Brick by Brick is brought to you by TrustLayer.io — the leader in third-party risk management

Technology

The AI Governance Crisis Nobody's Ready For

👤
Don Halliwell

Executive Producer

August 25, 2025
Share:

Let me start with a confession: I was one of those executives who thought AI governance was just another buzzword—until I watched a client's chatbot recommend that a customer buy arsenic for their garden. It couldn't tell the difference between pest control advice and literal poison.

That's when it hit me—we're not just implementing cool tech anymore. We're hiring digital employees who don't sleep, don't get tired, and sometimes... hallucinate answers that could actually hurt people.

 

The Shadow AI Problem

Paulina Paczala from Crowe dropped this bomb: "Right now in March of 2025, we've got more than 800 bills in various U.S. states that talk about AI." Eight hundred. That's not regulation—that's regulatory chaos.

And here's the kicker: while 90% of enterprises have someone using AI, only 35% have actual AI governance policies. We're handing everyone in the company a forklift and hoping they figure out how to drive it safely.

Lianne Appelt from Salesforce calls it "Shadow AI"—employees using AI in ways that put your company at risk, either because the technology isn't effective or because it's exposing sensitive data.

 

The Three T's Framework

Paulina Paczala offers a practical approach: Track, Tailor, and Transform.

Track: Know what AI tools your employees are actually using. You can't govern what you can't see.

Tailor: Don't adopt frameworks built for high-risk AI if you're just using AI to summarize meeting notes. Right-size your governance.

Transform: AI governance isn't a one-time setup. It requires continuous attention and adaptation.

This is an evolution of third-party risk management. The future of risk intelligence includes managing AI as another vendor relationship.

 

The Human Verification Imperative

Puneet Matai from Rio Tinto advocates treating AI as "augmented intelligence" rather than artificial intelligence: "Where the systems are high-risk, customer-facing, I would not take an AI-to-AI kind of system. I would rather have a human verification done."

Building active compliance means keeping humans in the loop. No matter how advanced the technology gets, human judgment still anchors trust, accountability, and safety.

Curious about TrustLayer? See a self-guided demo — no salesperson required.

Watch Demo
👤

About the Author

Don Halliwell

Executive Producer

Don Halliwell is a risk management veteran with over 20 years of experience helping construction and insurance companies navigate complex challenges.

Enjoyed this article?

Subscribe to get new posts and episodes delivered straight to your inbox.