SecondBrain
Ask the Brain
Index/Sourceupdated Sat May 30 2026 08:00:00 GMT+0800 (Philippine Standard Time)

Five AI Risks That Can Get You Fired (IBM Technology)

ai-governanceshadow-aiprompt-injectionhallucinationagent-sprawlcisoenterprise-aibrand-fodder

Five AI Risks That Can Get You Fired (IBM Technology)

Martin Keen for IBM Technology — a 10-minute whiteboard rundown of the five concrete ways AI use (and AI deployment) is currently ending careers. Vendor-positioned as a pitch for AI governance, but the failure-mode taxonomy is independent of the IBM product framing. Sits squarely in the enterprise AI-risk cluster (Shadow AI, AWARE Framework, Human in the Loop) and explicitly names accountability — whose name is on the document — which is the missing piece in most of the optimistic agent-deployment content in this vault.

The five risks

  1. Shadow AI — unapproved AI use (personal ChatGPT for work, unvetted browser plugins). "1 in 5 organizations have reported that they've experienced a data breach caused by shadow AI" — citing the IBM Cost of a Data Breach report.
  2. Data leakage — proprietary code / customer records pasted into unapproved tools end up on third-party servers and "depending on the tools' terms of service, that data might end up getting used to train the next version of a model, at which point it's gone. It's baked into the model. Wait, so you can't really claw it back?"
  3. Hallucination Laundering — employee takes plausibly-confident AI output and submits it as their own work. Anchor anecdote: "multiple cases of lawyers submitting AI-generated court filings that were packed with fabricated case citations." Whoever's name is on the document is accountable.
  4. Prompt Injection — attacker overrides the AI system's original instructions. Two flavors: direct (typing malicious prompts into the chatbot — "doesn't work too well with today's models") and indirect (malicious instructions hidden inside documents, emails, or web pages the model retrieves). "Nobody's typed anything suspicious into the chat bot. The attack itself is actually embedded inside of the data that the model was asked to retrieve and process." Indirect is the scary one.
  5. Unauthorized agentic AI — including the Zombie AI Agent failure mode: an agent spun up for a proof-of-concept, project ends, agent keeps running with API keys nobody remembers — "an unmonitored backdoor into organization systems."

The accountability frame

"If the AI writes it and it turns out to be wrong, whose name is on the document? It's it's not the AI. It's the person who submitted it. And that's the person who could end up getting fired."

Two career-ending conversations are explicitly named:

  • The employee who used the unapproved tool / submitted the unverified output → conversation with the CISO
  • The AI/IT leader who didn't put a governance framework in place → also not great

This is the only source in the wiki so far that explicitly names individual job-loss consequences as the unit of analysis, rather than enterprise-level risk. On-thesis for the user's senior-IT-leader brand: governance is not abstract; it's protecting your team's careers.

The "ban everything" anti-pattern

Keen flags the same trap that CIO Agenda 2026 (CXOTalk) and Governing AI Agents at Scale (Glean + Cvent, CXOTalk) do — banning unapproved tools doesn't solve shadow AI:

"Employees are going to find workarounds to that, so maybe they'll use personal devices or let's switch to a tool that hasn't been blocked yet. And when that happens, the organization has the same shadow AI problem, except now it has lost any visibility into what's happening."

Three-source consensus across this wiki: bans push shadow AI further into the shadows. The right response is governance + a clear policy on what's approved, how it can be used, and what data is off-limits.

The "not using AI" counterpoint

Keen adds (tongue-in-cheek): "not using AI can get you fired because you're falling behind the curve. ... saying I'm not going to do anything with AI just to be on the safe side is going to leave you behind everybody else." Sits in tension with the five risks — both staying out and getting in carelessly are dangerous. The narrow path is governed AI use.

Cross-source observations

  • Shadow AI consensus expands to 3 sources — joins CIO Agenda 2026 (CXOTalk) and Governing AI Agents at Scale (Glean + Cvent, CXOTalk) on the "encourage with guardrails, don't ban" position. Keen is the IBM-explainer version of the CXOTalk-CIO message.
  • Zombie agents echo Cvent's "agentic sprawl" — at Cvent, ~4,700 of the 6,000 created agents are inactive (Shadow AI). The Keen framing is sharper on the security risk: an inactive-but-still-authenticated agent is a backdoor, not just clutter.
  • Indirect prompt injection is genuinely new ground for this vault. None of the existing agent-governance sources name it specifically. Connects to AWARE Framework's "context" pillar — what the agent ingests is the attack surface.
  • Hallucination laundering is a new lens on AI hallucination. The mechanism the wiki already knows (Fluency Illusion) is about the human reader being fooled; laundering is about the human author intentionally hiding the seam. Same root, different harm.
  • Accountability framing is missing from the optimistic content (Lopopolo, Boris Cherny, Karpathy). Worth flagging on Code Is Free — if implementation is free, attribution and verification become the scarce work, and the wiki's coverage of that has been thin.

Editorial note

Vendor-positioned (IBM AI Governance pitch in the description). The taxonomy is independent of IBM products — Keen names risks, not solutions. The implicit solution ("good plan for AI governance") is generic enough that the AWARE Framework from Glean fits as the concrete technical-controls vocabulary.

Practical takeaways for this vault's user

  • Brand fodder candidate — "Five career-ending AI mistakes (and what they have in common)" is a near-ready LinkedIn post. Personal-stakes framing differentiates from the abstract-governance content saturating the IT-leader feed.
  • Inventory question for the user's team — how many zombie agents exist in the org's environment? The Cvent-style task catalog (AWARE Framework) is the answer, but few orgs have one yet.
  • Conflict-of-interest note — given the user's senior P&G IT role, any external post framing AI as an accountability/career risk should be carefully separated from P&G-internal policy positions. Stick to public sources (this video, the IBM Cost of a Data Breach report) for citations.

Cross-links

Source

  • Original transcript