Home Timeline Companies Speaking Podcast Insights Media Resume Contact Book Bryan
← AI

Security Isn't Sexy

Compliance won't win you applause, but if you build with AI and ignore it, you can expose your clients in ways you can't undo.

By Bryan Fikes·2026-06-27· 5 min read As featured on AMA Boston

Let me say the unglamorous thing out loud.

"Security is not sexy. Compliance is not sexy. But trust me, if you're going to get into this, make sure it's part of your knowledge base so you don't expose a bunch of your clients' stuff."

Nobody builds an AI workflow because they're excited about compliance. They build it because they want to create, move fast, and ship. I get it, that's the fun part. But the moment you're handling other people's data through these systems, the boring part stops being optional.

Be your own guinea pig

Here's how I handle it: I'm my own first guinea pig.

I have two projects, and one of them by itself probably should have been a startup. It's the kind of thing you could plug in and turn into its own product. But I made a deliberate choice. I said, I know I can go build other things, so I'm going to use this one as my test dummy.

I throw all kinds of things at it. The entire purpose is to see if I can break it, to see if it can be exposed. I'd rather find the crack myself, on a project I've set aside for exactly that, than discover it live on a client account.

The isolated vault

The way I keep that safe is isolation. That test project has its own data table, everything set off in a complete, safe environment that's outside of what I'm doing day to day.

"It's kind of like what geneticists do with diseases. They put them in these incubators, in these vaults, but they don't let anything else touch it. So I've got one of those areas where you can play."

That's the model. A sealed room where you can be reckless on purpose, where you can stress the system and try to expose it, and nothing leaks out into the real work. You need a place to play that can't contaminate anything that matters.

I'm not the expert, and that's the point

Now, here's the part where I tell on myself. I am not a security specialist. I am not a compliance specialist.

If I open up my agents and turn them on, they know a lot about me and my clients. There are gates where the system stops itself. But that doesn't mean someone who isn't paying attention, or doesn't know what they're looking at, couldn't create a huge security issue. The risk is real, and pretending otherwise would be dishonest.

So I depend on other people. That's the recommendation I'd give anyone going down this path: make sure your network includes people who are genuinely well-versed and expert in this area. You can dream and create all day, but if you open up severe compliance or risk issues for your customer base, all that creativity becomes a liability.

I have people in my circle who are continually feeding me the tools and the kits. I ran a whole security kit over the weekend, and it works like a checklist. This is clear. This is clear. You're good. You're good. Now go create again.

That's the rhythm I'd recommend. Create, then verify, then create again. Not create and hope.

By the way, saying this out loud invites people to smoke test me, to come after my systems and look for the hole. That's fine. I'd rather have that pressure than a false sense of safety, because the people in my circle are the ones handing me better tools every time.

Security isn't the reason clients hire you. But it's a reason they stay, and it's the reason they can trust you with the things they can't afford to lose.

If you're building with AI and want to do it without exposing the people who depend on you, schedule a strategy session and let's talk through it.

Want this kind of thinking applied to your business?

Want Bryan to speak to your organization or help transform your marketing strategy? Schedule a strategy session.

Schedule a Strategy Session Hear Bryan on AMA Boston ↗

← All Insights