The AI boom is still growing like crazy. Many organizations are trying to learn how they can use AI to improve operations and become more efficient at a reasonable cost. Plenty of companies are spending crazy amounts of AI tokens, sometimes blowing their yearly budgets in months and not necessarily receiving substantial value back. Some companies are trying to train AIs to understand their operations and perhaps reduce their other costs, primarily labor. Still others are tiptoeing in the waters of AI LLM use and conducting smaller experiments, with limited access to AI technology.
Meta has been a company at the forefront of trying to train AI based on the work employees already perform. There has been plenty of concern that their efforts are designed to lower headcount and replace humans with AI agents. That might or might not work, though I don't expect a lot of organizations to do this. It's likely harder than any of the hype suggests, and most organizations have much more complex types of operations than Meta.
However, in collecting this data, Meta has had other issues. Notably, they have had security problems with all the data they are trying to collect. Some of this data was exposed and they have paused the data collection for now. They were trying to move fast, likely cutting corners or not thinking things completely through. They created these issues. Hackers are constantly looking for holes and the quicker anyone moves to change their software and processes, the more likely that security holes slip by.
Plus, data governance and protection is hard. Most developers really don't think through data protection and security well. They're focused on software and assume the data store (RDBMS, NoSQL, data lake, etc.) is handled by someone else.
Data is hard. Especially at scale.
While I'm sure most companies aren't looking to track employees' every move (which is a big uplift), they will be trying to move data around and use it for AI purposes. With RAG, with model training, with who knows how, but they are just as likely to cause a security incident if they are not careful.
Think data governance and data security early. Develop patterns with DBAs and InfoSec alongside software engineers to ensure that as you stand up new agents, systems, and data stores, you aren't asking for trouble. Re-using existing data is fine, but if you assume that your development team automatically knows about data security, you're going to have issues. They likely don't, and if you (or they) think they do, make them prove it.
AI is amazing, but it's also easy to mess up the data part of this. Everyone I deal with at Redgate Software is concerned about data governance, and more so all the time. For good reason. Meta made the headlines, but a lot of us aren't better at securing our systems. We just aren't as much of a media target.