The Evolution of AI: From Hype to Real-World Challenges

“Back then, if you had walked around the street and said, Hey, what’s a neural network? People would be like, oh, that’s your brain, right? People just didn’t even know what it was.”

Artificial intelligence has gone through multiple waves of excitement and skepticism. For Alec, his journey started in the late 1980s at Harvard, where he was building neural networks before most people even knew what they were. AI had immense promise, but its potential was limited by the computing power of the time.

By the early 1990s, AI entered what became known as the “AI winter”—a period where enthusiasm faded, funding dried up, and adoption stalled in corporate environments. Many companies that had experimented with AI found it impractical due to hardware limitations and high costs. Alec saw this firsthand while working in finance, where early AI models for predictive analytics showed promise but couldn’t yet scale to meet the business need.

Despite this setback, AI research continued. The breakthroughs of today—transformers, large language models (LLMs), and generative AI—stem from those early experiments. However, as companies now rush to adopt AI, Alec warns that not every AI-driven initiative is worth pursuing.

The Rise of Generative AI: A Turning Point for Business

“Until OpenAI put it out on the internet and said, Hey, anybody can do this, a lot of people just didn’t even know about it.”

AI remained relatively niche until November 2022, when OpenAI released ChatGPT to the public. This was the moment when AI went mainstream. Companies and individuals alike started experimenting with generative AI tools, and suddenly, AI was no longer confined to research labs—it was in the hands of everyone.

Organizations scrambled to find use cases for AI, but this rapid adoption also came with risks. While some companies successfully integrated AI into customer service, marketing, and operations, others found themselves struggling with data security, compliance concerns, and governance challenges.

Alec observed that many large enterprises were onboarding AI without proper safeguards. Sensitive customer data was being fed into public models, and companies lacked a structured approach to managing AI risks. This realization led him to launch AI Risk, Inc., a company dedicated to helping organizations build AI security, compliance, and governance frameworks.

Key AI Risks: What Business Leaders Need to Know

“It’s almost impossible to get rid of all risk. No matter what you’re doing, you could be standing in, in your house and have a fire extinguisher everywhere and not be there when it burns down.”

AI adoption isn’t just about technological capabilities—it’s about responsible implementation. Alec describes four pillars :

• Governance: Who has access to AI models? How is AI being used across different departments? Without proper governance, companies risk unauthorized access and data misuse.
• Risk Management: AI models process vast amounts of sensitive information, but are they secure? Many AI tools lack encryption, making them vulnerable to breaches.
• Compliance: Regulatory frameworks like GDPR in Europe and various US financial regulations require organizations to track AI interactions and ensure AI does not introduce bias.
• Cyber-security: AI systems are becoming new attack surfaces for cyber threats. Prompt injections, adversarial attacks, and unauthorized access to AI-generated insights can all create security vulnerabilities.

Mitigating AI Risks: Strategies for Secure AI Adoption

“Maybe you don’t have time to look at all hundred risks that are in your nine boxes, but you better at least be addressing the high probability, high impact risks.”

Given these risks, Alec emphasizes the importance of implementing strong AI governance from the outset. Here’s how organizations can proactively address AI security challenges:

1. Implement AI Access Controls

“Copilot… is honestly a malicious actor’s dream, right? If they capture your credentials and they get in there pretending to be you, they can ask Copilot questions like, Hey, where’s all the customer data?”

One of the biggest security gaps in enterprise AI adoption is unrestricted access. Alec warns that tools like Microsoft Copilot, which provide broad AI access, can be a “malicious actor’s dream.” Hackers who gain entry to an AI-powered system could extract sensitive corporate data within seconds.

Instead, businesses should deploy AI capabilities as a set of specialized agents, limiting user access and data availability based on specific needs.

2. Ensure AI Compliance with Regulations

“We have created an immutable database, keep track of every prompt, every response, every model change, and provide an e-discovery tool for regulators or compliance people to go in and see, Hey, what are people doing?”

As AI becomes more deeply integrated into business operations, regulatory oversight is increasing. Companies must maintain detailed logs of AI activity, capturing every prompt, response, and model update to ensure compliance with legal and industry standards.

Even the most knowledgeable AI experts can make mistakes when safeguards are not in place. Alec shared a striking example of someone on an AI committee at a major company who accidentally used a public AI model instead of their organization’s secure, walled-off version. By unintentionally inputting confidential information into an unsecured system, they violated company policy and faced immediate consequences—including suspension. This incident underscores why relying solely on employee awareness isn’t enough; organizations must implement technical controls to prevent sensitive data from being exposed to public AI models.

3. Strengthen AI Cyber-security Defenses

“The number one risk from OWASP on gen AI is prompt injections.”

AI models can be tricked through adversarial attacks, prompt injections, or data manipulation. Alec highlights several emerging threats, such as:

• Prompt Injection Attacks: Attackers manipulate AI-generated responses by feeding deceptive prompts.
• Skeleton Key Attacks: Hackers gain unauthorized access by bypassing AI security controls.
• Data Poisoning: Malicious actors introduce biased or false data to corrupt AI models.

AI in Business: Practical Applications with Risk Management in Mind

“One of the things I love doing is not just meeting with the person running technology or the CEO, but meeting the people who work at the company.”

While AI risks are real, they should not deter companies from leveraging AI’s benefits. The key is to implement AI solutions that align with business needs while maintaining security and compliance.

Conclusion

As AI rapidly reshapes industries, business leaders must strike a balance between innovation and security. Alec Crawford’s insights highlight the critical role of governance, risk management, compliance, and cybersecurity in AI adoption. While generative AI unlocks incredible opportunities, not every use case is worth pursuing. Companies that implement strong guardrails will not only protect sensitive data but also maximize AI’s potential responsibly. By proactively addressing AI risks, organizations can drive digital transformation with confidence—without falling into costly pitfalls.

This conversation with Alec was just the beginning. In the next episode, we’ll dive deeper into the practical deployment of AI governance solutions, exploring how businesses can implement these strategies effectively. We’ll also discuss the evolving regulatory landscape and the ethical considerations that enterprises must navigate when integrating AI. Stay tuned for part two of our discussion!

Explore AI Risk Management in Action

Want to see how AI governance, risk management, compliance, and cyber-security can work for your business? Schedule a free demo of AI Risk, Inc.’s AIR-GPT platform and explore how it helps organizations secure and streamline their AI deployments.

Request a Demo

Join the Conversation

How is your organization balancing AI innovation with security and compliance? Share your insights and challenges with the Innovation Tales community on LinkedIn.