Companies are telling boards, investors, and the market that AI is improving productivity, reducing cost, and transforming operations. The question is not whether AI can generate more output; the question is whether the organization can prove how that output entered the business record.
That is where the AI disclosure-control problem begins.
If the organization does not know whether the final work product, when generated by AI, followed the company’s data governance business rules or QA processes before reliance, the productivity claim is weaker than it sounds.
Tool use is not proof. Output volume is not proof. Adoption is not proof. AI governance begins where adoption metrics stop.
Shadow AI Is a Record Problem
Shadow AI is usually treated as a cybersecurity issue. That framing is too narrow; it is also a record problem, and it is a disclosure-dependent one.
An Okta-commissioned survey put the gap in plain numbers:
- 90% of executives were confident in their organization’s visibility into AI tools
- 52% of knowledge workers admitted using unapproved tools.
- 58% of executives reported an AI-related security incident or close call in the prior year
. This data is executive confidence sitting on top of hidden use and undisclosed risk.
When an employee uses an unapproved tool and says nothing, because the incentive is to deliver output rather than flag how it was produced, the organization loses the evidence chain. It may not know what tool was used, what information was entered, what output came back, or whether the final work product was reviewed before it moved forward. And the output does move forward, into board materials, investor decks, compliance drafts, legal notes, and financial analysis.
At that point, the problem is not that someone used the wrong tool. The problem is that the organization may be relying on a record it cannot reconstruct, because the record was never created.
The Near Miss Is a Control Signal
A near miss is not implementation noise. It is evidence that AI-assisted work could have entered the business record without a hint of compliance.
In most organizations, the employee who caught the error was the power user: the person most fluent in the tool’s failure modes, most capable of recognizing when output required correction before reliance. That labor is not measured, has no line item, and does not appear in the productivity dashboard. But it is the reason the near miss was a near miss and not a material error.
If the organization cannot say who had authority to stop the output, who documented what happened, and whether that employee’s judgment was the only control between generation and reliance, it does not have AI governance. It has an AI policy with gaps in it, and a narrow group of employees quietly filling them.
A company cannot credibly claim AI improved productivity if it cannot explain what was generated, what was reviewed, what was corrected, and what human labor made the output usable.
AI Evidence Lacks a Chain of Custody
The disclosure-control problem is not theoretical. In each of the following cases, AI-assisted work entered an institutional record before the organization could substantiate how it got there.
U.S. Department of Justice (April 2026)
- A former assistant U.S. attorney was fired after a court found fabricated quotations and misstatements of case holdings in a government brief he signed
- He initially claimed he filed an unfinished draft; he later admitted he felt panicked, had AI rewrite a lost version, and filed it believing he had reviewed it
- The court called the conduct “particularly odious” given the trusted position involved
- The verification layer collapsed under production pressure
Sullivan & Cromwell (April 2026)
- Sullivan & Cromwell apologized to Chief Judge Martin Glenn of the U.S. Bankruptcy Court for the Southern District of New York for an emergency motion containing approximately 28 erroneous citations
- The firm publicly disclosed it had comprehensive AI governance policies, two mandatory training modules, and explicit verification requirements
- This is the clearest documented example of the gap between AI governance as written policy and AI governance as operational reality
Gordon Rees Scully Mansukhani, LLP
- An Am Law firm with $759 million in gross revenue apologized for AI hallucinations in a bankruptcy filing and published new AI governance policies
- Four months later the firm filed another hallucination-riddled brief in a separate matter
- The policy announcement did not reach the verification layer; nothing did
In each case the organization could not substantiate how the work was produced, what was verified, or who was accountable before the output moved. That is not an LLM hallucination problem, it’s a disclosure-control problem.
Quarterly Governance Is Not Ready For AI Speed
Many organizations are governing AI with systems built for slower work. A committee meets. A policy is approved. A training module is completed. A dashboard shows adoption. Meanwhile, AI-assisted work is happening continuously across teams using different models, prompts, data inputs, and review standards.
That creates a timing problem. Quarterly governance cannot prove minute-to-minute control. Conventional wisdom treats the policy layer as the governance layer; in contrast, the control problem lives at the point where AI output becomes business work, and that point is never on the committee’s agenda.
The Power User Trap℠ operates precisely here. The employees absorbing the verification burden are not flagging it; they are performing. And performance masks the condition, Invisible Attrition℠, producing withdrawal until the capacity is gone and the organization has no language for what it lost.
The Disclosure-Control Question
This is the General Counsel problem.
AI productivity claims require evidence. The organization needs to be able to answer: which tools are actually in use, including unapproved ones; who reviewed AI-assisted output before it entered a board-facing, legal, or financial record; what near misses were caught before reliance; and what human verification labor was required to make the output usable.
That last question is the one disclosure-dependent systems cannot answer. If the organization cannot answer those questions, the issue is not messaging it’s control.
AI productivity claims become a disclosure-control problem when the organization cannot show how AI-assisted work moved from generation to work product or evidence.
The Materiality Question Set
Before the next earnings call, board presentation, or regulatory filing, the organization should be able to answer:
- Which public statements about AI-driven productivity or cost reduction are supported by internal evidence beyond tool adoption metrics?
- If a regulator, plaintiff, or journalist asked for the evidence behind a specific AI productivity claim, what would the organization produce and how long would it take?
- Who currently owns the obligation to ensure AI productivity representations are supportable before they are made, and is that ownership formally assigned?
Series Context
This is the fifth article in Lozen Advisory’s AI Workforce Materiality series. The next article, The Materiality Overload Crisis in Form 10-K Human Capital Disclosures, examines how human-capital disclosure is being asked to carry workforce risks that internal systems may not detect before loss appears.
Commission a Strategic Briefing
AI productivity claims are creating substantiation risk for General Counsel, unpriced liability for CFOs, and governance exposure for boards. Lozen Advisory delivers private advisory on AI implementation risk, unmeasured verification strain, and the disclosure-control gaps organizations are building without measuring.
