Artificial Intelligence (AI) technology is changing fast, and with that comes emerging risks that your organisation needs to manage.
I’ve never recommended more frequent policy reviews than I do today.
Below are three emerging AI risks your NFP must understand and mitigate right away:
AI Notetaker Bots
It happened in a client meeting yesterday. An attendee brought their own AI notetaker bot to the meeting without permission, and no one prevented it from joining. Why is this a concern?
Otter.ai (one of the more popular AI note takers) was recently sued for recording video meetings without permission and using that information to improve its AI model.
Imagine all your confidential conversations being reused by an AI tool! Yikes!
ACTION:
Create a new clause in your policies and train your staff to prevent any AI tool from joining a meeting unless it’s from Microsoft, Zoom, or Google Workspace – the primary AI notetaking tools that promise not to train on your data.
3rd Party Use of AI tools
I was helping a client with a software procurement process recently. The vendor signed the client’s NDA before we gave them a stack of confidential information. In record time, they returned one of the best proposals I had ever seen.
I wrote proposals for a global IT provider in my earlier days, and so I understood how much work it would usually take to do this. So, after I commented on this, the vendor disclosed that they used AI tools to help them write the proposal.
So… what happened to the client’s confidential procurement data? Unfortunately, it was already too late to change anything. If the data were in their tool now, it would be tough to remove it.
ACTION:
Ensure that your NDAs and contracts clearly state that the 3rd party must seek permission to use AI with your data before use. Furthermore, you need to feel confident that their use will not cause your organisation or stakeholders any harm before you say yes.
I also highly recommend going back to active contracts where confidential information is shared with a 3rd party and to amend the contracts with this clause too.
AI Browsers
This is a brand AI category that creates new risks with OpenAI’s Atlas browser (owner of ChatGPT), announced this week, and Perplexity’s Comet browser, released about a month ago.
The benefit of these tools is that they can go beyond answering questions or helping with searches to actually perform tasks like booking a hotel room or scheduling an appointment on your behalf.
However, much like Microsoft’s introduction of its Copilot Recall screen capture feature last year, there are significant risks to utilising these features.
That’s because these browsers may view and record everything you are doing on the computer screen. Furthermore, you’ll have to share login details or financial info like credit card numbers for it to perform many of the functions.
My concerns are first related to privacy because most Not for Profits work with sensitive and confidential data daily, particularly for vulnerable people. Now your screen could be recorded with this information while using an AI browser.
My second concern is related to cybersecurity. These AI tools are showing significant vulnerabilities due to their speed of development. Adding your credit card details or giving it login permission to important accounts could add you to the victim list later if there’s a breach.
I just bought a standalone laptop to experiment more with these AI tools. So, I’ll share my additional thoughts after these browsers have matured a little and I’ve had some time to evaluate them thoroughly.
ACTION:
For now, I highly recommend that your IT team or MSP prevent the use and download of an AI browser until their risks can be fully assessed.
And while not technically a “browser,” I do recommend turning off the Microsoft Recall feature too.
Final Thoughts
AI technology is moving incredibly fast. It’s important that your organisation understands the emerging risks associated with it too.
If you’re feeling a bit overwhelmed with it all, I’m conducting 1-day AI Adoption Strategy workshops in Sydney and Melbourne in December 2025. More information can be found here.
P.S. If you found this article helpful, you might want to read these too:
- 5 Risks of AI Adoption in Not for Profits
- Is it finally time for your NFP to invest in Microsoft Copilot?
Tammy Ven Dange is a former charity CEO, Association President, Not for Profit Board Member and IT Executive. Today, she helps NFPs with strategic IT decisions, especially around investments and risk mitigation.