The Future of Life Institute's 2025 AI Safety Index delivered a verdict that should alarm anyone paying attention: no major AI company (not OpenAI, not Anthropic, not Google DeepMind, not Meta) scored above a D in Existential Safety planning. The companies building the most powerful AI systems in history are, by independent assessment, severely under-delivering on safety.
But here's what bothers me more than the letter grades: the conversation itself is stuck in the wrong gear.
We have researchers publishing papers on alignment. We have governments racing to pass regulations. We have executives issuing press releases about responsible AI. And yet, according to IBM's research, 82% of executives say secure AI is essential to their business, while only 24% are actually securing their AI projects.
That's not a policy gap. That's an implementation gap. And it's the gap that's actually going to hurt enterprises.
The Evidence Dilemma
The International AI Safety Report, written by over 100 experts and led by Turing Award winner Yoshua Bengio, identifies what they call the "evidence dilemma" for policymakers. Given rapid and unpredictable AI advancements, decision-makers often have to weigh risks without a large body of scientific evidence. Waiting for stronger evidence could leave society unprepared, or make mitigation impossible if sudden capability jumps occur.
This framing is correct. But it describes the wrong problem for most organizations.
The evidence dilemma assumes we need more data to act. The reality is that enterprises already have enough evidence. They're just not acting on it. The 2025 State of Shadow AI Report found that shadow AI is now responsible for 32% of all corporate-to-personal data exfiltration. IBM's Cost of a Data Breach analysis shows shadow AI breaches cost an average of $670,000 more than traditional incidents. These aren't theoretical risks; they're happening now, measured in dollars.
The gap isn't evidence. The gap is execution.
Training to Never Get It Wrong
In Navy EOD, we had a saying: "Where others train to get it right, I relentlessly train so I never get it wrong."
The difference matters. Training to "get it right" means practicing until you can perform the correct procedure. Training to "never get it wrong" means internalizing a zero-defect mindset where failure isn't a learning opportunity; it's a consequence you don't get to recover from.
When you're defusing an improvised explosive device (IED), you don't get a post-mortem. You don't "iterate." You either execute correctly or you create a casualty. That's not hyperbole. That was my job for eight years.
The current enterprise approach to AI safety looks a lot more like "training to get it right." Organizations implement governance frameworks. They publish responsible AI principles. They create oversight committees. And then they treat compliance as the goal rather than the floor.
This is the same mindset I see when companies tell me their AI security posture is "good enough" because they passed an audit. Audits measure whether you followed the process. They don't measure whether the process actually prevents harm.
The Compliance Checkbox Problem
The McKinsey 2025 State of AI report found that active risk management around AI grew noticeably in late 2024, especially in cybersecurity, regulatory compliance, and reputational risk. That sounds like progress, until you read the next finding: while 27% of organizations review all generative AI outputs before use, 30% report that the vast majority of such content goes unchecked.
We have governance without enforcement. Principles without practice. Policy without implementation.
At Capital One Software, I work on Databolt, our tokenization platform for AI data security. The technical controls exist. We can tokenize sensitive data before it ever reaches an AI model. We can create audit trails. We can implement real-time classification that tags data before it can be exported. The technology to secure AI systems isn't the bottleneck.
The bottleneck is treating security as a feature to ship rather than a discipline to maintain.
I wrote about this disconnect in Building AI Systems That Enterprises Can Trust. The principle of "security by design" means protection baked into every layer, not bolted on after launch. But the implementation gap I'm describing goes deeper than architecture. It's about organizational culture treating AI safety as a compliance checkbox rather than an operational discipline.
Where the Real Risk Lives
The AI safety conversation is dominated by two extremes. On one end, researchers debate whether superintelligent AI poses existential risks to humanity. On the other, regulators scramble to pass laws governing high-risk systems. Both conversations matter. Neither addresses the immediate implementation gap.
The Thales Data Threat Report found that 69% of organizations recognize GenAI ecosystems as their greatest AI security risk. But recognizing risk isn't managing risk. IBM found that 97% of organizations that reported an AI-related breach lacked proper AI access controls.
I explored the shadow AI problem in depth in Shadow AI and the Data Exfiltration Risk Enterprises Can't See. The statistics are stark: 93% of employees admit to inputting information into AI tools without company approval. 86% of organizations are blind to AI data flows. Shadow AI is expected to overtake shadow IT as the top breach risk in 2026.
But shadow AI isn't just a data exfiltration problem. It's a symptom of the implementation gap. Employees use unauthorized AI tools because the official, secure path is too slow or doesn't exist. The organization's stated commitment to AI safety doesn't match its operational reality.
The Agentic Safety Deficit
The implementation gap is about to get worse. Accenture research found that high-performing enterprises are 4.5x more likely to invest in agentic AI architectures. These are AI systems that don't just answer questions; they take actions. They browse the web. They execute code. They make API calls on your behalf.
Yet only 37% of these organizations have robust AI security processes in place. This gap between adoption and protection is what researchers call the "Agentic Safety Deficit."
The 2026 regulatory landscape will stress-test "human oversight" requirements when AI systems are acting autonomously. How do you maintain meaningful human control over a system that makes thousands of decisions per minute? Current frameworks don't have good answers.
This is where the EOD mindset becomes relevant again. In high-consequence environments, you don't rely on post-incident review to catch failures. You build systems that fail safe. You assume adversarial conditions. You design for the worst case, not the average case.
Five Actions Enterprises Can Take Now
The implementation gap won't close itself. Here's what I've seen work:
1. Measure Actual Security, Not Compliance Status
Stop treating audit completion as the endpoint. Implement continuous security metrics: What percentage of AI inputs are being monitored? How many unauthorized AI tools are in use? What's your mean time to detect an AI-related data exposure?
If you can't measure it, you're not managing it.
2. Make the Secure Path the Easy Path
Employees use shadow AI because it solves real problems faster than official channels. Deploy sanctioned AI tools that provide similar productivity benefits within controlled environments. If the secure path is also the easy path, you eliminate the incentive for workarounds.
This is the principle I described in The Security Debt Crisis from AI-Generated Code: make secure patterns the default by providing templates and SDKs that encode safety from the start.
3. Implement Zero-Trust for AI Data Flows
Assume that any data touching an AI system could be exfiltrated, leaked, or used in ways you didn't intend. Tokenize sensitive data before it enters AI workflows. Create audit trails that capture what data was exposed to which systems. Require explicit authorization for de-tokenization.
At Databolt, we've found that tokenization creates a protection layer that travels with the data. Even if data reaches unauthorized tools, the sensitive information remains protected.
4. Treat AI Governance as Operational Security
Move AI safety out of the compliance function and into operational security. The teams that protect your network should also protect your AI systems. The incident response plan for a data breach should include AI-related scenarios.
This means real-time monitoring, not quarterly reviews. It means security engineers embedded in AI teams, not policy documents reviewed by legal.
5. Adopt a Zero-Defect Mindset
Stop treating AI safety incidents as learning opportunities. Start treating them as failures that should have been prevented. This doesn't mean punishing people; it means building systems that don't rely on human perfection to stay secure.
In EOD, we conducted detailed "lessons learned" after every operation, but the goal was never to normalize failure. It was to systematically eliminate the conditions that could lead to failure. The same approach applies to AI safety.
The Gap That Matters
The conversation about existential AI risk is important. The conversation about AI regulation is important. But neither conversation addresses the implementation gap that's creating real harm today.
No major AI company scored above a D in safety planning. 82% of executives say AI security is essential; 24% are securing their projects. Shadow AI is already the leading channel for data exfiltration. These aren't future risks; they're present failures.
The organizations that close the implementation gap won't do it with better policies or stronger principles. They'll do it with operational discipline. With systems that fail safe. With a mindset that treats AI safety not as a compliance checkbox, but as a zero-defect discipline where failure isn't acceptable.
That's the conversation we should be having.
