Skip to lesson content
Free course

AI Foundations / Module 6 / M06-U07 · 15-20 minutes

M06-U07 · 15-20 minutes

Applied Checkpoint: Control a Training Application Assistant

Complete the activity before revealing the model answer. Record one change you would make after comparison.

All people, records, and organisations in this activity are fictional.

Proposal

A training centre proposes an AI assistant that will:

  • Read applications containing names, contact details, employment history, disability-adjustment requests, and free-text notes.
  • Search public websites for more information about applicants.
  • Rank applicants for a limited free course.
  • Automatically reject the bottom half.
  • Email decisions without staff approval.
  • Read attachments and follow instructions found in them.
  • Store prompts, outputs, and tool logs without a retention limit.

No approved data process, fairness test, accessibility review, security test, appeal route, or named owner exists.

Your work

  1. Identify affected people and possible harms.
  2. Classify the proposed information and remove unnecessary data.
  3. Identify untrusted-content and agent-action risks.
  4. Identify fairness and accessibility questions.
  5. Identify rights or policy questions requiring specialist review.
  6. Assign controls to named roles.
  7. State a clear escalation route and stop condition.
Reveal the model answer

Decision

Reject the proposed automated workflow. Do not upload applications or enable search, ranking, rejection, or email actions.

Main risks

  • Applicants may lose an opportunity through an unsupported high-impact ranking.
  • Personal, confidential, employment, and adjustment information would be exposed without an approved purpose or tool.
  • Public searches may collect irrelevant, inaccurate, or unfair information.
  • Attachments may contain malicious or conflicting instructions.
  • Automatic email and rejection actions occur before meaningful review.
  • Indefinite logs create unnecessary privacy and security exposure.
  • No accessibility, challenge, correction, or human-support route exists.

Required redesign

  • Programme owner: define lawful purpose, criteria, evidence, benefit, and human-led decision process.
  • Privacy/data owner: identify permitted fields, minimise data, approve service and retention, and define correction/deletion routes.
  • Security owner: block attachment instructions from controlling tools; restrict permissions; test hostile content; protect and limit logs; define monitoring and incident response.
  • Accessibility lead: test the complete application, communication, correction, and support process.
  • Authorised selection panel: make decisions using approved criteria and relevant evidence; provide review and challenge routes.
  • Legal/rights specialist: review applicable duties, notices, terms, fairness, and any external search or data-source proposal.

Stop condition

Stop before any real application is uploaded. The process may not enter pilot until the named owners approve the data map, human-led criteria, accessibility route, security controls, retention, notices, and challenge process. Any instruction inside applicant content must be treated as untrusted and must not trigger a tool or action.

Reflection

Which single proposed capability creates the largest immediate increase in harm, and which control addresses it directly?