Why This Matters Now
Artificial intelligence is transforming how we work. But according to recent research, 34.8% of inputs into public AI tools contain sensitive data, and 47% of organisations have no formal AI security controls in place. Every day your team uses AI without guardrails, you’re accepting significant risk.
The Personal Account Problem
We consistently see customers defaulting to consumer-grade (“Personal”) accounts for AI tools. These accounts offer zero data protection by default and no enterprise administrative controls. Specifically:
- No data protection – By default, your data can be used to train AI models
- No admin controls – You cannot see what users are doing, block certain prompts, or enforce policies
- No SSO or identity integration – Users log in with personal Google/Microsoft accounts
- No data residency guarantees – Your data may be processed anywhere in the world
Real-world example: In January 2025, a London-based recruitment firm was fined £55,000 under GDPR after staff entered sensitive personal data into ChatGPT via personal accounts. The company had no policy in place.
Enterprise Accounts Are Not Plug-and-Play
Even when customers purchase enterprise licences, basic security and compliance features are not automatically enabled. Enterprise accounts require deliberate configuration to be effective. At a minimum you should turn on:
- Data Loss Prevention (DLP) policies
- Compliance configurations
- Single Sign-On (SSO) and Multi-Factor Authentication (MFA)
- Audit logging and usage reporting
- Data residency controls (if applicable)
- Opt-out settings for model training
Without this configuration work, an enterprise licence provides a false sense of security.
The Credit Billing and Cost Blowout Risk
AI providers including Microsoft, Google, and OpenAI are moving advanced features to credit-based, consumption billing. This creates a significant financial risk for organisations. Key concerns:
- Unpredictable costs – Usage can spike dramatically with little visibility
- Bill shock – “Free” seats become expensive when advanced features are consumed
- Quota management gaps – Many organisations have no spending alerts or limits in place
Example: In early 2025, Uber’s enterprise AI budget went from US$25,000/month to US$350,000/month in a matter of weeks after an internal team ran an unoptimised automated script against AI APIs.
We’ve also seen Microsoft’s Copilot Cowork move from included credits to consumption-based billing, making budget forecasting increasingly complex.
Recommendation: Configure spending limits, enable budget alerts, and establish clear approval processes for premium AI features.
Other Key Risks at a Glance
| Risk Area | What It Means for You |
|---|---|
| Hallucinations & Liability | AI can generate incorrect or misleading information. Your organisation remains legally responsible. |
| IP & Copyright Exposure | Outputs from AI may not be owned by you. Training data may include copyrighted material. |
| Shadow IT | Staff are adopting AI tools without IT’s knowledge, creating gaps in visibility and control. |
| Reputational Risk | Leaked data, incorrect AI-generated public statements, or PR mishaps can damage brand trust. |
| Regulatory Exposure | Privacy laws (Privacy Act 2020) apply to AI use. Non-compliance can lead to significant penalties. |
| AI-Powered Phishing | Attackers now use AI to craft highly convincing spear-phishing emails. Staff need to be trained. |
What You Should Do
- Adopt a formal AI Acceptable Use Policy – Define what’s permitted, what requires approval, and what’s prohibited. Download our template here.
- Maintain an approved tools list – Only allow tools that meet your security and compliance requirements.
- Review your enterprise AI configurations – Verify security controls are actually turned on, not just purchased.
- Implement spending controls and monitoring – Set budget caps, alerts, and regular usage reviews.
- Train your team – Staff need to understand risks, not just features.
How We Can Help
Lucidity Cloud Services can support your organisation through:
- AI strategy and policy development
- Enterprise AI security configuration and review
- Approved tool deployment and management
- Staff awareness training
- Ongoing monitoring and compliance advisory
Get in touch to discuss how we can help you harness AI safely and confidently.
