The AI risks every manager should know
AI at work has a handful of real risks, and they are boringly avoidable. Here is the short list every manager should hand their team before they start.
Most AI risk conversations are either science fiction or paralysis. Neither helps a manager whose team is already pasting company information into chatbots today. The real risks are smaller, more boring, and almost entirely avoidable with a few habits. Here is the short list worth handing your team before they go further.
1. Your data training the model
By default, some AI tools may use your conversations to improve their models. For business content, that is the first thing to turn off, and it is usually a single setting under privacy. It costs nothing and closes the most common quiet leak. Make "training off" step one of anyone's setup, not an afterthought.
2. Secrets pasted into prompts
The fastest way to leak something is to paste it into a chat: passwords, API keys, access tokens, real personal data about customers. Once it is in, you do not control where it goes.
The rule that covers most of this: do not type anything into an AI you would not write on a sticky note and leave on your monitor.
Use placeholders instead of real secrets, and the risk mostly disappears.
3. Over-trusted automation
The more autonomous your AI setup, the more this matters. An assistant that can act on its own, send things, change files, click through a browser, is powerful and needs a leash. The habit is simple: for anything irreversible or outward-facing, keep it in a mode that asks first, and actually read what it proposes instead of clicking approve. Grant more freedom as trust builds, not on day one.
4. Browser automation on sensitive sites
AI that can drive your browser is genuinely useful for research and busywork. It is also the wrong tool for banking, email, admin panels, or anything holding sensitive access. Do not grant blanket permission on those sites. Keep automation pointed at low-stakes, public tasks.
5. Sensitive knowledge in the wrong place
As you build a knowledge base for your AI, the temptation is to put everything in it. Do not. Product descriptions, positioning, playbooks, public competitor analysis, and style guides belong there. Client contracts, real customer data, and internal financials do not. When something is sensitive, it needs to be marked as such so the AI knows not to spill it into an output or a message, and ideally kept behind stricter controls entirely.
The manager's version
You do not need a policy document. You need five habits your team actually follows:
- Turn model training off before anything else.
- Never paste real secrets; use placeholders.
- Keep autonomous actions on "ask first" until trust is earned.
- No browser automation on sensitive sites.
- Keep truly sensitive data out of the shared knowledge base, and mark what is sensitive.
Send that list before people start, not after something goes wrong. Most AI incidents are not sophisticated attacks. They are a habit nobody set.
The pattern behind all five
Notice that none of these are exotic attacks. Every one is a missing habit: a setting left on, a secret pasted, a permission granted too freely, a document put in the wrong place. AI incidents at work almost never look like a movie hack. They look like nobody decided the default.
That is good news, because habits are cheap to set. The manager's job is not to become a security expert. It is to make the five defaults explicit before people start, so the safe path is also the easy path.
Common questions
Is it even safe to use AI for business at all?
Yes, with the basic habits in place. The risk is not "using AI", it is using it with no defaults set. The five habits above cover the large majority of real exposure.
Do free and paid tools differ on privacy?
They can, especially on whether your data may be used to improve the model. Check that setting regardless of tier, and do not assume a paid plan is automatically private. Read the actual privacy controls.
What about EU data rules?
Where your knowledge is stored and processed matters, and "it is in some vendor's cloud" is not an answer you control. This is part of why where your company memory lives is a real decision, not a detail, the same ownership thread as keeping your knowledge in plain files you host.
Where should sensitive knowledge actually live?
Behind stricter controls than your general knowledge base, and marked as sensitive so the AI treats it differently. The cleaner your setup, the easier this is: knowledge you host and govern beats scattered copies in a dozen tools, which is also the safer base for turning meetings into memory.
The takeaway
The real risks of AI at work are mundane and manageable. Set the five habits, and your team gets the upside without the sloppy downside. This is also why where your knowledge lives matters: a company memory you host and control, with sensitivity built in, is a safer foundation than scattered copies in a dozen tools. That control is a core reason memrelay is built the way it is. For the hands-on setup, see the practical Claude Code guide.
Let your AI finally know your company.
memrelay turns your company knowledge into living memory every AI client can reach.
Get started