Three guardrails every company should have in place to protect against AI

If you’ve been waiting for the right moment to think about AI governance in your business, that moment is very much now. Between mid-June and mid-July, Microsoft is rolling out Copilot into the desktop versions of Word, Excel, Outlook and PowerPoint across all Microsoft 365 business customers globally. The EU has carved out a temporary exemption, but the UK, Australia, the US, and most other markets, have not.

AI is about to become a default presence in every email draft, every spreadsheet formula, every meeting recap. Your staff will use it. Your clients will assume you use it. The only real question is how safely?

I wrote an article last month about Microsoft’s Copilot Control System. What it is, what it does, why it’s a meaningful step forward (you can find that piece on our website if you missed it). This article serves as a practical follow-up to outline the guardrails you need in place to protect your business today and going forward from data loss caused by AI usage.


Guardrail #1 — Stop sensitive client data being typed into AI prompts

This is the single biggest, most under-appreciated risk right now.

We recently found multiple cases of staff within client businesses typing UK National Insurance numbers, Australian bank account numbers etc., straight into AI prompts (or, inadvertently ending up there via a larger prompt or attachment that included the sensitive information). Not because they were trying to do anything wrong, but because AI tools are extraordinarily convenient, and people use them the way they use Google: type a question, get the answer.

The problem, of course, is that prompts get stored, models get retrained, conversations get logged, and meta data gets captured. And with businesses, the data you type into a prompt is often sensitive data. Norton Rose Fulbright’s 2026 Litigation Trends Survey put it bluntly.: “46% of organisations are already reporting increased exposure to AI-related disputes”. AI governance has quietly become a litigation, compliance and PI insurance issue, not just a technology one.

And, yes, whilst there are terms of service and contracts that state that ‘you own your data’, which is the correct way to think about it. What that argument doesn’t cover is if there are misconfigurations in the software which enable 3rd party connections, taking the data outside of your ecosystem, or enabling that data to get to a data farming firm. In addition, whilst Microsoft has a fairly robust data protection policy for Copilot, this only applies for in-situ queries. For example, if Copilot must do internet research, the policy changes to then be covered by Bing service agreements.

What to switch on:

Microsoft Purview Data Loss Prevention (DLP) policies for AI prompts.

This covers financial identifiers (sort codes, account numbers, NINOs, TFNs, IRD numbers, credit card numbers etc.), identity documents (passports, driver licences), and any client-confidential category that matches your regulator’s definition of sensitive data.

This prevents such data from being shared with the AI model and proactively protects your users from directly or inadvertently including such data into queries and requests.

Note: The licensing catch (read this twice): The full DLP-for-AI capability requires Microsoft 365 E5 (or the new E7 Frontier Suite). Business Standard or lower give you essentially nothing in this space If you’re running on Business Standard, this is the year to revisit that decision.

If you’re a Secure365 client of ours, baseline DLP for AI prompts is already live in your environment, and we’re now reviewing the additional Purview controls under CCS that are due to roll out over the coming months.


Guardrail #2 — Lock the door on third-party AI tools

The next risk is the one that quietly walks in through a browser tab.

A staff member signs up to a free AI meeting note-taker. They authorise it against their work calendar. Now a third-party AI provider, often with terms you’ve never read, has access to every internal meeting, every client review, every, “let’s catch up about the Henderson file” conversation.

Gartner’s 2026 cyber trends report cited unmanaged AI agents as one of the three biggest new risk categories of the year. It’s not the AI you’ve vetted that hurts you. It’s the seventeen AI agents your team has connected to your tenant that you never knew about.

What to switch on:

  • Disable third-party AI publishers in Microsoft 365 – this prevents unsanctioned AI agents from being installed by individual users.
  • Review SharePoint permissions before turning Copilot loose. Copilot can read anything your user can read. If your firm has one giant SharePoint site with everyone in it, including the board papers, the salary file, and the M&A folder, fix that first. Otherwise, the first Copilot prompt from a junior staff member will surface things you didn’t intend to share.
  • Set a clear “approved AI tools” list. Put it in your staff handbook. Make ChatGPT, Claude, Gemini and the rest off-limits for client work. Make Copilot (with guardrails) the sanctioned route.

This is also a Cyber Essentials and ISO 27001 certification alignment point. Third-party AI tools that store your data offshore are increasingly being flagged in audits, and from a compliance lens it’s far easier to say “all AI runs through Microsoft 365 within our chosen geography” than to defend a sprawl of free tools.


Guardrail #3 — Have an actual AI policy. Even if it’s just a one-pager.

The third guardrail isn’t technical. It’s behavioural.

In every conversation I’ve had with a business owner in the last six months, the question that comes up is some version of, “What should our position on AI even be?” And almost every firm I speak with doesn’t have a written answer. The result is that AI use becomes an individual decision made by whoever happens to need to write a tricky email that morning.

This is exactly the kind of grey zone regulators dislike. The FCA, ASIC and ASIC-aligned bodies are all signalling — and in some cases already requiring — that financial services firms demonstrate AI governance as part of their operational resilience and consumer-duty obligations. “We didn’t think about it” is not a defence that ages well.

What do include in your policy –

  1. Which AI tools are approved for work use, and, by implication, which aren’t.
  2. What types of data must never go into an AI prompt (client personal information, financial identifiers, M&A info, anything covered by a confidentiality clause etc.).
  3. Who in the business is accountable for AI decisions – someone needs to own this, and it doesn’t need to be a specialist.
  4. How AI use is reviewed (a quarterly check is plenty for most businesses).

That’s it. One page. It will outlast most of the AI products currently on the market and will save you a difficult conversation with a regulator, an auditor, or, increasingly, a client who wants to know how their data is handled.


Why the timing matters

The World Economic Forum’s Global Cybersecurity Outlook 2026 found that 94% of cyber leaders believe AI will be the biggest driver of change in cybersecurity this year, and called out, explicitly, the need for “robust guardrails, security-by-design practices and continuous monitoring.”

AI agents, chatbots and tools are now built into every software solution and are being used across both company and personal devices. It’s not being added to your Microsoft tenant. Microsoft Copilot Cowork, which launched on 16 June, effectively introducing a delegated AI agent that can send email, post in Teams and schedule meetings on a user’s behalf, and it’s built directly into the user interface your teams are already using. AI is becoming part of the default surface of every Microsoft 365 user interface in the world over the next few weeks, whether each business has prepared for it or not.

The good news is that the controls exist. They’re real, they’re built into Microsoft 365, and, for Secure365 clients, the foundational layers are already live in your environment.

The remaining work is the human work: deciding what your firm’s position on AI actually is, writing it down, and pointing your team to it.

Conclusion

In short, AI is no longer a future consideration for regulated firms; it is becoming part of the everyday Microsoft 365 environment. The businesses that will manage this well are not the ones that ban AI outright, but the ones that put practical guardrails around it: preventing sensitive data from entering prompts, controlling which AI tools can access company systems, and giving staff a clear policy for safe, approved use.

If you’d like to talk it through, book a 15-minute call and we’ll show you where your tenant stands today, no obligation, no jargon.