Generative AI Has Become An Emerging Risk For Enterprises: Gartner

The widespread availability of generative artificial intelligence, such as OpenAI's ChatGPT and Google's Bard, was one of the top concerns for enterprise risk leaders in the second quarter of 2023, according to a survey conducted by research and consulting services firm Gartner.

Gartner conducted a survey of 249 senior enterprise risk executives in May 2023 to give leaders a benchmarked perspective on 20 emerging risks. The report offers details on the possible impact, timeframe, level of attention and perceived opportunities for these risks.

“Generative AI was the second-most frequently named risk in our second quarter survey, appearing in the top 10 for the first time. This reflects both the rapid growth of public awareness and usage of generative AI tools, as well as the breadth of potential use cases, and therefore potential risks, that these tools engender,” said Ran Xu, director of research at Gartner Risk and Audit Practice.

The survey found third-party viability as the top fast-emerging risk that organisations are monitoring most closely. Financial planning uncertainty was ranked third, followed by cloud concentration risk. China trade tensions rounded off the top five risks that were split between issues indicative of the current macroeconomic and geopolitical volatility, and technology-related concerns.

Mass Generative AI Availability

Gartner had previously identified six risks of generative AI and four areas of AI regulation that are relevant to assurance functions. According to Gartner experts, three main aspects must be addressed with regard to managing enterprise risk associated with generative AI.

• Intellectual Property: “Information entered into a generative AI tool can become part of its training set, meaning that sensitive or confidential information could end up in outputs for other users. Moreover, using outputs from these tools could well end up inadvertently infringing the intellectual property rights of others who have used it,” said Xu. Corporate leadership must be educated on the necessity for caution and transparency around the use of such tools so that intellectual property risks can be mitigated..

• Data Privacy: Generative AI tools may possibly share user information with third-parties, such as vendors or service providers, without prior notice. This has the potential to violate privacy law in many jurisdictions and must be addressed through a regulatory framework.

• Cybersecurity: “We have seen examples of malware and ransomware code that generative AI has been tricked into producing, as well as ‘prompt injections’, attacks that can trick these tools into giving away information they should not,” said Xu, which can lead to the industrialisation of advanced phishing attacks.

Causes And Implications Of Third-Party Viability Risk

“Persistent inflation that is less responsive to interest rate rises and continues longer than anticipated has escalated costs and margin pressures on third-parties,” said Xu.

According to the survey, if economic conditions deteriorate broadly, this may cause an unexpected drop in demand that could affect vendor viability or their ability to provide goods and services in a timely manner. Gartner experts identified three potential third-party viability consequences for risk managers to monitor as the situation develops.

• Loss Of Key Inputs And Materials: If third-parties are increasing their prices due to the wider economic situation, there is a risk of losing access to key inputs and materials as third-parties would favour customers willing to pay higher prices.

• Flawed Financial Planning Assumptions: Cost assumptions will be rendered invalid as suppliers increase prices or fail, necessitating switching costs and increased prices for obtaining goods and services.

• Challenges Outside The Supply Chain: Partners, such as managed service providers or commercial partners, creditors, or technology vendors may cease or curtail operations.