Brian Greenberg 
✨ A sparkle icon appears in an app that no one in IT approved. The help desk can't explain it, and it's already processing your data! This kept coming up in conversations with other CIOs, so I wrote about it in my latest Forbes piece.
The pattern repeats across so many vendors; here are just a few:
・Zoom auto-enabled AI Companion on host accounts, with recordings and full transcripts already defaulted on
・Microsoft 365 Copilot activates for every admin if your tenant holds a single paid license, and opting out means building a special security group
・Google's Workspace Intelligence shipped default-on for Gmail, Drive, Chat, and Calendar, with admin controls lagging the live feature by up to 72 hours
・OpenAI disables connectors by default for Enterprise customers but enables them for Business. Same vendor, opposite defaults.
Every default-on feature just transfers governance work from the vendor to you, along with wiretap exposure and e-discovery sprawl that nobody signed up for.
My ask of vendors is simple: ship AI features off by default and give admins an evaluation window measured in weeks, not days. Until that happens, assume the next AI feature is already live in your tenant. Review your configurations like it's a recurring operational task, because it is.
Full piece here: https://www.forbes.com/councils/forbestechcouncil/2026/06/10/default-on-ai-are-saas-vendors-outsourcing-their-risk-to-you
#RiskManagement #Forbes #ForbesTechnologyCouncil #ForbesTechCouncil #leadership #security #privacy #cloud #infosec #cybersecurity #AI #SaaS
@forbes @Forbes @forbestechcncl @RHR_International @depaulu #DePaul #DepaulU #DePaulUniversity #DePaulCDM
Mike Amundsen