The Infrastructure of Trust – Why Businesses Stall in the Pilot Phase

By: Liora N.

Lead Editor, Risk and Security

Welcome to Part 1 of 4, on the Management Revolution: Navigating the AI-Enabled Workforce

In the current landscape of enterprise AI, we are seeing a recurring phenomenon that we internally call "Pilot Purgatory." According to recent data, while nearly 80% of mid-market firms have successfully launched AI pilots, only a fraction — roughly less than a mere 20% — have managed to scale those initiatives into true enterprise-wide value. The reason for this stall isn’t usually a lack of budget or a failure of the technology itself; it is a failure of the infrastructure of trust.

As an expert in cybersecurity and strategic risk, I have seen that businesses often treat AI adoption as a plug-and-play feature rather than a fundamental structural shift. When you introduce autonomous agents or LLM-driven workflows into a business without a foundation of data governance and security awareness, you aren't just innovating — you are expanding your attack surface. Being prepared in this era isn’t optional; it is a competitive advantage that determines which firms thrive and which ones are paralyzed by their own innovation.

At Paragon, we address this through our Enterprise Security Awareness solution. We recognize that despite massive investments in tools and controls, the majority of breaches still stem from workforce exposure—choices made in moments of pressure, ambiguity, or miscommunication. To scale AI, you must move beyond technical patches and begin architecting team readiness.

The Data Governance Foundation: Culture Over Code

One of the primary reasons AI initiatives stall is the "inaccessible information" ceiling. Most organizations are sitting on decades of unstructured data—fragmented across emails, PDFs, and siloed databases—that is effectively invisible to AI. However, "fixing your data" is not merely a technical task for the IT department; it is a cultural imperative that requires every department to rethink how information is captured, labeled, and protected.

When data is disorganized, the risk of "hallucination" and security leakage increases exponentially. If your team does not understand the value and the sensitivity of the data they feed into these systems, the infrastructure of trust collapses. We must move toward a model where data governance is a shared responsibility, ensuring that the "fuel" for your AI is clean, compliant, and contextually accurate. Without this cultural buy-in, your AI strategy is essentially a house built on sand.

The Cost of Over Confidence: Lessons Learned in 2025

We only have to look back at all the database deletion fiascos of 2025 to see the cost of high-speed adoption without guardrails. In several high-profile cases, companies rushed to implement autonomous AI agents to manage cloud storage and database maintenance, only to watch as those agents, acting on misunderstood prompts, deleted petabytes of critical historical data. The resulting market value loss was catastrophic, but more importantly, the loss of consumer and internal trust was nearly irreparable.

These failures highlight why cybersecurity cannot be an afterthought in the AI journey. Infrastructure must be designed with fail-safe mechanisms that allow for human-in-the-loop oversight. An organization that prioritizes cyber-readiness is not a slow organization; it is a resilient one. By building security into the architecture from day one, you provide your team with the confidence to experiment and innovate without the looming fear of a catastrophic system failure.

The Opportunity in For Forward-Thinking Leaders in 2026

As cyber threats grow more sophisticated, your approach must become more human-centric. Simply relying on the same old fear tactics shifts the well-intentioned desire for hyper-vigilance and turns it into security-apathetic teams. We see this daily: organizational compliance fatigue and a sense of "security apathy" that actually increases risk. The goal should not be to scare your workforce into submission, but to empower them with confidence.

The most resilient organizations in 2026 will be those that treat their people as partners, not just endpoints. Yes, firewalls matter and compliance is essential, but it is your team’s behaviour, awareness, and confidence that determine whether your gates stay guarded. By transitioning from "human risk" to "team readiness," you eliminate the siloed communication that leads to delayed threat recognition. When people feel like they are part of the defence design, they move from being the "weakest link" to being your most sophisticated sensor.

Three Pillars of Team Readiness

To improve security tomorrow, businesses must take three simple actions today that bridge the gap between technical policy and daily workflow.

1. Build an AI-Aware Security Culture: 

   Move beyond static policies and cultivate a shared understanding of how AI impacts fraud and access vulnerabilities. This includes hosting internal fireside chats or "AI scam of the month" briefings. When employees understand the mechanics of AI-powered deception, they are less likely to fall victim to the urgency of a sophisticated social engineering attack. Treating these discussions with candour opens up the opportunity for individuals and teams to be more hyper-vigilant without feeling penalized for not understanding the complexities with AI-Enabled phishing.

   
   

2. Involve the Whole Org in Security Design: 

   Security is no longer just IT’s job. By partnering with communications and operations teams, you can embed security thinking into the actual scenarios your people face every day. This reduces the friction between security protocols and productivity, ensuring that safety doesn't come at the cost of execution. Representation across different business units, solution lines and divisions increases understanding, buy-in and ultimately the reinforcement of your security culture.

   
   

3. Demystify AI for Non-Technical Roles: 

   Confusion is the attacker's greatest ally. Helping non-technical staff understand what AI can and cannot do equips them to pause and think critically. This cognitive pause is the difference between a neutralized threat and a devastating breach. Our best clients have worked with us to internally rebrand their own SecOps team as the company's trusted advisor, which increased suspicious email reporting by 60% and decreased phishing attacks and incorrect uses of AI-enabled platforms and technology by over 93%!

   
   

Positive Pragmatism in Action:

A Multi-Disciplinary AI Steering Committee

The most effective way to break out of Pilot Purgatory is to establish an AI Steering Committee that bridges the gap between executive ambition and departmental reality. This committee should not be a purely technical group; it must include line-of-business leaders, legal counsel, and risk specialists. Their goal is to ensure that every AI use case is grounded in actual workflow needs and vetted against your organization’s security posture.

This committee serves as the guardian of the infrastructure of trust. By involving leaders from across the organization, you ensure that AI isn't just "something IT is doing," but a strategic tool that every department understands and respects. This alignment creates a feedback loop where security concerns are addressed in real-time, allowing the business to move from cautious piloting to aggressive, secure scaling.

Transition From Risk to Readiness

As our founder Sarah-Mae discussed in her recent appearance on the Cyber Ahead with AI podcast, the "human infrastructure" is just as critical as the technical one.

Building teams that can actually execute change requires a blend of behavioural insight and rigorous security awareness.

To hear more about how we bridge the gap between fear and blind optimism in digital transformation, I encourage you to listen to the full episode.

About the Editor

Liora is a trusted expert in cybersecurity, enterprise risk, and strategic acquisitions. With a background in both regulatory compliance and digital transformation, she guides businesses through critical decisions with foresight and structure. Her expertise spans risk mitigation, cyber-readiness, and M&A strategy..