AI Risk, Part II: Essential Questions for Business Leaders

As AI continues to evolve, organizations must go beyond basic risk awareness by examining their AI models, managing costs through tokenomics and implementing oversight to prevent data leaks and legal issues.
May 27, 2026
5 min read

Key Highlights

  • Ask your teams about the types of AI models used — public, private or open-source — and understand their associated risks, especially regarding data retention and exposure.
  • Monitor AI token usage to track costs and productivity, recognizing that agentic AI can significantly increase expenses and impact budgets.
  • Implement oversight of employee prompts to prevent sensitive data leaks and ensure compliance with governance and legal standards.
  • Adopt a hybrid AI approach that combines public and private models to balance innovation with data security.
  • Stay informed about the evolving AI landscape to ask the right questions and manage risks proactively.
ID 61615492 © Alphaspirit | Dreamstime.com
Businessman at the center of a maze

You’re on board with AI, and you’re asking astute questions about how your company is using it. The jargon is manageable, and you understand the breadth of your company's preparedness for risks at a macro level. If this is true, we’ll say you’ve mastered your AI Risk 101 course.

But as artificial intelligence continues to evolve, so do the questions.
Unlike IT systems of old, understanding artificial intelligence is akin to our knowledge of the brain, said Jon Nordmark, co-founder and CEO of Iterate.ai, an enterprise AI platform that helps companies build, manage and govern their AI tools. Artificial intelligence turns the data input into useful information and has a memory, like we do. Yet, much is a mystery.

“No one really knows how synapses work, and the neurons work, but it works," Nordmark said of the brain. “The AI systems are like that.”

To continue understanding artificial intelligence (we’ll call this AI Risk 102), we offer three new questions to ask your teams. These queries will help you understand your language models, the token economy and how your team is monitoring the use of a tool that is growing and learning before our eyes.

What AI models is your company using? Are they public, private or open-source models?

With seemingly innumerable AI models, it’s challenging to keep them and the risks involved straight.

When you enter a prompt into a public model, such as ChatGPT, Google Gemini or Claude, that information has entered a shared environment. Not only is the system kicking back responses to you, but that information may be used for further AI learning.

Jon Nordmark

Jon Nordmark

The risk your company bears is not knowing what the third-party provider's language model will retain. 

For instance, financial information or marketing plans could become incorporated in the model’s responses to someone else. Entering information you hope won’t be used elsewhere is similar to a judge telling a jury to disregard something that was said on the stand.

“Just like the human brain, it’s hard to get rid of stuff once it’s in,” Nordmark said. “We don’t know what’s forgotten and what’s not forgotten, and that’s a huge risk.”

In addition to your information being incorporated into the wider pool of that AI model’s knowledge, it is at risk of accidental exposure by being discovered or compromised. 

Private models are customized for specific organizations and can be trained to meet the company’s unique needs, although they lack the breadth or the cutting-edge elements of public models.  

Nordmark recommends businesses adopt a hybrid approach with their AI tools, using large language models for searches or generating ideas and a private model for sensitive information such as your company’s financials, legal information, HR data and compensation information. 

Regardless of what models your company is using, understanding how your company uses its models, whether they're private, public or both, will help you understand the risks involved.

Can you monitor the AI spend by employee in real time?

AI doesn’t read words, per se, but tiny units of data called tokens. Each token is often a word, a fragment of a word, punctuation, etc. Think “running” as two tokens: “run” and “ning.” AI reads and generates tokens in responses back to the user.

In a world of data, knowing how many tokens are used helps measure AI usage and the costs that come with it. What’s developed since is “tokenomics” of the cost, usage and productivity of utilizing AI.

ID 23158427 | Audit © Alain Lacroix | Dreamstime.com
copy_of_executiveedgesquaremask3
May 20, 2026
ID 265525601 | Data Governance © Nesterenkoruslan | Dreamstime.com
edgecirclemask_950x535_2
April 8, 2026
© Endeavor Business Media
ebi_topic_scorecard_1
March 26, 2026

Some companies have created competitions that measure employees' productivity and adaptability to AI, or offer employees tokens like bonuses. But others are blowing through their yearly AI budgets within months. For instance, Uber spent its 2026 AI budget by April. 

While CEOs may be excited about improved productivity and innovation, CFOs may be sweating over how to predict AI spending.

Now look one step further. More employees and companies — perhaps your own — are using agentic AI. These AI agents can replicate some human work, rather than operating as chatbots, and can do so for hours during the day or night. This spend is likely to increase the cost of AI, perhaps to unpredictable levels.  

“One agent may take 50 times more tokens than a human,” Nordmark said.

Do you have the ability to monitor which prompts employees are using?

Regardless of whether your model is public or private, visibility into what prompts your employees use will help you track and prevent the release of sensitive data.

It’s not about micromanaging, but about understanding whether employees and AI agents' activities are avoiding risk, keeping the company safe and staying in line with governance and on the right side of the law.

In a legal sense, while you may have been able to Google a topic in the past, there was no proof that you had read what came up on your search. But when you engage with a model like ChatGPT, the two-way conversation is clear.  

Having the ability to monitor helps your company identify whether employees are pasting sensitive information into public models, such as personally identifiable information, financial statements, pricing, contracts and merger and acquisition documents. Oversight also helps you guard against employees uploading proprietary research or formulas, or reverse-engineering licensed work belonging to others.

About the Author

Andrea Zelinski

Andrea Zelinski

Contributor

Andrea Zelinski is an award-winning freelance journalist with a passion for translating complex issues, trends and strategies into clear, engaging content to help people improve their businesses and their lives. 

She spent 15 years as a political reporter covering state governments in Illinois, Tennessee and Texas, reporting from the halls of state capitols for publications including Texas Monthly, the Houston Chronicle and the San Antonio Express-News. In 2021, she shifted her focus to business journalism, joining Travel Weekly as senior cruise editor, where she covered the travel industry’s recovery from the COVID-19 pandemic. 

When not reporting, Andrea is probably hiking. Known for embracing ambitious challenges, she hiked the entire Appalachian Trail in 2020 and the Pacific Crest Trail in 2025. 

Trending

Resources

March 16, 2026
Oct. 31, 2025
Oct. 29, 2025

Quiz

mktg-icon Your Competitive Edge, Delivered

Make smart decisions faster with ExecutiveEDGE’s weekly newsletter. It delivers leadership insights, economic trends, and forward-thinking strategies. Gain perspectives from today’s top business minds and stay informed on innovations shaping tomorrow’s business landscape.

Sign Me Up
marketing-image