Most AI governance programs treat every tool like a nuclear material. The controls should match the risk. Here's what proportionate governance looks like.
There’s a reason you can’t buy plutonium at Staples. It’s catastrophically dangerous, useful in a narrow set of applications, and the wrong person doing the wrong thing with it ends very badly for everyone in a wide radius. So we built an entire regulatory apparatus around it: licensed handlers, controlled facilities, chain-of-custody documentation, armed guards. The whole point is to make sure only specific, vetted people can touch it, in specific, hardened environments, for specific, sanctioned purposes.
Pencils are also useful. You can sketch with one, do your taxes with one, write a love letter, draft a will, plan a heist. A pencil in the wrong hands has caused real harm. But nobody runs a procurement review before letting an analyst grab one out of the drawer. We don’t track which pencils touched which documents. We don’t require sign-off from the CISO before issuing a new one to marketing.
The risk profile is different. So the controls are different. That’s it. That’s the whole framework.
Now look at how most companies are governing AI.
Walk into a typical enterprise AI governance program and you’ll find a vendor review process that takes six weeks, an AI council that meets monthly, a registry that’s supposed to catalog every tool in use, a data classification overlay, a model risk management framework borrowed from financial services, and a list of “approved” AI tools that everyone is gently encouraged to use and that almost nobody actually uses.
That’s the plutonium playbook. Gatekeep the supply. Vet the handlers. Channel all demand through a central authority. It works for plutonium because plutonium is genuinely hard to get. There are maybe a dozen places on the planet that produce it, and each one has its own perimeter, its own paperwork, and its own armed guards. The controls match the distribution model.
Now look at how AI actually reaches your employees.
Every model worth using is one URL away. It’s free or close to it. It runs in any browser, on any phone, on any personal device, on any network. There is no chokepoint. There is no supply chain to control. Your finance analyst can be using a frontier model thirty seconds after deciding they want to. Your sales rep already is.
This is the part that breaks every AI governance program built on the plutonium model. You’re imposing controls designed for a scarce, regulated substance on something distributed like pencils. The controls don’t fail because employees are reckless. They fail because the alternative is sitting in another tab, no friction, no login required, no IT involved. The minute your approved path takes longer than opening a new browser window, you’ve lost. Not eventually. Immediately.
It’s the same dynamic that broke cloud governance in 2012 and SaaS governance in 2018. Anything an employee can sign up for with a credit card and an email address is going to get signed up for, regardless of what the policy says. AI is the same pattern. The friction is just gone.
Some AI use is genuinely plutonium-class. A model making credit decisions. A model deciding who gets a job interview. A model generating code that ships to production without human review. An agent with access to your CRM, your invoicing system, and the ability to send email on your behalf. These deserve real controls, real review, real audit trails. Nobody’s arguing otherwise.
But that’s not what most of your employees are doing with AI.
Most of them are using it to summarize a meeting, clean up an email, generate a first draft of a memo, brainstorm names for a project, write a regex they could have written themselves but didn’t feel like writing, or ask a question they would have otherwise asked a colleague. These are pencils. The output gets reviewed by a human. The input rarely involves regulated data. The blast radius if the model gets it wrong is the same as if the human got it wrong, which is to say, somebody fixes it in the next draft.
Treating those use cases like plutonium doesn’t make you safer. It pushes them underground. Your employees aren’t going to stop using AI to clean up an email because you didn’t approve the vendor. They’re going to use it from a personal account on a personal device, and you’re going to see exactly none of it. You’ve optimized for the appearance of control and traded away the only thing that actually matters, which is visibility.
Match the controls to the risk. Not the abstract risk of “AI” as a category, but the concrete risk of a specific use, with specific data, in a specific workflow.
A few principles that work in practice:
Discover before you govern. You can’t govern what you can’t see. Most companies wildly underestimate how much AI is already running in their environment, because they’re looking at the approved list instead of looking at the network. The approved list tells you what you said yes to. It tells you almost nothing about what's actually in use. Audit the network, map the tools, and accept that the number will be higher than you expect. Start with reality, not policy.
Default to permissive for low-risk use. If somebody wants to use a chat assistant to clean up their writing, the answer is yes. Make it easy. Make the approved path the path of least resistance. The minute your governance program becomes the obstacle, you’ve lost.
Reserve real controls for real risk. Agents with system access, models embedded in customer-facing decisions, anything touching regulated data: these get the full review. That’s where your security team’s attention belongs. Everything else, get out of the way.
Govern the workflow, not the tool. “We banned ChatGPT” is not a policy. People will use Claude, or Gemini, or whatever comes out next month—and your policy won't travel with them. What travels is a clear standard for what data goes into any AI tool, what action comes out, and who’s accountable for the result. Build your controls around those three things, and they hold up regardless of which model someone opened this morning.
A lot of AI governance right now is theater. It exists to make leadership feel like somebody’s in charge, to give the board a slide, to satisfy an auditor who hasn’t yet figured out what to actually ask. It treats every use of AI as if it might be the one that makes the news, and the result is a program that’s expensive, slow, and quietly ignored by the people it’s meant to govern.
You don’t need a plutonium program for pencil-grade risk. You need to know what’s in use, draw a clear line around the genuinely dangerous stuff, and otherwise let your people work.
The companies getting this right aren’t the ones with the longest approved-tools list. They’re the ones who know what their workforce is actually doing with AI and have built controls that scale with the actual risk. Everything else is paperwork.
