I was in a meeting with other board chairs when the conversation turned to recording board meetings. Someone made the case for it — better minutes, perfect recall, a clean record of who said what. Reasonable. Then a chair who'd been through litigation said one sentence, and the room went quiet.

"A recording can be subpoenaed."

Nobody argued. Because everyone there understood the thing that doesn't make it into the governance handbooks: the value of a perfect record and the danger of a perfect record are the same record. And somebody has to decide which one you get — what's kept, what stays in the room. In that boardroom, that call sat with the board, because the board is who answers for it later.

I went home still chewing on it. And the problem had already followed me home.

A few days later I asked an AI to help plan a family vacation over Christmas. The answer came back good — genuinely tailored, the kind of thing a travel agent who'd known us for years might suggest. It named my kids. My wife read it over my shoulder: how does it know our children's names?

Because I told it, I said. I'd spent months teaching it who I am — that's the whole reason the answer was any good. None of it was an accident. I'd made the trade on purpose: hand it enough of me to be useful, and accept that somewhere a file now knows my family.

Then she said the part I'd been carrying quietly. "And who else knows who you are now? How safe is all that?"

I'd already asked myself that. Hearing it out loud, at my own kitchen table, was the first time the cost felt as real as the convenience.

That trade is the one everybody's making, whether they've noticed or not. AI gets dramatically better the more it knows you — your context, your history, the way you actually think. Use it like a search box and you get a search box. Feed it yourself and the answers stop being generic and start being yours. So the incentive runs one direction: tell it everything. And the moment you do, there's a file.

Now move that from my kitchen to a boardroom and multiply the stakes. To get real value from AI, a company has to feed it the institutional knowledge — the strategy, the customer data, the trade secrets, the history of how decisions actually got made. The personalization that makes it powerful is the exact material you'd least want sitting in a discoverable file. And the board's own version is sharper still: the minutes record the vote, which is what's supposed to survive the meeting. The deliberation — the disagreement, the worry someone raised and withdrew, the reason you almost went the other way — was supposed to stay in the room. Capture it, and you keep every road not taken, timestamped, for anyone who later wins the right to read it.

For most of business history, institutional knowledge came with a safety feature nobody designed on purpose: it lived in people's heads, and people leave. The operations manager who knew where the bodies were buried retired, and the knowledge retired with him. We treated that as a loss, and operationally it was — companies spent fortunes trying to stop knowledge from walking out the door. But what walks out the door can't be subpoenaed. A memory isn't discoverable the way a Slack thread is. You can't depose a hunch.

AI is quietly removing that safety feature. Not as a plan… as a side effect. The judgment that used to evaporate now persists — in transcripts, in personalization settings, in the knowledge base somebody stood up last quarter and forgot to govern. We spent decades trying to capture institutional knowledge, and we're about to find out we only ever meant it as a metaphor.

Every perfect memory is a perfect witness.

The file is coming — that part's settled. The only open question is whether someone with the authority to set the terms got there first… or whether the witness writes its own testimony while no one was watching.

The fix isn't complicated, and almost nobody is using it. Companies already know how to govern a machine. Nobody lets staff install whatever they want on a corporate laptop — parameters get set, enforced from the top, and that's been normal for twenty years. The identical control exists for AI. You can set company-wide guardrails before a single employee types a prompt: never guess, never estimate, every fact carries a trackable source link or it doesn't get stated, and when you don't know, say so. None of it is exotic. These are the settings that stop an AI from confidently inventing things, and they push across an organization the same way any policy does.

Which is exactly where it goes wrong. Because it looks like a policy you push from the top, it gets handed to the people who push policies from the top. The CTO builds the dial. And a good CTO, doing the job properly, is thinking about access, data loss, what leaves the building — worthy questions… wrong ones for this.

Standing the system up is genuinely IT's job. The access controls, the data boundaries, which model, how it wires into your systems — that's deployment, and it belongs to IT. But the baseline underneath the deployment is a different animal. What the thing is allowed to treat as true. What it keeps and what it forgets. What it's permitted to know about the people it serves. Those aren't security settings — they're decisions about truth, memory, and exposure, and you can't outsource them to the person you hired to keep the network safe. Hand a CTO "set the AI rules" and you'll get the security rules, because that's the job, and it's the only part that looks like the job. The part they can't see is the part that matters most.

I wrote a while back that hotels were treating AI as a marketing problem — hand it to marketing, let them run a campaign with it. This is the same mistake from the other end. AI keeps getting handed to whoever's standing nearest: marketing in one industry, IT in the next. Both are good at their own jobs. Neither one should be deciding what your company's intelligence is permitted to treat as fact.

And the board's own instinct quietly makes it worse. The AI policy comes up for approval after IT has drafted it, and the board approves the rollout — without clocking that the governance was decided three drafts earlier, by people optimizing for something else. Approving the deployment is not the same as setting the rules. By the time it reaches the table, the rules are already written.

The irony is that doing it right solves the security problem too. The same guardrails cut the hallucinations that make AI risky to rely on, and they make whatever record you create far more defensible — grounded, sourced, accountable. A sourced file is a better witness for you than a freewheeling one. Set the baseline properly and you protect the company and govern the intelligence in one move. Almost nobody makes it, because almost nobody in the building believes it's their call.

So I'm keeping my file. It's too useful to give up, and I'd be lying if I told you otherwise — I made that trade with my eyes open. The companies pouring their institutional memory into a model are making the same trade, most of them without anyone deciding the terms.

That decision is the one from the boardroom at the start. Whether to record, and on what terms, belonged to the board, because the board answers for it later. The AI version — what the company is allowed to know, keep, and claim — is the same decision. It has quietly ended up in a different room.

The witness is coming. The only thing you still get to choose is who wrote the rules it testifies under. Decide what your company is allowed to know, keep, and claim — and decide it in the room that answers for it. Not the one that happens to be nearest.