By Folu Adebayo

A lawyer in the United Kingdom needed to summarise a confidential client document. Forty pages. A busy day. So they did what millions of professionals around the world now do without a second thought.

They pasted it into an AI tool.

Faster than reading it line by line. Nobody had told them not to. Nobody had told them they could. There was no policy. No training.

No record of the decision.

It seemed harmless. It was not.

A UK tribunal has now ruled that uploading confidential documents to an AI tool can be treated as the equivalent of placing them in the public domain. The legal privilege protecting those documents, the confidentiality that is the very foundation of the relationship between a professional and their client was lost. Permanently.

Not because anyone acted in bad faith. Because the tool did what such tools do the moment information is entered into them.

“The employee was not trying to do anything wrong. They were trying to work faster.”

Why this matters far beyond the United Kingdom

It would be easy for African business leaders to read this as a distant story. A British tribunal. A British case. A British problem.

That would be a mistake.

The behaviour at the centre of this ruling a professional pasting confidential information into an AI tool to save time is happening in every law firm, every bank, every hospital, every government office, and every consultancy in Lagos, Nairobi, Accra, and Johannesburg right now. Today. As you read this.

The technology does not respect borders. The behaviour does not respect borders. The risk does not respect borders.

The only thing that varies from country to country is whether there is a governance framework in place to manage it and whether the people using these tools have been told, clearly, what is and is not permitted.

In most African organisations, that framework does not yet exist.

The quiet leak

Consider what is most likely happening inside your own organisation as you read this.

A member of staff has a long report to summarise. They paste it into a free AI tool.

A colleague is drafting a difficult email and asks an AI assistant to improve the wording including the confidential context. Someone in finance uploads a spreadsheet of sensitive figures to ask the AI to analyse it. A junior employee, eager and capable, uploads a client contract to extract the key terms quickly.

None of these people are acting maliciously. Every one of them is trying to do their job well.

And every one of them may be moving confidential information client data, commercial secrets, personal information, privileged material outside the protected boundary of the organisation.

This is not a hypothetical risk. Industry research suggests that the overwhelming majority of organisations have employees using AI tools, while only a small minority have any policy governing what may be entered into them. The gap between adoption and governance is not narrowing. It is widening.

“The technology does not respect borders. Neither does the risk.”

Why Africa is particularly exposed
There are three reasons this risk is especially acute across African markets.

First, AI adoption across Africa has been rapid, mobile-first, and largely informal. Professionals have embraced AI tools with energy and ingenuity often ahead of the organisations they work for. That is a strength. But it means usage is running far ahead of governance.

Second, many African organisations do not yet have the data protection infrastructure, the internal compliance functions, or the governance frameworks that would, in other markets, provide at least some guardrails. The legal frameworks are developing , Nigeria, Kenya, Ghana and South Africa have all made significant progress on data protection but the translation of law into day-to-day organisational practice remains incomplete.
Third, the consequences of a confidentiality breach are severe in any market, but in markets where trust is hard-won and reputational damage spreads quickly, the cost can be existential. A bank that leaks customer data, a law firm that loses privilege over client documents, a hospital that exposes patient information these are not recoverable inconveniences. They are breaches of the trust on which the entire business depends.

What African leaders must do now
The good news is that the solution is neither expensive nor complex. It does not require new technology. It requires leadership, clarity, and a small amount of disciplined effort.

First, establish a clear AI usage policy. A single, plain-language document that states what types of information may and may not be entered into AI tools. It does not need to be sophisticated. It needs to exist, and it needs to be communicated.

Second, train your people. Not a lengthy programme a clear, honest conversation. Most employees who create AI-related risk do so because nobody has explained the danger to them. Once they understand, the overwhelming majority adjust their behaviour immediately.

Third, create a record. The UK tribunal ruling makes clear that when accountability is tested, organisations will be expected to demonstrate that their people understood the rules. A simple, dated record showing that staff have received and acknowledged the AI usage policy is no longer an administrative nicety. It is a protection.

Fourth, lead by example. When senior leaders talk openly about responsible AI use, it gives everyone else permission to ask the questions they are currently afraid to ask.

The opportunity inside the warning
It would be easy to read this column as a reason to fear AI, or to restrict it. That is not my intention.

AI is one of the most powerful tools African professionals have ever had access to. It can close capability gaps, accelerate work, and allow small organisations to compete with much larger ones. The answer is not to ban it. The answer is to govern it.

The organisations that will thrive in the African AI economy are not the ones that move fastest or the ones that move most cautiously. They are the ones that move deliberately adopting AI with energy, and governing it with discipline.

The UK tribunal ruling is a warning. But it is a warning delivered early enough to act on. African leaders who read it, understand it, and act on it now will protect their organisations, their clients, and their reputations.

Those who treat it as someone else’s story will learn the same lesson later and at a far higher price.

The choice, as always, belongs to leadership.

Folu is AI Architect & Risk & Governance Director, United Kingdom, Founder of AIExpertsPro, and an AI governance advisor to UK and African financial institutions, and can be reached via aiexpertspro.co.uk/folu@aiexpertspro.co.uk

By Folu Adebayo 

Imagine arriving at work one morning to find that a decision has been made about your future. Not by your manager. Not by your CEO. Not even by a committee that reviewed your performance, your contributions, or your years of service.

By an algorithm.

And when you ask why, when you look across the room at the people who deployed that algorithm and ask them to explain how it reached its conclusion, they cannot tell you.

Not because they are hiding something. But because nobody thought to ask that question before they pressed the button.

This is not a hypothetical. It is happening right now. And it is coming to Africa faster than most leaders realise.

The numbers are staggering

In 2025 alone, nearly 55,000 job cuts were directly attributed to AI, according to Challenger, Gray & Christmas, out of a total 1.17 million layoffs, the highest level since the 2020 pandemic. The companies involved read like a who’s who of global business. Amazon. Workday. Meta. Google.

In early 2026, major firms including Meta, Google, Amazon, Block, Atlassian, Pinterest, and Salesforce announced significant layoffs while explicitly linking cuts to productivity gains from AI tools. Block cut close to 40% of its workforce more than 4,000 roles with leadership arguing that AI tools and flatter organisational structures are changing how companies are built and run.

Baker McKenzie, the global law firm, laid off between 600 and 1,000 employees up to 10% of its global workforce e4 as part of a shift towards AI, primarily affecting support staff including roles across research, marketing, and secretarial functions.

These are not small numbers. These are people’s livelihoods. Families’ security. Communities’ stability.

And in almost every case, the same question went unanswered: on what basis, exactly, did AI determine that these specific people should go?

“When an AI system makes a decision and those who deployed it cannot explain its reasoning, accountability evaporates.”

The accountability black box

Many AI systems operate as black boxes, obscuring decision-making processes that affect employment. This opacity complicates responsibility attribution when AI systems produce harmful outcomes.

This is the governance crisis hiding inside the AI revolution.

When a human manager makes a redundancy decision, there is a process. There is documentation. There is a legal obligation to demonstrate fairness. There is, at minimum, a person who must look the employee in the eye and take responsibility for the decision.

When an AI system makes or influences that same decision and the people who deployed it cannot explain its reasoning accountability evaporates. The employee loses their livelihood. The organisation faces reputational and legal risk. And somewhere in between, the question of who is responsible gets lost in the technical complexity.

This is not just a legal problem. It is a moral one.

AI-washing the new corporate cover

A January 2026 Forrester report was blunt: many companies announcing AI-related layoffs do not have mature, vetted AI systems. The term “AI-washing” has entered the business lexicon to describe companies that attribute workforce reductions to AI-driven efficiencies when the underlying reasons are more financially pedestrian.

In other words: some of these organisations are not using AI to make better decisions. They are using AI as a convenient explanation for decisions they had already made for other reasons.

This is a governance failure of a different kind. Not the failure to control AI but the failure to be honest about what AI is actually doing, or not doing, inside your organisation.

The research that should stop every board in its tracks

Companies reporting high ROI from AI were not the same ones reporting AI-related workforce reductions. “That’s not where the value is,” said one Gartner analyst. “That’s not where the productivity gains are going to be.”

Instead, the study found companies with the highest gains were those using AI as a form of people amplification implementing the technology to make workers more productive rather than outright replacing them.

Read that again.

The organisations getting the most value from AI are not the ones firing people. They are the ones making their people better.

The organisations firing people and attributing it to AI are, in many cases, getting worse returns, not better ones.

The narrative that AI necessarily means fewer people is not just ethically questionable. It is, according to the evidence, strategically wrong.

“Africa has a choice that companies already down this road did not fully exercise.”

What this means for African businesses

I want Nigerian and African business leaders to sit with this carefully.

The pressure to deploy AI is real. The competitive and cost arguments are real. And the global trend toward leaner organisations is real.

But Africa has something that the companies making these decisions in Silicon Valley and London often lack: the wisdom born of building in difficult conditions, the understanding that people are not just costs to be optimised, and the institutional memory of what happens to communities when employment disappears without accountability or explanation.

AI is not killing jobs outright, it is hollowing them out, steadily absorbing discrete tasks, narrowing roles, and compressing wages. Those whose work depends on judgment, context, and accountability may find a useful collaborator in AI. Everyone else may find themselves doing less, earning less, and wondering how it happened.

African organisations have a choice that the companies already down this road did not fully exercise. They can build AI governance frameworks that require explainability before deployment. They can insist that any AI system influencing employment decisions must be able to justify those decisions in plain language. They can hold their technology providers accountable for the outputs not just the inputs of their systems.

And they can choose, deliberately and explicitly, to use AI as the research suggests it works best: not to replace people, but to make them more capable.

The question every board must answer

If your organisation is using or planning to use AI in any process that touches employment — recruitment, performance management, workforce planning, redundancy selection — you must be able to answer one question before you proceed.

If an employee asks why this decision was made about them, can you explain it?

Not in technical terms. Not by pointing to a model. In plain, honest language that a reasonable person could evaluate and challenge if they believed it was wrong.

If you cannot answer that question, you are not ready to deploy that system.

The AI that fired 1,000 people and nobody could explain why a story about technology is not just.

It is a story about what happens when organisations deploy power without accountability.

Africa has seen that story before. In different forms, through different instruments.

We do not need to repeat it.

Folu is AI Risk & Governance Director, United Kingdom, Founder of AIExpertsPro, Neuohelp.ai, AI governance advisor to UK and African financial institutions. She writes weekly on AI governance and responsible technology for The Boss Newspaper.

aiexpertspro.co.uk  |  folu@aiexpertspro.co.uk

By Folu Adebayo

The firm that teaches the Fortune 500 how to deploy AI safely just learned, in 120 minutes, that it had not been listening to its own advice.

On the evening of February 28, 2026, an autonomous AI agent built by a little-known security firm called CodeWall was pointed at the open internet and given a single instruction: pick a target and probe it. It chose McKinsey & Company. Two hours later, the agent had read-and-write access to Lilli, the consulting giant’s internal generative AI platform the very system that 72% of McKinsey’s 43,000 employees use daily, that processes more than half a million prompts a month, and that the firm has been quietly using as a showcase for clients buying its AI advisory services.
The damage surface, when finally disclosed in March, was almost theatrical in its scale: 46.5 million chat messages, 728,000 sensitive file names, 57,000 user accounts, and most consequentially 95 system prompts, the behavioural DNA that governs how Lilli answers every question put to it.
The exploit? SQL injection. A class of vulnerability first documented in 1998. A bug so old it predates the iPod.

This is not a story about a clever hack. It is a story about what happens when the most sophisticated buyers of technology in the world build AI systems with the same architectural assumptions they used to build CRM portals. And it is, more than anything, a warning about the next twenty-four months.

How It Happened

Strip away the mystique and the attack is almost embarrassingly readable. The CodeWall agent began with what every attacker now begins with: reconnaissance. Lilli’s API documentation was publicly accessible. Of the 200-plus endpoints it described,

22 required no authentication at all wide-open doors into a production system. The agent walked through them.

From there, the agent identified an injection vector that standard scanners do not test for: while user values in SQL queries had been parameterised correctly (the textbook defence), JSON field names were being concatenated directly into queries without sanitisation. When the agent began malforming those field names, the database obligingly returned error messages laced with live production data. Classic error-based SQL injection but found by a machine, in minutes, at a cost measured in dollars rather than person-weeks.

What it found in the database is where this stop being a 1998 story and becomes a 2026 story. Sitting in the same tables as the chat messages were Lilli’s system prompts and RAG configuration the instructions that tell the model how to behave, what to cite, what to suppress, what to recommend. With write access, an attacker could silently rewrite those prompts. No code deployment. No release notes. No application log entry. The next morning, 30,000 consultants would log in and receive subtly altered advice and neither they nor McKinsey would know.

The Architectural Failures Were Not Exotic,

They Were Cultural

Engineers will, rightly, list the technical flaws: missing authentication, unsafe string concatenation, no Web Application Firewall on ingress, no schema validation at the gateway, no segregation between AI configuration and application data, no defence in depth.

But the deeper failure is architectural philosophy. Three assumptions, broadly held across the enterprise AI build-out, all wrong:

First, the assumption that AI platforms are just “another web app.” They are not. A traditional database compromise steals data. An AI configuration compromise corrupts judgement at scale, invisibly, for as long as nobody notices. The threat model is fundamentally different.

Second, the assumption that scanners and pen-test cycles will catch what matters. The CodeWall agent did not exploit a novel vulnerability, it exploited an unusual location for an old vulnerability that human red-teamers and OWASP ZAP both routinely miss. Scanners are pattern-matchers. AI attackers are explorers.

Third, the assumption that the application code is where security lives. Application code will always have bugs. Defence in depth means policy enforcement at the infrastructure layer the gateway, the WAF, the network sits independently of, and in front of, the inevitably buggy app. Lilli had none of that.

The Governance Implications Are Larger Than McKinsey

For boards, CROs and CTOs, three uncomfortable truths now sit on the table.

System prompts are the new crown jewels. They are corporate IP, behavioural policy, and regulatory artefact rolled into one. Yet most enterprises store them next to chat logs in a single relational database, behind a single auth layer. They should be encrypted at rest, separated from operational data, version-controlled with cryptographic signing, and changes should require multi-party approval the same controls we apply to production database schemas.

Audit trails designed for human attackers are obsolete. A human breach unfolds over weeks and leaves footprints. A machine-speed breach completes before your SIEM has aggregated the morning’s logs. Worse, a configuration breach leaves no footprint at all, the application is doing exactly what its (now-tampered) instructions tell it to. GRC teams must now monitor AI outputs for behavioural drift, not just AI inputs and infrastructure logs.

Asymmetry has flipped. For thirty years the attacker had to find one hole and the defender had to plug all of them a brutal asymmetry, but a known one. Autonomous offensive agents collapse the attacker’s cost curve. CodeWall’s chief executive said the quiet part loud in his post-disclosure interview: AI agents autonomously selecting and attacking targets will be the new normal. Defenders are not yet running AI agents that continuously red-team their own production systems. They will need to.

What Actually Has to Change

Let me be specific, because vague calls for “AI governance” are how we got here in the first place.

1. Treat every AI platform as a privileged application from day one. That means least-privilege data access, scoped retrieval, and segregation of duties between the model, the prompt store, and the knowledge base. If your AI agent has the same database role as your chat history table, you have already lost.

2. Implement defence in depth across the AI execution path. Three independent gates: an HTTP gate (authentication, rate limiting, WAF, schema validation) before any request touches the application; an LLM gate (prompt-injection detection, content policy enforcement, output filtering) between the application and the model; and an agent gate (tool-call authorisation, scope limits, behavioural monitoring) for any system that lets the AI take actions. None of these can live inside the application code itself.

3. Mandate AI-specific threat modelling before deployment. STRIDE was designed for a world of forms and CRUD operations. It does not catch prompt injection, indirect data exfiltration via RAG, system prompt manipulation, or context poisoning. Your security review template needs an AI-native section. If your CISO cannot describe how your organisation tests for these, that is a board-level finding.

4. Monitor outputs for behavioural drift. Build expected-output baselines. Sample responses continuously. When the AI starts citing a new domain, recommending a new vendor, or suppressing a category of advice, somebody needs to know in hours not when a journalist calls.

5. Make AI configuration changes a board-visible control. System prompts are policy. They should be versioned, signed, dual-authorised, and reportable. The audit committee already reviews changes to the financial close process; it should review changes to the instructions governing the AI tools that influence client-facing work.

6. Run continuous, autonomous red-teaming against your own AI estate. If the threat is now an AI agent that probes endlessly at machine speed, the defence has to be an AI agent that audits endlessly at machine speed. Annual pen tests are not a control; they are a compliance ritual.

The Real Lesson Is About Trust

The most chilling sentence in the entire CodeWall disclosure is the one nobody is quoting. The researchers noted that, having gained write access, they could have rewritten Lilli’s prompts to subtly steer the advice given to McKinsey’s consultants and through them, to clients running critical infrastructure, treasuries, and public services across the world. They chose not to.

We will not always be that lucky.

The McKinsey breach is not really a story about SQL injection. It is a story about how quickly the asymmetry between attackers and defenders has shifted, about how recklessly we have built AI systems that mediate professional judgement at scale, and about how unprepared most enterprise governance frameworks are for a world in which the most sensitive thing inside the firewall is no longer the data, but the instructions that shape how that data becomes advice.

The firms that will earn the right to be trusted with AI in the next decade are not the ones moving fastest. They are the ones who recognise, before the breach disclosure email arrives, that an AI platform is not a productivity tool. It is a piece of decision-making infrastructure and infrastructure has to be governed accordingly.
McKinsey will recover. The next firm may not.

Folu writes on AI governance, Strategy and architecture. Folu is the founder of AIExpertsPro, advising boards and executive teams on AI risk, security and assurance.