What Businesses Should Consider Before Using Off-the-Shelf AI

OpenAI may be the darling of large language models, but is it ready for the enterprise big leagues?

Last week, Bloomberg reported that the company’s pioneering ChatGPT model has been downloaded onto devices by 900 million users, far outpacing Google’s Gemini at 200 million, DeepSeek at 127 million and Microsoft’s Copilot at 79 million. 

To build on the chatbot’s broad popularity, OpenAI introduced a ChatGPT-backed general purpose agent last week that can automatically navigate a user’s calendar, create slideshows and run code. 

Using off-the-shelf AI tools like OpenAI’s, however, exposes an enterprise to strategic risks, said Valence Howden, principal advisory director at Info-Tech Research Group. For one, without appropriate governance, usage can undermine data security and erode safeguards for your business’s intellectual property:

• Agentic tooling presents an even greater surface area for data collection and surveillance, he explained. Giving an off-the-shelf agent access to your calendar, personal information or company data is “way more problematic from a risk perspective,” he said. 
• “Do I trust it to grab and hold corporate information and not expose it to any other form? No, I don’t,” said Howden. “The idea of putting critical business information into the hands of a third party that can use that information and aggregate it with other things is a competitive disadvantage,” he added.

“The ability to scrape information … is way more advanced than people realize,” Howden said. 

Additionally, bias needs to be considered carefully, said Howden. While some bias is obvious, many enterprises don’t understand the nuanced ways that an AI model can exhibit prejudice. 

For example, bias doesn’t just occur in the datasets themselves but “in the language we train on,” he said. “The English language tends to have a Western bias by its nature. So if you’re an enterprise that is not Western-based, you’re going to absorb the bias of the West through the language used to train the model.” 

The alternatives to off-the-shelf tools, however, may be out of reach for many businesses. While building custom AI for internal use can assuage concerns about privacy, security and intellectual property, doing so costs more than some can afford, Howden said. When considering the talent, money and resources, “I just don’t know that anyone but large companies has the ability to do that,” he said. 

The safety of ChatGPT and similar models for enterprises depends on how they’re being used, Howden said.

Setting boundaries for usage can help in theory, but the challenge is that “the stewardship and the governance is not flexible or fast or adaptive enough,” he said. 

“We run very far ahead of what we can control,” Howden said. “AI moves at the speed of innovation. Governance and regulation move at the speed of paperwork.”