Most San Francisco businesses are now experimenting with AI. The problem is that many are doing it without the proper systems, security controls, or data governance to support it safely. What follows covers the IT foundations worth having in place before rolling out any AI tools, and what the evidence shows happens when businesses skip that step.
Why AI Adoption Is Moving So Fast
According to McKinsey’s 2025 State of AI report, 88% of organizations now use AI in at least one business function, up from 78% the year before. It’s more appealing as AI tools can automate repetitive tasks, surface data insights faster than manual processes, and reduce work that doesn’t require human judgment.
For San Francisco businesses, the pressure to move quickly is heightened by the industries most of them operate in. Law firms, financial services companies, insurance providers, and venture capital firms are all fielding the same question from clients, leadership, and competitors: what are you doing with AI? The risk is that those sectors also carry some of the highest data sensitivity requirements in the country, so the cost of getting adoption wrong is regulatory.
McKinsey found that two-thirds of organizations remain stuck in the piloting phase, held back by fragmented data, legacy systems, and workflows that can’t integrate AI. Adoption seems easy, but making it work is a different challenge entirely.
Why You Shouldn’t Deploy Before You’re Ready
The most widespread error businesses make with AI is treating it like any other software purchase. An employee finds a useful tool, signs up, and shares it with the team. With conventional software, that works well enough. With AI, what’s happening underneath the output matters far more.
No AI governance policies means no framework for deciding which tools are approved, what data can be shared with them, or how outputs should be checked before acting on them. Infrastructure not built for AI workloads creates performance and integration problems that build over time. Unstructured or inaccurate data produces results that can’t be trusted. Each of those gaps is manageable individually, but businesses that skip preparation tend to hit all three at once.
A useful starting point is understanding the position of your organization today. Centarus’s process begins with understanding your business’s current state, so any AI strategy is built on what you’re working with, not what you’d like to be working with.
The IT Foundations AI Actually Needs
Three areas must be in solid shape before AI can do useful work without creating risk:
Cloud Infrastructure
AI workloads require scalable compute and reliable data storage. A properly configured cloud environment allows AI tools to connect to your existing systems without introducing performance bottlenecks or new security gaps.
Data Management
AI outputs are only as reliable as the data feeding them. You need a clear understanding of where your data lives, who can access it, and whether it’s accurate and well-organized.
Integration Readiness
Legacy systems don’t connect easily to modern AI tooling, and attempting to force that connection creates maintenance problems down the line. Mapping how your existing tools fit together, and where the gaps are, gives you a realistic picture of what AI deployment will involve. Building an AI blueprint before selecting tools makes that process far more manageable.
Shadow AI Risks and AI Security Risks You May Not Be Tracking
One of the more significant AI security risks businesses face right now is their own employees.
Shadow AI in business refers to the use of AI tools by staff without IT oversight or formal approval. UpGuard’s 2025 State of Shadow AI report found that 81% of employees use unapproved AI tools at work. IBM’s What is Shadow AI resource notes that 38% of employees acknowledge sharing sensitive work information with AI platforms without their employer’s knowledge.
The consequences are well-documented. Client data, legal documents, and proprietary information can end up processed by third-party AI systems with no organizational visibility. IBM’s 2025 Cost of a Data Breach Report found that breaches linked to shadow AI cost organizations an average of $670,000 more than those where AI usage was governed. One in five breached organizations traced the incident back to unauthorized AI use.
Uncontrolled AI usage in companies is harder to detect than traditional unauthorized software because AI features are often embedded within tools employees already use day to day. Without active network monitoring and clear AI governance policies, that exposure can grow unnoticed for months.
How Centarus Helps San Francisco Businesses Prepare for AI
Centarus works with businesses across San Francisco and the Bay Area, including law firms, financial services providers, and insurance companies, to assess IT infrastructure, identify security gaps, and build the governance frameworks that make AI adoption both useful and safe.
That work includes reviewing your cloud environment, strengthening cybersecurity protections, and addressing the compliance requirements specific to your industry. For businesses already considering AI but uncertain whether their systems can support it, an honest look at how things are running is the most useful place to start.
If you’d like to have that conversation, book a complete consultative discovery conversation with Dale. It’s a practical discussion about where your business is today, what’s worth addressing, and what a sensible path forward looks like.
Frequently Asked Questions
What is shadow AI?
Shadow AI refers to AI tools used by employees without the IT team’s knowledge or approval. This includes using personal accounts with tools like ChatGPT for work tasks, or accessing AI features built into approved software that haven’t been formally enabled or governed.
What IT infrastructure do I need before adopting AI?
At minimum, we’d recommend a cloud environment configured to handle AI workloads, a clear and accurate picture of your data, and systems that can connect to AI tooling without creating security gaps. Without those foundations, AI tools tend to underperform, create integration problems, or introduce risks that aren’t immediately visible.
