You did not approve AI.

Your Employees Did.

AI is the first revolution that started at the bottom

By Massimo Brebbia - 5 min read - 05 Jun 2026

For most of my career, I have watched innovation follow a fairly predictable path, and I guess you have too.

When a new technology appears, senior leadership evaluates it. Consultants are involved to prepare business cases. Budgets are presented to the board for approval. Training programmes are launched, processes are updated, and governance frameworks are established. Eventually, the technology reaches employees.

Whether we are talking about ERP systems, CRM platforms, cloud computing, cybersecurity programmes, or major digital transformations, the flow has generally been the same. Innovation starts at the top and gradually cascades down through the organization. I still remember the implementation of the latest HR system and finance software.

Artificial Intelligence is different.

In fact, I would argue that AI is the first major technological revolution that entered organizations from the bottom up.

Did you install ChatGPT/Claude/Gemini on your phone by yourself, or under your company’s instruction?

Nobody asked employees to wait for a business case before experimenting with ChatGPT or Claude. Nobody requested board approval before someone used AI to write an email, summarize a report, analyse a spreadsheet, review a contract, prepare a presentation, or generate a project plan. People simply started using it, and honestly, who can blame them?

When a tool can save an hour of work in ten minutes, human nature takes over. Employees are not trying to undermine company policy, most are simply trying to become more efficient, more productive, and more competitive in increasingly demanding workplaces.

The challenge is that while employees have been rapidly adopting AI, many organizations have not been moving at the same speed.

This creates a gap, unfortunately a very dangerous one.

Across many organizations, AI adoption is already happening regardless of whether leadership acknowledges it. Employees are uploading documents, analysing data, generating content, automating tasks, and building workflows using tools that management may not even know exist.

Some call this Shadow AI, but I see it as a governance problem.

The technology itself is not the issue. The lack of visibility is.

When employees independently adopt AI solutions, the organization loses visibility over how information is being used, where data is being stored, who has access to it, and whether outputs are being verified before decisions are made.

What makes this even more challenging is that employees are not learning AI exclusively through company-approved programmes. Every day, they are exposed to a growing market of low-cost courses, online tutorials, social media influencers, webinars, and self-proclaimed AI experts, all promoting new tools, techniques, and shortcuts. Many of these training providers focus on productivity gains and rapid adoption, but few understand the specific cybersecurity, legal, compliance, or governance requirements of your organization.

As a result, employees may genuinely believe they are applying best practices while unknowingly exposing sensitive company information, customer data, intellectual property, or strategic business knowledge to platforms that have never been assessed or approved by the organization.

At that point, the conversation is no longer about innovation, and hopefully, you start to see where I am heading here: It becomes a conversation about accountability.

If an employee uploads sensitive customer information into an external AI platform, who is responsible?

If AI generates incorrect recommendations that influence a business decision, who owns the consequences?

If confidential intellectual property is inadvertently exposed, who carries the liability?

The answer is not the employee, the answer is almost always the organization.

That is why I believe many companies are focusing on the wrong question, I think the question is not whether employees should use AI, I can tell you that the battle has already been lost. Employees are using AI. They will continue to use AI. In many cases, they are finding genuine value from it.

The real question is whether leadership is willing to create the governance structures necessary to support safe and responsible adoption. Unfortunately, I still encounter organizations where AI governance is viewed as an obstacle to innovation.

I see the opposite, and I want you to see it too.

Good governance enables innovation.

It creates clarity around acceptable use. It defines responsibilities. It establishes controls for data protection, human oversight, validation, risk management, and accountability. Most importantly, it allows organizations to scale AI adoption with confidence instead of relying on hope.

Because hope is not a strategy.

As AI continues to evolve, the companies that succeed will not necessarily be those with the most sophisticated technology. They will be the organizations that understand how to balance innovation with control, the organizations that educate their people instead of restricting them, and the organizations that recognize AI is not simply a software implementation project, but a transformation of how decisions are made, how information flows, and how work itself is performed.

That should not create panic, but it should create urgency.

In my opinion, the answer is not to create fear around AI. The answer is certainly not to pretend it is not already being used inside the organization. The reality is that AI has already entered our workplace. Employees are experimenting with it, learning from it, and integrating it into their daily activities, often with the best intentions.

The question is no longer whether AI should be adopted, the question is whether the organization is prepared to govern its adoption, and this is where leadership must step in.

Organizations need to understand where AI is already being used, what information is being shared, which tools are interacting with company data, and whether appropriate safeguards are in place. They must provide employees with guidance that reflects the company’s cybersecurity requirements, regulatory obligations, risk appetite, and business objectives, rather than leaving them to rely only on advice gathered from social media, online influencers, or low-cost training providers.

Good AI governance is not about slowing innovation down. It is about creating the confidence to innovate responsibly. It provides clarity, accountability, oversight, and protection for both the organization and its employees.

Technology may be evolving at unprecedented speed, but accountability has not changed. The responsibility for how AI is implemented, governed, and controlled ultimately remains with the organization.

This article is also published on Medium as part of my public research and writing.

Continue Reading:

Legal AI: Opportunity without Governance can become a liability

Implementing AI in your business? A Guide to Infrastructure and Cloud Solutions

AI and Hazard Observation Card Analytics: A deep, comprehensive exploration