AI Automation: Determining What to Automate

Debunking common myths about how AI can improve business processes and offering recommendations on how to make informed decisions about what to automate.

It’s only a matter of time before AI becomes integrated into many daily business processes, including software development. However, we are still in the early stages of AI automation, and it can be challenging to understand the real implications and difficulties of its adoption.

This article aims to debunk common myths about how AI can improve business processes and offers recommendations to R&D leaders on how to make informed decisions about what to automate.

The Myths and Realities of Automation

Don’t fall for the misconception that AI will replace all your employees. Even if that scenario were feasible, society isn’t ready for such a drastic shift. Consider boarding a plane and realizing no human pilot will ever step into the cockpit before takeoff. Passengers would likely revolt, insisting on a human pilot being present. Despite the reliability of autopilot systems, they have their limitations, and people still prefer having a human in charge.

Historically, even the Industrial Revolution did not eliminate human workers. While machines took over some manual tasks, they did not replace humans altogether. Instead, machinery enhanced efficiency, predictability and consistency in manufacturing. This technological shift led to the creation of new jobs and industries requiring diverse skills. Similarly, AI will introduce higher efficiency, scalability and accuracy in business operations, generating new opportunities and transforming the labor market. You will still need humans involved in designing and building software, but their roles will be enhanced by AI tools.

Another common myth is that AI automation will automatically reduce costs. This belief mirrors debunked assumptions about the cloud: Companies that transitioned their data centers to the cloud found that, although the OPEX cost structure offered benefits over traditional CAPEX models, overall expenses remained similar for large environments. This is partly because more advanced systems require highly skilled (and often more expensive) personnel. In the same way, AI automation will redistribute costs, rather than lower them overall.

How to Know What to Automate

Certain processes are better suited for automation than others. Here is a good three-point assessment that can help you decide whether a security process is suitable for automation:

      • The process is repetitive and time-consuming when performed manually.
      • The process is sufficiently well defined that it can be turned into an algorithm.
      • The results of the process are verifiable, so a human can determine when something is wrong.

Models like OpenAI Codex can already help generate boilerplate code snippets, identify security vulnerabilities in the code, assist with code review and suggest improvements. AI solutions are also already being leveraged to produce documentation and comments for code, create and run software tests, sometimes automating entire regression suites or even automatically suggesting potential fixes to a failed test.

How to Ensure the Security of AI-Automated Dev Processes

Without proper oversight and robust security practices, a sophisticated adversary could poison the training data sets or even gain control of the AI development environment to introduce subtle and difficult-to-detect flaws in critical software. Such an attack could go unnoticed for a long time, spreading vulnerable code and leading to massive security breaches, data leaks or operational failures.

In addition, we don’t know how exactly AI models come to specific conclusions. We expect them to be compatible or even better than average human decisions, but you have probably seen examples of poor judgment and even hilariously wrong responses from AI systems.

When enhancing the R&D process with AI tools, you need to address these risks. One strategy for ensuring trust in the integrity of AI systems is to verify their decisions. For example, you can have human auditors examine a sample of AI outputs monthly or after a certain number of transactions.

A more scalable but more complex approach is oversight by another AI model. That is, a secondary AI scrutinizes the decisions of the primary AI, searching for irregularities, biases and departures from the norm. Such an approach may also help establish typical input and output patterns and user behavior, and then flag or even block deviations from those baselines.

Governments and professional associations acknowledge the risks and strive to provide resources and guidance for secure AI implementation. For example, consider OWASP Top 10 Security Risks and Mitigations for LLM and Generative AI Applications or NIST Trustworthy & Responsible AI Resource Center.

Conclusion

Executives now have the chance to see AI in action through tools like ChatGPT, Bard and countless other innovative apps. However, it’s crucial not to rush ahead to adoption of AI automation. Conducting thorough evaluations of which processes are suitable for automation is essential, as is putting proper guardrails and oversight in place. This diligence empowers R&D leaders to ensure that the benefits of a new technology outweigh its risks.

Ilia Sotnikov

Ilia Sotnikov is Security Strategist & Vice President of User Experience at Netwrix, a software vendor that delivers effective and accessible cybersecurity to any organization. He has over 20 years of experience in cybersecurity as well as IT management experience during his time at Netwrix, Quest Software, and Dell. In his current role, Ilia is responsible for technical enablement, UX design, and product vision across the entire product portfolio.


Datacap - We Solve Payment Problems
Ilia Sotnikov

Ilia Sotnikov is Security Strategist & Vice President of User Experience at Netwrix, a software vendor that delivers effective and accessible cybersecurity to any organization. He has over 20 years of experience in cybersecurity as well as IT management experience during his time at Netwrix, Quest Software, and Dell. In his current role, Ilia is responsible for technical enablement, UX design, and product vision across the entire product portfolio.