In any given organisation, business, not-for-profit, or government agency, people of all levels, ages, and digital capabilities are now using AI on a daily basis.
Its usage will vary, with some treating it like an advanced Google search, while others will use it to write reports, respond to customer inquiries, or create marketing imagery.
Regardless of what it is used for, unfortunately, it is often done without appropriate training, clear guidance or relevant internal policies, creating a new realm of risk for organisations.
Unlike traditional cyber incidents, an AI‑related issue doesn’t necessarily need a system breach or sophisticated attack to derail the train. It is more likely to be triggered by the wrong prompt, used in the wrong way, at the wrong time.
This could be private information pasted into a public tool; an AI-generated response that’s been published verbatim (and it’s obvious!); the creation of content that contradicts the organisation’s policy, tone, or values; or information published as fact without being verified.
Internationally, a tech giant experienced this first-hand when employees unintentionally leaked source code and confidential business information by pasting it into ChatGPT.
Closer to home, a New Zealand political party faced backlash after using AI-generated campaign imagery in the 2023 general election, raising concerns about authenticity, cultural respect, and trust.
When an AI misstep happens, the reputational hit can be instant, severe, and difficult to recover from. The key to recovery is having a response plan already in place – and enacting it swiftly.
This is because ongoing reputational damage actually comes from confusion, silence, or inconsistent communication in the hours, days, and weeks following an incident.
As we’ve seen time and again, poor communication can turn a manageable issue into a prolonged crisis, extending scrutiny, eroding trust, and creating lasting reputational harm.
Many organisations are investing in cyber security and technical protection, but far fewer are prepared for the reputational fallout of an AI‑related incident.
When something goes wrong, your team, customers, and stakeholders want guidance, reassurance, and clarity. If you’re not ready to communicate clearly, credibly and calmly, speculation and opposing voices will inevitably fill the silence.
An organisation doesn’t have to predict every scenario in order to be prepared, but in a world where one prompt can trigger a reputational tailspin, understanding when, what, and how to respond can be the difference between an issue being a blip and it spiralling out of control.