1
Q
Who is at risk from AI harms?
A
- Individuals
- Groups
- Society
- Companies / institutions
- Ecosystems
2
Q
What are 3 general harms AI poses to individuals?
A
- Violations of civil rights
- Reduced economic opportunity
- Compromised safety
3
Q
What is a specific harm AI poses to individuals?
A
Bias
Example: In employment, insurance, housing, education, and credit decisions.
4
Q
What are some privacy-related harms AI poses to individuals?
A
- Aggregation
- Inference
- Personal data incorporation into training data
- Secondary use
- Lack of transparency
- Inaccuracy
5
Q
What are some economic harms AI poses to individuals?
A
- Job displacement
- Unequal access to opportunities
6
Q
What are 2 group harms resulting from facial recognition?
A
- High false positive rates for people of color
- Mass surveillance
False positive = identifying someone to be someone they are not / misidentification
7
Q
What civil rights harms can AI pose to groups?
A
- Profiling
- Identification of protestors
- Restricted freedom of assembly
- Increased discrimination
8
Q
How can AI deepen inequality?
A
By amplifying racial and socio-economic divides, increasing discrimination, and reducing trust.
9
Q
What are some societal harms related to AI?
A
- Undermining democratic processes
- Reducing trust in institutions
- Limiting access to public services
10
Q
What is disinformation?
A
Deliberately deceptive or misleading information intended to confuse or manipulate.
11
Q
What is misinformation?
A
Incorrect or misleading information that may be inaccurate or incomplete without intent to harm.
12
Q
What are deepfakes?
A
Synthetic content intentionally altered or generated to spread disinformation or cause harm.
13
Q
What are hallucinations?
A
Outputs that are factually incorrect or logically contradictory.
14
Q
What is an echo chamber?
A
A situation where individuals are only exposed to content that aligns with their beliefs and lack diverse viewpoints.
15
Q
What is a general safety concern concerning AI?
A
Lack of oversight that could result in accidents.
16
Q
What is profiling?
A
Using tracking and predictive analytics to aggregate behavior and infer preferences for targeted content.
17
Q
What is the Cambridge Analytica scandal?
A
Data from 87 million Facebook users was collected and used to create profiles for targeted political ads.
18
Q
What types of harms can AI cause to companies or institutions?
A
- Reputational
- Cultural
- Economic
- Legal or regulatory
- Acceleration risks
19
Q
What are reputational harms?
A
- Loss of customer trust
- Revenue loss
- Brand damage
- Share price decline
- Social media backlash
20
Q
What is AI exceptionalism?
A
The belief that AI systems are infallible and superior to human judgment.
21
Q
How can AI exceptionalism harm company culture?
A
It discourages employees from questioning outputs and may lead to blind trust in systems.
22
Q
What are 3 examples of economic harms from AI?
A
- Litigation
- Regulatory fines
- Class action lawsuits
23
Q
What are legal and regulatory harms from AI?
A
Violations of existing laws that can lead to sanctions, fines, or injunctions.
Examples: violation of privacy, trade, or tax laws
24
Q
What are acceleration risks?
A
Inability to predict consequences due to fast development, massive data volume, and complex systems.
25
What are **general harms** to ecosystems?
1. Natural resource depletion
2. Environmental impact
3. Strain on supply chains
26
What is **alignment**?
The ability of AI systems to achieve goals that **match human intentions**, **values**, and **ethical principles**.
27
What is **misalignment** in AI?
**A failure of the AI system to match** its actions or goals with **human intentions** or specified objectives.
28
What is the **paperclip maximizer** thought experiment?
An AI programmed to make paperclips maximizes production **without limits**, leading to **harmful behavior**.
29
What is **bias**?
A preference or inclination that **inhibits impartiality** or an unfair act or policy stemming from prejudice.
30
What is **algorithmic bias**?
Systematic, **repeatable errors** that **create unfair outcomes** such as privileging one group over another.
31
What is **computational bias**?
Systematic **error** or **deviation** from the **true value of a prediction**.
32
What is **cognitive bias**?
**Inaccurate judgment** or distorted thinking.
33
What is **societal bias**?
Systemic prejudice, favoritism, or **discrimination in favor of one group** or against another.
34
What is **implicit bias**?
**Unconscious association**, belief, or attitude toward a social group **that can affect behavior**.
35
What is **sampling bias**?
When the **data sample does not represent the statistical diversity** of the population.
36
What is **temporal bias**?
When the model **does not work consistently over time** as expected.
37
What is **overfitting**?
When a model performs **well on training data** but **poorly on unseen data**.
38
What is **underfitting**?
When a model **fails to capture the complexity of the training data** due to **too few parameters or features**.
39
What are **edge cases** or **outliers** in data bias?
Data that **falls outside the boundaries** of the training data.
40
What is **noise** in data bias?
Data that **negatively impacts** the **machine learning model**.
41
What is an **adversarial attack**?
**Malicious input** designed to **manipulate** an AI model and **cause incorrect output**.
## Footnote
Examples: data poisoning, membership inference, model evasion, model extraction.
42
What is **data poisoning**?
**Deliberately altering training** data to negatively affect model performance.
43
What is **data leakage**?
Accidental exposure of confidential/personal data
## Footnote
Example: exposure of personal data due to human error
44
What is **data loss**?
When data becomes irretrievable.
## Footnote
Example: Due to events like device loss, ransomware, or deletion
45
What are **4 general categories** of **AI security risks**?
1. Power concentration
2. False sense of security
3. Adversarial attacks
4. System misuse
46
How does **power concentration** create risk?
It can **erode democratic** and free-market freedoms through **monopoly** and **market manipulation**.
47
What is **model inversion**?
An adversarial attack where an attacker **reverse-engineers a model to extract information**.
48
What is **model extraction / theft**?
An attack that **gains access** to a **model’s parameters**.
49
What is **model poisoning**?
An attack that **manipulates a model’s parameters** to cause undesirable behavior.
50
What is **model evasion**?
An attack where the **input is designed to produce a misclassified output**.
51
What is **data persistence**?
When **data outlives the data subject**.
52
What is **data repurposing**?
Using data **beyond its original purpose**.
53
What is **spillover data**?
**Incidental** data collection
## Footnote
Example: Such as through surveillance.
54
What is a **harms taxonomy**?
**A map of risks** and **negative consequences** to **anticipate harms** and implement controls.
## Footnote
Necessary to anticipate risks, implement controls, understand legal requirements, and enhance empathy for data subjects.
55
What is MITRE's **PANOPTIC**?
A **privacy threat assessment** and **risk management framework**.
56
What are **Ryan Calo's** **subjective** harms?
**Internal feelings** of **unwanted observation**.
## Footnote
Example: emotional / psychological embarrassment due to disclosure of personal medical condition
57
What are **Ryan Calo's objective** harms?
External actions that cause material, quantifiable damage.
## Footnote
Example: Identity thief opens up credit card and goes on shopping spree
58
What are some categories in **Citron and Solove**'s privacy harms taxonomy?
* Physical
* Reputational
* Relationship
* Economic
* Discrimination
* Psychological
* Failure to inform
* Lack of control
* Chilling effects
59
What are **2 broad categories** of AI risk to **organizations**?
1. Operational
2. Business
60
What are the **5** types of **operational risks**?
1. Hardware
2. Storage
3. High-speed network
4. Expertise
5. Environment
61
What is an **environmental impact** of AI?
Training and query **energy demands**.
62
What are **6 business risks** related to AI?
1. Reputational
2. Cultural
3. Economic
4. Acceleration
5. Vendor-related
6. Legal / regulatory
63
What are some **vendor-related** AI risks?
* Vendor lock-in
* Bankruptcy / acquisition
* Vague liability / accountability
64
What are examples of **IP infringement risks**?
Violations of copyright, patents, trademarks, use of web-scraped data.
## Footnote
Example: New York Times vs. OpenAI
65
What are **legal and regulatory** risks of AI?
* Noncompliance
* Liability for harm
* Human rights violations
* Inequality
* Manipulation
* Lack of oversight
66
What is the **goal of sociotechnical harm frameworks**?
To **anticipate consequences** of AI systems and **offer controls** to mitigate harm.
67
What is the **CSET AI Harm Taxonomy**?
A framework developed by **Georgetown University** for **identifying AI harms in the AI Incident Database**.
68
What **factors** make AI governance **challenging**?
* Model opacity and autonomy
* Speed and scale
* Potential for harm or misuse
* Data dependency
* Probabilistic outputs
69
What is **interpretability**?
The ability to explain AI’s reasoning in **human-understandable terms** with an **emphasis on designing models that inherently facilitate** understanding.
## Footnote
In contrast, explainability, which provides an explanation after the output is generated.
70
What is **opacity** in AI systems?
**Lack of transparency** due to model's **black box nature**.
71
How does opacity **relate to bias** and fairness?
Opaque systems may **inherit and hide** human or data **biases**.
72
What are **3 types of human oversight**?
1. Human-in-the-loop
2. Human-on-the-loop
3. Human-out-of-the-loop
73
Why is **data dependency** a challenge for AI?
**Model effectiveness** depends on **data quality** and **quantity**.
74
What is a **deterministic** output?
**Consistent** and **repeatable** result based on fixed rules.
## Footnote
Examples: spam filters and chess engines.
75
What is a **probabilistic** output?
Variable output with **uncertainty**.
## Footnote
Examples: image classification and generative AI.
76
What is **accountability** in AI ethics?
The obligation and responsibility of creators and regulators to ensure the system is ethical, fair, transparent, and compliant.
77
What does **contestability** mean in AI ethics?
The ability to question or challenge AI system outputs or actions to promote transparency and accountability.
78
What is **explainability** / **XAI**?
The ability to describe how an AI system generates a specific output.
79
What does **fairness** mean?
**Consistent** and **accurate** treatment of individuals and groups.
## Footnote
Without adverse impact on protected characteristics such as gender or race.
80
What is **reliability**?
Ensuring the system **performs its intended function consistently** and **accurately**, especially with unseen data.
81
What is **robustness**?
The system maintains functionality and performs accurately **in varied environments** and **under adversarial attacks**.
82
What does **safety** mean?
Designing systems to **minimize potential harm**.
83
What is **transparency**?
The **extent to which information is available** about AI use, model function, and decision-making processes.
84
What is **trustworthy AI**?
**Principle-based** AI governance
## Footnote
Often used interchangeably with responsible AI or ethical AI.
85
What are **4 characteristics** of trustworthy AI?
1. Human-centric
2. Accountable
3. Transparent
4. Operates legally and fairly
86
What does it mean for AI to be **human-centric**?
* It **amplifies human agency**
* **Positively impacts** the human condition
87
What is **accountability**?
Ensuring AI operates in an **ethical**, **fair**, **transparent**, and **compliant** manner.
88
How can organizations **operationalize** trustworthy AI?
1. Get leadership buy-in
2. Understand AI's role and purpose
3. Embed AI into risk management framework
4. Develop standards
5. Assign roles
6. Ensure oversight
89
How can **leadership support** AI governance?
* Identify an AI champion
* Show Responsible AI (RAI) as a differentiator
* Highlight transparency as a customer benefit
90
What **key stakeholders** should be involved in AI governance?
* Privacy
* Security
* Legal
* Accessibility
* Digital safety
* Procurement
* CIO, CISO, CPO
* Ethics
91
Why involve **subject matter experts** in governance?
* Understand team pressures
* Identify risks and principles
* Develop metrics and milestones
92
What are **3 types of governance models**?
1. Centralized
2. Decentralized
3. Hybrid
93
What is **centralized** AI governance?
**One team** or **person** is responsible for decisions and oversight.
94
What is **decentralized** AI governance?
**Authority is delegated** to lower levels with bottom-up decision making.
95
What is **hybrid** AI governance?
**Combines centralized and decentralized**, with one main office and support from local entities.
96
What is the **MITRE** organization?
A not-for-profit managing **US Government** Federally Funded R&D Centers (FFRDCs).
97
What is the MITRE **AI Maturity Model**?
A **framework to assess** organizational progress in AI governance and readiness.
98
What role do **principles** or **values** play in AI governance?
They **form the framework foundation**.
## Footnote
Should include leadership and all stakeholders.
99
What is **risk tolerance**?
The **level of risk** an organization can **accept**.
## Footnote
Defined as high, moderate, or low based on industry or jurisdiction
100
How does **industry** or **sector** affect AI governance?
Each has **specific requirements** and **standards**.
## Footnote
Examples: finance, health, or education.
101
Why is knowing your organization's **jurisdiction** important for AI governance?
Different jurisdictions have **different laws** and **regulations**, affecting compliance feasibility.
102
What factors **affect an organization's ability to implement** AI governance?
* Organization size
* Leadership support
* Stakeholder buy-in
* Resources (e.g., time, money, and expertise)
103
Why is it important to **vet third parties** in AI governance?
To **ensure compliance** and **alignment** with organizational values and requirements.
104
What should organizations consider when **determining AI's purpose**?
* Why is AI needed?
* What is AI's relationship with the business?
* Which departments will use it?
105
What is the **purpose** of AI **training**?
To teach people the **knowledge and skills** to do their jobs more **effectively**.
## Footnote
Compare with awareness: to focus attention on a specific issue
106
What is the **purpose** of AI **awareness**?
* Focus attention on AI
* Recognize concerns
* Respond appropriately
* Reinforce good practices
## Footnote
Compare with training: to build specific skills
107
What type of **content** should be included in AI training and awareness?
* Laws
* Regulations
* Policies
* Complaint handling
* Reporting procedures
* Role-specific content
108
Who is the **target audience** for AI training and awareness?
Everyone.
## Footnote
Including all employees, stakeholders, and AI governance teams.
109
What is an **AI strategy**?
A **comprehensive plan** that integrates AI into an organization to **support its mission, vision, and goals**.
110
What are the **components** of an **AI strategy**?
* Understand business objectives
* Assess data governance maturity
* Develop ethical framework
* Prioritize AI skills
* Get leadership and employee buy-in
111
What is **AI governance**?
A system of **policies, frameworks, and processes** that **structure oversight, risk mitigation, and ethical** implementation.
112
How does **organization size** affect AI governance?
**More systems** require **more governance**, and more resources allow for specialization and dedicated roles.
113
What is the **impact of maturity** on AI governance?
Organizations with **existing systems**, experience, and policies **are better equipped** to implement governance.
114
How does **industry** or **sector** affect AI governance?
**Highly regulated sectors** require **more mandatory governance** and can follow regulator guidance.
115
How does AI's integration into **products** and **services** influence governance needs?
The ubiquity and risk level of AI in products or services **determine the degree of governance** required.
116
What is **data governance**?
Overall **management** of data **availability, usability, and integrity** throughout the data life cycle.
117
What does it mean to **align** risk strategies?
To **harmonize approaches** across business functions.
## Footnote
E.g. privacy, cybersecurity, data governance, etc.
118
What is an **impact assessment**?
A common **tool** to understand the **severity of mapped risks**.
119
What **fields** in an impact assessment will be **customized** to each organization?
* Owner or Operator
* Industry
* Social impacts
* Timeline
* Legal and regulatory controls
* Compliance requirements
120
What is the purpose of **ISO 42005**?
Provide structured guidance for performing an **AI impact assessment**.
121
Concerning ethical AI, what does **lawfulness** refer to?
* The legal **collection and processing** of an AI system's data.
* The legal **development and deployment** of the AI system.
122
What does **AI safety** mean?
* Minimizing harm.
* Prioritizing human and environmental safety
* Mitigating risk.
123
Concerning ethical AI, what does **choice** refer to?
An individual's ability to choose:
* How their data is collected and processed
* Their degree of interaction with an AI system.
124
Concerning ethical AI, what does **human intervention** refer to?
* The **degree** to which automated decision-making is used
* The **choice** individuals may have to contest automated decision-making
* The election for **human review** over automated decision-making.
125
Concerning Ethical AI, what does **security** refer to?
Preservation of a system's **confidentiality, integrity, and availability**.
126
What is **Ethics by Design**?
* The identification and resolution of ethical issues during the **plan and design stage**.
* Baking ethics into AI system development **from the very beginning**.
127
Name the **4 AI operators** considered in the **Non-EU-AI Act** context.
1. Developer
2. Provider
3. Deployer
4. User
128
In a non-EU AI Act context, what is the **developer**?
* The **Technical Creator**
* Designs, develops AI models and applications.
129
In a non-EU AI Act context, what is the **provider**?
* **Places the AI** model or system **on the market**.
* Ensures pre-market compliance.
130
In a non-EU AI Act context, what is a **deployer**?
Uses AI in **professional activities**.
131
In a non-EU AI Act context, what is a **user**?
**Anyone that interacts** with a model or system.
132
When **tailoring governance** to an organization, what **6 factors** must individuals consider?
1. Organization size
2. Maturity
3. Industry or sector
4. Products and services
5. Strategic objectives
6. Risk tolerance
133
What is a **use case assessment**?
A structured process to assess a project's:
* viability
* risks
* ethical implications
134
What are the **3 stages** of carrying out a **use case assessment**?
* Map
* Measure
* Manage
135
During what stage of the AI development life cycle are use case assessments **first** conducted?
Plan and design stage.
136
What are the **5 primary activities** in establishing **AI governance** at an organization?
1. Build the scaffolding.
2. Establish a framework.
3. Involve stakeholders.
4. Provide training and awareness.
5. Operationalize a culture of responsible AI.
137
What **4 activities** help to establish an organization's **AI strategy**?
1. Determine organization's role (i.e., AI operator).
2. Tailor governance strategy to the organization.
3. Implement oversight and accountability policies.
4. Conduct use case assessment.
138
What does it mean to **build the scaffolding**?
* Foster community
* Establish roles and responsibilities.
* Create the right incentives.
* Select governance model (i.e., centralized, decentralized, or hybrid)
139
When establishing your AI Governance Framework, what are **6 primary considerations**?
1. Principles and Values
2. Risk tolerance
3. Industry or sector
4. Jurisdiction
5. Ability to implement
6. AI's purpose
140
What is **ISO 22989**?
One hundred key AI concepts and terminology.
AIGP
flashcards
Decks in class (8)
# Cards
