Ontario auditor finds gov. staff use unsecured AI websites

Ontario Public Service (OPS) staff had access to unsafe AI websites, increasing the risk of data exposure, the province's Auditor General (AG), Shelley Spence, has concluded in a report.

In a 50-page document released this week, the independent government office found that the Ministry did not block OPS staff access to unsafe and unauthorised AI websites on work devices, nor had it implemented safety precautions to prevent staff from accidentally uploading Ontarians private information onto the sites.

Following interviews with key Ministry staff and members of the AI Executive Steering Committee, as well as a data review from January to November of last year, the Ministry has agreed with the Auditor General's recommendation to further strengthen the OPS AI Strategy. The Ministry will seek insight from industry experts and cross-jurisdictional sources. Additionally, it will establish a clear timeline for regular reviews.

Various other recommendations were provided for further AI risk within the OPS.

The AG reported that 12,000 OPS staff accessed over 400 AI sites, which were scored with the cybersecurity tool Microsoft Defender. Sixty per cent were found to be a threat when analysed. Additionally, only three per cent of OPS staff had completed the Ministry's non-mandatory responsible AI use training.

The AG recommended that the Ministry block staff's access to unsecured AI websites and ensure that all staff take relevant safety training. In its response, the government stated that it has blocked high-risk sites and is working to implement appropriate training measures.

Microsoft Copilot Chat is the only approved GenAI website within the OPS. Additionally, it must be used in the Microsoft Edge browser. The report found that OPS staff posed a risk of data exposure by using alternative browsers.

The AG recommended establishing Key Performance Indicators to measure Copilot adoption, reporting them to management monthly, and blocking access to Copilot Chat in other browsers.

In general, the report concluded that the OPS's AI strategy is lacking many components. Other issues cited by the AG included a risk of bias in the province's AI-powered Document Verification System (which scans faces to verify identity) as well as in Supply Ontario's AI Scribe Program (which reportedly hallucinated patient treatment plans in nine of 20 system vendors).

In its response, the Ministry said it is working to strengthen partner oversight and to investigate bias in the DVS. Supply Ontario will include minimum thresholds in the evaluation of future AI-related tech, obtain third-party reports for evaluations such as SOC 2 Type 2, among other tests, including security compliance and bias. Supply Ontario said it agrees with all recommendations except for increasing the criteria weight of sed privacy and security controls, which it believes is appropriate in its current form.

Under the Enhancing Digital Security and Trust Act, launched in January 2025, the Lieutenant Governor in Council can set technical requirements for public-sector entities, establish AI oversight and develop a responsible framework.

Prior to the act, the Ministry developed an AI framework for the OPS's approach to using AI, including principles to define the responsible use of AI within government. This "playbook" was launched in September 2023.