Demystifying APIs in the AI Era
Join Katherine Forrest in this week’s episode of "Waking Up With AI" as she unravels the complexities of APIs (Application Programming Interfaces). Discover how these essential software tools enable communication between program and their critical role in AI applications like ChatGPT.
- Guests & Resources
- Transcript
Katherine Forrest: Hello, and welcome to today's episode of “Waking Up With AI,” a Paul, Weiss podcast. I'm Katherine Forrest and today is one of those days I’m going to be doing the podcast myself. As you know, we’re hardly ever in the same place, but we can't even be on the same Zoom screen at the same time. And this is one of those days, so I'm going to proceed to talk about one of the topics that I had told her I was really excited about. I'm not sure how excited she is about it, and so I get to do my thing. And so we'll be talking about the scintillating topic, and actually it is a really important topic, of something called APIs.
The acronym API is thrown around all of the time these days. And I really thought that not only did I want to, for this audience, demystify it, but I also want to explain how in particular it's being used in the AI context these days in ways that for legal department, counsel and those who are involved in acquiring tools for their companies, can be aware of certain safety issues. So let's start at the beginning of this topic of APIs, and we'll talk about what the shorthand API really means. And it means something in the software context completely apart from AI. This is not an AI developed term. It's a term that developed in the software area generally, and it's short for application programming interface. Application programming interface, but don't let those big words scare you. We'll just talk about APIs going forward. And really what an API is, and we'll give a couple of examples of this today, is it's a way for two or more software programs to talk to each other and to share information and to interact.
APIs are actually basically everywhere in our lives these days. They're all over your smartphone. They're on your computer when you're using different kinds of software programs. And they're kind of like a behind-the-scenes messaging service that allows these types of software programs to interact with each other. So I want to use an example, a first example, which is the camera app that almost every smartphone has, either your Apple iPhone or an Android. Almost all phones now have camera apps, and the camera app is one app that you might take a photo with, but you might be able to use another app, for instance, an app that allows you to make a photo book or an app that allows you to make a customized mug or sweatshirt with a photograph on it. And so you've got these various websites or other apps that are interacting, if you will, with your photo app from your camera app from your iPhone or from your Android. And so the kind of functionality that allows these two different apps to interact, the camera app and say, the photo album app, they're doing that through these APIs. That is a really cool and today an incredibly necessary kind of functionality to allow so many of our software programs that we rely on to talk to one another.
So let's talk a little bit about ChatGPT because APIs also enable cool AI tools like ChatGPT, which is, I'm using that as one example, of course, there are many kinds of now chatbots that you can download onto your phone or onto your iPad or onto any kind of tablet or computer. But the APIs that you're using with chatbots can raise certain issues regarding security or privacy or even bias. And so let's get to that part of how APIs in the AI context can raise particular issues that you'll want to be aware of in terms of, and we'll focus primarily on security and data privacy today.
So now we're going to go back to talking about APIs at a sort of basic level again, and we'll talk about them as a set of software rules that are allowing, as we've said, another software program to talk, to interact and to talk to one another. They're sort of building, if you will, a channel of communication between each other. And so, for instance, one API can use its tools to say to another API, hey, please send me the following information, and then the APIs can then engage in that exchange.
So let's use this example that that I find interesting. Far from the truth of what an API is, but it gives you a down-home example of what it is. Imagine that you're at a restaurant and you're hungry, okay? So you're not a software program, but you're at a restaurant and you're hungry. Now, at a restaurant, when you're hungry, you don't go into the kitchen. What you do is you probably sit down at the table or sit down at a counter and you use a menu, and you order from the waitstaff a particular type of food. And then the waitstaff individual will go back into the kitchen or enter it onto the information about what you want onto a program on say his or her own tablet and an API is like the combination of the menu that you've used to figure out what you wanted to order in that restaurant and the wait staff. So it's both giving you the information that you need and there's a mechanism to convey that information to the next stop, which is in our little example, the kitchen. And so it's a channel of communication that can actually result in some sort of responsive action from the kitchen, which in our case might mean that it would bring me a burger if I had like, you know, the food of my dreams.
I personally imagine APIs as parts of software programs that are like little fishing lines that are coming off of the programs and they're able to hook into other programs in certain respects and allow that kind of channel of communication to open up. And so sometimes software developers will talk about APIs as, “exposing an API,” which means making an API available to another software developer to have that software developer's software program interact with it.
So a real life example of an API moving away from our waitstaff and menu and kitchen example, but a real life example apart from that camera app that we talked about before is for instance going on to a website and you want to buy say a pair of jeans and you drop the jeans into your shopping basket and then you go to the checkout and the checkout may offer you on that website a couple of payment options one of them may be Apple Pay as a for instance and you then click on Apple Pay and Apple Pay then executes the payment portion of the transaction. That payment portion of that transaction, that utilization by the website of Apple Pay is happening through APIs. So APIs are providing this key information delivery service and interaction service.
So let's now talk about the AI part that I am particularly interested in. As we've said, ChatGPT actually has some APIs, those APIs are exposed to other developers to interact with them. And so one way that ChatGPT uses APIs is because ChatGPT is actually in the clouds, but the functionality of the ChatGPT bot that you're using is actually on your phone. You are interacting or can be interacting through a series of APIs. But what the phone developers want and what actually, more importantly, OpenAI for ChatGPT as a software developer of that particular piece of software wants is to have certain APIs available so that other software developers may be able to use them.
And they're very careful about what kinds of APIs they open up or expose. And they'll be very intentional about that so that they can have the development occur in a way that they are aware of. And they're also, apart from chatbots like ChatGPT, they're also imaged, you know, AI tools, image AI tools like Dolly or other AI-powered voice assistants where you might ask the voice assistant what's the weather tomorrow. That voice assistant AI tool would then go off, maybe search the web, come up with an answer and provide it to you. The tool that it's using to access that channel of communication with the web is an API. Or when you're asking Dolly to engage an image generation with a particular service, it might be doing that through, again, an API.
But as the world of AI has now more and more tools that vendors are licensing out, legal departments need to be aware of what APIs might be within those tools and whether those APIs that those tools have embedded within them or exposed by them can create a vector of risk. So as we've said, an API is a channel of communication, and it's probably and hopefully obvious that for individuals within corporations who want to ensure that their information is kept safe and secure, you want to know what channels of communication you're opening up, when you open up a channel of communication. So you don't just open the door. These days there are security protocols to go through the front door of a corporation. And so if you're going to be taking in a software tool that has APIs exposed, it doesn't actually have to even be an AI tool, it can be a variety of software tools. But if you've got a software tool that has APIs exposed, you're opening up potential communication channels to the external world.
In the AI area, because there are so many new tools coming into our commercial life, there are a lot of questions that we have to start asking to make sure we really understand what the vectors of risk are that we're exposing ourselves to. And one of them is whether or not the APIs that are exposed through these new AI tools are opening up any vectors of risk. The risk could be, say, a data privacy risk or risk that information that you're not expecting to get out of your company is able somehow to get out. Or you could end up having a security vulnerability. Whenever you've got, as I've said, know, software that is internal to a company that is exposed to the outside, you've got a potential opening that you have to make sure you've got security protocols in place to sort of batten down the hatches and only allow the information exchange to occur in precisely the way you want it to occur.
What you don't want is an API to create an unknown security vulnerability. And sometimes there can be something called a “backdoor.” And a backdoor is typically used in terms of an unknown and unauthorized entry point into a company's servers or into a software program. APIs are something that you want to understand, a little bit about, to be able to ask the right questions when you're taking in software tools from vendors, particularly the massive numbers of tools that are now being licensed in the AI area, and particularly when many of those AI tools are actually working in a cloud environment, which also necessitates and utilizes APIs.
And one last thing before I end for today, which is there's another really interesting aspect of APIs and AI that we'll go into in other episodes. And that's the ability to use APIs to actually fine tune a model and to have an API interact with a third party. So you might have a model, some APIs exposed by that AI model, and a third party that wants to fine tune the model or customize that model in some way for a particular use. But when that API is being used to fine-tune the model, of course, there can be a variety of AI-specific issues that can come up. For instance, we've talked in prior episodes about things like misalignment, and that can come up along with security issues and things like that.
So that is what we are talking about today with our APIs. I'm sure Anna is very sorry that she's missed this episode. But never be worried again about somebody throwing around the word API, application programming interface. You now know what it is. It's a bunch of phishing hooks that can establish a line of communication. And with that, let me sign off. I'm Katherine Forrest and thank you for joining us today on this episode of “Waking Up With AI.”
