VisionWrights
View All ServicesArtificial IntelligenceBusiness IntelligenceData StrategyData EngineeringData Team as a ServiceAutomation
View All IndustriesHealthcareConstructionFranchise & Multi-LocationManufacturingRestaurantsRetailReal EstateBanking & Credit Unions
View All Secure AISovereign AI Clean RoomCompliance Advisory
Technology & ToolsSuccess StoriesInsightsAboutContact
Get Started
Abstract visualization of a stream of data passing cleanly through a glowing gateway of light
Insights

Artificial Intelligence

AI keeps dying in security review. Here's the fix.

By VisionWrights·

Key Takeaways

Most AI projects stall not because the technology fails, but because the security review uncovers a question no one prepared for: where does our sensitive data go? Sending PHI, PII, or privileged information to a third-party AI service is a non-starter for many regulated organizations. The fix isn't a better BAA — it's an environment where no outside AI ever sees it.

  • Security reviewers kill AI deals more often than technical failures do — and they're right to ask the questions they ask
  • A BAA lets a cloud vendor handle your data. That's categorically different from keeping your data off the public cloud entirely.
  • The security-review objection is solvable — but only with the right architecture, not with better contract language
  • Production AI and the AI development phase both need data-boundary thinking — the dev phase is where the leaks happen most

The meeting where AI dies

There's a meeting that happens in most regulated organizations trying to adopt AI. The vendor demo went well. The business case is solid. The team is excited. Then the CISO, compliance officer, or general counsel asks a single question:

“Where does our data go?”

The room goes quiet. The vendor talks about encryption and BAAs. Legal asks follow-up questions. The security reviewer takes notes. Two weeks later, the project is paused pending further review. That review takes six months. The project dies.

This is the most common way AI projects fail in regulated organizations. Not a technical failure. Not a budget problem. A security-review failure that was entirely predictable and entirely preventable.

What the security reviewer is actually asking

Security reviewers aren't obstructionist. They're doing their job. When they ask “where does our data go?” they're really asking a chain of questions:

  • Does this AI vendor see our PHI, PII, or privileged data?
  • If something goes wrong on their end, are we exposed?
  • Does sending our data to a third-party AI service create a compliance obligation we haven't addressed?
  • Is there a BAA in place, and does it actually cover the way the vendor processes our data?
  • If a regulator asks us to account for every place our sensitive data has been, can we?

These are legitimate questions. And the reason AI projects die in security review is that the standard answer — “we have a BAA” — doesn't actually answer them.

A BAA is a contract. It isn't the answer.

A Business Associate Agreement is a legal instrument that permits a covered entity to share PHI with a vendor under defined conditions. It establishes obligations around security, breach notification, and use limitations. It does not mean your data is safe. It means someone promised to keep it safe and signed a document saying so.

For a security reviewer who has been through a breach, a due diligence process, or a regulatory examination, that distinction matters enormously. Contracts can be broken. Vendors can be acquired, breached, or sunset. A promise in writing is not the same as a technical guarantee.

The question a sophisticated security reviewer is really asking isn't “do they have a BAA?” It's “does our data have to go to the public cloud at all?”

The answer that actually works

For regulated organizations with sensitive data, the security-review objection has one clean answer: a private, audited environment where the AI and the analytics run on your data — and no outside AI ever sees it.

This isn't a theoretical answer. It's an architecture decision — one that means the security reviewer's chain of questions has a different ending:

  • Does this AI vendor see our PHI? No.
  • Does sending data to a third-party create a compliance obligation? No — the data doesn't go to a third party.
  • If something goes wrong on the vendor's end, are we exposed? No — the data was never there.

That answer moves the security reviewer from “not yet” to “tell me more.” It's not a legal argument. It's an architectural fact.

The part most teams miss: the development phase

Most organizations think about data boundaries in terms of production systems — the live product, the operational workflow, the data the business runs on. Fewer think about the development phase: what happens when engineers are building and evaluating AI systems against sensitive data.

The development phase is where the most common leaks happen. A developer uses a cloud AI tool to test a feature. An analyst exports a dataset to evaluate a model. A vendor demonstrates a capability using what they thought was sample data.

The same data-boundary thinking that protects production systems can protect the development phase too — including the option to develop against data that faithfully represents the real thing, without ever exposing the real thing to the development environment. This is the part of the answer that tends to surprise security reviewers, because it's the part no one else is offering.

What changes when you get this right

When no outside AI ever sees the data, the security-review conversation changes. Instead of a months-long negotiation over contract language and vendor questionnaires, the conversation becomes about what you want to build and what outcomes you need.

The security reviewer becomes an ally instead of a gatekeeper. The AI project moves. The business gets what it came for.

That outcome starts with a different architecture decision — one that answers the security reviewer's question before they even ask it.

If your organization is navigating this question, we work through it on the → Sovereign AI Clean Room page. The conversation starts with your constraints, not ours.

Share:

Related Services

Data Strategy

Related Industries

HealthcareBehavioral HealthFinancial Services

Get data insights delivered

Monthly insights on data strategy, AI, and analytics. No spam, unsubscribe anytime.

Back to Insights