The Gartner Hype Cycle is a graphical model that represents the maturity, adoption, and social application of specific technologies. It has five phases: innovation trigger, peak of inflated expectations, trough of disillusionment, slope of enlightenment, and plateau of productivity. It is meant to help organizations understand the potential risks and benefits of new technologies to make informed investment decisions.
Gartner produces more than 130 Hype Cycles annually. So yes, there is much hype in information technology. From zero trust to blockchain, cloud computing, and much more, the IT and information security landscapes are lined with often-overhyped technologies.
The most considerable hype now is in artificial intelligence (AI). I was at the Infosec World Conference in October, and in a sparsely attended session, the speaker said he thinks that if he had had 'AI' in the title, he would have gotten a lot more people.
In AI Snake Oil: What Artificial Intelligence Can Do, What It Can't, and How to Tell the Difference (Princeton University Press), authors Arvind Narayanan and Sayash Kapoor have written an engaging and insightful book that both acknowledges the benefits and potential of AI, and also shows the dangers of unrestrained belief in the myriad false claims of what AI can do.
The term snake oil dates back to Clark Stanley's snake oil liniment, sold as a cure-all in the late 1800s. It has since been used as a generic term for any deceptive product.
The authors write that AI snake oil is AI that does not and cannot work as advertised. Since AI refers to a vast array of technologies and applications, most people cannot, as of now, fluently distinguish which types of AI are actually capable of functioning as promised and which types are simply snake oil.
This is a major societal problem, as we need to separate the wheat from the chaff if we are to make use of what AI has to offer while protecting ourselves from its potential harms. Harms that in many cases are already occurring.
The authors do a great job of helping the reader distinguish between real AI solutions on one side and AI hype and snake oil on the other.
One area of AI rife with snake oil is predictive AI. That refers to AI that can predict future or otherwise unknown events. The authors state that not only does predictive AI not work today, but it likely never will work, because of the inherent difficulties in predicting human behavior.
While Clark Stanley's snake-oil liniment was ineffective, the only thing buyers lost was their money. Contrast that with AI snake oil, which is being used in areas that have significant impacts on people's lives, such as healthcare, law enforcement, and more, and the repercussions of AI snake oil can be life and death.
Readers should not think that the authors are Luddites. Narayanan is a professor of computer science and the director of the Center for Information Technology Policy at Princeton University, while Kapoor is a computer science PhD candidate there.
The authors do not oppose AI; instead, they aim to tame the irrational exuberance around it. This is needed given how often popular media has taken a non-critical approach to the many over-the-top claims from AI vendors.
A common refrain in the book is that, although there are often grand claims about what AI can do, there is remarkably little published evidence of its effectiveness.
Unlike predictive AI, which is dangerous because it doesn't work, the authors discuss AI around image classification, which presents a different danger. AI for image (and reverse-image) classification works quite well, which means it can be used for mass surveillance.
Problematic uses of government use of facial recognition have been documented. This occurs not just in totalitarian and authoritarian governments, but also in democracies such as South Korea and India.
The book's genius is that it takes a highly critical look at AI at a time when the media is writing about AI without a deeper analysis. The press reports on AI research findings as if they are facts. But research in AI is facing a reproducibility crisis. A lot of AI research is not independently verified, and without oversight, researchers have incentives to exaggerate the impact of their findings to garner attention and funding.
Researchers often make speculative claims about AI, and because of their credibility, these claims are usually assumed to be true even without empirical evidence. The authors articulately take apart many of these claims to debunk much of the histrionics around AI.
While one can debate what part of the Gartner Hype Cycle AI is in now, one could loosely consider it in the Wild West era. To tame that, the authors offer three suggestions for shaping AI for the better. These are to resist overhyped and harmful applications, create security guardrails for specific AI risks, limit the power of AI tech firms, and redistribute AI benefits. These are all non-trivial tasks and a significant challenge to implement.
A recent MIT Project NANDA study found that despite $30–40 billion in enterprise investment into GenAI, 95% of organizations are getting zero return. The outcomes are so starkly divided across both buyers (enterprises, mid-market, SMBs) and builders (startups, vendors, consultancies) that they call it the GenAI Divide. Just 5% of integrated AI pilots are extracting millions in value, while the vast majority remain stuck with no measurable P&L impact.
Narayanan and Kapoor have written an important work that balances the benefits and the real capabilities of AI while grounding readers in its reality. Too many people are smitten by AI and oblivious to its evident failings. AI has massive potential, but it is a limited potential, not a cure-all for everything. The authors help the reader understand AI with a most discerning eye.
Anyone with an interest in AI is highly advised to approach it with caveat emptor and a serious read of this most important book.