{"slug": "what-one-year-in-ai-security-and-governance-changed-about-how-i-see-ai", "title": "What One Year in AI Security and Governance Changed About How I See AI", "summary": "After a year working in AI security and governance, a marketing professional now prioritizes data privacy over tool functionality, asking where data goes and who has access before adopting AI. The experience revealed that the biggest challenge is discovering where AI is used inside organizations, as employees often adopt tools through personal accounts or bundled features without approval.", "body_md": "I have become the annoying person who asks, “Can I run this locally?”\n\nThis is mainly because after working around AI security and governance for a year, I have started noticing how easily data leaves the systems we understand and enters systems we barely think about.\n\nI admit that this is a slightly irritating change in my personality.\n\nA year ago, if I found a tool that helped me automate something, summarize something, enrich some data, or speed up a GTM workflow, my first question was usually: does this work?\n\nNow I still ask that. Obviously. I still like useful tools. I probably use AI more than I did before, not less.\n\nBut there is another question I always ask now:\n\nWait, what did I just give this thing access to?\n\nOkay, this was dramatic, I usually ask that question before giving it permissions, but that wouldn’t make it that dramatic for this blog, so deal with it.\n\nAnyways, that question is probably the biggest change.\n\nI still work in marketing and GTM engineering. This is not a “I left marketing and became an engineer” article because that is not true. But over the last year, I have been working in AI security and governance, building more automations, using AI heavily in workflows, and finishing my master’s in data science and machine learning.\n\nThat combination changed how I look at AI.\n\nIt did not make me anti-AI. It made me less impressed by the shiny part and more interested in the so called boring *(not so boring for me personally though)* questions around it.\n\nWhere is AI being used? What data is going into it? Who approved the tool? What can it access? Is anything being stored? Can we prove what happened later?\n\nAnnoying questions, basically.\n\n## I thought AI security would be more about security[#](#i-thought-ai-security-would-be-more-about-security)\n\nBefore working in this space, I assumed a lot more of AI security would look like security in the obvious sense.\n\nJailbreaks. Prompt injection. Model abuse. Red teaming. Threats. Demos where someone tricks a chatbot into doing something it should not do.\n\nAll of that exists and it matters.\n\nBut one thing I did not expect was how much of the work starts before that.\n\nA lot of the problem is just discovering where AI is being used inside an organization.\n\nWhich teams are using ChatGPT? Which browser extensions did someone install? Which SaaS tools added AI features without anyone really noticing? Which copilots are approved? Which ones are not? Which internal workflows are sending company data to an LLM? Which AI tools are connected to Slack, Google Drive, GitHub, Salesforce, HubSpot, Notion, or whatever else the company lives inside?\n\nBefore you secure AI, you have to find it.\n\nThat sounds obvious now but I do not think I fully understood it earlier. I had the more dramatic version of AI security in my head.\n\nIn practice, the model is often only one piece of the mess.\n\nThe inventory work makes a difference because companies cannot govern or secure something that they don’t even know is around them. If employees are using AI tools through personal accounts, random extensions, shadow SaaS, or features bundled into tools they already use, then the company’s AI policy might be very neatly written and still completely detached from reality.\n\nThis was one of my first big understandings.\n\nAI security is not only about stopping the weird attack.\n\nSometimes it starts with asking, “Where is this even happening?”\n\n## The real adoption story is daily-use AI[#](#the-real-adoption-story-is-daily-use-ai)\n\nThe riskiest AI use does not always look dramatic.\n\nMost people are not sitting there thinking, “Today I will violate policy and create a compliance headache.”\n\nThey are just trying to finish work.\n\nA marketer asks an LLM to summarize last week’s campaign data.\n\nA sales rep pastes customer notes into a chatbot to write a cleaner follow-up.\n\nSomeone uploads a CSV to make a quick report.\n\nA support person asks for help summarizing tickets.\n\nA founder throws meeting notes into a tool because the alternative is reading their own handwriting, which is its own separate threat model.\n\nThe tasks are small. The intent is normal. The output is useful.\n\nThat is exactly why it spreads.\n\nThis is also why the governance problem is hard. If AI only showed up in giant, official, expensive enterprise deployments, it would be much easier to track. There would be procurement, review, onboarding, legal, security, some painful spreadsheet somewhere, and at least a chance that someone thought about the risk before the tool went live.\n\nBut casual AI does not wait for that.\n\nIt enters through convenience.\n\nAnd because the action feels small, the risk feels small too.\n\n“Summarize this.”\n\n“Rewrite this.”\n\n“Make this into a table.”\n\n“Extract insights from this data.”\n\nI hate that last phrase. It sounds like a dashboard trying to become a LinkedIn influencer. But people do this kind of thing all the time.\n\nIf you work in GTM, this is especially easy to understand. So much of the work is text, data, context, follow-ups, notes, reports, messaging, positioning, experiments, and half-broken processes stitched together with tools that were definitely not designed to love each other.\n\nAI helps with that.\n\nSometimes a lot.\n\nSo I do not look at casual AI usage and think, “Wow, people are careless.”\n\nI think, “Yeah, of course they are doing this.”\n\n## GTM teams are exactly where this whole thing scales[#](#gtm-teams-are-exactly-where-this-whole-thing-scales)\n\nWorking in GTM probably made this easier for me to see.\n\nGTM teams are often fast adopters of AI because the pain is obvious. There are campaigns to ship, accounts to research, CRM fields to clean, calls to summarize, customer segments to understand, email drafts to write, landing pages to test, competitor pages to read, internal reports to prepare, and 400 tabs open for reasons nobody can fully explain.\n\nIf a tool saves time, people will try it.\n\nThis is not a moral failure. It is incentive design.\n\nMost teams reward speed, output, and responsiveness. If someone can use an AI tool to prepare a report in 15 minutes instead of 2 hours, they are not going to first sit and read the vendor’s retention policy like a monk studying ancient scripture.\n\nThey will use the tool.\n\nHonestly, I probably would too, if I had not become this annoying.\n\nThis is where working close to AI security and governance changed how I see GTM work. It made me more sympathetic to both sides.\n\nI understand why security and governance teams worry. A normal-looking workflow can involve customer data, sales data, employee data, product usage data, internal strategy, source code, credentials, meeting transcripts, and other things that should not travel into random systems.\n\nBut I also understand why GTM teams use these tools anyway.\n\nThe work can get messy with deadlines looming and the tools are helpful. And a lot of AI risk does not announce itself at the moment of use. It is not like the chatbot flashes a giant red warning saying, “By the way, this might be a compliance problem.”\n\nIt just gives you a nice summary.\n\nThat is the trap.\n\nProductivity feels immediate. Risk feels abstract.\n\nUntil it is not.\n\n## Building automations changed my instincts[#](#building-automations-changed-my-instincts)\n\nThe biggest mental shift happened when I started building more AI-assisted workflows and automations myself.\n\nIt is one thing to talk about AI governance as a concept. It is another thing to connect tools together and realize how quickly the permission graph gets weird.\n\nAn AI tool connected to nothing is mostly a chatbot.\n\nAn AI tool connected to Slack, email, CRM, docs, storage, internal tools, analytics, and a browser is a very different thing.\n\nAt that point, the question is not just “is the model good?”\n\nThe better questions are:\n\nWhat can this thing read?\n\nWhat can it write?\n\nWhere does the data go?\n\nIs anything stored?\n\nCan the vendor use this data for training?\n\nWho else has access?\n\nWhat happens if the prompt is bad?\n\nWhat happens if the output is wrong?\n\nWhat happens if the tool does exactly what I asked, but I asked for the wrong thing?\n\nA lot of AI risk is not the machine becoming evil. It is the machine being useful in a system where permissions, context, and judgment are already messy.\n\nThis is why I now find myself choosing local or self-hosted tools more often when I can.\n\nAgain, this is not a grand philosophy. I am not pretending local-first is always practical or that cloud tools are automatically bad. Sometimes the managed cloud product is clearly the better option. Sometimes self-hosting something is just a cute way to create a new weekend problem for yourself.\n\nEarlier, I used to think about convenience first.\n\nNow I think more about control.\n\nIf I can run something locally, I know more about where the data is going. If I self-host a tool, I can at least reason about the storage, logs, permissions, and access. It does not magically make everything secure. Obviously not. My laptop is not a sacred temple of perfect operational security.\n\nBut it changes the default.\n\nAnd defaults matter a lot.\n\nEspecially with AI, because these tools are hungry for context. The more useful they become, the more we want to connect them to everything.\n\nSlack. Gmail. Calendar. CRM. Docs. Tickets. Code. Dashboards. Calls. Browsers.\n\nEach connection makes the tool more useful.\n\nEach connection also makes the blast radius more interesting. And by interesting, I mean terrifying if you think about it for more than 30 seconds.\n\n## My ML master’s made the hype harder to trust[#](#my-ml-masters-made-the-hype-harder-to-trust)\n\nIn parallel with all of this, I was finishing my master’s in data science and machine learning.\n\nThat changed my AI bullshit detector too.\n\nBefore studying ML more seriously, I could look at benchmarks and product claims and understand them at a decent surface level. Model A scored higher than Model B. This system performs well on some eval. This tool claims to improve productivity by whatever percent. This agent can do some impressive task in a demo.\n\nCool.\n\nBut after spending time with datasets, metrics, model evaluation, probability, optimization, and the general pain of trying to measure things properly, I find these claims harder to accept.\n\nAnd I do not want to do the lazy contrarian thing where every metric is fake and only vibes are real. That is not serious either.\n\nBut a benchmark is not the same thing as your workflow.\n\nA leaderboard score does not tell me what happens when the input is messy, the user is confused, the data is sensitive, the context is incomplete, the output needs judgment, and the system is connected to tools that can actually do things.\n\nThat is where real work lives.\n\nThe master’s made me more interested in the evaluation setup.\n\nWhat was measured?\n\nWhat was the dataset?\n\nWhat was excluded?\n\nWas there leakage?\n\nDoes the metric match the thing we actually care about?\n\nWhat does failure look like?\n\nIs the model wrong in a harmless way or a dangerous way?\n\nThese questions are not as exciting as “this model beat humans at X.”\n\nBut they are better questions.\n\nAnd once you start asking them, a lot of AI hype starts feeling too smooth.\n\nThe benchmark claims. The “LLMs will take every job” claims. The “AI agents will make everyone rich” claims.\n\nI am not saying all of it is fake.\n\nI am saying I trust it less quickly now.\n\nWhich is probably healthier.\n\n## Job replacement claims feel..well..you know how they feel[#](#job-replacement-claims-feelwellyou-know-how-they-feel)\n\nThe “AI will take all jobs” conversation feels very different when you spend more time around actual workflows.\n\nI am not saying AI will not change jobs. That would be a ridiculous thing to say. It already is changing work. I use it constantly. I would be lying if I pretended otherwise.\n\nBut the clean replacement story feels lazy to me now.\n\nA lot of real work is not one isolated task.\n\nIt is context, judgment, permissions, incentives, weird internal systems, customer nuance, follow-up, accountability, and knowing when an output is wrong even though it sounds confident.\n\nIt is also knowing what should not be automated.\n\nA demo can make a workflow look simple because demos remove the inconvenient parts. No CRM history. No compliance concern. No unclear ownership. No political context. No customer who said one thing on the call and meant something else. No dashboard field that everyone uses differently. No Slack thread where the actual decision happened 47 replies deep.\n\nReal work has all of that.\n\nSo when someone says an AI agent will replace an entire role because it can perform a few tasks inside that role, I now get suspicious.\n\nMaybe it will replace parts of the work.\n\nMaybe it will compress some workflows.\n\nMaybe it will make one person much more productive.\n\nMaybe it will also create new review work, new governance work, new integration work, new failure modes, and new ways for people to confidently ship nonsense faster.\n\nAll of these can be true at the same time.\n\nThat is what the extreme takes usually miss.\n\nAI is useful enough that ignoring it is stupid.\n\nAI is messy enough that blindly trusting it is also stupid.\n\nVery annoying middle position. Unfortunately, it keeps being true.\n\n## The change is in my judgement not my job title[#](#the-change-is-in-my-judgement-not-my-job-title)\n\nI do not want this article to sound like a career transition essay.\n\nI still work in marketing. I still work in GTM. I am just much closer to engineering, automation, data, and technical workflows than I used to be.\n\nThat has made my GTM work sharper.\n\nI understand the product better. I understand customer anxiety better. I understand why security teams care about things that can sound slow or annoying from the outside. I understand why users bypass policies when the approved workflow is painful. I understand why AI governance is not just a policy problem, and not just a technical problem either.\n\nIt sits in the middle.\n\nPeople want speed.\n\nCompanies want control.\n\nAI tools want context.\n\nSecurity teams want visibility.\n\nLegal teams want compliance.\n\nLeadership wants adoption without a future incident that becomes a very tense meeting.\n\nAnd users just want the report done before the day ends.\n\nThat is the actual shape of the problem.\n\nAfter one year in AI security and governance, I do not think the most useful question is “is AI good or bad?”\n\nThat question is too big and somehow also not useful enough.\n\nThe better questions are smaller.\n\nWhere is AI being used?\n\nWhat data is going into it?\n\nWhat can it access?\n\nWho approved it?\n\nCan we prove what happened?\n\nIs the tool actually helping, or did the demo just look good?\n\nWhat happens when it fails?\n\nCan I run this locally?\n\nSee. Annoying.\n\nBut I think this is where my thinking has changed the most.\n\nA year ago, I mostly asked, “Can this help me do the work faster?”\n\nNow I still ask that.\n\nBut usually a few seconds later:\n\n“What did I just give it access to?”", "url": "https://wpnews.pro/news/what-one-year-in-ai-security-and-governance-changed-about-how-i-see-ai", "canonical_source": "https://codebynight.dev/posts/one-year-ai-security-governance-see-ai-differently/", "published_at": "2026-06-26 00:00:00+00:00", "updated_at": "2026-07-11 11:16:34.627934+00:00", "lang": "en", "topics": ["ai-safety", "ai-policy", "ai-ethics", "ai-tools", "ai-infrastructure"], "entities": ["ChatGPT", "Slack", "Google Drive", "GitHub", "Salesforce", "HubSpot", "Notion"], "alternates": {"html": "https://wpnews.pro/news/what-one-year-in-ai-security-and-governance-changed-about-how-i-see-ai", "markdown": "https://wpnews.pro/news/what-one-year-in-ai-security-and-governance-changed-about-how-i-see-ai.md", "text": "https://wpnews.pro/news/what-one-year-in-ai-security-and-governance-changed-about-how-i-see-ai.txt", "jsonld": "https://wpnews.pro/news/what-one-year-in-ai-security-and-governance-changed-about-how-i-see-ai.jsonld"}}