Mitigating the Risks of Generative AI: Rubric

Human Oversight:

Implement robust human oversight in all AI processes; AI should never have autonomous decision-making capabilities. Ensure that a human is reviewing both the inputs to and outputs from the AI, across all stages of AI use.

Accuracy of Information:

Carefully review AI-generated content for accuracy. Cross-check information with reliable sources to prevent the spread of false or misleading content.

Processing Sensitive Information:

Always verify that the AI is not handling sensitive or private information, unless given explicit approval from the Georgia Technology Authority. In such cases, ensure that strict data protection protocols are being consistently enforced.

Bias and Ethical Concerns:

Assess the potential for AI to introduce or perpetuate bias in its outputs. Regularly audit AI systems to proactively identify and address potential ethical issues.

Transparency:

Clearly inform users when they are interacting with AI-generated content. Maintain transparency about how the AI is being used and what its limitations are.

Compliance with Policies and Standards:

Ensure that all AI applications are fully compliant with relevant laws and regulations, both at the federal level, as well as those set forth by the State of Georgia.

Mitigating the Risks of Generative AI: Task-Specific

Information Processing

Permissible: Summarizing publicly available information (e.g., news and research journal articles).

Prohibited: Summarizing sensitive government documents and personal private information, such as biometrics and financial data.

Questions to Consider:

  • Does the data include sensitive information? 

  • Is all the information in the summary accurate? 

  • How could this summary be biased?

Information Gathering

Permissible: Using an LLM to provide you with basic information on a topic.

Prohibited: Relying solely on an LLM and failing to verify your findings with other sources.

Questions to Consider:

  • Does the data include sensitive information? 

  • Is all the information in the summary accurate? 

  • How could this summary be wrong?

Coding/Interpreting Software

Permissible:

  • Generating documentation and/or comments for existing software code. 

  • Debugging existing software code.

Prohibited:

  • Deploying AI-generated code without human validation/oversight. 

  • Generating code that violates Georgia’s AI ethics standards.

Questions to Consider: 

  • Is GenAI being used to code entire scripts autonomously? 

  • Is the generated code thoroughly reviewed by a human? 

  • Does the software application deal with any sensitive information?

User Interaction

Permissible: Creating chatbots to streamline user support.

Prohibited: Storing information from user interactions with GenAI without explicit consent from the user.

Questions to Consider: 

  • Are users aware that they are interacting with AI-generated content? 

  • Does the AI application require sensitive or private user information? 

  • Is that information stored, or is it promptly deleted following the interaction?

Content Generation

Permissible:

  • Brainstorming a list of ideas. 

  • Checking for grammatical errors and/or formatting a human-written document that does not include sensitive information.

Prohibited: Generating content that replicates or closely mimics copyrighted material.

Questions to Consider:

  • Did the GenAI “hallucinate” or create other false information? 

  • Is the content plagiarized or involved in any form of copyright infringement?