Don’t slow AI adoption down, control AI adoption better.

AI adoption is outpacing governance 

AI is no longer limited to isolated productivity tools. It is entering operational workflows, decision processes and enterprise data environments. That creates a different risk profile: business value increases, but so does the need for formal control, evidence and accountability. 

Many organisations respond by slowing or restricting adoption. That can reduce immediate exposure, but it also creates shadow AI, fragmented experimentation and missed value. The better answer is to control AI adoption more effectively. 

Agentic AI expands the enterprise risk profile 

Traditional generative AI largely produced content or recommendations. Agentic AI can call APIs, query systems, send messages, trigger workflows and carry out multi-step activity across business processes. The question shifts from “what did the model say?” to “what was the agent allowed to do, with which data, under whose authority, and where is the evidence?” 

As AI systems move from answering to acting, the blast radius of poor governance increases. A weak permission model, hallucinated action, compromised prompt or poorly constrained tool call can affect production processes, regulated data and customer or citizen outcomes. 

Data access is the central security issue 

AI systems need access to data, tools and context to be useful. That requirement creates operational and compliance risk when agents interact with sensitive records, personal data, regulated datasets or production systems. 

The control challenge is therefore not simply model selection. It requires data classification, least privilege, identity, runtime guardrails, monitoring and incident response to operate together. 

User education and awareness turns policy into daily behaviour 

Technical controls reduce risk, but they do not remove the everyday choices that employees make when using AI. Non-technical users need clear, practical education on what can and cannot be entered into AI tools, why those rules exist, and what approved alternatives are available. 

If someone pastes client information, commercial IP, contract content, source code, bid material, HR data, financial data or other sensitive content into an unapproved AI tool because it feels faster. Even where no harm is intended, that can create data exposure, confidentiality, regulatory and intellectual property risks. 

Awareness should therefore focus on practical scenarios: what a safe prompt looks like, when content must be anonymised or summarised before use, when an approved enterprise AI environment is required, when human review is mandatory, and how to report a suspected AI data leak. 

Legacy controls are not enough 

AI blurs the line between instructions and untrusted content. A document, webpage, email or support ticket can become a prompt-injection vector if an AI system treats embedded text as an instruction. The concern grows when the AI has permission to use tools or execute workflows. 

Controls should therefore sit around the model, not only inside it. Policy checks, restricted tool calls, approvals, prompt and response filtering, logging, model versioning and human intervention need to be designed into the operating model. 

Enterprise Architects need to frame and lead the charge 

AI governance is not just a security, data or compliance issue. It changes how business capabilities, processes, platforms, identities, data products and operating controls interact. Enterprise Architects are well placed to connect these layers and make governance practical, reusable and proportionate to risk. 

Done properly, AI governance becomes an enablement model. It gives business leaders a safe route to scale AI rather than a reason to stop using it. 

Options 

There are several options for organisations: 

1. Restrict AI adoption until governance catches up: this can reduce short-term exposure, but it often slows value creation and drives unmanaged use outside approved platforms. 
2. Allow AI adoption to grow organically: this accelerates experimentation, but creates fragmented tooling, inconsistent security and weak evidence trails. 
3. Publish AI policy and usage guidance only: this is necessary, but insufficient. Guidance without enforcement leaves too much dependent on individual judgement. 
4. Implement an ISO-aligned AI governance model: use ISO/IEC 27001 as the operational security foundation, then extend it with AI-specific controls for bias, explainability, hallucination, agent permissions and ethical oversight.

Practical Application 

This can be applied in several ways: 

• Creating an AI use-case register with risk tiering, ownership and approval gates. 
• Defining clear non-human identities for agents, with named owners and scoped permissions. 
• Applying data classification, masking and retrieval controls before AI systems access sensitive data. 
• Training users on safe AI behaviours, including when not to paste client data, IP, code, commercial documents or personal information into AI tools.
• Publishing simple safe-prompt guidance, so teams know how to anonymise content, use approved tools and escalate suspected AI data exposure. 
• Logging prompts, responses, tool calls, model versions and decision evidence for auditability. 
• Embedding human-in-the-loop controls for high-impact or consequential decisions. 
• Monitoring abnormal outputs, unusual usage, cost spikes, model drift and data leakage indicators. 

Recommended Approach

The recommended approach is to treat AI governance as a control and enablement layer, not a standalone policy exercise.

ISO/IEC 27001 provides a familiar structure for information security management, including policies, roles, supplier relationships, access control, logging, monitoring, cryptography, secure development and incident management. For AI, these controls should be extended to cover model behaviour, agent permissions, data use, explainability, bias, hallucination and ethical oversight.

A practical model should start with the highest-risk use cases first. For example, an AI caseworker assistant using personal data and supporting decisions with material impact should include PII masking, controlled retrieval, human-in-the-loop decisions and full audit logging.

AI governance can help by:

• Reducing shadow AI risk, by giving teams an approved route to experiment and scale safely. 
• Protecting sensitive data, by applying classification, masking, access control and leakage prevention. 
• Changing day-to-day behaviour, by helping users understand that prompts, pasted content and AI outputs can carry confidentiality, IP and regulatory consequences. 
• Increasing audit readiness, by capturing prompts, outputs, tool calls, model versions and approvals. 
• Improving operational resilience, by embedding monitoring, escalation and incident response into AI workflows. 
• Supporting business adoption, by creating confidence that AI can be used safely rather than blocked by default.

Data and Measurement

McKinsey reports that regular AI use is now widespread, with 88% of respondents saying their organisations use AI in at least one business function. However, most organisations have not yet scaled AI deeply enough to realise enterprise-level benefits; only around one-third report that their companies have begun to scale AI programmes, and 39% report EBIT impact at enterprise level.

McKinsey also reports that AI agents are emerging but not yet fully widespread: 23% of respondents report scaling agentic AI somewhere in the enterprise, with a further 39% experimenting.

BCG reports that 74% of companies have yet to show tangible value from AI, while Gartner reports that only 23% of IT leaders are very confident in managing the security and governance components of GenAI roll-outs.

ISO/IEC 27001 provides the information security management foundation for managing risks to information and data. ISO/IEC 42001, NIST AI RMF, UK AI assurance guidance, ICO AI and data protection guidance, and the EU AI Act provide complementary AI, risk, assurance, privacy and explainability considerations.