Use of AI

1. Introduction

We use AI to enhance our work—like writing code faster, testing apps, or managing projects. AI is a powerful tool, but it comes with risks, such as data breaches, ethical mistakes, or unintended actions. This policy explains how we’ll use AI responsibly to protect our team, our clients, and our projects.

Why this matters:

AI can improve our work but must be used carefully.
We often handle sensitive information (like health data), so we need clear rules.
Following this policy keeps us ethical, secure, and compliant with laws like South Africa’s Protection of Personal Information Act (POPIA).

2. Key Terms

Here are simple definitions so we all understand the basics:

AI Tools: Software powered by artificial intelligence, like coding assistants (e.g., GitHub Copilot, Cursor IDE) or chatbots.
Sensitive Data: Private information we must protect, such as personal details, health records, or payment info.
POPIA: A South African law that tells us how to handle personal data safely.
“YOLO” Mode: A feature in some AI tools (e.g., Cursor IDE) that lets the AI run commands on your computer without asking for approval each time—like installing software or fixing code automatically.
Secrets: Sensitive project details like API keys, tokens, or passwords that must stay private.

3. Our AI Principles

We follow these five rules when using AI:

Ethical Use: AI should never harm people or break trust. For example, we won’t use it to trick anyone.
Transparency: We’ll be open about when and how we use AI, especially with clients.
Accountability: If AI causes a problem, we own it and fix it.
Fairness: AI must treat everyone equally and avoid bias, especially in projects like health apps.
Security: We keep all data safe when using AI tools, especially when tools might access secrets like tokens or passwords.

4. Acceptable Use of AI

AI helps us, but it doesn’t replace us. Here’s what’s okay and what’s not:

Allowed:
- Use AI to write code, brainstorm ideas, or speed up testing—but always review its output.
- Use AI for drafts, like in IDEs (e.g., VS Code, Cursor), but double-check the results for accuracy and safety.
Not Allowed:
- Don’t let AI make big decisions (like approving a project) without a human checking it.
- Don’t enable “YOLO” mode in tools like Cursor IDE, where AI runs commands automatically—this could delete files, install risky software, or disrupt projects without you noticing.
- Don’t put sensitive data—like health records, tokens, or passwords—into public AI tools unless it’s anonymized (no names or personal details).
Human Oversight: Anything AI creates (code, designs, etc.) must be reviewed by a team member first. For tools with “YOLO” mode, turn it off and manually approve every action to avoid mistakes.

5. Data Handling and Security

Protecting data is a top priority, especially for sensitive projects:

Sensitive Data: Don’t enter private info (like health records) into unapproved AI tools. Anonymize it first if needed.
Secrets in Projects: Tools like IDEs (e.g., VS Code, Cursor) might access secrets—API keys, tokens, or passwords—in your code. Never let AI tools see these directly; use environment variables instead (e.g., API_KEY=”****”) and check tool settings to ensure they don’t upload or log your work.
Approved Tools: Only use AI tools checked and okayed by our IT team.
POPIA Rules: Follow POPIA by getting permission to use data, keeping it secure, and using it only as agreed.
Security Tips: Use strong passwords, update software regularly, and report any problems (like a data leak) right away. If an AI tool asks for unusual permissions, stop and report it.

6. AI in Software Development

When AI helps us build apps or websites:

Code Review: A developer must check all AI-generated code to ensure it’s good and safe—especially if tools like Cursor suggest commands that could run automatically.
Secrets Management: Don’t hardcode secrets (e.g., tokens, passwords) where AI tools can access them; replace them with placeholders when seeking AI help.
Documentation: Note where AI was used in a project (e.g., “AI wrote this login feature”).
Client Updates: Tell clients if AI was part of their project, especially for health-related work.

7. Risk Management

We stay ahead of AI risks by:

Bias Checks: Test AI tools to ensure they’re fair and don’t favor one group over another.
Security Scans: Look for weaknesses in AI tools—like accidental exposure of secrets—and fix them. Be cautious with “YOLO” mode features that could act without oversight.
Report Issues: If AI messes up (e.g., a bug, bias, or security risk), tell your manager immediately.

8. Training and Awareness

Everyone needs to know how to use AI the right way:

Training Sessions: We’ll hold regular training on AI ethics, data safety, and how to handle tools with “YOLO” mode or access to secrets.
Stay Informed: We’ll share updates and resources about AI so you’re always in the loop.

9. Governance

An AI Ethics Committee will manage how we use AI:

Tool Approval: They decide which AI tools we can use and check settings like “YOLO” mode or data access.
Policy Check: They ensure we’re following this policy.
Client Needs: They’ll adjust AI use for clients with special rules (like health companies).

10. Client-Specific Requirements

Some clients, especially in health, need extra care:

Health Projects: Follow global guidelines (like the World Health Organization’s) to keep health apps safe and fair.
Be Open: Let clients know when we use AI and get their okay if required.

11. Policy Review and Updates

AI changes fast, so we’ll update this policy every six months.

Your Input: Tell us how we can make it better.
Updates Shared: We’ll let you know if anything changes.

12. Acknowledgment

You need to read and follow this policy. Breaking it could lead to consequences, like disciplinary action.

Yearly Sign-Off: Once a year, you’ll confirm you’ve read and agree to this policy.

13. Questions?

Confused about AI, “YOLO” mode, secrets, or this policy? Ask your manager or your lead. We’re here to help!

Also see Ten Commandments for Using AI