There is obviously A LOT of hype on AI. There is a lot of bullcrap (<-would AI use that word??) as well as some truly amazing transformational applications of generative AI and predictive modelling. However, the other big thing that is happening at the ground level is:
- IT has been all over generative AI like ChatGPT (and other models) since late 2022 and has been telling the casino executive that it is rad.
- A lot of casino executives didn’t really catch on until later in 2023.
- Executives now fully understand how rad gen AI is and have started to use it a lot in 2024
- Today, it’s rapidly becoming more ubiquitous (at least desired) in the casino as tool for business decisions, document summarization, data analysis…
::queue sound of record player scratch::
Who’s crashing our AI party?? Oh…it’s the CISO ::sigh:: Great, what now??
OK, so the CISO has a right to be concerned. We know we are in a highly regulated industry; how do we accomplish leveraging the power of generative AI like Chat GPT while not pissing off the CISO (and the GC)?
Here’s some things to explore. I see this in a few different approaches depending on your privacy concerns and gaming authority…….and AI usage policy (you have one of those right??)
Approach A: Use an enterprise/business plan with a hosted genAI provider like ChatGTP
Providers: ChatGPT, Anthropic (Claude), Google (Gemini), Microsoft (Copilot) and more
Obviously, this means you must trust the provider. They promise they will not let your data leak out into other areas of their system. I personally tend to believe this is true since if the word got out they were not sticking to their promises, it would likely be detrimental to their business. Now that said, 23 and Me just went bankrupt and who know what is going to happen to all that DNA data. It’s an analogy to consider. Regardless, this is an easy button. Meanwhile most of us trust our email with Microsoft. Tough one.
Pros:
- Easy setup: You sign up and go
- No hardware
- Always have a modern model as the provider continues to upgrade
- Online models are increasingly becoming smarter on research, leveraging searching
Cons:
- Your AI policy will likely still require some data to not be shared
- Straight out of the box, you still have to trust your users to not put propriety data up
Approach B: Run your own Generative AI model
This is becoming an exciting area to watch. There are many open-source models capable of running on special servers that have special hardware. And as many of you know, that’s really a server (or servers) with some NVidia AI compute silicon. You can download and run open-source models completely on premises. This goes far into removing data privacy concerns. The models themselves are *mostly just a matrix of numbers. Super complex and humongous amounts of numbers, but mostly all numbers. That said, your security team should still be aware of the risks in files like GGUF and take some standard precautions. Those files do have some execution components that should be reviewed for any supply chain attack vulnerabilities. And I’d still put the server behind a firewall mostly just to put the GC and other at ease because “Running our own AI” may conjure images of judgement day.
Pros:
- Total privacy. Go ahead and upload financial spreadsheets and gaming data to your very own AI buddy.
- Ability to switch models. You just download a new model.
- Ability to fine tune the model for more specific application
Cons:
- You must procure and maintain hardware
- You need to setup a frontend for the users
- As model technology gets more sophisticated, it’s likely to need more resources. This means you will eventually have to consider hardware upgrades to take advantage of that.
Approach C: Yes (Hybrid)
I think the reality is that most of us are going to land somewhere in the middle. Let’s explore where I think things are going and what to consider:
- Your users will have diverse needs to consume generative AI
- Some generative AI queries are simple and there is no real data privacy concerns.
- Your Tribe/GC/Regulatory will likely not be thrilled with Gaming/Financial data going to big tech companies
- Future gaming applications will directly interface with generative AI on the backend.
With these factors:
- Do you have an AI acceptable user policy? (if no, start on one now)
- Measure your organizations needs to leverage generative AI for sensitive data. You will likely need to consider usager needs and then plan to run on-prem or private cloud resources (hosted, but completely controlled by your org at the OS level) to accommodate this.
- Measure the needs of your organization to leverage AI for non-sensitive data. The majority of these could go to a service like ChatGPT
- Consider running an LLM proxy/router. LiteLLM is an open-source solution that has gained steam, but many commercial providers are also emerging.
- You can have your org use the proxy
- You can expose local or provider models based on user permissions
- You can do data loss prevention
- You can do usage accounting
- You can also load balance and failover
- With all the above considered, go look at your access permissions on the edge and adapt accordingly
Of course, all of this is just the tip of the iceberg, but hopefully this has been helpful. This is a RAPIDLY evolving area. It is exciting, but we need to wrap ourselves around all of this to apply the correct governance.
