Consultancies urged to slow AI push amid cyber risk

Trend-Setters Consulting Chief Executive Officer Sam Shar has warned that consultancies are pushing corporate AI projects too quickly, increasing cyber risk and potentially contributing to a new wave of security incidents.

His intervention focuses on the role of consulting firms as companies across North America accelerate AI adoption. Shar argued that advisers are encouraging too many AI programmes at once, even though many client organisations remain unprepared for the security issues that come with new systems.

His comments come amid a broader rise in cyber incidents and growing concern about how AI deployments affect corporate security. Check Point Research found that the weekly count of cyber incidents doubled between 2021 and 2025, while IBM reported that 97% of organisations had experienced an AI-related security incident.

Other industry surveys suggest a gap between boardroom urgency and operational readiness. BCG found that 61% of chief executives said their boards were rushing AI transformation, while KPMG found that only 20% of organisations experimenting with AI felt confident managing the risks.

Shar argued that the commercial incentives driving consulting firms are part of the problem. Large advisers have secured major AI transformation mandates as client demand has risen, while partnerships between AI model developers and consulting groups have expanded access to large corporate customers.

Those arrangements, he said, can create pressure to recommend more AI work regardless of whether the business case is sound or the security implications have been fully considered. That leaves clients exposed as they retrofit existing technology stacks and create new points of attack.

"Companies are racing to adopt AI in powerful and effective ways, and consultancies have rightly seen this as a moment to support clients, offering on-tap expertise and talent."

"But there are early signs this is turning into a gold rush, with firms selling as many projects as possible with little connection to ROI and, more worryingly, little regard for the security risks. Drawn by high margins, some advisers are accidentally worsening this new threat. This is a cybersecurity meltdown waiting to happen.

"Any new technology opens fresh attack vectors in the tech stack, and that is even more true for AI, where whole systems are being retrofitted. At the same time, employees are often not trained on how the technology creates new lines of attack, leaving organizations exposed," Shar said.

Commercial pressure

At the heart of Shar's argument is the idea that consultancies have become an important distribution route for major AI suppliers. As large technology groups seek wider use of their products inside corporations, consulting firms have become a channel through which adoption is encouraged, scoped and implemented.

That dynamic, he argued, can distort decision-making. If advisers are rewarded for increasing the volume of AI engagements, they have less incentive to slow projects, reduce their number or question whether a client is ready to absorb the operational and security burden.

Shar called for consulting firms to limit the number of simultaneous AI briefs they run for any one client. He also said advisers should spend more time inside client organisations after implementation to monitor systems directly and identify weaknesses as they emerge.

A more cautious approach, he argued, would allow firms to test systems properly and improve staff awareness of how AI tools can be exploited. In many organisations, employee training remains one of the weakest links in security practice, especially when new tools are rolled out across multiple functions in a short period.

Client readiness

Trend-Setters Consulting describes itself as a digital transformation consultancy working with large corporate clients, including Fortune 500 companies such as HP, Xerox and Bank of America. Founded in 1986, the firm says it has worked on digital transformation and digitalisation projects for large businesses across sectors.

Shar's position stands out because it comes from within the consulting industry rather than from a cybersecurity vendor or regulator. His remarks amount to a call for firms to accept slower revenue growth from AI-related work in exchange for lower risk and closer scrutiny of what clients actually need.

The stance also reflects a wider question hanging over the corporate AI market: whether speed of adoption is overtaking governance. Boards and senior management teams face heavy pressure to demonstrate action on AI, but implementation often cuts across legacy systems, compliance controls and workforce training practices that take longer to adjust.

For consulting firms, the challenge is whether to act as sellers of transformation programmes or as gatekeepers willing to push back when clients are moving faster than their controls allow. Shar said the industry needs to choose the latter more often.

"As consultancies, we're feeling pressure from all directions to sell our clients AI transformation briefs, but there is a real risk we're chasing short-term revenues and setting ourselves up for a backlash down the track. This is the time to pause and take stock."

"We need to make sure these projects deliver genuine value for our clients, and that they do so safely and compliantly. In practice, this means taking on fewer engagements in the medium term to meet quality and safety standards."

"We should also embed consultants deep within clients after implementation, so that systems are properly monitored and team members are trained on how to use these tools effectively and, most importantly, safely," Shar said.