Last week I made the case for getting reps in by providing real access, real tools, a short set of ground rules, and a culture where experimenting is welcome. Thanks to everyone who got in touch to say it resonated. A few others added: "I want to, but I keep coming back to risk."
Risk is going to be threading through this newsletter, so let's start getting to grips with it.
I’m going to start with where your people start - what happens in the early days of tools in their hands. Bias and fairness, copyright, environmental cost, vendor economics, accountability in agentic workflows? These are all real, all coming, and all worth your time. But none of these can be considered yet if your people don't have a handle on three core foundations: what goes in, what comes out, and who's already paying attention.
These are where your team can build real risk literacy out of the gate. Protecting data, producing quality work, and building trust. None of these are new. They just need framing for AI.
What goes in
When someone writes or pastes content into an AI tool and hits enter, that content travels somewhere. It gets processed on a server, a response comes back, and most people close the tab and move on. What happens between those two moments varies enormously depending on the tool, and that variation is what your team needs to understand.
Consumer-tier tools like free accounts, browser extensions, tools a peer at another organization recommended, often retain that input. It may be used to improve the model. In many cases that's aggregate and anonymized, and probably fine. But probably fine is a different standard than the one your organization holds when it comes to client information, donor records, or program data.
The practical expectation to build in your staff is simple: free tools may be fine on personal time, but they are not suitable for work. Anything involving people you serve, people who fund you, or proprietary organizational information needs to stay inside tools your organization has vetted.
The risk isn’t just that basic telemetry, the sort we have come to expect for any digital tool or service, might be collated and reported on by the model maker. It’s that models are hungry for training data. There are real world examples of AI tools using confidential information previously provided by a careless user in their future responses to other customers. Passwords, API keys, donor or mission data.
So the baseline is clear: ensure your content isn't used to train the model. Some tools will go further and offer zero data retention, or ZDR, which means once your input generates a response, it's scrubbed from the system. That's a meaningful commitment, and one worth looking for when you're evaluating tools.
Where this gets more complicated - and where most risk conversations stop too early - is with the platforms you're already paying for. Your CRM. Your fundraising platform. Your case management system or grant writing support tools. Nearly all of them have added AI features in the last eighteen months. Some turned them on by default, and the data commitments underneath those features are often far less explicit than what Microsoft or Google will put in writing. Their AI features may also run on a third-party model embedded in their platform, introducing a party into your data chain you never contracted with and may not know exists. An HR management platform you chose because it's based in Canada may now route through a US data centre that retains and trains on your data in transit.
This is worth a direct conversation with service providers: does your AI use our data to improve your models, or the underlying ones, and where does our agreement address that? The answer, or the difficulty in getting one, will tell you what you need to know about their access to your data beyond initial service needs. Many of these platforms are under direct pressure from the promise of an "I need X, have AI build it" future, and they are highly incentivized to farm data to get ahead.
The staff habit here isn't complicated. It's one question, asked before using any AI feature in any tool: do we know where this data goes and are we comfortable with the answer? If the answer is yes, proceed. If the answer is no, find out before you do.
What comes out
If the first baseline risk is about what enters these tools and how it is protected, the second is about what comes back and what happens to it next.
AI produces confident text. But confident and accurate aren't the same thing, and the tools don't distinguish between them. There's nothing in the output that signals when something is wrong. The prose is fluent, the tone is assured, and an error sits inside it reading exactly like the rest.
For your staff, the practical consequence is that AI errors are genuinely hard to catch. It’s not because they're careless, but because nothing in the text tells them to look harder. Catching AI errors requires a different kind of reading than catching human errors. It requires asking can I verify this claim independently rather than does this read well. Those are different questions, and only one of them catches the problem.
One of the core promises of AI is that it can help people do more with their time. As staff begin to use AI more in their day-to-day, they will experience impressive outputs, and as they experiment and try to stretch what AI can do for them, they may begin to trust the outputs more and more. Their validation becomes a skim as they begin to think about the next task of the day, rather than a real check for accuracy and quality.
The habit to build is straightforward: every AI-assisted document should be something the person signing off can verify independently and stand by before it goes out. If they can't verify it or don’t feel accountable to it, its not ready for release. That rule travels well and it applies equally to a grant applications, a board update, and donor communication. It's also the kind of standard that gets easier to hold as your staff build experience with these tools, because they start to develop a feel for where AI is strong and where it goes thin. That judgment builds through repetition. Which is another reason the at-bats matter and work well for basic risk literacy.
Who else cares?
The first two foundations are internal. This one is about trust. Specifically, the trust your donors, your board, and the people you serve place in how your organization works, and whether AI changes that.
Funders are beginning to ask whether AI was used in grant applications. Some already require disclosure. Institutional donors are forming views, and board members are reading the same coverage everyone else is. And the communities you serve, particularly in areas where AI has a complicated profile like child welfare, housing, or mental health, have a legitimate interest in knowing whether automated tools are influencing work that affects them.
Your staff don't need to think about this as a risk per se. For them it's simpler: be straightforward about how you used a tool if someone asks. But from a leadership perspective, the question of how your organization talks about AI use - to funders, to your board, to the people you serve - is one worth having before it gets asked of you. They will want to hear there has been thought to which tools get access to your data, whether the data is protected, and are there any instances where non-validated output might be put to use. The organizations forming a considered position now are in a much stronger place than those who get caught in a conversation without a clean, confident answer.
You likely don't need a formal disclosure policy today. Instead, you need a position your leadership team has actually discussed and put into practice.
The Thing Is. Your people already protect data, hold a standard on what goes out the door, and understand that trust is earned externally. AI doesn't add new principles. It adds new moments where those principles get tested.
The question is whether your team is ready and intentional in these moments, because they're going to show up more and more in daily work as AI finds it’s footing. That readiness starts here.
The Bottom Line
Start with what's in your hands, not the full landscape. Bias, copyright, the trust of automated decisions? These are all coming. Right now, focus on the foundations your whole team can build from.
What goes in matters. Vetted enterprise tools for anything involving clients, donors, or sensitive organizational data. Ask your existing platforms - CRM, fundraising, case management - what their AI features actually do with your data.
What comes out needs vigilance. Build validation habits and an expectation that staff are accountable if they choose to share its output. Watch for where value becomes apparent, and if your staff remain vigilant as they begin to weave it into more tasks.
The external conversation is already starting. Donors and boards are forming views on AI use. Having a plain-english and practical position on these key elements before you're asked for one is the difference between looking considered and looking caught out.
Thanks again for joining me this week. If something here raised a question, hit reply and let me know! See you next time,
-Mike Watson