Written by Luke Patterson

Introduction

Generative AI (GenAI) has demonstrated the everyday uses of AI to a mainstream audience. At the beginning of 2023, GenAI has already been integrated into the web search functions of Bing and Google, is transforming the creative processes of artists and production companies, and transforming the business models of businesses. The limits to the applications of GenAI systems are yet to be defined or properly understood.

However, with the GenAI hype simmering, its drawbacks and ESG risks are shuffling into the spotlight. Amongst them, Generative AI can significantly upscale the spread of misinformation and hate speech, generate harmful and illegal content, and, if trained on low-quality data, propagate pre-existing social biases against marginalised and underrepresented social demographics. We recently took a dive into three real-world impacts of ChatGPT technology specifically on our EthicsGrade blog.

Considering the GenAI explosion, EthicsGrade has rated the seven GenAI start-ups worth over $1bn: Glean, OpenAI, Ada, Jasper, Stability.ai, Grammarly, and Cresta. Our results show that all have a long way to go before coming close to meeting a gold-standard benchmark for managing corporate digital risk.

Why these ESG ratings matter

As GenAI shifts from a novelty to a norm, it is of the utmost importance that the companies providing the technologies establish and are supported with proper standards for digital governance. We are unsurprised that the overall scores of the graded unicorn platforms are currently very low. This is because they are all start-ups that are in the process of establishing their frameworks for good ESG practice. This catch-22 makes tracking the evolution of the ESG practices of these companies – especially the digital governance practices – even more important as they scale.

As we continue to update our ESG ratings for the seven GenAI unicorns there is no doubt that we will uncover trends which enable insight into those companies committing to deploy their technologies for social and environmental good. Given the rising prominence of ESG and Corporate Digital Responsibility (CDR) this will likely give a concurrent insight into those GenAI platforms that are here to stay, and those who were too slow to learn from the CDR mistakes of the first-generation of BigTech such as Meta and Google.

Key insights:

Cybersecurity and privacy take a focus

Six of the seven Generative AI start-ups are evidently making efforts to demonstrate that they’re taking privacy and cybersecurity very seriously. Though the scores are poor overall, the standard of their cybersecurity and privacy messaging in a large part surpasses many of the other industries that we cover. This is especially true of Ada and Grammarly. They both performed well in the Technical Barriers to Trust dimension of our research, which focuses on how well a company translates its internal technical processes to a non-technical audience by, for example, publishing key metrics on the functioning of their AI systems.

Whilst it isn’t uncommon in our research for companies to mention cybersecurity processes in passing, most Generative AI companies have a webpage dedicated to cybersecurity, which offers thorough detail on the various processes each have in place to ensure the user data they handle is maximally secure.

The best cybersecurity performer was Grammarly. Their security page gives thorough, clear detail of the measures they are taking to protect user data and secure their servers, and is backed up by a list of the multiple security certifications and links to comprehensive internal management reports detailing their compliance with best practice standards in the security, confidentiality, availability and privacy of data.

However, though Stability.ai offer a passable privacy policy, we found no information explaining the processes in place to ensure maximal cybersecurity of their data. EthicsGrade could find no indication of a cybersecurity strategy or security training programmes for employees and the board. Cybersecurity risks represent a key CDR concern for GenAI platforms to ensure that the streams of sensitive user data they collect is maximally protected. This is one of the primary reasons behind Stability.ai coming out bottom of the pile amongst their GenAI competitors, who all demonstrate a high standard for cybersecurity reporting.

Highest CDR (ESG) rating amongst GenerativeAI companies: OpenAI

OpenAI were the best performers in our study. Though with an overall score of R, this only counts as a good score relative to the ubiquitous ‘NRs’ of their unicorn competitors. It is a very poor score when compared to many of the other industries our research covers.

One of the main reasons for their better performance is because of the greater maturity of their governance practices and reporting mechanisms. OpenAI provide some information on the make-up of their board of directors, the independent members of the board, and offer access to their company charter. This is standard practice in most industries but has so far been neglected by most of the GenAI start-ups that we covered. OpenAI also provide a degree of detail on the initiatives they have in place to develop equity and inclusion standards across the business. This is incredibly important in ensuring that AI development teams are reflective of the cultural make-up of the entire population, and thus acts as the first line of defence to avoid encoding unintended cultural biases into GenAI systems.

OpenAI’s reporting on security and relevant social issues such as gender bias is good. However, in the future we would like to see an increased depth of reporting on CDR issues such as bias, cybersecurity, content moderation, and misinformation by OpenAI. They must expand their explanations of the processes they have in place to guard against the social harms relevant to GenAI. Currently, their reporting strategy emphasises quantity over quality: they touch on many relevant issues, but often without sufficient explanation on how they are dealing with those issues. That being said, their security centre does provide some useful information on how they are forecasting the risks of misinformation and bias, and offers a set of best practices for deploying language models designed for any organisation developing or deploying them.

Lowest CDR (ESG) rating amongst GenerativeAI companies: Stability.ai

Stability.ai come out bottom of our ratings. Stable Diffusion, Stability.ai’s text to image model, stands out from competing image generation AI models such as OpenAI’s Dall-E because there are no strongly enforceable rules governing the types of images users are able to generate by using the code. Whilst their terms of service warns users against generating harmful or illegal content, their basic safety filter can be overridden by any user who downloads the code onto a personal device. Stable diffusion has already been abused by users to make deepfake celebrity porn.

Without the robust systems in place to ensure that non-consensual sexual content, violent content, and other illegal content isn’t mass produced and spread over the internet by Generative AI applications, companies risk causing huge amounts of social damage. The intensity of the content moderation problem only increases when it is transferred from the context of social media to Generative AI. Whilst OpenAI have provided users of their GenAI models with continuously improving content moderation tools, Stability.ai completely neglect the issue. Their CEO, Emad Mostaque, has opted for a hands-off approach, trusting the personal discretion of users as opposed to enforcing hard content moderation measures.

Aside from the obvious problem of the poor moderation practices of Stability.ai, they perform abysmally in almost every dimension of our research. There is no information on their governance structures or practices and, unlike their competitors, they offer very little detail on the processes and strategies in place to ensure the security of their servers and the user data they collect.

Blogging about bias is not equal to reporting on it

An ESG reporting mistake we often encounter in our research is when a company broadly acknowledge an ESG problem that needs to be addressed within the industry without telling us specifically what processes are in place at their company to deal with this ESG problem.

This is the case amongst several GenAI platforms for the problem of algorithmized bias. Given the pertinence of the issue of bias for all GenAI platforms, we would expect the standard of reporting on it to be at a similar standard to their cybersecurity reporting.

Ada offers one of the clearest examples of this issue. Ada provide a very informative and thorough blog on the problem of algorithmized bias, where they even offer extensive tips for programmers on how to mitigate bias. Given it’s written by one of their ML engineers, we are in little doubt as to the fact that Ada has processes in place to mitigate unwanted biases within their own conversational AI service. This makes it even more frustrating that their reporting mechanisms fail to offer any details in this area. The fact that the company provides learning assets to customers on the risks of AI is important, but it is arguably even more important that the company invests time and resource into upgrading its ESG reporting frameworks so that customers can properly understand the processes in place to mitigate algorithmized bias at Ada specifically.

The two industry front-runners stand out in this regard. Grammarly have provided a step-by-step run down of the measures they have implemented to mitigate unwanted gender bias in their autocorrect function. OpenAI provide some information on how they are continuing work on mitigating unwanted bias in their text-to-image model DALL.E 2. However, as discussed earlier, OpenAI’s reporting is often too shallow on detail. To improve their performance, OpenAI should replicate the amount of detail offered by Grammarly.

Conclusion

It is clear by now that GenAI models are here to stay. Their transformative potential for businesses has already begun to demonstrate itself, and we expect that the list applications for GenAI models will continue to grow over the next few years. EthicsGrade predicts that the ESG and CDR performances of the biggest GenAI companies will improve as they expand. For this to happen, every company we have rated need to focus on improving their governance reporting standards and provide more detailed reports on the measures and processes they have in place to mitigate the social risks material to their industry, as well as the risks most material to their investors. EthicsGrade will revisit the GenAI unicorns later in 2023 to measure whether the growth in use of GenAI applications, such as the newly released GPT-4 by OpenAI, has any impact on the quality of their transparency frameworks and reporting standards.

Scorecards

Ada scorecard: https://scorecard.ethicsgrade.io/company/37585cd6-242e-4ed4-b7e2-e50ca1dd26e4

Cresta scorecard: https://scorecard.ethicsgrade.io/company/10f04bac-103f-44f8-96ee-3eceafd98ecb

Glean scorecard: https://scorecard.ethicsgrade.io/company/fa7da0a4-ca3b-4f38-bae5-cf0865d512d7

Grammarly scorecard: https://scorecard.ethicsgrade.io/company/0f72bf4a-3c6c-4fad-8199-dcedfecb5932

Jasper scorecard: https://scorecard.ethicsgrade.io/company/5f41d09f-6c23-4ee6-9f78-7e2410feb275

OpenAI scorecard: https://scorecard.ethicsgrade.io/company/1f13e0fa-f553-49ff-84ba-8332d3638260

Stability.ai scorecard: https://scorecard.ethicsgrade.io/company/eb97080f-fe36-49c6-b950-5981f7a8defb