Artificial intelligence has dominated the landscape for the last 18 months or so, and it continues to gain steam. In all the hype and hysteria, there’s been an increasing tendency for some companies to label their software as leveraging AI, even when it isn’t actually using artificial intelligence.
I’ve seen it across a broad scope of software platforms, and compliance management systems are no exception. It’s important for users to question whether a compliance management system is truly leveraging AI or not, because the implications can be significant (I’ll get to that shortly).
Artificial Intelligence or Automated Intelligence?
If I click on a button and the system automates a task, that doesn’t make it artificial intelligence. There’s a distinct line between artificial intelligence and what TCT calls automated intelligence. Artificial intelligence means a system or a program thinks for itself, making decisions in an autonomous fashion. It has the capability to learn.
There’s a big difference between that and something I coded to open a file or go to the next step in a process — whatever the built-in logic may be. No matter how complex a set of tasks may be, if they’ve been coded, it’s not artificial intelligence.
If we were to call that kind of technology AI, then TCT Portal had artificial intelligence on day one when it launched in 2015. When we built the system, we built it to improve efficiency, eliminate waste, optimize time, and take the best advantage of automation. We’ve delivered that from the very start.
But we used automated intelligence, not artificial intelligence, to do it.
TCT Portal can perform functions and anticipate actions based on parameters and values within the system. But that doesn’t mean the system uses artificial intelligence, because it’s all coded.
Some compliance management platforms will perform tasks on behalf of the user, such as analyzing and summarizing the current state of the engagement. They call that artificial intelligence, but the logic is entirely programmed. Other systems provide a preconfigured guide that walks you through a set of tasks, noting what’s completed and what still needs to be done. That’s automation, not AI.
Artificial intelligence exists when the system has a built-in capability to make independent decisions. For example, if a log inspection system can observe a pattern it has never seen before and make the call on whether or not it’s something to note as informational level versus alert level versus critical level. There are systems that use true artificial intelligence to dispense that particular kind of log entry.
Ask Lots of Questions About an AI System
There are presently more than a small handful of snake oil salespeople in the compliance management marketplace. It behooves you to ask your vendor a few questions rather than simply taking their word for it that their system uses artificial intelligence. Is it really using artificial intelligence or is it just coded programming?
Start by taking a look at what the software is actually doing. Is it making real-time intelligent autonomous decisions without human input, or is it following a programmed set of rules performing automation?
It’s relatively straightforward to determine the difference, if you walk in with the right mindset to evaluate the vendor’s claims. If the criteria is simply that something has been done here, something’s been attached here, so we’re going to assume that it’s good and move it forward — that’s automated intelligence.
If true artificial intelligence is being leveraged, that opens a myriad of follow-up questions that come into play — not the least of which is whether the vendor uses a closed system. Unfortunately, there have already been artificial intelligence system breaches that exposed customers’ sensitive data, including usernames and passwords. So it’s critical that you know exactly how secure an AI system is and where the possible vulnerabilities lie.
Ask if the AI component is completely self-contained, or if the software connects to an external third-party AI. In other words, what external systems will have access to your data? Which systems will those systems have access to?
That’s probably the most critical element, and it requires a tremendous level of inquiry. I would also recommend very critically looking at the security and compliance documentation that surrounds some artificial intelligence claims of a particular product. Ask:
- Who did this assessment?
- How did they do it?
- What did they include?
- What were the results and findings?
- How did they confirm the boundary lines of the artificial intelligence scenario?
- What are the security controls of that particular organization and any other organizations involved in the AI ecosystem?
In the security and compliance space, you’re dealing with the most sensitive technical information about an organization. The information that these systems are exposed to is quite literally the keys to the kingdom for bad actors.
ChatGPT very clearly calls out that under no circumstances should you share any sensitive data with that platform. Why? Because they know that there’s a danger in sharing sensitive information with the platform.
You should expect the highest levels of approach to security and compliance from your compliance management system vendor.
Does TCT Portal Use Artificial Intelligence?
As of today, TCT doesn’t have any near term intention to leverage true artificial intelligence that shares our customers’ evidence with third-party AI systems.
Instead, TCT Portal has a ton of automated intelligence built into the platform that can be transformative in terms of the approach, structure, and amount of time that is spent on engagements. The software can fundamentally change a company’s security and compliance world.
Since 2015 we have remained very client focused on the features and functions we develop. Our customers will regularly tell us what modifications would make TCT Portal better, and we listen. So when it comes to artificial intelligence, we continue to openly take our users’ feedback and their desires seriously.
As artificial intelligence evolves and pushes new boundaries, we will continue to keep an eye on its development. At some point, the capabilities of AI as a tool could be both safe and appropriate to leverage in TCT Portal. But until then, we will continue to prioritize the security of our customers’ data and keep our focus on automated intelligence.
We simply aren’t willing to roll the dice with your security and compliance.
Have more questions about TCT Portal and artificial intelligence? Contact the TCT team — we’re ready to listen!
Get your
personalized demo
See what TCT Portal can do for your organization
