:The Strategic Foresight Hub at Stimson Center and the Office of Responsible AI established a fellowship to investigate the impacts of AI on developing countries.107 The fellowship convenes experts from Africa,Asia,Latin America,and Eastern Europe working to advance AI responsibly.They represent views across academia,civil society,and private and public sectors,offering insights on the responsible use and development of AI in the Global South.We recognize that we do not have all the answers to responsible AI.We have prioritized collaboration by partnering with a diverse range of private companies,governmental groups,civil society organizations,regulators,and international bodies.This dynamic mix of perspectives,lived experiences,technical expertise,and concerns pushes us to continue to do better.50 groups engaged to better understand how AI innovation may impact regulators and individuals in developing countries.36LOOKING AHEADRESPONSIBLE AI TRANSPARENCY REPORTLooking aheadThe progress weve shared in this report would not be possible without the passion and commitment of our employees across the company and around the world.Everyone at Microsoft has a role to play in developing AI applications responsibly.Through innovation,collaboration,and a willingness to learn and evolve our approach,we will continue to drive p

23人已浏览 2024-05-07 40页 5星级