AWS Certified AI Practitioner Practice Exam

Which solution scope provides the most security responsibility for a company using generative AI?

• A. A. Using a third-party enterprise application with embedded generative AI features
• B. B. Building an application using an existing third-party generative AI foundation model
• C. C. Refining an existing third-party foundation model by fine-tuning
• D. D. Building and training a generative AI model from scratch with specific customer data

The correct answer is: D. Building and training a generative AI model from scratch with specific customer data

Building and training a generative AI model from scratch with specific customer data places the greatest security responsibility on the company. This approach requires the organization to handle all aspects of data management, model development, and deployment, meaning they must ensure the security, compliance, and privacy of the data used for training. The responsibility includes protecting sensitive customer information, developing secure algorithms, and implementing appropriate security measures to safeguard both the model and the data. By creating a model from scratch, the company has control over the data and algorithms, allowing them to manage risks associated with data breaches or misuse. However, this also means they must address potential vulnerabilities and ensure that the model adheres to applicable regulatory standards. In contrast, using a third-party enterprise application or leveraging pre-existing foundation models reduces some security liabilities since those providers may have shared responsibility frameworks in place. While refining a third-party foundation model does involve some level of customization, the underlying security and infrastructure concerns are still largely managed by the third-party provider. Therefore, the most security responsibility lies with organizations that create and train their own generative AI models from the ground up.