There’s a specific kind of conversation I’ve watched happen dozens of times. A small business owner meets with an AI consultant. They see a compelling demo. They discuss what the AI can do. They talk about pricing. The consultant proposes an implementation timeline.
Security doesn’t come up.
This isn’t always negligence. It’s partly incentive structure. A consultant hired to build a thing is rewarded for building the thing — not for the quality of the controls around it. A vendor selling an AI tool is focused on features, not on what happens to your data when things go sideways.
And it’s partly that security conversations are harder to have. Capability demos are exciting. “Here’s what could go wrong” is not.
But the result is that a lot of small businesses — including some in regulated industries — are running AI systems that have never been evaluated against any security standard. And the consequences tend to show up quietly, over time, in ways that are hard to trace back to the AI.
What the risk actually looks like for small businesses
Let me be concrete, because “AI security risk” sounds abstract.
Your employees are pasting customer data into ChatGPT. This is the most common issue I see. Staff members have discovered that AI tools save them time, so they use them — often with business data, sometimes with sensitive customer information. Most organizations have no visibility into this and no policy governing it.
Your AI vendor is storing your data in ways you haven’t reviewed. If you use a third-party AI receptionist, scheduling tool, or customer service bot, your conversations and customer data are almost certainly being stored somewhere. Do you know where? Do you have a data processing agreement? Do you know what happens to that data if the vendor is acquired?
Your AI has more access than it needs. A common shortcut when building AI workflows: give the AI broad access “so it can handle anything.” In practice, this means that if something goes wrong — a bad prompt, an unexpected input, a compromised account — the blast radius is much larger than it needed to be.
You have no audit trail. If something goes wrong with your AI, can you answer the question “what did the AI do last Tuesday at 2pm?” If not, you have a significant accountability gap — one that matters in regulated industries and in any situation where a client or patient asks what happened.
Why consultants don’t bring this up
It’s worth being honest about the incentive structure here.
Most AI consultants — especially freelancers and small shops — are hired to build things. Their expertise is in capability: what the AI can do, how to connect it to your systems, how to prompt it effectively. Security is a different discipline with its own frameworks, its own vocabulary, and its own body of knowledge.
Asking a capability-focused consultant to evaluate security risks is like asking your web developer to audit your financial controls. They might have opinions, but it’s not their specialty.
The better consultants will tell you this upfront. They’ll say “here’s what I’m building and here’s what you should evaluate independently.” The less good ones will either say nothing or give you vague reassurances about “enterprise-grade security” without being able to explain what that means.
There’s also a commercial dynamic. If a consultant raises security concerns, the project might get more expensive, or the client might get cold feet. It’s easier to build the thing and let the client worry about security later.
Four questions worth asking before you sign
Whether you’re evaluating a new AI deployment or reviewing something that’s already in production, here are four questions that tend to surface the issues:
1. What data does this AI touch, and where does it go?
You want a specific answer, not a vague one. “It uses your customer information to…” should be followed by a clear description of what data, where it’s stored, how long it’s retained, and who has access to it. If the consultant can’t answer this concretely, that’s a signal.
2. What happens if someone tries to misuse this AI?
Specifically: what happens if a user sends a prompt designed to make the AI do something it shouldn’t? What are the guardrails? What is the AI prevented from doing? Can the AI be tricked into revealing information it shouldn’t? These questions should have specific, technical answers — not “don’t worry about that.”
3. What logging is in place?
If you need to audit what the AI did in a given time window — for a compliance review, a client dispute, or an internal investigation — can you do that? What gets logged? Where are the logs stored? Who can access them?
4. How does this align with the OWASP ASI Top 10?
This question has a useful effect: it tells you immediately whether the consultant is familiar with the relevant security standards. The OWASP ASI Top 10 is the current baseline framework for agentic AI security. If your consultant hasn’t heard of it, that’s worth knowing.
What a security-first conversation looks like
For contrast, here’s what the conversation sounds like when security is actually part of the engagement:
“Here’s what we’re building, here’s the data it will touch, here’s how we’re limiting its access. Here’s the logging architecture so you can audit every action. Here’s where we’re applying the OWASP ASI controls and why. Here’s what’s in scope for this deployment and what’s explicitly out of scope.”
That conversation takes longer. It produces more documentation. The engagement costs a bit more. But it also means that when your deployment is live, you know what you have — and you have the basis to answer questions about it.
A note on fear
I want to be careful here, because security conversations can easily tip into fear-mongering.
The goal isn’t to make AI sound dangerous. AI is genuinely powerful and genuinely valuable for small businesses. The goal is to help you use it in a way that you can stand behind — that you could explain to a patient, a client, or a regulator if you needed to.
The businesses I work with are not abandoning AI. They’re deploying it with the controls in place that let them sleep at night. That’s a different thing.
If you want to talk through what that looks like for your business, start with a discovery call. No pitch, no pressure — just an honest conversation about what you’re running and what it would take to run it well.