To make policy, policymakers should use AI
Too often, policymakers base their organization's policies for AI usage on what they read in the news instead of first-hand experience working with the latest AI features.
If you're not paying attention to Brian Madden's blog at Citrix.com, you should be, because Brian spends all his time thinking about the future of work and writing about it -- and not even from a Citrix perspective.
His latest post deals with how he, as a futurist, sorts out all the AI news, and how that translates to businesses. Importantly, he relates this not only as someone who's paid to consume all the news about AI, but also as someone who actively uses AI at the leading edge where the workforce and emerging AI converge.
Summarizing Madden's blog in one paragraph doesn't do it justice, so you should read the post. I wanted to reinforce a point I've been trying to make for a few years: AI policymakers need to be AI users -- not those who use AI as a "Better Google" but real, frontier, emerging AI users.
Policymakers need to be AI users
The part of Madden's blog that prompted my post is his use of a "cone of uncertainty" to describe how using AI in his daily work enables him to see into the future and ignore the noise. He compared his diagram of a cone to a hurricane chart:
I think the cone is a great depiction of how organizations should approach their AI policy as it relates to end users -- with one key addition. It can show how organizations that aren't keeping up with the latest AI capabilities and dealing with potential risks and solutions in real time are falling further behind.
Note how the green arrow I've added to Madden's diagram exits the cone. If you made your policy two or three years ago and haven't dedicated a team to actually use the latest AI features to learn what works, what doesn't or what you're comfortable with in terms of data security, autonomy, risk, etc., you can't possibly see where things are pointing. Even if you have a general sense of direction, the quickest, most efficient and cheapest path still isn't known. And when the path is outside the cone, it's not even knowable.
Every step of real usage narrows your cone. You don't need to be at step five, but you don't want to be at step one. Getting experiential knowledge from being somewhere in view of the leading edge is critical to understanding how AI will be used and where you should invest your efforts from a technology and policy perspective. That knowledge will also tell you where to look for shadow AI, because you can be sure that even though your company isn't "officially" doing it, some of your employees are.
In fact, the last time I conducted Omdia research into this area, 53% of corporate knowledge workers admitted to using unsanctioned AI tools to do their job, and 51% believed their coworkers had put confidential or privileged information into an unsanctioned tool.
To be clear, these stats are a generalization. Some organizations are at the forefront of this kind of activity, but I've had a lot of conversations with customers over the past few years, and I think my research holds up. I can't tell you the number of conversations I've had where I'll ask an IT person what their company's AI usage is like, and they say, "Well, we use Copilot, I guess, but we block everything else," or, "We don't really get into that too much. We're waiting to see."
So how can organizations get a grip on where and how to best use AI and what to avoid, block or govern when the users are ahead of them?
They can't.
Part of the problem is that the people writing the company policy are each reacting to completely different versions of the same news, and each through their own lens. Based on that news, a business leader might think AI-based contact center as a service can drive down call times and improve customer satisfaction; a legal or financial stakeholder might see a liability risk in the outcome of those calls; and a CISO might see an expanded target for prompt injection.
All these views can be true, but the response from policymakers shouldn't be to wait and see. It should be to intelligently adopt, evaluate and use that data to influence strategy, governance and visibility. That doesn't mean production usage at scale, but it does mean your policy should be driven by experience, and not only by the loudest voice in a room full of news readers.
My personal experience
I'd wager that I'm somewhere in the middle of the uncertainty cone. Maybe just behind Brian, as my usage is more personal than business (a position driven by policy, not preference). I have agentic processes running daily that process and filter incoming news so only the things I care about appear in a daily news briefing. I have another agent that reads a standalone email inbox (not my work email, because that seems insane) to process email newsletters for vendors that don't have RSS feeds. And I have a host of personal things that I do, mostly related to hobbies.
And as an early AI adopter, I have some experiences to share:
- Claude (my AI of choice, but I'm not picking on them) went into a funky status update mode that opened a window for it to fabricate prompts from me. It suddenly started hallucinating prompts from me that it then processed, like "Can you kill this task because I want to go to bed?" This was horrifying to watch play out in real time. The issue was quickly addressed by an update from Anthropic, but still, lesson learned.
- I've had Claude perform operations outside the project folder, which highlighted perhaps the largest problem in end-user agentic AI: the agent runs with the full permissions of the user. This issue was solved with bash permissions hooks, though I must accept the risk that Claude could, if it wanted to, write a Python script or something that runs as me and does some damage.
- Bottom line: My "solution" is more accident prevention, and there must be some risk acceptance (like there would be with any user, I guess). Also, there are ways to solve this, but that's for another post.
- Of course, Claude has improved, too. Once I accidentally pasted in the private key while setting up API access to something, and it stopped me, told me I made a mistake, to delete that token and start again.
I would have learned none of these issues by reading the news. The agent-escaping-the-folder problem is a real governance question about agent permissions that you can only fully appreciate when you've watched it happen. The private key catch is a data point about where the guardrails actually work. None of this would be knowable by someone who is just using AI as a "smarter Google."
Wrap-up
At some point, you must let real-world usage derived experientially inform the policy. Consider the news and research, for sure, but don't take the wait-and-see approach that I hear from organizations all too often. There will never be an "AI is ready" headline that will signal it's OK to start.
Am I ready to define an enterprise AI policy? No way. But I bring with me a set of learned concerns and actionable solutions that balance out the value and risk assessments -- the types of things you can only truly understand as a user. My perspective as a user, combined with the perspectives of other policymakers who are also users, provides a better set of ingredients for policy, governance and visibility.
AI policymakers, I hope you're using this AI stuff to see the future of the workspace and end-user computing. Some things that sound dangerous turn out to be nonevents with basic guardrails, while other things that seem harmless need some serious thought. And I know this because I use these tools carefully, not just because I read about them.
There's a lot more to explore here. The agent permissions problem alone deserves its own post, especially as end-user agents move out of the developer user base and into the broader workforce. Fortunately, security and governance vendors are also on top of this. Stay tuned.
Gabe Knuth is the principal analyst covering end-user computing for Omdia.
Omdia is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.