Safe AI in IT

Safe AI in IT

Your team is already using AI. The question is whether you can see it.

IT staff are pasting source, secrets, configs and customer data into public AI tools, and running AI-generated commands on live systems. Usually with no training and no policy. This fixes both.

This experience is fully offline. It makes no calls to any AI or third-party service. Every demo runs locally in your browser — nothing you type is sent anywhere.

Where do you sit?

You can switch tracks at any time.

The situation

What's quietly happening in IT right now

Not in a lab. In your environment, this week. Engineers reach for the fastest tool to hand — usually a public chatbot on a personal account — to debug code, summarise a spreadsheet, or generate a fix to run on production. It's faster, it's invisible, and it's mostly ungoverned. None of this is malicious. It's just untrained, unpoliced, and one bad paste away from an incident.

Here's the full picture of what can go wrong — and exactly how to stop it.

See the risk map ↓

The full picture

The risk map

Nine ways AI in IT goes wrong. Pick any to see what people do, what actually happens, and the fix.

Showing risks most relevant to your track. Switch the filter to see all nine.

Interactive · the centrepiece

Spot the leak

Type or paste anything — or load a sample. We'll highlight what would be a problem to share, and where it could end up. This runs entirely in your browser; nothing is sent anywhere, ever.

Nothing you type leaves this page. There is no server, no API, no logging. That's the whole point.

Or load a sample:

Decisions

What would you do?

Real situations. Pick a response and see how it plays out.

2am, production is down

It's 02:14. A core service is throwing errors. You're tired, alone on-call, logged in with domain admin. You paste the error into a public chatbot and it returns a confident PowerShell one-liner that ends in Remove-Item -Recurse -Force. It says this will 'clear the corrupted cache and resolve the issue'.

What do you do?

Ask it safely

Red prompt, green prompt

Same goal, two ways to ask. One leaks; one doesn't.

Getting help with a failing database query.

Red — don't

Why does this fail? Server=db-prod-01;User Id=svc_app;Password=Wint3r2026!; SELECT * FROM Customers WHERE email='[email protected]'

Leaks a live credential, an internal hostname and a real customer's personal data to a third-party LLM.

Green — do this instead

I have a SQL query that errors with 'invalid column'. Here's the redacted query against a table CUSTOMERS with columns (id, email, created_at): SELECT * FROM CUSTOMERS WHERE emial = ? — what's wrong?

Same help, zero secrets or PII. Schema-shaped, parameterised, and the actual bug (typo 'emial') is still visible.

Asking for a remediation command.

Red — don't

Give me a one-liner to fix our broken cache on the prod domain controller, I'll run it as domain admin now.

Invites a destructive command to be run on live infrastructure, with maximum privilege, no review and no sandbox.

Green — do this instead

Explain, step by step and non-destructively, the options for clearing a corrupted cache for service X on Windows Server, including what each command changes and its blast radius, so I can test it in staging first.

Asks for understanding and blast radius, keeps the human in control, and explicitly routes through staging before prod.

Summarising a document that contains personal data.

Red — don't

Summarise these customer complaints: [pastes 200 rows of names, emails, NHS numbers]

Discloses special-category-adjacent personal data of many individuals to a third party with no DPA or lawful basis.

Green — do this instead

Summarise the top themes in this anonymised complaints export where each row is [complaint_id, category, free_text] with all names, emails and identifiers already removed.

Data-minimised: the identifiers are stripped before anything is shared, so the task is useful and largely out of UK GDPR scope.

Test yourself

Knowledge check

A short knowledge check, tailored to your track. Immediate feedback. You need 80% to pass.

Q1 / 7 · score 0

A colleague pastes a customer list (names + emails) into public ChatGPT to get a summary. Under UK GDPR, what has most likely just happened?

Reflect

How exposed are you?

A quick, honest self-check. Runs in your browser; never sent anywhere.

When you use AI for work, which account do you use?
Have you ever pasted source code, configs, secrets or customer data into a public AI tool?
When an AI gives you a command to run on infrastructure, you usually:
Before installing an AI-suggested package, you:
Does your organisation have an AI acceptable-use policy you've actually read?

Your track · IT / Engineering

The habits that keep you safe

Illustrative — sandboxed, never runs

The destructive-command habit

When AI hands you a command, do three things every time: understand it line by line, test it in a sandbox or lower environment, and apply it under change control with a tested rollback. Never run a command you can't explain. Never use standing domain or root admin to do it.

  1. 1 Read it
    Remove-Item -Recurse -Force C:\app\cache\*

    -Recurse -Force can walk further than you think. What exactly resolves here?

  2. 2 Sandbox it
    # run in staging / a throwaway VM first

    Confirm the blast radius on a copy, never on prod.

  3. 3 Change-control it
    # raise a change, attach a tested rollback

    Apply under change control with least privilege — not standing domain admin.

  4. 4 Own it
    # you are the named human who ran it

    If you can't explain it line by line, you don't run it.

Read it. Sandbox it. Change-control it. Own it.

Can I put this into AI?

Walk it top to bottom. Any "stop / never" ends it.

  1. 1 Is it a sanctioned tool with no-training terms / a DPA, or private/on-prem? If no → stop.
  2. 2 Does it contain secrets, customer/personal data, or proprietary source/config? If yes → never, regardless of tool.
  3. 3 Will I run its output on a system? If yes → understand it, sandbox it, change-control it.
  4. 4 Is it an agent that can act? If yes → least privilege, human approves anything consequential.

Clear all four and you're on the safe path: sanctioned tool, no never-share data, understood-and-controlled, least privilege.

Your track · Leadership

Your exposure, on one screen

Regulatory, financial, reputational

Unmanaged AI use isn't a future risk — it's a present, undocumented one. The figures on this screen are real and sourced. The point is simple: the cost of getting ahead of this is a fraction of the cost of not.

£17.5m or 4%
UK GDPR maximum fine

UK GDPR fines reach up to £17.5 million or 4% of total annual worldwide turnover, whichever is higher.

current Source: ICO — Data Protection Fining Guidance (UK GDPR / DPA 2018) (ico.org.uk)
72 hrs
to report a breach to the ICO

A notifiable personal-data breach must be reported to the ICO without undue delay and within 72 hours of becoming aware of it.

current Source: ICO — Personal data breaches: a guide (ico.org.uk)
$4.88m
global average cost of a data breach (2024)

The global average cost of a data breach reached USD $4.88 million in 2024, with an average lifecycle of 258 days.

2024 Source: IBM Cost of a Data Breach Report 2024 (newsroom.ibm.com)
€15m
EU privacy fine for OpenAI (Dec 2024)

The Italian data protection authority fined OpenAI €15 million in December 2024, partly for failing to notify a personal-data breach (the fine is under appeal).

December 2024 Source: Garante per la protezione dei dati personali (via The Hacker News) (thehackernews.com)
liable
ordered against Air Canada for its chatbot's error

A tribunal held Air Canada liable for its chatbot's invented refund policy, ordering it to pay CAD $812.02 — the company is accountable for what its AI says.

2024 Source: Moffatt v. Air Canada, 2024 BCCRT 149 (via CBC) (cbc.ca)

Risk register

The five risks that carry board-level exposure, with severity, who it hits, and the control.

IDRiskSeverityWho it hitsThe control
R1 Shadow AI high Whole org — ungoverned estate Provide a sanctioned AI tool people actually want to use, so they stop reaching for personal accounts.
R2 Sensitive-data leakage to third-party LLMs critical Data subjects + the org (UK GDPR) Define data classes that may NEVER go into any AI; enforce with DLP and egress controls.
R3 Destructive AI-generated remediation critical Production systems + the named admin No AI-generated change runs unreviewed. A named human reviews and owns every command before execution.
R8 IP & licensing contamination medium IP / legal — both directions Never paste proprietary IP or trade secrets into tools that may retain or train on it.
R9 Compliance & audit gaps high Board, DPO, certification Run a DPIA before any AI processing of personal data; document lawful basis and any transfers.

Public vs sanctioned vs private AI

Three ways to let your team use AI. Only two are defensible.

Public / consumer

Ungoverned. Avoid for any work data.

  • No DPA, may train on your inputs
  • Cross-border, unlogged
  • Shadow AI by default
  • Direct UK GDPR exposure
Sanctioned (enterprise)

Defensible with the right contract.

  • No-training terms + DPA
  • Logged via approved gateway
  • Governed access
  • DPIA where personal data
Private / on-prem

Lowest exposure — the Onionio path.

  • Data never leaves your boundary
  • No third-party processor
  • Full control and logging
  • Strongest regulatory position
The Onionio path

ROI: The ROI case isn't 'AI is cheap'. It's that a governed, private capability captures the productivity while removing the breach, fine and IP-loss exposure that unmanaged public use carries.

The takeaway

What changes Monday morning

For IT / Engineering

Use only sanctioned AI. Never paste secrets, customer data or proprietary code into a public tool. Read it, sandbox it, change-control it before you run anything. Verify every package. Keep yourself in the loop.

⬇ Download the AI Acceptable Use policy See the sanctioned tools / approved gateway
For Leadership

Convert shadow AI into a governed capability: adopt the policy, fund a sanctioned or private gateway, run DPIAs where personal data is involved, turn on logging, and make the training mandatory. Do it before an incident makes the decision for you.

⬇ Download the AI Acceptable Use policy Talk to us about private AI

Completing this training can be recorded as your attestation under the AI Acceptable Use policy.