Last week, I had coffee with a friend who builds AI systems for a living. Not a casual user, someone who understands transformer architectures, trains models, and has spent 6 years in the development and AI space.
He told me he accidentally leaked an API key, which cost him $50 before he caught it.
I asked him how it happened. He shrugged. "It was my stupidity. I was cleaning my code in a tool and didn't even notice the key was in there. Maybe a heads up would have prevented it."
This is someone who knows the risks better than most security consultants.
And if someone who builds AI for a living can make this kind of mistake, what hope does a training program have?
The Comfortable Lie We Tell Ourselves
Most companies think training solves the AI security problem.
- Send out a policy doc.
- Run a quarterly security workshop.
- Remind everyone to "be careful" with sensitive data.
It feels responsible, checks a compliance box, and has worked in the past.
But with AI, it's completely useless.
Here's a stat that proves it: 68% of organizations have experienced data leakage incidents from employees sharing sensitive information with AI. This is not because they're careless or skipped the training.
It's because training assumes the problem is knowledge.
It's not.
I hear this all the time: "Our team just needs to be more careful."
But don't you think your team knows not to paste API keys into ChatGPT? Don't they know client data is sensitive?
The problem isn't knowledge. It's how we work with AI now. Everyone is working at super speed because that's how AI tools are designed.
AI tools are optimized to remove friction and keep you in a state of flow, allowing you to move quickly and ship efficiently.
And that's not a bug, it's the design.
You can't train humans to be careful when the tool is designed to eliminate carefulness.
I call this "The Interface Problem."
The "Please Be Careful" Playbook
Here's what the "please be careful" approach actually looks like in practice:
- Week 1: The company sends out an AI usage policy. Everyone reads it (or skims it).
- Week 2: The usage policy is discussed in the company's all-hands. Everyone nods in agreement.
- Week 3: Your developer is troubleshooting an issue. They copy a chunk of code to ask Claude for help. Somewhere in that chunk is a credential they didn't notice. They're focused on the bug, not on auditing every line.
- Week 4: Your marketing lead is drafting campaign copy. They paste a brief that includes the client's email and revenue numbers. The numbers weren't the point; they just came along with the context. They're thinking about messaging, not data classification.
- Week 4 (Friday): Nobody knows that any of this happened
There are no logs and no visibility.
The leadership team's to-do is completed, the developer's bug is fixed, and customer segmentation is ready.
And the policy doc is sitting in a shared drive that everyone's agreed on, but already forgotten.
The Uncomfortable Math
Let's do the calculation that shows what happens in the best-case scenario.
Your agency has 20 people. They each use AI tools 10+ times per day.
That's 200+ AI interactions daily. Over 4,000 per month.
Each interaction is a moment where someone could paste something sensitive.
Now, your team is smart. Let's say they're careful 99% of the time. That's exceptional, by the way.
1% of 4,000 = 40 potential leaks per month.
Even with near-perfect discipline, the math doesn't work in your favor.
I don't want to scare you, but you only need one leak to lose a client or worse, face a potential lawsuit.
Training might move you from 95% careful to 99% careful. But when you're playing a numbers game with 4,000 monthly interactions, that's not enough.
Why Training Will Never Work
Training teaches us to be more careful. But careful isn't a skill you can sustain at scale when:
1. Attention is finite.
When you're solving a problem, your brain allocates resources to that problem. Peripheral concerns like whether line 47 of a code snippet contains a key get filtered out.
This isn't laziness. It's how the human brain works.
2. The interface signals safety.
The AI interface looks like a private notepad that visually says, "This is just for you". It doesn't look like an email client where you see recipients, or a file sharing where you set permissions.
Which makes oversharing feel natural.
3. Copy-paste happens faster than thought.
By the time your conscious brain could evaluate what you're pasting, your fingers have already done it. The action is reflexive.
Training targets conscious decision-making, but this isn't a conscious decision.
4. There is no feedback.
If you email the wrong person, you see their name in the "To" field and might catch it. If you paste sensitive data into ChatGPT, nothing changes. There is no highlight, no warning, and no confirmation.
5. Every incentive pushes speed.
Nobody gets rewarded for being slow and cautious. The culture, the tools, the workflows, everything pushes toward moving fast.
Training asks people to insert friction into a system designed to eliminate it.
So What Actually Works Then
I'm not saying training doesn't matter. Training is step one, which makes you understand the risk.
But understanding doesn't equal protection. Knowing a stove is hot doesn't mean you'll never touch it, especially if you're reaching for something else and the stove is in the way.
What actually prevents leaks isn't training people to be more careful. It's changing what happens at the moment of risk.
Think about it this way:
- Training approach: Hope your team remembers the policy at 11 pm under deadline pressure
- Prevention approach: Catch the sensitive data before it leaves the browser, in real-time, regardless of what the person remembers
The difference is where the protection happens.
Training puts the weight on humans, who are tired, distracted, and under pressure.
Prevention puts the weight on systems, which don't get tired, don't feel deadline pressure, and don't have bad days.
Where This Leaves Us
Here's what I'd ask any business owner:
If your largest client called today and said, "I read this article. Prove to me that your team hasn't exposed our data through AI tools", what would you show them?
A policy document? Training attendance record?
That uncertainty is the real risk.
Your AI security strategy should not begin and end with training and written policies. If it does, you're betting your business on being careful when tools are designed to eliminate carefulness.
That's not a bet I'd take or recommend anyone to take.
Because knowing better and doing better aren't the same thing. And the gap between them is where the damage happens.