(Editor’s note: This is the 42nd installment of a monthly column on the growing number of cyberthreats facing businesses of all sizes and what they can do about them. See previous installments here.)
As artificial intelligence adoption and deployment pick up speed, critical risks and exposures are emerging.
Today, there is a “context debt” inherent in systems and data. For the modern CEO and board of directors, the risk isn't just a technical breach. It is a fundamental inability of AI to understand the business value of what it is serving and protecting. Building an AI-enabled enterprise requires moving beyond tactical software procurement. You are not just deploying code; you are altering the foundation of operations and, in turn, the operational risk. Data without context has little meaning and cannot be fully understood or have significance.
Current data and asset inventories are often static, quickly outdated lists that lack the insights necessary for an AI agent to determine if an asset is properly protected. Without a documented, readable business context, AI will prioritize the wrong findings or ignore a "crown jewel" because it wasn't explicitly tagged accordingly.
Executives must mandate that the business context becomes a core data asset. Large language models and autonomous agents are remarkably literate but functionally clueless. They lack the tribal knowledge, the specific business logic and the nuanced risk appetites that define a successful organization.
When we rush to embed AI into core business applications, from automated customer service to real-time supply chain management, we are often handing the steering wheel to a driver who has read the manual but has never seen the road. AI without context produces content, but not necessarily correct or safe outcomes. We need to stop treating AI as a magic tool and start treating it as a strategic business initiative. This means demanding things such as “use case mapping” that identifies not just where AI can be used, but where it should be used, based on strategic business value. If you can’t define the “why" as well as specific business guardrails, you are funding an extremely expensive failure.
For years, technologists and security professionals have fought “shadow” information technology – the use of unauthorized software, hardware or systems by employees to perform work tasks without the knowledge of the business. Now with AI, we have introduced its more dangerous cousin: shadow AI. Because the barrier of entry is so low, departments are spinning up solutions and connecting them to sensitive data repositories without any concept of business context, risk or business oversight.
This creates a massive visibility gap. A company cannot secure or govern what it cannot see. If a marketing team is using a third-party agent to analyze customer sentiment, and that agent is feeding proprietary data back into a public model, it could create a massive regulatory and intellectual property leak that no firewall can stop.
Executives must mandate an inventory of all AI agents and models operating within the enterprise. This isn't just about security; it’s about data hygiene. You need to know exactly which models are touching which data sets, and more importantly, who owns the truth when models disagree.
Leaders and boards must establish "human in the loop" standards. AI should enhance the speed and scale of the business, but humans must review and approve the actions. We must implement hybrid feedback loops by creating standards where human experts provide feedback to the AI recommendation models, training the system on prerequisites and institutional knowledge that the code cannot see.
We as leaders must ensure that the teams deploying AI are also responsible for its long-term resilience. Don't reward speed at the expense of stability. If an AI initiative is struggling with data quality or hallucination issues, leaders must expose those truths early. AI is a marathon of refinement, not a sprint of “set it and forget it.”
The future of an AI-enabled business depends on the ability to provide that AI with the proper business context. If you treat security as an afterthought, AI will be blind to the business goals and risks. If you integrate business strategy and risk management directly into AI initiatives, you move from a reactive, risky posture to a proactive, resilient enterprise.
Next month: Why quantum should be top of mind now for business leaders.
Jason Albuquerque is the chief operating officer of Pawtucket-based Envision Technology Advisors LLC. You can reach him at www.envisionsuccess.net.
