Your operations manager started using ChatGPT to summarise client emails three weeks ago. You found out by accident. Your first instinct was relief, because it’s saving them an hour a day. Your second was unease: where exactly are those client emails going? That second instinct is the right one to follow.
What are security controls for AI systems?
Security controls for AI systems are the access rules, usage policies, and monitoring practices that sit around any AI tool your business uses. The concept is familiar: if your team can connect Copilot to your SharePoint files, summarise emails with AI, or paste client notes into a chatbot, each of those actions touches a control you either have in place or you don’t.
The NCSC’s guidance on AI and cyber security is clear that many existing cyber controls, access management, patching, logging, and incident response, apply directly to AI systems and should be treated as mandatory foundations. The difference is that AI tools create wider surfaces for those controls to cover. Your CRM used to hold your client data. Now an AI assistant connected to it can query that data, summarise it, and in some configurations route it to an external service. The access question is the same; the exposure is broader.
The three areas your controls need to address are: who can use the AI tool and what data they can feed it; what the tool does with that data (whether it stores it, learns from it, or routes it elsewhere); and whether you would know if something went wrong. An acceptable-use policy, some configuration choices in your SaaS settings, and a basic audit log address much of this at the SME level without specialist infrastructure.
Why does AI security matter for your business?
A 2025 survey of 250 UK small business owners found that 44% worry that using AI without proper safeguards could expose their business to cyber threats. The more telling figure sits alongside it: only 10% have invested in any AI security training for their staff. That gap between concern and action is where risk accumulates quietly.
The immediate hazard is rarely the dramatic breach. It tends to be the slow leak. A staff member pastes a client contract into a public chatbot to get a summary. A salesperson uses a free AI tool to draft proposals, and the tool logs the client name and deal terms. An AI assistant connected to your email is granted broader access than anyone intended. None of these trips an alarm. All of them create liability under UK GDPR and potential trust damage if a client asks where their information went.
IBM’s 2023 Cost of a Data Breach Report found that organisations using AI and automation in their security operations had breaches that were 108 days shorter in duration and cost on average US$1.76 million less than those that did not. The figures are enterprise-scale, but the principle transfers: catching a problem early is cheaper than managing it late. For an SME, the practical version is turning on audit logging, reviewing access alerts, and establishing a clear policy before anyone adopts a new AI tool rather than scrambling to do so afterwards.
Where will you actually meet AI security controls?
The main place you will encounter AI security controls is inside the tools your team already uses every day. Microsoft 365 Business Premium includes Defender for Business, which flags suspicious sign-ins and detects malware in AI-connected accounts. Google Workspace applies machine-learning phishing filters before email reaches your inbox. Your CRM or accounting software may already be running AI without a label on it.
The controls available at the SaaS admin level have more impact than many owners realise. In Microsoft 365, you can restrict which SharePoint sites and mailboxes Copilot can index, enforce conditional access policies, and enable unified audit logs to capture what the AI accessed and when. In Google Workspace, you can restrict Gemini from processing certain data categories and review which third-party apps connected to your account have access to your data. These settings exist in the admin console, not buried in specialist tooling.
The harder situation arises when your team reaches outside your managed environment. The NCSC specifically warns about prompt injection: a type of attack where malicious instructions hidden in a document or web page cause an AI assistant to carry out unintended actions, such as routing data to an external URL. If a staff member is using an AI tool to read or summarise documents from unknown sources, that is the scenario you close with an acceptable-use policy and some brief guidance on what to feed the AI.
When does AI security need its own attention?
The NCSC’s small business guidance is clear that basic cyber hygiene, MFA, regular patching, and sensible access controls, remains your primary defence regardless of AI. For firms where AI appears mainly inside standard SaaS products, those fundamentals cover the bulk of the risk. A dedicated AI security review becomes necessary once AI is processing client personal data, handling sensitive business information, or making decisions that affect people directly.
UK GDPR provides a useful decision rule. If the AI tool you are deploying processes personal data in a way that is new, large-scale, or likely to produce significant effects on individuals, the ICO expects a Data Protection Impact Assessment. For the typical service-based SME, this might mean an AI tool that automatically segments clients, generates profiling outputs, or routes personal data to a vendor outside the UK and EU. A chatbot that summarises internal notes sits at a different risk level from one that makes client-facing decisions.
For firms in regulated sectors, the bar is higher. The FCA treats AI as falling under existing rules on operational resilience and outsourcing: if an AI vendor becomes a material supplier, boards are responsible for it in the same way they are responsible for any critical third party. A financial advice firm or insurance broker using an AI sales assistant needs to apply the same vendor scrutiny it would give to any outsourced service.
Related concepts worth knowing
AI security sits within a cluster of overlapping disciplines. UK GDPR governs how personal data is processed by any AI tool, and the ICO expects firms to run Data Protection Impact Assessments for high-risk AI use. The NCSC’s secure AI development guidelines extend its standard small business cyber guide directly to AI systems. For firms selling into EU markets, the EU AI Act adds a further layer of transparency and risk management obligations.
The OWASP Top 10 for Large Language Model Applications is worth bookmarking. It catalogues the most common security weaknesses in AI systems, including prompt injection, training data poisoning, and insecure output handling, in plain language that does not require a security background to read. The CMA’s foundation model review is relevant for any firm that relies heavily on a single platform, such as Microsoft or Google, for both productivity and AI security: it tracks whether market concentration in AI infrastructure creates vendor-dependency risks for businesses.
The practical entry point for a UK SME is the NCSC’s small business guide and its AI-specific companion. Both are free, written for non-specialists, and workable in an afternoon. The governance task is to check whether the controls you already have are configured for the AI tools your team is already using, rather than assuming that nothing has changed because nobody labelled it AI.
