Unlocking AI at scale: Crafting a compliant and high-impact AI strategy

Regulated Industries and AI Adoption

• Regulated industries, such as financial services, healthcare, telecommunications, and energy, are the backbone of the global economy and face unique challenges in adopting cutting-edge technology, including artificial intelligence (AI) tools, while maintaining strict regulatory environments 42s.
• These industries need to accelerate AI adoption while ensuring compliance with regulatory requirements, and they are enthusiastic about AI's potential to achieve massive productivity gains, reduce human error, and maintain competitiveness 1m45s.
• To responsibly scale AI, organizations must consider several factors, including responsible AI, audit rights and resiliency, data transparency, and vendor track record 2m33s.
• Technical partners play a key role in helping organizations meet these requirements and demonstrate that AI solutions are secure, safe, and trustworthy 3m18s.

GitHub's Responsible AI Approach

• GitHub, in tandem with Microsoft, has developed a responsible AI story with earning customer trust in mind, using Microsoft's AI standard to map, manage, and measure risks during the development life cycle 3m39s.
• GitHub offers indemnity coverage for copyright infringement, solutions for auditability, and industry-leading resources through its GitHub Copilot Trust Center to support customers in meeting regulatory requirements 3m56s.
• The GitHub Copilot Trust Center is a hub with compliance materials and information on topics like responsible AI, security, and privacy, tailored to help customers meet regulatory requirements and support business objectives 4m38s.
• When scaling AI, it is essential to find a technical partner who can help navigate complexities and meet robust government requirements, and GitHub can help customers meet these requirements 5m0s.

Establishing a Governance Structure for AI

• To adopt AI and help businesses benefit from the technology, establishing a governance structure that is resilient, adaptable, and equipped to handle current and emerging compliance needs is crucial, especially with global regulations like GDPR, the AI Act, and the Digital Operational Resilience Act (Dora) shaping these requirements 5m21s.
• The key consideration is to verify and ensure that the AI tools being scaled are compliant and built in alignment with legal regulations, and that the vendor is willing and able to adapt to changing requirements 6m2s.
• This is a shared responsibility between the business and the technical vendor, requiring a partnership to address governance details at the start of the adoption process 6m34s.
• Prioritizing working through governance details with the vendor is essential to avoid roadblocks, and the vendor should be willing to work collaboratively to address these requirements 7m11s.
• Scaling AI responsibly requires collaboration, transparency, and a partner that seeks to earn and maintain trust, especially as the regulatory landscape and technology evolve 7m35s.

GitHub's Commitment to Trust and Compliance

• Having a trusted partner is crucial for organizations to navigate the dynamic environment, and GitHub is committed to being that partner for the long term, providing industry-leading security, robust contractual commitments, and continuous product updates to ensure compliance 8m0s.
• GitHub's three-layered approach includes leaning in on existing legal safeguards, adding state-of-the-art technical mitigation, and wrapping it all in clear, easy-to-understand contract protections 8m23s.
• The company recognizes that organizations need more than just technology to stay compliant and accelerate human progress, and is committed to working with customers every step of the way to drive business value and accelerate human progress 8m52s.

AI Adoption in Regulated Industries

• Elizabeth Pemal, Chief Revenue Officer at GitHub, shares her experience working in the public sector and deploying innovative technology in regulated industries, highlighting the importance of guardrails, compliance, and controls in these implementations 9m31s.
• Highly regulated industries have been some of the most robust adopters of AI and co-pilot at scale, due to the massive benefits it brings, such as productivity improvements, operational efficiencies, risk reduction, and managing regulatory and compliance requirements 10m18s.
• The adoption of AI is proving to be a competitive advantage that separates market leaders from the rest, with over 77,000 organizations and 1.8 million users working with the co-pilot developer platform 10m52s.
• To get the most impact from AI, especially in regulated environments, it's crucial to focus on what happens after day one and how to adopt co-pilot at scale 11m22s.

Scaling AI Adoption: A Phased Approach

• Adopting AI at scale requires a plan, starting with a contained rollout to work through friction points and celebrate early successes 13m3s.
• Defining success and creating a baseline to measure it is essential, as co-pilot is an investment in developer experience, which means different things to every organization 13m11s.
• Organizations should take stock of what they're measuring in their developer experience, redefine their KPIs, and come up with a plan to collect and analyze data through the lens of specific goals and use cases 13m27s.
• The co-pilot metrics API provides data on product usage at the team, organization, and enterprise level, and will provide data at the user level by early 2025, which is an important input for planning and understanding usage patterns and training opportunities 14m2s.
• To implement AI at scale, it's essential to define success and establish key performance indicators (KPIs) to measure progress, and then identify a manageable and controlled cohort to start with, such as 10% of the development population adopting GitHub Co-Pilot in the first 90 days 14m24s.
• A team-by-team approach can be taken based on the desired outcomes, starting with teams that have the most to gain and are likely to embrace change and become internal champions 14m57s.
• A phased adoption plan with clear entry and exit criteria and a commitment to addressing blockers should be built, taking into account different personas, such as champions, administrators, and developers, each with their own roles and challenges 15m14s.
• A one-size-fits-all plan is often unsuccessful, so it's crucial to identify the needs of each persona and provide them with the necessary training and enablement journey 15m27s.
• Hands-on experience with the tool, such as through hackathons and workshops, is essential for developers to test the limits of Co-Pilot and explore new models 16m7s.
• After initial onboarding, a bold but achievable goal for widespread adoption should be set, such as 80% of developers engaging with Co-Pilot actively over a 28-day period 16m32s.
• The difference between initial adoption and widespread adoption lies in people and culture, so it's essential to find influential developers, empower them, and lean on them as internal champions to share best practices and promote the use of Co-Pilot 17m4s.
• Executive support throughout the process is crucial, and executive sponsors should be engaged beyond the initial point to amplify success, remove obstacles, and drive alignment between company goals and Co-Pilot's benefits 17m32s.
• With the backing of executive sponsors and internal champions, a growing group of users can be created, and a thriving internal community can be built, but it's essential to market the community internally and provide resources to support developers 17m53s.

Resources and Support for AI Adoption

• GitHub offers various resources, such as the GitHub Adoption Framework, Professional Service offerings, and partners, to support companies on their AI adoption journey 18m21s.
• Investing in one's own AI journey often requires outside experts, especially in highly regulated industries, and can be helpful in fundamentally changing the way a company works, with tools like GitHub's co-pilot offering expert services and industry-specific solutions to optimize the journey 18m41s.
• Companies that invest in expert services see a 100% increase in durable usage of co-pilot in the first three months of implementation, compared to those that do not invest 19m19s.

Measuring the Impact of Co-pilot

• Once AI adoption reaches scale, it's essential to track and demonstrate the impact of co-pilot in the organization by revisiting initial KPIs and monitoring progress 19m37s.
• Key benefits of co-pilot include simplified workflows, task automation, remediating vulnerabilities, increasing development velocity, improving code quality, navigating compliance and regulatory requirements, and improving developer happiness 19m59s.

The Future of AI in Software Development

• AI as a code assistant is just the beginning of a larger puzzle for customers in regulated industries, with the next phase of AI introducing new functionality that will bring co-pilot across the software development life cycle (SDLC) 20m34s.
• Regulated industries will be the first and earliest adopters of this next phase of AI, with companies like GitHub serving as strategic partners to navigate this journey 20m57s.

Cultivating a Strong Developer Experience at JP Morgan Chase

• Sonia Saran, CIO at JP Morgan Chase, discusses cultivating a strong developer experience at JP Morgan in the age of AI, with the company operating at a large scale and managing platforms that allow for rapid acceleration and deep responsibility 21m14s.
• JP Morgan is the most globally systemically important bank in the world, moving $11 trillion a day, and hosting essential services for the firm and the global economy, with 43,000 software engineers and almost 100% adoption of the engineers platform 22m25s.

JP Morgan Chase's Engineering Platform

• JP Morgan Chase performs over 2 million builds and scans per month, requiring a platform that scales and is available, with multi-cloud provider type of resiliency, and is not just available in multiple availability zones or regions 23m18s.
• The company's environment is complex due to heterogeneity, leading to the formation of the Engineers Platform to simplify the ecosystem, making it easy for onboarding, security, and compliance, with features like self-service environment provisioning and tools provisioning 24m11s.
• The Engineers Platform aims to address common complaints from software engineers, such as spending too much time setting up environments and discovering information, by providing self-service capabilities 24m32s.

The Potential of AI at JP Morgan Chase

• JP Morgan Chase sees the potential of AI as a game-changer in their acceleration journey, with plans to unleash the power of generative AI, build autonomous and self-healing systems, and modernize their transformation 24m56s.
• The company is exploring the benefits of AI in various stages of the software development life cycle, with gen Solutions already deployed to about 1/4 of their engineers 26m53s.
• The goal is to achieve relentless acceleration with security, stability, and compliance, using AI as a multiplier effect to enhance productivity and acceleration 26m44s.
• Developer experience is crucial, and JP Morgan Chase aims to provide a seamless experience, with AI playing a key role in reducing context switching and improving day-to-day productivity 26m3s.
• The company is excited about the potential of AI to bring benefits in various stages of the software development life cycle, and is exploring ways to leverage AI to enhance their engineering practices 27m11s.

JP Morgan Chase's Journey to the Cloud

• The journey to the cloud is a crucial step in enabling the adoption of AI technologies like Co-Pilot, and it involves setting a foundation of security, safety, and compliance before even considering generative AI 27m28s.
• The organization's journey to the cloud began several years ago, initially with GitHub Enterprise Server, but made a pivot two years ago to take advantage of generative AI and more advanced capabilities as a SaaS service provider 28m35s.
• The motivation for switching to a SaaS provider was to access new capabilities and faster production deployment, but it also brought its own set of regulatory and security challenges 29m4s.
• To address these challenges, the organization created a service that interacts with GitHub Cloud behind the scenes, providing an abstraction layer to protect JPMorgan Chase's infrastructure 29m59s.
• The organization worked with the GitHub team to ensure a stringent third-party oversight process, including checks on vulnerabilities and evidence from the vendor, as well as regular audits 30m28s.
• Adoption of GitHub Cloud was also crucial, with a focus on seamless adoption to GitHub source control, particularly for a large organization that was previously a big Bitbucket shop 30m59s.
• The key to successful adoption is to ensure that the transition is seamless and that all stakeholders are on board with the new technology 31m6s.
• The organization's number one priority is protecting the firm, and this requires a high level of paranoia and vigilance in terms of security and compliance 30m16s.
• The organization's approach to security and compliance involves a combination of checks, evidence from vendors, and regular audits to ensure that all capabilities have full traceability of every single transaction and event 30m47s.
• The goal is to achieve seamless migration with no adoption challenges, and this involves a paradigm shift in working with tools like GitHub Co-Pilot and Bitbucket, where all repositories, plugins, and more get migrated behind the scenes 31m17s.

Security and Compliance in the Age of AI

• The regulatory aspect of AI is critical, and it's essential to bake in security and compliance into the platform to ensure that application developers have access to vulnerability checks and compliance checks from day one 31m38s.
• Adding AI to the platform is a whole new ball game, especially with the involvement of vendors and platforms, and it's crucial to differentiate the risks that Large Language Models (LLMs) pose 32m26s.
• The focus is on code attribution, origination, and transparency, as well as the legality of code recommendations, to ensure full transparency and legality of the code 32m47s.
• Working with the legal team to ensure data used agreements, SLA agreements, and other risk and control measures are in place is essential, and a partnership approach is necessary to address hard issues and new technologies 33m20s.
• The partnership between teams has been successful in addressing evolving issues in new technologies, and it's essential to work together to unpack and solve problems as they move forward 33m41s.

Balancing Innovation and Regulation

• Managing a scaled platform in a highly regulated industry while delivering innovation to engineers requires a deep understanding of the developer persona, which is considered the most difficult persona to please 34m39s.
• The key to success is to balance the push and pull of delivering innovation while managing regulatory requirements, and it's essential to work with peers in the industry to achieve this balance 35m4s.

AI Use Cases in Software Development

• Many AI tools are available, and early use cases with generative AI are mainly focused on the build, integrate, and test phases of the software development life cycle (SDLC), but there are other phases such as design, ideate, deploy, operate, and troubleshooting AIops that also need to be tackled 35m12s.
• The majority of time spent by developers is not in coding and testing, but rather in setting up environments, discovering information, and other tasks, with some of the best teams spending about 30-40% of their time in the coding and testing phase 35m50s.
• To improve productivity, AI tools can be used to reduce the time spent on tasks such as discovery of information, and some early use cases are being explored with curated and non-curated content, chat, and Q&A type integrations 36m18s.
• The goal is to enable developers to spend more time in the Integrated Development Environment (IDE) and reduce context switching, with features like co-pilot providing information in the context of what they are doing 36m52s.
• More advanced use cases are being explored around environment setup, including day two operations and technology life cycle management, which is where engineers spend about 70% of their time 37m15s.

JP Morgan Chase's Risk and Controls Process for Generative AI

• A 15-step risk and controls process has been put together for generative AI, which may seem heavyweight but is necessary for transparency and responsible AI, and includes steps such as identifying use cases, sponsors, and data usage 37m51s.
• The process is designed to provide full transparency and ensure that experiments are run responsibly, with a commitment to responsible AI across the firm 38m10s.
• JP Morgan is a leader in the deployment of generative AI at scale in a highly regulated environment, and the journey is ongoing, with a focus on accelerating progress while maintaining transparency and responsibility 38m39s.