AI’s power to transform work is obvious: faster content, sharper insights, and better automation. Large Language Models (LLMs) such as GPT-5, Gemini and Claude have become everyday tools for millions of professionals, making work easier and more creative.
However, this same accessibility hides serious risks, especially for companies that handle customer or business-confidential data. Once sensitive information is entered into a publicly available LLM based application, control is lost. You cannot always know where it is stored, how long it is kept, or whether it will be used to train future models.
The recent KPMG Global Insights survey in 2025 regarding AI revealed that 48% of surveyed employees admit to using AI in ways that contravene company policies, often by uploading sensitive data into these applications. Yet only about a third of organisations have clear rules in place. This reflects a global pattern where enthusiasm outpaces governance.
At Antares, we know both sides of this equation. We build and implement AI solutions with QBot – An Enterprise AI platform for our clients every day. We also use AI internally. That dual role makes us deeply aware of the risks and equally aware of our responsibility to help our customers use AI safely, responsibly, and with confidence.
Why Strict AI Policies Are Non-Negotiable
The value of AI is undeniable, but so are the risks. Here is why every organisation needs to put robust guardrails in place:
1. Customer and business data are at real risk
Customer data is not limited to names or emails. It includes project artefacts, code, system logs, test environments, and even “anonymised” datasets. Once uploaded into a publicly available LLM based application, this data leaves your control entirely stored in jurisdictions outside your control and potentially used for training their own LLMs.
2. Laws and regulations are tightening
This is no longer just about values or culture. In Australia, amendments to the Privacy Act have introduced stronger penalties for breaches, with heavy fines that can cripple an organisation. If confidential or customer data leaks through careless AI use, the consequences go beyond embarrassment; they become legal and financial liabilities.
3. Shadow AI is a growing vulnerability
“Shadow AI” refers to staff using unapproved AI tools without the company’s knowledge. Just like “shadow IT”, this often starts innocently; an employee pastes a draft proposal or log file into a publicly available AI agent to “speed things up”. However, these systems might store data offshore or fail to meet compliance requirements. Without a policy that directly addresses shadow AI, organisations expose themselves to hidden and untraceable risks.
4. Trust and reputation cost more than compliance
Even if regulators never come knocking, customers will. Trust is hard-earned and quickly lost. At Antares, protecting sensitive information is not just about meeting a policy requirement, it is about reinforcing our reputation as a trusted partner. We encourage the same mindset in our clients.
What an AI Policy Should Include
Every business will tailor its AI policy to its needs, but there are common elements that make a policy strong, clear, and enforceable:
- Purpose: Explain why the policy exists: to enable innovation while safeguarding sensitive data.
- Definitions: Clearly define terms such as “confidential data”, “customer data”, and “approved AI applications”.
- Scope of Application: State who and what the policy applies to: employees, contractors, devices, and systems.
- Risks of Using Generative AI: Outline potential harms, from data leakage to compliance failures and reputational damage.
- Approved Tools: List which AI platforms are approved for use, ideally enterprise-grade solutions with strong governance.
- Prohibition of Unapproved AI Tools: Make it explicit that uploading confidential or customer data into public or unapproved tools is not allowed.
- Customer Data Guidance: Give concrete examples of what counts as confidential data, from emails and code, to test datasets and aggregated reports.
- Formal Approval Process for Exceptions: Provide a way to request exceptions for special use cases, with risk assessment and leadership sign-off.
- Guidance, Support, and Reporting: Offer channels for staff to ask questions, report concerns, and get clarity before using new tools.
- Monitoring and Audit: Commit to auditing usage and monitoring compliance, ensuring the policy is more than words on paper.
- Recordkeeping: Require logs and documentation for AI use where confidential data might be involved.
- Consequences of Breach: Define disciplinary outcomes for misuse, making it clear the policy has weight.
When written in plain language and backed by training, this kind of policy does not slow people down, it gives them confidence to innovate without fear of crossing invisible lines. At Antares, our ‘Use of generative AI Tools for Work Policy’ reinforces this by ensuring new employees and even those adapting to sudden changes in the technology environment can use AI comfortably, with clear contacts to reach out to and knowledge materials to guide them.
The Better Path: Custom Enterprise AI Platforms
Public AI tools are convenient, but convenience should not come at the cost of security and governance.
If data security and governance is a priority, QBot is purpose-built for enterprises. QBot ensures that both customer data and business data remain within a tightly governed environment, with robust access controls, audit trails, and compliance with Australian privacy regulations. This allows organisations to confidently use QBot to drive productivity and innovation, knowing that sensitive information is protected and regulatory obligations are met.
A clear AI policy sets the boundaries, and an enterprise platform like QBot provides the trusted environment. Together, they empower organisations to unlock AI’s value without risking confidential data, compliance, or reputation. The future isn’t just about using AI; it’s about using it responsibly to protect your people, your data, and your customers.
To Learn More about QBot, Visit: QBot Services | Transform Your Business with AI-Powered Efficiency
