Skip to content

5.1 Roadmap for the Adoption of Generative AI

AI integration must be planned. If done haphazardly, it exposes the company to major legal and financial risks.

5.1.1 Risks of Shadow AI

Shadow AI refers to the use of AI tools by employees without company approval or oversight.

Why is this dangerous?

  • Security: sensitive data leaks to public tools.
  • Legal: licensing issues (who owns the generated code?).
  • Quality: no validation of generated results.

Red thread: MagicFridge

Before the official implementation of GUS, an impatient developer secretly used a free online AI to fix his bugs. He copy-pasted the entire source code of the payment module.

Consequence: MagicFridge's proprietary code potentially ends up in a third-party company's training database.

5.1.2 Key Aspects of a GenAI Strategy

To succeed, the strategy must define:

  1. Objectives: what do we want to improve? (Speed? Coverage? Cost?).
  2. Compliance: adherence to GDPR and the AI Act.
  3. Data quality: AI cannot test well if input specifications are bad ("Garbage In, Garbage Out").

5.1.3 Selecting Models: LLM vs. SLM

It is not just about the giants (Gemini, GPT-5, Claude 3). The syllabus introduces an important distinction for the exam:

  • LLM (Large Language Model): huge, generalist models, very "intelligent" but slow and expensive.
  • SLM (Small Language Model): compact models, fewer parameters, faster, cheaper, and hostable locally.

Selection criteria: model performance, recurring cost, fine-tuning potential, community and support.

Red thread: MagicFridge

The MagicFridge CTO must choose models for two tasks:

  • Task A: creative recipe brainstorming.
    • Choice: LLM (e.g., Gemini). Need for creativity and immense general knowledge. The cost is acceptable as it is occasional.
  • Task B: code completion for developers.
    • Choice: SLM (e.g., a specialized model with 7 billion parameters). It must be ultra-fast (milliseconds) and run locally to prevent code leaks.

5.1.4 Adoption Phases

The ISTQB defines 3 classic phases:

  1. Discovery: awareness, training, isolated PoCs (Proof of Concept).
  2. Initiation and usage definition: selection of priority use cases, infrastructure setup (RAG).
  3. Utilization and iteration: widespread deployment, ROI measurement, continuous improvement.

🎓 Syllabus point (key takeaways)

  • Shadow AI: security enemy #1.
  • Strategy: must include clear objectives and a strict data policy.
  • Selection: do not neglect SLMs (Small Language Models) for specific tasks requiring speed and confidentiality.


Is this course useful?

This content is 100% free. If this section on MagicFridge helped you:

Buy Me a Coffee
It's 0% fees for me, and 100% fuel for the next chapter! ☕