How companies can address bias and privacy challenges in AI models

In this Help Net Security interview, Emre Kazim, Co-CEO of Holistic AI, discusses the need for companies to integrate responsible AI practices into their business strategies from the start. He explores how addressing issues like bias, privacy, and transparency requires a proactive and well-rounded approach, rather than just adhering to regulations.

How can companies address bias, privacy concerns, and lack of transparency in AI models?

To tackle these challenges and more, companies need a clear and proactive AI governance plan. For companies that see AI as an important business initiative, AI governance needs to be built into their IT strategy from the beginning. It is not a checkbox item. A comprehensive AI governance plan addresses government regulations and/or standards, security mandates, and business-level key performance indicators (KPIs) and includes the following aspects:

• Efficacy – does the AI workload accomplish what it set out to do? Is it efficient? Does it perform well relative to its use case and objective?
• Robustness – how does the system maintain performance as circumstances evolve or in the face of malicious efforts to undermine it? How well does the system defend against adversarial threats?
• Privacy – is the system at risk of data leakage, which could reveal sensitive or personal information?
• Bias – looks deeply at the model in relation to its intended use case to determine if there is bias in the system. Bias is treated differently in various scenarios, so it is critical to measure this in context. For example, you may want to single out certain people or groups of people in a medical diagnosis app (e.g., older males of certain descent are susceptible to heart attacks) but you wouldn’t want to do this in a recruiting app.
• Explainability – is the AI system understandable to both users and developers? Can we understand how the system arrived at its prediction or answer to the question? This is key to transparency and trust.

AI governance isn’t just about avoiding risks—it’s about accelerating a company’s AI adoption by helping teams work together and be more effective. By managing AI clearly and collaboratively, companies can adopt AI faster and get better results. Using tools that give a complete view of risks and business performance measures—like bias, compliance, efficacy, robustness, and explainability—companies find it’s easier to build AI systems that are fair, safe, and aligned with company goals.

How are emerging regulations, such as the EU’s AI Act, shaping the adoption of responsible AI?

Many governments around the world are considering regulations to safeguard their citizens when it comes to the use of AI. In fact, currently, there are almost 500 AI laws in progress around the world, 200 of which are at the federal level in the US, along with 83 lawsuits that pertain to GenAI alone. This very active regulatory environment is certainly helping to push businesses to think about responsibility and fairness in their AI applications from the start.

But there are even stronger market forces at play. Companies understand that AI adoption is existential to their survival, with the winners of tomorrow being determined by their ability to harness AI effectively. Furthermore, they understand that their brand’s reputation is one of their most valuable assets. Missteps with AI—especially in mission-critical contexts (think of a trading algorithm going awol, a breach of user privacy, or a failure to meet safety standards)—can erode public trust and harm a company’s bottom line. This could have dire consequences. With a company’s competitiveness and potentially its very survival at stake, AI governance becomes a business imperative that they cannot afford to ignore.

As innovation in AI accelerates, do you believe the current efforts towards responsible AI are sufficient, or do we need more robust frameworks?

It is early days in AI adoption and I believe that the drive toward responsible AI will come from multiple directions. Certainly, we see a lot of activity from the government – both at the state and federal levels – which is creating a fragmented approach. We also see leading companies who understand that adopting AI is crucial to their future and want to move fast. They are not waiting for the regulatory environment to settle and are taking a leadership position in adopting responsible AI principles to safeguard their brand reputations. So, I believe companies will act intelligently out of self-interest to accelerate their AI initiatives and increase business returns. But these motivations align beautifully with the broader societal good: the deployment of safe, secure, and reliable AI.

Corporate reputation and market forces are ensuring that AI governance is not just an afterthought—it’s a business imperative. This is occurring simultaneously with regulatory efforts. And that’s good news for everyone.

Given the unpredictable nature of AI decisions, what risk management strategies do you recommend for monitoring and mitigating AI-related risks?

Just as companies established data governance to manage organizational data and cloud governance to oversee their transition to cloud computing, they must now adopt a comprehensive AI governance strategy to guide their AI adoption.

Effective AI governance encompasses the entire AI lifecycle, ensuring alignment with organizational strategy, ethical principles, and regulatory requirements.

A robust governance framework addresses every stage of AI usage, from adoption and development to risk management. Monitoring plays a critical role in this process, ensuring ongoing oversight and compliance. The key steps in implementing AI governance include:

• Inventory and discovery: Identifying and cataloging AI systems and assets.
• Onboarding and workflows: Defining processes for integrating AI into operations.
• Policies, documentation, and compliance readiness: Establishing clear guidelines and ensuring adherence to regulations and frameworks – such as the EU AI Act or NIST, or one of the company’s own design.
• Testing, verification, and risk optimization: Evaluating AI performance and mitigating potential risks.
• Reporting, alerts, and analytics: Providing insights and early warnings through comprehensive monitoring. Additionally, how is the system delivering on business KPIs and performance?
• ROI tracking: Measuring the value generated by AI investments.
• Continuous monitoring: Maintaining ongoing vigilance to address emerging challenges.

By following these steps, organizations can ensure that their AI initiatives are strategic, ethical, and sustainable.

What specific incident response protocols should organizations have for scenarios where AI systems malfunction or produce biased outputs?

Companies with an effective AI governance strategy are better able to proactively address potential risks and prevent worst-case scenarios. In fact, analysts report by 2028, organizations that implement comprehensive AI governance platforms will experience 40% fewer AI-related ethical incidents compared to those without such systems.

A key factor of this is ongoing monitoring—either periodic or continuous, depending on how mission-critical the app is and its risk level—to quickly detect and respond to issues. This monitoring can automatically notify the appropriate teams based on predefined guardrails and suggest remediation steps when problems arise.

Equally important is ensuring teams are trained and prepared for emergencies. Just like a robust security incident response plan, regular training sessions with cross-functional teams are crucial. These sessions should simulate AI incident scenarios, including executing remediation strategies and refining the communications response plan.

When communicating with customers, prioritize transparency, honesty, and authenticity. Share what you know promptly, provide updates as new information becomes available, and assure customers that you’re taking swift action to resolve the issue. Handled correctly, effective incident response can even help a brand build trust with its customer base by showcasing its commitment to responsible AI and high level of accountability.