By Folu Adebayo

This column is usually about boards, regulators, and the governance of artificial intelligence. But this week I want to write about a child.

My son’s name is Akintade. He is autistic. And the journey of getting him to a place where the world saw what I saw that took years longer than it should have.

I want to tell you what that journey was actually like. Because I think most discussions of AI in our newspapers are missing something important and Akintade is the reason I know it.

The years I do not talk about often

When Akintade was young, I knew. Not in any clinical way. I just knew. A mother knows.

I took him to GPs who told me to wait and see. I took him to schools who said he would catch up. I took him to family members who told me I was worrying too much. The system around him was full of patient, well-meaning people. None of them could see what I could see.

The wait for formal assessment in our NHS was years. Years during which he was in a classroom that did not understand him. Years during which I sat in meetings as a senior professional, carrying invisibly the knowledge that something was wrong with my child and the inability to prove it.
I want African mothers reading this to know I see you. Because what I went through in the United Kingdom, you may be going through with even fewer resources, even longer waits, even less understanding from the system around you.

The autism diagnosis journey is one of the loneliest journeys a parent can walk. And it is happening, right now, in Lagos and Abuja and Accra and Nairobi and Kano and Cape Town. To mothers and fathers who watch their children struggle and have no idea where to turn.

“The autism diagnosis journey is one of the loneliest journeys a parent can walk.”

The promise I made

Somewhere in the middle of our journey with Akintade, I made myself a promise.
If I ever got to a place where I could help if my skills and credentials and energy ever amounted to something useful. I would build something so that no parent had to walk that journey alone. Not in the United Kingdom. Not in Nigeria. Not anywhere.

For a long time the promise sat there. Akintade grew. He became the best of himself. He found his strengths. He became the brilliant, particular, wonderful young man he is.

And artificial intelligence developed.

What AI is actually for

This is where we usually pause in this column to talk about governance, risk, regulators, and the corporate implications of artificial intelligence.

Today I want to make a different point.
Artificial intelligence at its best, used carefully and responsibly has the capacity to do something the institutions around us have not always done. It can listen. It can help a parent put words to what they are seeing. It can produce a structured report at three in the morning when there is nobody else to talk to. It can do this in the parent’s own language. It can do this for free.

It cannot diagnose. It cannot replace the clinical professionals our children need.
But it can hand a worried, exhausted, isolated parent something tangible to walk into a GP appointment with.
That is the gap I have built into.

The tool that came from a promise

It is called Neurohelp.ai. The website is www.neurohelp.ai . It is free. It is available in ten languages including Yoruba. It works for any age from eighteen months to adulthood. It carries no advertising and asks nothing of the family using it.

I built it for the mother who knows. The father who is too tired to keep fighting alone. The grandmother holding the baby and wondering why he does not respond to his name. The teacher who suspects something but does not know how to raise it with the parent. The adult who has spent forty years wondering why they are different.

Last week a mother contacted me. She had been on a waiting list in UK for years. She had tried Neurohelp.ai. She had generated a report. She had taken it to her GP. She had finally, for the first time in years ,booked the appointment that might change her child’s life.

She sent me a message saying thank you. She told me she had cried while typing it. She said I deserved an MBE for what the tool had done for her family.
And I cried too.

Because for a moment, I felt the promise I made years ago land in the world.

“The value of AI is not measured in boardrooms. It is measured in a single mother finally having the words to describe her child.”

Why I am writing this in a business column

I am writing this in a column about AI because I want African business leaders, technologists, regulators, and entrepreneurs reading this newspaper to understand something.

Artificial intelligence is not just a tool for productivity. It is not just a competitive advantage. It is not just a regulatory headache.

It is one of the most important opportunities Africa has ever had to close the gaps that the institutions around us have not yet closed for children with autism, for mothers in rural areas, for adults navigating diagnoses, for communities historically underserved.

If you are building AI in Africa, build it for them. If you are funding AI in Africa, fund the founders building it for them. If you are governing AI in Africa, make space for the small, mission-driven tools that do not have venture funding but do have purpose.
Because the value of AI is not measured in the boardrooms of Silicon Valley or the regulatory texts of Brussels. It is measured in a single mother in Lagos finally having the words to describe her child’s experience. It is measured in a GP appointment booked. It is measured in a family no longer alone.

The work continues

Akintade is now a young man. He inspires me daily.

Neurohelp.ai is the tool I built because I love him. Akintade Autism Centre is the work I do because I want every family to feel the support that I have. The charity Autism Treatment Support Initiatives UK registered, is the structure that makes that work sustainable.

I share this not as a promotion. I share it because the journey from one family’s pain to a tool that can help thousands is exactly the kind of journey African AI can lead the world on.

If you know a family on a waiting list, share Neurohelp.ai with them today.

If you are a parent reading this who is carrying invisible weight at work and at home , I want you to know you are seen. You are not alone. And the work you are doing for your child matters more than almost anything else in this world.

The day I built Neurohelp.ai was the day I kept a promise I made to myself in the darkest part of our journey.

Africa’s AI moment can be a thousand kept promises. To a thousand families. In a thousand languages. Free of cost. Built with love.

That is what AI is actually for.

By Folu Adebayo 

Imagine arriving at work one morning to find that a decision has been made about your future. Not by your manager. Not by your CEO. Not even by a committee that reviewed your performance, your contributions, or your years of service.

By an algorithm.

And when you ask why, when you look across the room at the people who deployed that algorithm and ask them to explain how it reached its conclusion, they cannot tell you.

Not because they are hiding something. But because nobody thought to ask that question before they pressed the button.

This is not a hypothetical. It is happening right now. And it is coming to Africa faster than most leaders realise.

The numbers are staggering

In 2025 alone, nearly 55,000 job cuts were directly attributed to AI, according to Challenger, Gray & Christmas, out of a total 1.17 million layoffs, the highest level since the 2020 pandemic. The companies involved read like a who’s who of global business. Amazon. Workday. Meta. Google.

In early 2026, major firms including Meta, Google, Amazon, Block, Atlassian, Pinterest, and Salesforce announced significant layoffs while explicitly linking cuts to productivity gains from AI tools. Block cut close to 40% of its workforce more than 4,000 roles with leadership arguing that AI tools and flatter organisational structures are changing how companies are built and run.

Baker McKenzie, the global law firm, laid off between 600 and 1,000 employees up to 10% of its global workforce e4 as part of a shift towards AI, primarily affecting support staff including roles across research, marketing, and secretarial functions.

These are not small numbers. These are people’s livelihoods. Families’ security. Communities’ stability.

And in almost every case, the same question went unanswered: on what basis, exactly, did AI determine that these specific people should go?

“When an AI system makes a decision and those who deployed it cannot explain its reasoning, accountability evaporates.”

The accountability black box

Many AI systems operate as black boxes, obscuring decision-making processes that affect employment. This opacity complicates responsibility attribution when AI systems produce harmful outcomes.

This is the governance crisis hiding inside the AI revolution.

When a human manager makes a redundancy decision, there is a process. There is documentation. There is a legal obligation to demonstrate fairness. There is, at minimum, a person who must look the employee in the eye and take responsibility for the decision.

When an AI system makes or influences that same decision and the people who deployed it cannot explain its reasoning accountability evaporates. The employee loses their livelihood. The organisation faces reputational and legal risk. And somewhere in between, the question of who is responsible gets lost in the technical complexity.

This is not just a legal problem. It is a moral one.

AI-washing the new corporate cover

A January 2026 Forrester report was blunt: many companies announcing AI-related layoffs do not have mature, vetted AI systems. The term “AI-washing” has entered the business lexicon to describe companies that attribute workforce reductions to AI-driven efficiencies when the underlying reasons are more financially pedestrian.

In other words: some of these organisations are not using AI to make better decisions. They are using AI as a convenient explanation for decisions they had already made for other reasons.

This is a governance failure of a different kind. Not the failure to control AI but the failure to be honest about what AI is actually doing, or not doing, inside your organisation.

The research that should stop every board in its tracks

Companies reporting high ROI from AI were not the same ones reporting AI-related workforce reductions. “That’s not where the value is,” said one Gartner analyst. “That’s not where the productivity gains are going to be.”

Instead, the study found companies with the highest gains were those using AI as a form of people amplification implementing the technology to make workers more productive rather than outright replacing them.

Read that again.

The organisations getting the most value from AI are not the ones firing people. They are the ones making their people better.

The organisations firing people and attributing it to AI are, in many cases, getting worse returns, not better ones.

The narrative that AI necessarily means fewer people is not just ethically questionable. It is, according to the evidence, strategically wrong.

“Africa has a choice that companies already down this road did not fully exercise.”

What this means for African businesses

I want Nigerian and African business leaders to sit with this carefully.

The pressure to deploy AI is real. The competitive and cost arguments are real. And the global trend toward leaner organisations is real.

But Africa has something that the companies making these decisions in Silicon Valley and London often lack: the wisdom born of building in difficult conditions, the understanding that people are not just costs to be optimised, and the institutional memory of what happens to communities when employment disappears without accountability or explanation.

AI is not killing jobs outright, it is hollowing them out, steadily absorbing discrete tasks, narrowing roles, and compressing wages. Those whose work depends on judgment, context, and accountability may find a useful collaborator in AI. Everyone else may find themselves doing less, earning less, and wondering how it happened.

African organisations have a choice that the companies already down this road did not fully exercise. They can build AI governance frameworks that require explainability before deployment. They can insist that any AI system influencing employment decisions must be able to justify those decisions in plain language. They can hold their technology providers accountable for the outputs not just the inputs of their systems.

And they can choose, deliberately and explicitly, to use AI as the research suggests it works best: not to replace people, but to make them more capable.

The question every board must answer

If your organisation is using or planning to use AI in any process that touches employment — recruitment, performance management, workforce planning, redundancy selection — you must be able to answer one question before you proceed.

If an employee asks why this decision was made about them, can you explain it?

Not in technical terms. Not by pointing to a model. In plain, honest language that a reasonable person could evaluate and challenge if they believed it was wrong.

If you cannot answer that question, you are not ready to deploy that system.

The AI that fired 1,000 people and nobody could explain why a story about technology is not just.

It is a story about what happens when organisations deploy power without accountability.

Africa has seen that story before. In different forms, through different instruments.

We do not need to repeat it.

Folu is AI Risk & Governance Director, United Kingdom, Founder of AIExpertsPro, Neuohelp.ai, AI governance advisor to UK and African financial institutions. She writes weekly on AI governance and responsible technology for The Boss Newspaper.

aiexpertspro.co.uk  |  folu@aiexpertspro.co.uk

By Folu Adebayo

The firm that teaches the Fortune 500 how to deploy AI safely just learned, in 120 minutes, that it had not been listening to its own advice.

On the evening of February 28, 2026, an autonomous AI agent built by a little-known security firm called CodeWall was pointed at the open internet and given a single instruction: pick a target and probe it. It chose McKinsey & Company. Two hours later, the agent had read-and-write access to Lilli, the consulting giant’s internal generative AI platform the very system that 72% of McKinsey’s 43,000 employees use daily, that processes more than half a million prompts a month, and that the firm has been quietly using as a showcase for clients buying its AI advisory services.
The damage surface, when finally disclosed in March, was almost theatrical in its scale: 46.5 million chat messages, 728,000 sensitive file names, 57,000 user accounts, and most consequentially 95 system prompts, the behavioural DNA that governs how Lilli answers every question put to it.
The exploit? SQL injection. A class of vulnerability first documented in 1998. A bug so old it predates the iPod.

This is not a story about a clever hack. It is a story about what happens when the most sophisticated buyers of technology in the world build AI systems with the same architectural assumptions they used to build CRM portals. And it is, more than anything, a warning about the next twenty-four months.

How It Happened

Strip away the mystique and the attack is almost embarrassingly readable. The CodeWall agent began with what every attacker now begins with: reconnaissance. Lilli’s API documentation was publicly accessible. Of the 200-plus endpoints it described,

22 required no authentication at all wide-open doors into a production system. The agent walked through them.

From there, the agent identified an injection vector that standard scanners do not test for: while user values in SQL queries had been parameterised correctly (the textbook defence), JSON field names were being concatenated directly into queries without sanitisation. When the agent began malforming those field names, the database obligingly returned error messages laced with live production data. Classic error-based SQL injection but found by a machine, in minutes, at a cost measured in dollars rather than person-weeks.

What it found in the database is where this stop being a 1998 story and becomes a 2026 story. Sitting in the same tables as the chat messages were Lilli’s system prompts and RAG configuration the instructions that tell the model how to behave, what to cite, what to suppress, what to recommend. With write access, an attacker could silently rewrite those prompts. No code deployment. No release notes. No application log entry. The next morning, 30,000 consultants would log in and receive subtly altered advice and neither they nor McKinsey would know.

The Architectural Failures Were Not Exotic,

They Were Cultural

Engineers will, rightly, list the technical flaws: missing authentication, unsafe string concatenation, no Web Application Firewall on ingress, no schema validation at the gateway, no segregation between AI configuration and application data, no defence in depth.

But the deeper failure is architectural philosophy. Three assumptions, broadly held across the enterprise AI build-out, all wrong:

First, the assumption that AI platforms are just “another web app.” They are not. A traditional database compromise steals data. An AI configuration compromise corrupts judgement at scale, invisibly, for as long as nobody notices. The threat model is fundamentally different.

Second, the assumption that scanners and pen-test cycles will catch what matters. The CodeWall agent did not exploit a novel vulnerability, it exploited an unusual location for an old vulnerability that human red-teamers and OWASP ZAP both routinely miss. Scanners are pattern-matchers. AI attackers are explorers.

Third, the assumption that the application code is where security lives. Application code will always have bugs. Defence in depth means policy enforcement at the infrastructure layer the gateway, the WAF, the network sits independently of, and in front of, the inevitably buggy app. Lilli had none of that.

The Governance Implications Are Larger Than McKinsey

For boards, CROs and CTOs, three uncomfortable truths now sit on the table.

System prompts are the new crown jewels. They are corporate IP, behavioural policy, and regulatory artefact rolled into one. Yet most enterprises store them next to chat logs in a single relational database, behind a single auth layer. They should be encrypted at rest, separated from operational data, version-controlled with cryptographic signing, and changes should require multi-party approval the same controls we apply to production database schemas.

Audit trails designed for human attackers are obsolete. A human breach unfolds over weeks and leaves footprints. A machine-speed breach completes before your SIEM has aggregated the morning’s logs. Worse, a configuration breach leaves no footprint at all, the application is doing exactly what its (now-tampered) instructions tell it to. GRC teams must now monitor AI outputs for behavioural drift, not just AI inputs and infrastructure logs.

Asymmetry has flipped. For thirty years the attacker had to find one hole and the defender had to plug all of them a brutal asymmetry, but a known one. Autonomous offensive agents collapse the attacker’s cost curve. CodeWall’s chief executive said the quiet part loud in his post-disclosure interview: AI agents autonomously selecting and attacking targets will be the new normal. Defenders are not yet running AI agents that continuously red-team their own production systems. They will need to.

What Actually Has to Change

Let me be specific, because vague calls for “AI governance” are how we got here in the first place.

1. Treat every AI platform as a privileged application from day one. That means least-privilege data access, scoped retrieval, and segregation of duties between the model, the prompt store, and the knowledge base. If your AI agent has the same database role as your chat history table, you have already lost.

2. Implement defence in depth across the AI execution path. Three independent gates: an HTTP gate (authentication, rate limiting, WAF, schema validation) before any request touches the application; an LLM gate (prompt-injection detection, content policy enforcement, output filtering) between the application and the model; and an agent gate (tool-call authorisation, scope limits, behavioural monitoring) for any system that lets the AI take actions. None of these can live inside the application code itself.

3. Mandate AI-specific threat modelling before deployment. STRIDE was designed for a world of forms and CRUD operations. It does not catch prompt injection, indirect data exfiltration via RAG, system prompt manipulation, or context poisoning. Your security review template needs an AI-native section. If your CISO cannot describe how your organisation tests for these, that is a board-level finding.

4. Monitor outputs for behavioural drift. Build expected-output baselines. Sample responses continuously. When the AI starts citing a new domain, recommending a new vendor, or suppressing a category of advice, somebody needs to know in hours not when a journalist calls.

5. Make AI configuration changes a board-visible control. System prompts are policy. They should be versioned, signed, dual-authorised, and reportable. The audit committee already reviews changes to the financial close process; it should review changes to the instructions governing the AI tools that influence client-facing work.

6. Run continuous, autonomous red-teaming against your own AI estate. If the threat is now an AI agent that probes endlessly at machine speed, the defence has to be an AI agent that audits endlessly at machine speed. Annual pen tests are not a control; they are a compliance ritual.

The Real Lesson Is About Trust

The most chilling sentence in the entire CodeWall disclosure is the one nobody is quoting. The researchers noted that, having gained write access, they could have rewritten Lilli’s prompts to subtly steer the advice given to McKinsey’s consultants and through them, to clients running critical infrastructure, treasuries, and public services across the world. They chose not to.

We will not always be that lucky.

The McKinsey breach is not really a story about SQL injection. It is a story about how quickly the asymmetry between attackers and defenders has shifted, about how recklessly we have built AI systems that mediate professional judgement at scale, and about how unprepared most enterprise governance frameworks are for a world in which the most sensitive thing inside the firewall is no longer the data, but the instructions that shape how that data becomes advice.

The firms that will earn the right to be trusted with AI in the next decade are not the ones moving fastest. They are the ones who recognise, before the breach disclosure email arrives, that an AI platform is not a productivity tool. It is a piece of decision-making infrastructure and infrastructure has to be governed accordingly.
McKinsey will recover. The next firm may not.

Folu writes on AI governance, Strategy and architecture. Folu is the founder of AIExpertsPro, advising boards and executive teams on AI risk, security and assurance.