Create detecting_ai.md

This commit is contained in:
Omar Santos 2024-06-28 09:33:04 -04:00 committed by GitHub
parent 9eb6c80fd2
commit 77278a5530
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -0,0 +1,14 @@
# Detecting AI Usage Within a Company: Strategies and Best Practices
You should always perform a comprehensive inventory of existing AI tools and applications within the company. This involves:
- Engaging with different departments to identify any AI tools in use. Common areas include customer service (chatbots), marketing (predictive analytics), and HR (resume screening).
- Reviewing software licenses and subscriptions for AI-related tools.
- Working with IT to audit systems and networks for AI software and services.
## AI BOMs
I [published an article](https://becomingahacker.org/artificial-intelligence-bill-of-materials-ai-boms-ensuring-ai-transparency-and-traceability-82322643bd2a) that explains AI BOMs in detail. In a nutshell, much like a traditional Bill of Materials in manufacturing that lists out all the parts and components of a product, an AI BOM provides a detailed inventory of all components of an AI system. But, what about Software Bill of Materials (SBOMs)? How are they different from AI BOMs? In the case of SBOMs, they are used to document the components of a software application. However, AI BOMs are used to document the components of an AI system, including the model details, architecture, usage, training data, and more.
## Rules to Detect AI
The following list is pretty limited, but you can get an idea on how you can search in code for AI usage by using these rules:
https://github.com/semgrep/semgrep-rules/tree/develop/ai