AI readiness is a data problem wearing a technology costume

Ask an executive team why their Copilot rollout stalled and you will hear about licensing, change management, prompt training. Ask their security office and you will hear the truer answer: the pilot worked too well. It found things.

An enterprise AI assistant is, functionally, the most diligent employee you have ever hired. It reads everything it is permitted to read, remembers all of it, and repeats it to anyone who asks nicely. If your permissions are wrong — and after fifteen years of migrations and reorganisations, they are — the assistant does not create the exposure. It reveals it, at conversational speed, to whoever happens to be typing.

The order of operations

The organisations that deploy AI without incident all follow the same unglamorous sequence. First, an inventory: what exists, where, and how sensitive. Second, containment: withdraw the sharing nobody intended and the access nobody remembers granting. Third, curation: remove the expired, the duplicated and the trivial, because a model grounded on debris produces debris with confidence. Only then, fourth, the AI itself — admitted onto an estate that has been made ready to receive it.

Every stalled programme we are asked to rescue attempted the fourth step first.

What \”ready\” looks like in practice

Readiness is not a maturity score. It is a short list of provable statements: we know where our regulated data is; no sensitive item is reachable by an audience its owner cannot name; retention is enforced rather than aspirational; and every AI system that touches the estate leaves an audit trail. An organisation that can evidence those four sentences can deploy almost anything. An organisation that cannot should deploy nothing — and most know it, which is why the pilot quietly never leaves pilot.

Grey Glade prepares estates for AI as a matter of course. If your pilot found things, we should talk.

Shopping Basket