The Policy That Never Shipped — mendelevium.github.io
Jul 9, 2026<br>The Policy That Never Shipped
A cautionary tale about shadow governance, AI, and the quiet weaponization of ambiguity
The following is an AI model depiction based on a true story. Names, timelines, and identifying details have been changed. If you lead security, IT, HR, or a startup — this one is for you.
When Daniel took the security job at the AI startup, he thought he knew what he was walking into. He’d spent a decade in cybersecurity — incident response, compliance audits, the unglamorous plumbing of keeping companies out of the news. A startup building on AI wanting someone to think seriously about security? That sounded like a company that had its priorities straight.
His first assignment landed on his desk before his laptop finished enrolling in MDM: review the AI policy.
The document was a time capsule. Outside counsel had drafted it back when Google’s AI was recommending a daily serving of small rocks and the internet’s idea of state-of-the-art was Will Smith fighting a bowl of spaghetti — the era when “hallucination” stopped being a medical term and became a line item on every legal team’s risk register. Some of it was common sense that would survive any era. Verify anything an AI produces before it ships. Disclose when work is entirely machine-generated. And the load-bearing rule, the one that actually mattered: never share business documents with an AI service that doesn’t have a zero-data-retention agreement in place.
Reasonable. Defensible. Also, in places, obsolete on arrival — written for a threat landscape that had already moved, by people whose job was to imagine liability, not workflow.
Here’s the detail that matters for everything that follows: the policy was never released. Never published, never signed, never acknowledged by a single employee. It existed the way a ghost exists — officially nowhere, effectively everywhere.
Testing the fence
Daniel did what any good security professional does with a control: he tested it. Not to break it — to understand it. Where were the edges? What did the policy actually permit, and did the organization’s behavior match?
So he worked at the boundary, deliberately and carefully, never once crossing the lines the document drew. He verified everything. He disclosed what needed disclosing. When he finally used an AI tool with an internal document, he did it by the book — a service with zero data retention, exactly the configuration the policy blessed. If the policy had been real, he was its model citizen. He was doing, in miniature, what a security team is supposed to do at the organizational level: red-team the rules before reality does.
What he hadn’t modeled was the environment the rules lived in.
The startup’s IT department had practices of its own — monitoring that was never disclosed, visibility that no one had consented to, an ethics posture best described as don’t ask. Somebody saw the document go into an AI tool. Nobody checked the retention settings, or the policy, or asked him a single question. The story that traveled was simpler and stickier: the new security guy is feeding company documents to AI.
In a startup, a story like that doesn’t spread at the speed of email. It spreads at the speed of lunch.
Governance by rumor
Within weeks, Daniel was the cautionary tale. The guy who “used AI inappropriately.” The guy who got caught. The jokes wrote themselves and kept getting told, and there was no forum to correct the record — because correcting it would have required someone to produce the policy he’d supposedly violated, and the policy didn’t officially exist. You cannot appeal a verdict issued by a whisper network. There’s no inbox for that.
And here’s the perverse part: it worked. Not for Daniel — for the company. Or so it seemed.
Watching what happened to him, people drew the rational conclusion: AI is radioactive here. Developers — the people with the most to gain — quietly stopped experimenting. The AI enthusiasts kept evangelizing, but enthusiasts don’t set culture; consequences do, and everyone had watched the consequences eat a security professional who’d followed rules more carefully than anyone else in the building.
The company had achieved perfect AI governance without ever publishing a policy. No slop shipped, because almost nothing AI-touched shipped at all. Leadership got containment for free, paid for entirely in one employee’s reputation.
What they’d actually built was a chilling effect wearing a compliance costume. And a chilling effect doesn’t invoice you monthly — it collects at the end.
Forty days in the desert
What followed was the long dry season. Months of it. No policy, no guidance, no water — just the memory of what had happened to the last person who drank.
Most people dried out. Developers above all. They hand-wrote what the rest of the industry was generating, reviewing, and shipping; they watched competitors compress weeks into...