AI/ML buzz is everywhere and it is arguably the most disruptive technology to society since the smartphone. According to Gartner, the number of companies using open-source AI will increase tenfold by 2027.
While this widespread embrace of AI is advancing innovation, if not implemented and governed wisely, it can also increase risk and regulatory scrutiny. Beyond traditional concerns like code quality and data security, government regulators are beginning to assess intelligent agents for their potential harmful impacts, ethical implications, and societal consequences. For example, regulators have data privacy and intellectual property concerns around how AI/ML models are trained and the potential discriminatory outcomes (algorithmic bias) or misinformation (AI hallucinations) they could create.
So how can Australian businesses continue to safely utilise and maximise AI usage within their business without putting themselves at regulatory risk? Let’s consider a few areas:
What Might AI/ML Regulations Look Like and When are they Coming?
In Australia, the state of regulation remains uncertain, with no dedicated AI-specific legislation in place, however, taking cues from other regions like Europe, businesses should expect that regulations will come. For example, the European Union Artificial Intelligence Act (EU AI Act) mandates that companies must adhere to a risk-based system, which includes a ban on prohibited AI practices (like social scoring and manipulation), stringent requirements for high-risk systems (such as conformity assessments, quality management systems, and logging), and transparency obligations for limited-risk systems (like clearly identifying AI chatbots to users).
Companies must also ensure adequate AI literacy for their staff and provide contact information on AI products. These measures help authorities classify AI systems based on risk levels and impose strict requirements, which if companies fail to meet, could result in financial penalties reaching up to 6% of global annual revenue for the most severe violations.
While Australia may not proceed in the same direction, businesses should be prepared for what could materialise.
How to Prepare: An Integrated Approach to MLOps
As some of my fellow CISOs have already begun to recognise, the most effective way to integrate security is to automate it through a methodical process. An approach that combines consistent tools and processes with a reliable path to production creates a trusted environment that automatically generates information demonstrating adherence to regulations and compliance obligations. Imagine a world where your systems block all applications from reaching production until they’ve met all required tests and the results of those tests are all recorded, tracked, with approvals documented – all in a single system. Wouldn’t that be wonderful?
By applying controls and enforcing regulations from beginning to end – from initial design to production release – businesses can eliminate the need for point-in-time checks or audits. By creating a centrally managed evidence repository – where all your tools and procedures are integrated into a single data source of truth – it enables all stakeholders (developers, AppSec teams, security personnel, auditors, and business owners) to see how the software complies with specific regulatory requirements at every development stage. This also provides ML engineers and data scientists with confidence in knowing they’re working with models that have been vetted and conform with all organisational policies.
In the AI era, software releases come from both humans and machines, creating a tsunami of software that organisations must be prepared to secure and manage. Capturing evidence from software development is essential for ensuring transparency, fast issue resolution, and compliance in today’s complex landscape. It also enables businesses to have better governance of the supply chain, answers key audit questions about security and quality, and meets industry-specific regulations necessary for doing business.
| About: Paul Davis | About : JFrog |
| Experienced IT Executive with a background in IT Security focused startups. A mix of Success, Technology, Customer Care, Marketing, Sales, and Team building skills. 4 successful exits. Roles included CISO for Fortune 10, CSO for a critical infrastructure, Dir of Sec Ops for financial exchange and builder of multiple professional services team. Key Focus Areas: – Involved in multiple successful startup acquisitions and acquihires – IT and IT Security experience in a wide range of industries – Built and managed IT Security programs and customer success teams – Unique blend of strategic and technical, combined with business and marketing – Multiple program disciplines, from SDLC, to operationalization, to program management – Advisor to startup executives, helping build them their customer success programs | Deliver Trusted Software with Speed. The only software supply chain platform to give you end-to-end visibility, security, and control for automating the delivery of trusted releases. The massively scalable, hybrid JFrog Platform is open, flexible, and integrated with all the package technologies and tools comprising the software supply chain. Organizations benefit from full traceability to any type of release and deployment environment including ML models, software that runs on the edge, and software deployed in production data centers. |
Experienced IT Executive with a background in IT Security focused startups. A mix of Success, Technology, Customer Care, Marketing, Sales, and Team building skills. 4 successful exits. Roles included CISO for Fortune 10, CSO for a critical infrastructure, Dir of Sec Ops for financial exchange and builder of multiple professional services team.
Key Focus Areas:
– Involved in multiple successful startup acquisitions and acquihires
– IT and IT Security experience in a wide range of industries
– Built and managed IT Security programs and customer success teams
– A "make it happen" person
– Unique blend of strategic and technical, combined with business and marketing
– Multiple program disciplines, from SDLC, to operationalization, to program management
– Advisor to startup executives, helping build them their customer success programs
