Adaptive AI Governance: A Smarter Way to Embrace BYO-AI

The GM walked out of my AI talk.

Not because I said his services model would lose.

Not because I said AI would take his job.

Because I said a 7-letter word: ChatGPT. (Yes, really.)

This company has a rigid AI policy. (COUGH… Pilot.)

Meanwhile, 55% of their employees already use AI—unauthorized and unmonitored. And they're not telling.

Why does this matter? Because when employees can't openly use effective tools, they don't stop—they find ways around.

A partner at a major financial firm said bluntly: “We have a sanctioned AI. It’s not the best.” They advise technology companies and yet cannot do so based on application. Their knowledge is theoretical and their governance model was set up as if it were still 1995.

A BigCo SVP kindly explained to me that she had heard an engineer upload customer passwords to AI and it was found in a chat. She patted me on the head and said, we have to secure data.

Really? I asked ChatGPT to plagiarize me. He said no. I have found more what I thought were private personal details about myself in a basic Google search than digging with ChatGPT discussion…. And we spend hours together.

Even if the SVP’s story were 100% true, the argument about data security and IP assumes all use cases involve sensitive data. They do not. We can set policies, change management, use detection tools and other mechanisms to help our employees act with integrity and not apply one size fits all, can’t we?

We've seen the one size fits all pattern change successfully before. 

When employees first wanted to bring their own smartphones into the workplace, IT departments resisted. But once organizations embraced BYOD (Bring Your Own Device), productivity improved substantially. In fact, 68% of companies reported measurable productivity gains after adopting BYOD policies.

Why does this matter? 

Because binary governance decisions—either fully approved or entirely banned—don't reflect the reality of how people work. Employees naturally choose the most effective tools, even if it means going underground. In fact, strict prohibitions don't eliminate risk; they amplify it. 

Samsung's engineers uploaded proprietary data to ChatGPT because the company's restrictive policy offered no practical alternative. Following the leaks, Samsung implemented a full ban, limiting their engineers' ability to leverage generative AI for legitimate, productivity-enhancing purposes. This reaction underscores the hidden cost of binary governance: it not only fails to prevent unauthorized usage but also stifles innovation and competitive advantage.

The alternative isn't to ban or ignore. It’s nuanced adaptive governance. The question starts with what can we allow and how do we make guardrails that better align with specific low, medium or high risks. Last year Peter Swain and I co-wrote about this in a book introducing the ADAPT Framework and how to manage growing shadow AI and rapid technology platform evolutions. 

ADAPT assumes dynamic changes and establishes governance structures that can respond to real-world AI usage through specific triggers—regulatory shifts, risk incidents, or adoption patterns.

ADAPT is a five-step strategic governance framework.

1. Assess: Identify and map your current AI landscape, including sanctioned and unauthorized (shadow AI) use, pinpointing exactly where risks and opportunities lie.

2. Design: Create responsive governance policies that use triggers—such as regulatory shifts or significant changes in AI use—to automatically adapt and stay relevant.

3. Align: Bring key stakeholders (legal, IT, business units) into alignment around governance strategies that support innovation, build trust, and clearly match organizational goals.

4. Pilot: Implement governance changes in controlled, small-scale experiments to test and validate effectiveness without disrupting operations, gathering real-time insights.

5. Transform: Scale successful governance strategies across your organization, turning governance from static compliance into a proactive, evolving system that's integrated into daily operations.

The employees who stayed in my presentation after the GM walked out (99% of the 50 person audience), well they saw the point and understood the power of possible. 

One employee who heard the story of how I created a CustomGPT for my father to coach me through painful moments of dealing with him as his dementia related paranoia worsened, realized that she could use ChatGPT as her coach. She is autistic and has ADHD and missed nuance that prevented her from being as effective as her intelligence and capability would allow.

For her it clicked, AI isn’t just automation. It’s how we think, work, and relate differently.

It can show her things she doesn’t see about herself. It can give her new ways to deepen relationships with clients and colleagues.

My friend Ric Nelson, an executive director of an advocacy group in Alaska, has cerebral palsy which impedes his speech and mobility but not his heart and brain. He has a clone which allows him to reach the world in a way not possible six months ago. This is for $29 a month.

Over and over I see how possibilities happen when we allow doors to open and establish appropriate autonomy with accountability.

Morgan Stanley, embracing adaptive governance, deployed an internal GPT-4 assistant with defined guardrails. The result? 98% of their financial advisors now use AI safely and productively to improve client interactions, securely accessing internal knowledge without compromising sensitive data. 

If history and research have taught us anything, it’s this: BYO-AI is inevitable. The companies that win won’t rely on simplistic yes-or-no AI governance. They’ll adopt nuanced frameworks that empower employees, control real risks, and enable innovation—exactly what ADAPT facilitates.

Want the practical next steps? Click here to get the white paper and start your journey toward adaptive governance. Use this link for an interactive discussion with Betsy’s clone on the ADAPT Framework.

Related Content