You Can't Govern What You Can't See: AI Risk in the Enterprise

Here is the problem nobody wants to say out loud: most organizations approved an AI platform, ran a security review, checked the compliance box, and called it governed. Six months later, a dozen business units are using that same platform in ways nobody anticipated, feeding it data categories that were never part of the original review, and the security team finds out by accident.

That is not a governance failure in the traditional sense. The policy existed. The approval process ran. The controls were documented. What failed was visibility. And visibility is a different problem entirely.

I run enterprise cybersecurity across a large, complex organization. The thing that keeps me up at night about AI is not the threat actor who might exploit an AI system. It is the slow accumulation of exposure that happens in plain sight, across legitimate usage, by well-intentioned employees trying to do their jobs faster. The risk is not malicious. It is structural.

The fragmentation problem

Every organization I talk to has the same shape of problem, even if they describe it differently. Security teams know what they can see from a technical posture perspective. Procurement teams know what contracts they signed. Governance teams know what policies they published. Compliance teams know what regulations apply. Business units know what tools their people are actually using.

None of those groups have the full picture. Worse, the risk is not in any single piece. It lives in the interaction between them.

A vendor passes a security review. Good. That same vendor updates its data retention policy six months later. Did anyone catch that? A business unit expands its use of an approved AI tool from summarizing meeting notes to drafting legal communications. Does the original risk assessment still apply? A model configuration gets changed to allow broader data sharing in exchange for better output quality. Who owned that decision?

Each individual development looks manageable in isolation. The combination can quietly move an organization from acceptable exposure to something materially different, with no single event triggering a review.

This is what makes AI risk genuinely harder than the technology risks that came before it. Traditional cyber risk management was built on a relatively stable assumption: assets exist, vulnerabilities exist, threat actors try to exploit those vulnerabilities, and controls reduce the probability or impact of that happening. The model is not wrong. It is just incomplete for AI.

AI risk does not sit neatly inside an asset. It emerges from behavior: how people use the system, what data flows through it, how dependent business processes become on its outputs, and how all of that changes over time without anyone necessarily authorizing the change.

The maturity trap

There is a trap in early AI governance maturity, and I have watched organizations fall into it repeatedly. The trap is mistaking a completed inventory for actual visibility.

Building a catalog of approved AI tools is necessary. It is not sufficient. Knowing that a tool is approved tells you nothing about how it is being used today, what sensitive data categories are moving through it, whether the vendor's risk posture has shifted, or whether the use case has expanded beyond the original approval scope. An inventory is a snapshot. AI exposure is a continuous process.

Aviation safety culture figured this out the hard way. The discipline of crew resource management was built on the recognition that accidents rarely happen because of a single catastrophic failure. They happen because of chains of small errors that no single person in the cockpit fully observed. The fix was not more checklists at the start of a flight. It was building continuous situational awareness into the operation itself. You do not just check conditions at departure. You monitor them throughout.

AI risk management needs the same shift. The question is not whether you approved the tool. The question is what is happening right now, and whether the current state of usage, configuration, dependency, and vendor posture still reflects the risk level you accepted when you made the approval decision.

What intelligence actually means

The word "intelligence" gets used carelessly in security. In practice, intelligence is not more data. It is contextualized understanding that supports a decision.

A security team that knows an AI vendor has a new critical vulnerability has data. A team that can connect that vulnerability to specific business processes that depend on that vendor, the data categories flowing through those processes, the regulatory obligations attached to that data, and the cost of disruption if that vendor goes offline, that team has intelligence. Those two teams will make very different decisions with the same raw information.

This is where quantitative risk analysis earns its place. The point of expressing risk in financial terms is not to produce a precise number that nobody believes. It is to force the question: significant relative to what? A vulnerability in an AI system used to suggest playlist recommendations is not the same risk as a vulnerability in an AI system that influences claims adjudication or benefits determinations. Both might register as "high" on a qualitative heat map. They are not the same decision.

Running enterprise cybersecurity at scale means I make resource allocation decisions constantly. More controls on this, less scrutiny on that, defer this review, accelerate that remediation. Every one of those decisions is an economic judgment, whether or not it is framed that way. The organizations that will manage AI risk well are the ones that stop pretending those decisions are purely technical and start making them as the business tradeoffs they actually are.

What to do differently

Stop treating AI governance as a one-time approval workflow. Build continuous monitoring of usage patterns, vendor posture changes, and configuration drift into the oversight model. The approval event is the beginning of the risk management process, not the end of it.

Break down the silos between security, governance, compliance, and procurement when it comes to AI. Those groups are each holding part of the picture. The risk lives in the white space between their domains. Someone needs to own the integrated view.

Push toward quantification early, even if the estimates are rough. A range with acknowledged uncertainty is more useful for decision-making than a color on a matrix. "This exposure is probably worth between X and Y to an adversary, and disruption would cost us approximately Z" is a sentence that executive leadership and boards can reason about. "High risk" is not.

Accept that the environment will keep changing faster than any static governance model can handle. The AI tools your employees are using six months from now will be different from what they use today. The vendors will have changed their policies. The use cases will have expanded. Continuous visibility is the only way to stay oriented, not periodic review.

The organizations that manage AI well in the next decade will not be the ones that restricted it most aggressively, and they will not be the ones that adopted it most carelessly. They will be the ones that built the capability to see clearly and decide quickly. Visibility first. Then intelligence. Then decisions that actually stick.