Imagine you hired a new intern named Al. Al is a prodigy. He can digest a 500-page tax code update in seconds, draft a firm email to a difficult client in a heartbeat and reorganize complex datasets before you’ve even found your coffee mug.
But Al has issues. He gossips loudly about client secrets in crowded elevators. When he doesn't know an answer, he makes one up with convincing specificity — citing facts and court cases that don’t exist.
The brutal truth: If Al worked at the same speed as a human, you would fire him before lunch. You wouldn’t tolerate a human employee with such issues, no matter how “smart” they seemed. But Al doesn’t work at human speed. He works at light speed. Because of that raw velocity, we tolerate his chaos. We keep him on the payroll, but we build strict guardrails around him to ensure he doesn’t burn the building down. This is exactly how we should be treating artificial intelligence (AI).
When Your Data Leaves the Building
The most immediate danger is treating a public AI model like a private vault. Most public AI tools operate as “black boxes” that learn from interaction. When you paste a client’s personally identifiable information (PII) — Social Security numbers, proprietary strategies or messy P&L statements — into a free-tier interface, you may be feeding that data into the model’s global training set. Effectively, you are airing your client’s financial laundry on a digital clothesline.
The risk isn’t just a hack; it is “data regurgitation,” where the model could inadvertently serve up your specific data to another user asking a related question.
If you wouldn’t discuss the matter loudly at a crowded Starbucks table, do not type it into a public AI prompt. If you are using public models, you must sanitize the data beforehand. Anonymize everything — replace names with “Client A,” remove specific locations and generalize figures so they cannot be traced back to a specific entity.
For firms that need to process highly sensitive data, the safest path is to go “enterprise.” By utilizing “walled garden” enterprise versions of these tools, you can ensure that your data is contractually guaranteed not to be used for model training, keeping your client’s information inside your building.
The Confidence of a Con Man
Accountants trust computers to be deterministic. If you type $2 + $2 into Excel, it equals $4. Always.
But generative AI is probabilistic. It doesn’t “know;” it is a creative writer predicting the next statistically likely word. This leads to “hallucinations” — statements delivered with the absolute confidence of a tenured partner that are completely false.
We saw this recently when a big CPA firm used AI to produce a report for the Australian government that contained made-up references. The machine wasn’t lying; it was just “completing the pattern” of what that report should look like. A partial refund and apology followed the report.
If you rely on AI for deterministic processes without supervision, you are gambling. The only defense is a strict policy of “trust but verify.” Never copy-paste AI output directly into a deliverable; treat every draft as a rough sketch. Furthermore, you must demand receipts. Ask the AI to provide citations for its claims, and then — crucially — click the links. AI is notorious for generating authoritative-looking “dead links,” so if it can’t provide a verifiable primary source, you must assume the regulation or case law doesn’t exist.
Vigilance and Education
The goal isn’t to avoid AI; the goal is to move from being a “doer” to a “reviewer.” Give AI the heavy lifting but maintain judgment and responsibility over the tasks.
Crucially, this is not a solo endeavor. Firms must proactively train staff on these specific risks. It is not enough to simply hand out software licenses; firms must host regular training sessions that focus not just on prompt engineering, but on security hygiene. Staff need to understand the “why” behind the rules — why we sanitize data, why we click links and why we check the math. The definition of professional skepticism must expand to ensure that our brilliant, caffeinated intern becomes an asset rather than a liability.