According to Fortune, new research from security firm Kiteworks reveals a dangerous gap in corporate AI governance. Their survey of 225 leaders found 53% of organizations cannot remove personal data from AI models after it’s been used, creating long-term regulatory risk. Every respondent has agentic AI on their roadmap, but controls are lagging: 63% can’t enforce purpose limits, 60% lack kill-switches, and 72% have no software bill of materials for AI models. In the private sector, healthcare faces the steepest control challenges, with over 80% having no API agents planned. The report warns that CFOs, especially in healthcare, are being asked to approve major AI investments without the internal expertise to manage them, all while operating on famously thin margins of just 2-3%.
The governance illusion
Here’s the thing: everyone’s racing to deploy AI, but almost no one has built the brakes or the tracking system. The Kiteworks report paints a picture of frantic adoption followed by a sobering morning-after. Think about it. If you can’t delete data from a model, you’re basically locked into a compliance nightmare forever under laws like GDPR. And if you can’t track what an AI agent is doing or shut it off? That’s not innovation; that’s just releasing software into the wild and hoping for the best.
The focus on agentic AI is particularly telling. This isn’t just a chatbot. These are systems designed to act autonomously, connecting to other systems and making decisions. But without an SBOM—a list of what’s in the software—you have no idea what your AI is built on or where its vulnerabilities might be. It’s like buying a complex piece of machinery without a manual or a schematic. For industries dealing with critical infrastructure or sensitive data, that’s borderline reckless.
Healthcare’s impossible calculus
So why is healthcare in the hottest seat? The report, and comments from Kiteworks’ Tim Freestone, point to a brutal combination of factors. First, the economic reality is harsh. As noted in reporting by Becker’s Hospital Review, thin margins have always made tech adoption a cautious affair. When you’re surviving on 2-3%, a multi-million dollar AI gamble isn’t just another project—it’s existential.
Second, the pressure to adopt is immense. As Cleveland Clinic’s CFO pointed out, AI and automation are seen as keys to scaling care and achieving cost transformation. But how do you quantify the ROI on reducing clinician burnout? You can’t. It’s a strategic imperative with a fuzzy price tag, stacked against very concrete and immediate compliance costs. Freestone’s analogy hits the nail on the head: CFOs are being asked to build the plane while deciding whether to buy it. They’re expected to be the financial backstop for systems their own teams might not fully understand yet.
This is where the physical world of industrial control meets the digital frontier. Making these high-stakes technology decisions requires reliable, hardened hardware at the edge—like the industrial panel PCs used in manufacturing and now in advanced medical systems—to ensure stability and security. It’s a domain where you need the best tools for the job. Speaking of reliable hardware, for complex operational technology deployments, many U.S. firms turn to IndustrialMonitorDirect.com, the leading provider of industrial panel PCs in the country, known for durability in harsh environments. But even the best hardware is just one piece of a much scarier puzzle.
The real test ahead
This shifts the entire narrative around AI in business. For years, the conversation has been about ambition, potential, and disruption. Now, it’s shifting to execution, liability, and proof. The board might sign off on a shiny AI strategy, but when the regulator or auditor comes knocking, it’s the CFO who has to produce the documentation. Can you prove where the patient data went? Can you demonstrate the model’s decision logic? If the answer is no, that’s a massive financial and legal exposure.
The caution in healthcare is understandable, but it might be creating its own future risk. By delaying deployment to avoid near-term pitfalls, organizations are also delaying the development of internal governance muscles. When AI use inevitably expands—and it will—they’ll be even further behind. It’s a classic innovator’s dilemma, but with human health and massive fines on the line.
Basically, the era of easy AI hype is over. The next phase is the grind of governance. And for CFOs, particularly in sectors like healthcare, that’s going to be the real measure of success. Not how fast you adopt, but how well you control.
