I've just come back from IT Nation Evolve — a room full of business leaders, technology companies and the vendors serving them. The conversation was almost entirely about AI. What struck me wasn't the excitement. It was the gap. Across industries, most businesses are not actually deploying AI agents. They're talking about it, reading about it, watching demos. Some are rushing in. And a small but growing number have already got themselves into serious trouble.
If you run a forward-leaning London firm of 20 or more people — finance, professional services, an operations-heavy business that sees AI as a genuine competitive advantage and wants to move — that energy is exactly right. The sequence, for many, is completely wrong.
The short version:
- AI agents now act on your systems — they don't just advise — so the risk has changed from "what can it see?" to "what can it do?"
- Most businesses are connecting AI to their data before they've sorted permissions, governance and data structure.
- Get the foundation right first, and you deploy with confidence. Get the order wrong, and you're exposed.
We forgot about hallucinations
We've had AI tools available for a few years now. We got excited. We got comfortable. And somewhere along the way, a lot of us forgot about hallucinations — the confident, plausible, completely wrong outputs that AI still produces regularly. We forgot that waving AI at a complex business process and hoping for the best is not a strategy.
Right now — Q2 2026 — AI does not reliably "fix your inbox" or "do your accounts for you." It doesn't work that way yet. I say yet, because it will. But not today. Not without guardrails. Not without preparation.
From answers to actions: why agentic AI changes the risk
The dynamic has shifted in a way that makes this more urgent, not less. It's no longer just AI giving you a wrong answer you can check and discard. We're now talking about agentic AI — systems that don't just advise, they act. They access your systems. They read and write your files. They send emails on your behalf. They take actions with enormous power and very little friction.
There are already well-documented cases of AI agents deleting production databases — and their backups — despite being given explicit instructions not to. The lesson is stark: telling an AI "do not delete" is not a safety net. Intent and outcome are not the same thing when an agent is operating at speed across your live systems.
Giving that kind of capability to an AI without the right guardrails in place is — and I'll be deliberately blunt — a bit like handing a machine gun to a chimpanzee. The tool is powerful. The context is wrong. The outcome is unpredictable. And the damage, once done, is not easily undone.
The question is no longer just "what can it access?" — it's "what can it do?" That's a fundamentally different risk conversation.
The order of operations matters
Here's the thing that keeps me up at night when I talk to business owners who want to move fast. They're deploying tools like Copilot, Claude and other AI platforms, connecting them to their business systems, and giving them broad access — without first asking: what can this AI actually see? What can it change? What happens if it gets it wrong?
Those are governance questions. They're data questions. And most businesses haven't answered them yet. Getting your cyber security foundations in order is what makes those answers possible.
| The wrong order — deploy first, govern later |
The right order — govern first, deploy confidently |
| Connect AI to your systems, give broad access, hope for the best. Discover the problems when something goes wrong with a client file, a financial record or a data breach. |
Sort your permissions, policies and data structure. Know what AI can access and what it can't. Deploy with confidence because you've built the foundation first. |
What "getting ready for AI" actually means
This isn't vague advice. There are specific things your business needs in place before you start letting AI act on your behalf:
- Identity and role-based access management
- Least-privilege permissions enforced
- Data classification and labelling
- Data Loss Prevention (DLP) policies
- File structure reviewed and rationalised
- Governance framework documented
- A clear AI acceptable-use policy
- Microsoft 365 security baseline reviewed
- Conditional access and MFA enforced
- Sensitive data identified and protected
- Compliance posture assessed
- Incident response plan updated for AI
Get those things right, and then you can have a serious conversation about giving tools like Claude, Copilot or Cowork access to your data and permission to take actions. Not before. This matters most in regulated and data-sensitive work — the kind we do across the sectors we work with.
The mindset shift for 2026
The most forward-leaning, dynamic, innovative thing you can do right now is not to rush AI deployment. It's to invest in the foundation that makes deployment safe and powerful.
Every business owner who tells me they want to "get into AI" hears the same thing from me: the best investment in AI you can make right now is getting your compliance, governance, permissions and data in order. Do that, and when you step into AI, you step in with confidence. Get it the wrong way round, and you're in serious trouble.
The best investment in AI you can make is getting your data, permissions and governance sorted. Do that first — then step into AI with confidence.
This isn't anti-AI. It's pro-AI done properly
We work with AI tools ourselves. We use them, we test them, and we help our clients prepare to deploy them safely. We're not here to slow you down. We're here to make sure that when you do move, you move in the right direction with the right foundations under you.
The businesses that will win with AI over the next two to three years are not the ones that moved fastest. They're the ones that moved smartest. Readiness is your competitive advantage — not just a risk-mitigation checkbox.
Find out where you stand
If you're not sure where to start — or you're already mid-deployment and want a second opinion on your exposure — book an AI readiness conversation with our team. We'll walk through what your AI tools can currently access, where the gaps are, and what to put right before you go further.
Common questions about AI readiness
Can AI manage my inbox or do my accounts for me right now?
Not reliably. As of 2026, AI cannot dependably run a complex business process like email management or accounts without guardrails and preparation. It still produces confident, plausible, wrong outputs, and agentic systems can now act on those errors across your live systems.
What's the difference between AI that advises and AI that acts?
Advisory AI gives you an answer you can check and discard. Agentic AI accesses your systems, reads and writes your files, and can send emails or take actions on your behalf. The risk shifts from "what can it see?" to "what can it do?"
What should a business have in place before deploying AI?
Identity and role-based access management, least-privilege permissions, data classification and labelling, DLP policies, a documented governance framework and AI acceptable-use policy, a reviewed Microsoft 365 security baseline, MFA and conditional access, protected sensitive data, an assessed compliance posture, and an incident response plan updated for AI.
Should I deploy AI quickly to stay competitive?
The advantage comes from readiness, not speed. The businesses that win with AI over the next two to three years are the ones that govern first and deploy confidently — not the ones that moved fastest.
Rating
