AI Didn’t Create the Information Risk. It Just Dragged It Into the Light.
If you’ve been following tech news the last few weeks, you’ll have noticed a pattern, even if it didn’t look like one at first.
Thousands of NHS patient records exposed in a breach 1. Nottingham University confirming that attackers made off with a large volume of sensitive data. Yet another supply chain attack, this time hitting LastPass 2 ,showing that your vendors’ security problems become your security problems. And then there’s “SearchLeak,” the newly disclosed attack 3 showing how Microsoft Copilot Enterprise could be coaxed into handing over information it shouldn’t have.
On top of all that, the governance headaches keep piling up. Doctors are now weighing up legal liability for decisions made with AI assistance. 4 A police officer ended up under investigation after leaning too heavily on AI-generated evidence. 5 There’s been fresh unease about AI sovereignty, after reports suggested access to Anthropic’s models could be disrupted by geopolitical decisions well outside any customer’s control. 6 And plenty of industry voices have been making the same basic point: responsible AI starts with understanding your data, not with the model itself .7
The thread running through all of it
None of these stories look related on the surface. Some are security stories. Some are AI stories. Some are legal or policy stories.
But scratch beneath the surface and they’re all telling you the same thing: enterprise knowledge is now the attack surface.
For the better part of two decades, security budgets went toward networks, endpoints, and identity. That spending still matters. But it no longer covers the biggest source of risk most organisations face. The real vulnerability today is the information itself, where it’s sitting, who can get to it, whether it should even still exist, and, increasingly, what an AI system can dig up from it.
AI didn’t create this problem. It just made it impossible to ignore.
How AI flipped the problem
Here’s the shift in a nutshell: a traditional attacker had to go find the valuable data before they could steal it. That was often the hard part. Modern AI tools flip this around entirely; they’re built to search across huge volumes of enterprise content, stitch information together from different sources, and hand you an answer in seconds. Used well, that’s a genuine productivity win. Used carelessly, it’s a way to expose sensitive information faster and at a greater scale than ever before.
SearchLeak is a good illustration of exactly this. The researchers didn’t exploit some obscure software bug. They showed that an AI assistant could be talked into retrieving information it already had legitimate access to. The tool worked exactly as intended, the problem sat one layer down, in how well (or badly) the underlying information was governed.
You see the same pattern outside of AI too. The NHS breach is a reminder that sensitive health data remains a prime target. Nottingham University shows what large-scale data theft still costs an organisation, in trust as much as anything else. And LastPass is a blunt lesson that your risk doesn’t end at your own firewall; it extends through every vendor and platform you rely on.
Each incident looks different on paper. Underneath, it’s the same question every time: do we actually know what information is within the data chains we created?
Why this has stopped being just a security question
That’s stopped being a question just for the security team. It’s now a board-level issue, touching operational resilience, regulatory exposure, legal liability, and plain old trust.
The stories about AI-generated evidence and clinical decision-making make the same point from a different angle. If you can’t show where a piece of information came from, whether it’s accurate, and how it’s been governed, it becomes very hard to hold anyone accountable when something goes wrong, whether the “anyone” is a person or a model. As AI gets folded into everyday decisions, trusting the underlying information matters just as much as trusting the technology.
Add sovereignty, and the picture gets more complicated
Then there’s the sovereignty question, which adds a further wrinkle. As organisations lean more heavily on external AI platforms, leaders are starting to ask sharper questions: Where is our data actually being processed? Which legal jurisdictions does that put us under? What happens to our workflows if access to a model changes overnight, for reasons that have nothing to do with us? How much of our AI strategy is quietly dependent on things we don’t control?
These aren’t really technical questions. They’re information governance questions wearing a technical disguise. And that points to a bigger shift in how organisations need to think about digital transformation generally.
The data backlog most AI rollouts are trying to skip
Plenty of companies are racing to roll out Copilot and similar tools to chase productivity gains, without first dealing with decades of accumulated mess, legacy archives, sprawling email systems, file shares nobody’s audited in years, and collaboration platforms full of duplicated and conflicting versions of the same document.
That backlog usually includes records that should have been archived or deleted long ago, duplicate and contradictory content, and data nobody can quite explain the reason for keeping.
AI doesn’t discriminate between well-governed information and a mess. It just works with whatever you feed it.
Which is exactly why getting your data in shape for AI is becoming one of the top priorities for technology leaders right now.
The questions worth asking first
Before asking whether your organisation is ready for AI, it’s worth asking whether your information is ready for AI.
- Do you actually know what data you hold?
- Do you know where it all lives? Should you still be keeping it?
- Who has access to it?
- Could you defend its accuracy if challenged?
- Could you explain, with a straight face, why it still exists?
These questions are the foundation of proper information governance, and they’re becoming just as central to cyber resilience and regulatory compliance as they are to using AI responsibly.
For organisations sitting on large volumes of legacy content, this is where specialist information management tools earn their keep. Platforms like Intelligent Migrator help identify, classify, migrate, archive, and defensibly dispose of information before it turns into an operational or security liability. The goal isn’t just shuffling data from one system to another; it’s keeping what you need, getting rid of what you don’t, and building an information estate you can actually trust enough to put AI on top of.
What the pattern is pointing to
Taken individually, the recent headlines look like a string of unrelated warnings. Taken together, they tell a much bigger story.
The next wave of major security incidents probably won’t start with malware or ransomware. More likely, they’ll start with a perfectly legitimate AI system interacting with enterprise information that nobody ever properly governed in the first place.
AI hasn’t handed us a new problem. It’s just made an old one much harder to keep pretending doesn’t exist.
References
- NHS – https://tinyurl.com/ppnn4wu6
- LastPass – https://tinyurl.com/ye2vhr8r
- SearchLeak – https://tinyurl.com/4x97mnnc
- Doctors legal action – https://tinyurl.com/5783mdz9
- Police – https://tinyurl.com/2uex4svu
- Anthropics – https://tinyurl.com/5d6vrmwb
- Responsible AI – https://tinyurl.com/mwpp3vx3