AI Has Inherent Risks, But Data Governance Failures Are Your Fault: CIO
‘You have to treat AI as a toddler with an intern’s level of experience,’ says solutions4networks CIO Tim Beamer.
While AI tools are often seen as more competent and knowledgeable than they actually are, the biggest problems are often due to preventable failures related to data governance, according to solutions4networks executive Tim Beamer.
Some of the biggest risks from the usage of tools such as Microsoft Copilot, OpenAI’s ChatGPT and Anthropic’s Claude are when the tools work exactly as designed, Beamer said during a session Sunday at XChange Security 2026.
[Related: Why Agentic AI And Identity Sprawl Add Up To Massive Security Risk: Experts]
Insufficient policies around data retention and access are the real problem in many such cases, said Beamer, CIO at solutions4networks, an IT consulting services firm based in Pittsburgh, Pa.
When an AI tool receives a request from a user, it “doesn’t necessarily look at who’s asking,” Beamer told an audience of MSP executives during the session at XChange Security 2026, which is hosted by CRN parent The Channel Company and being held this week in Frisco, Texas. “It looks at, ‘Do I have access to the information? And if I have access to the information, I will provide it.’”
That can create massive issues when data is retained that should’ve been deleted or when user access policies are misconfigured, Beamer said.
In one incident shared by Beamer, an organization had connected SharePoint to an AI agent, and the connection was being authenticated through a service account with extensive access. The organization assumed that SharePoint’s existing permissions would provide sufficient protection, he said.
However, when a billing clerk asked the AI system about the company’s time-off policy, it retrieved fragments from sensitive files including an executive compensation document.
The approach by AI tools often amounts to, “‘I’m just doing what I was told,’” Beamer said. That’s one indication that AI should not be treated as an experienced and knowledgeable colleague, but more as an adolescent that needs to be specifically directed, he said.
Ultimately, “you have to treat AI as a toddler with an intern’s level of experience,” Beamer said.
Without a doubt, for MSPs, one of the biggest challenges with the surging use of AI is convincing customers to put governance controls in place before moving ahead AI deployments of the productivity-boosting technology, according to Mark Wiener, founder and CEO of Raleigh, N.C.-based BizCom Global.
“A lot of them have no interest in slowing down,” Wiener said. “They don’t want to have that conversation.”
MSPs, he said, must therefore continually be looking for stronger ways to get customers to discuss the necessary measures to avoid incidents like those shared by Beamer.
Crucially, retention policies can’t exist only on paper, but require consistent enforcement, according to Wiener. There are in fact countless cases where a poorly managed retention policy has led to lawsuits for a company or municipality, he said.
These cases “show how devastating a bad retention policy can be,” Wiener said.
There’s no question that organizations should do all they can to eliminate outdated and unnecessary data before connecting SharePoint to Copilot or another AI platform, Beamer said during the session Sunday.
“Clean up all your rot,” he said. “Every organization on the planet should have a data retention policy. It should be followed. It should be enforced.”