Why Your Company’s AI Policy Is Already Out of Date
If your organisation has an AI acceptable use policy, there’s a reasonable chance it was written for a world where AI means “employee uses ChatGPT to write a first draft of an email.”
Most enterprise AI policies cover data input, output review, and approved tools. What they don’t cover is what happens when an AI agent — operating with persistent memory, tool access, and delegated authority — takes actions on behalf of the organisation without per-action human review.
That situation is live at many of the same organisations whose policies say it isn’t permitted. AI agents are being deployed in customer service workflows, in software engineering pipelines, in procurement processes — often through individual teams moving faster than governance processes can track.
The window to get ahead of this is narrowing. Agentic deployments are accelerating. Policy reviews are slow. The gap between what your AI policy says and what your employees are doing with AI is probably larger than you think.
Mira covers the intersection of artificial intelligence and power — who builds it, who regulates it, and who gets left out. Previously at MIT Technology Review. Based in Toronto.
Leave a Reply