Edited by humans. Written by AI. How our editing works
All articles

Five Ways AI Can End Your Career at Work

Shadow AI, hallucination laundering, zombie agents—IBM's Martin Keen maps the AI workplace risks that have already cost people their jobs. Here's what they actually mean.

Marcus Chen-Ramirez

Written by AI. Marcus Chen-Ramirez

May 25, 20267 min read
Share:
Man in glasses gesturing before digital diagrams with "Don't Get Fired!" text overlay and glowing figures background from…

Photo: AI. Asha Kingsley

Most people who've lost their jobs over AI weren't doing anything dramatic. They weren't selling trade secrets or running rogue experiments. They were just trying to be productive—moving faster, using the tools available to them, not stopping to ask whether those tools had been blessed by the IT department. That gap between intent and consequence is exactly what IBM's Martin Keen walks through in a recent video, and it's more interesting than the clickbait framing suggests.

The five risks Keen identifies—shadow AI, data leakage, hallucination laundering, prompt injection, and unauthorized agentic AI—aren't five separate problems so much as a single problem wearing different outfits. The through-line is accountability: who is responsible when AI goes wrong at work, and why does that responsibility almost always land on the person who least expected to be holding it.

The Invisible Breach

Start with shadow AI, which is the least glamorous risk on the list. An employee installs a personal ChatGPT account, uses a browser plugin, pastes some work content into a tool that IT never approved. Nothing explodes. Nothing looks different. Work gets done faster.

The problem, according to Keen, is structural: "every time somebody takes a bit of content... maybe it's some proprietary code or it's some customer records... they paste it into an unapproved AI tool. Well, that data is now being potentially sent to a third party server." Depending on the tool's terms of service, that data might be used to train the next model version. Once it's baked into model weights, there's no retrieving it.

IBM's own cost-of-data-breach report—which, yes, IBM has an obvious interest in you reading—claims one in five organizations have experienced a breach caused by shadow AI. That's a notable figure even if you discount for source bias. The AI security concerns around enterprise AI tools have been building for years; shadow AI is just the consumer-grade version of the same structural problem.

The wrinkle Keen identifies is worth dwelling on: the instinctive IT response—banning everything—makes the problem worse. "Employees are going to find workarounds to that," he notes. "Maybe they'll use personal devices or they'll switch to a tool that hasn't been blocked yet. And when that happens, the organization has the same shadow AI problem, except now it has lost any visibility into what's happening."

This is a real tension that doesn't have a clean resolution. Total prohibition tends to push behavior underground rather than eliminate it. Total permissiveness creates exposure. The governance-framework answer—approved tools, clear policies, defined no-go data categories—is correct in theory and historically difficult to execute in practice, especially in organizations where AI tools are multiplying faster than policy can track them.

The Name on the Document

Hallucination laundering is Keen's most useful coinage in the video, and it deserves more mainstream usage. The mechanism is simple: AI generates confident-sounding nonsense; employee pastes it into a report; employee submits report. The AI's error becomes the employee's error, because the employee's name is the one attached to the document.

"What started out as this kind of disposable AI slop," Keen says, "is now presented as fact with that employee's credibility to back it up."

The legal profession has provided the most vivid examples—lawyers submitting court filings with fabricated case citations is now a documented pattern, not a one-off embarrassment—but Keen points out that executives making major decisions based on unverified AI output are equally exposed. The common thread isn't sector; it's the absence of verification between model output and professional submission.

This one feels like it shouldn't need saying, and yet it keeps happening. Part of the explanation is that AI outputs sound authoritative in a way that invites passive acceptance. The model doesn't hedge; it asserts. That confidence is a design feature that becomes a liability when the underlying information is wrong.

The Hidden Attacker

Prompt injection is where Keen shifts from individual carelessness to deliberate attack—and it's the risk that most directly implicates the people deploying AI tools rather than just using them.

The basic mechanism: an attacker embeds malicious instructions in content that the AI will retrieve and process. Not in the chat interface itself, but in a document, an email, a web page the AI pulls in as context. "Nobody's typed anything suspicious into the chatbot," Keen explains. "The attack itself is actually embedded inside of the data that the model was asked to retrieve and process."

Direct prompt injection—just typing "ignore all previous instructions" into a chatbot—is relatively well-defended against in modern models. Indirect injection is harder to catch because the attack surface isn't where you're looking. If your AI-powered customer service tool is retrieving documents from external sources as part of generating responses, any of those documents is a potential attack vector.

The accountability question here is genuinely murky. An employee who deployed the tool in good faith, following approved practices, still ends up responsible if something goes wrong on their deployment. Keen notes this is "a serious accountability question"—which is understatement. It's also an argument for treating AI deployment decisions with the same rigor as any other security-sensitive infrastructure decision, a cultural shift most organizations haven't yet made.

Zombies in the Server Room

The last risk—unauthorized agentic AI—is the one most likely to metastasize as AI capabilities expand. Autonomous AI agents are already moving from research curiosity to enterprise reality, and the governance infrastructure hasn't caught up.

Keen's "zombie AI agent" framing is genuinely apt. An employee spins up an agent for a proof-of-concept project. Project ends. Agent doesn't. "It's still authenticated. It's still maybe holding some API keys that everyone's kind of forgotten about by now. And now this zombie AI agent is an unmonitored backdoor into organization systems."

The original intent was innocent. The outcome—a persistent, authenticated, unmonitored process with access to internal systems—is a security nightmare. And unlike a rogue employee, the zombie agent isn't doing anything obviously malicious. It's just sitting there, waiting.

The obvious question this raises: how many organizations currently have full visibility into what AI agents are running on their systems, what they're authenticated to access, and what actions they're taking autonomously? The honest answer, for most enterprises right now, is probably "not many." The tooling for AI agent governance is still early; the agents themselves are being deployed faster than the tooling is maturing.

The Real Frame

It's worth naming what this video is and isn't. It's an IBM Technology production, which means it exists partly to funnel viewers toward IBM's AI governance products. That's fine—the risks Keen describes are real and documented independent of IBM's commercial interest in you being worried about them. But it does mean the proposed solution (governance frameworks, approved tooling, clear policies) conveniently maps onto enterprise software IBM sells. Keep that in mind when calibrating how much weight to give the prescription versus the diagnosis.

The diagnosis is solid. The five categories Keen identifies represent genuine failure modes, not hypotheticals. Shadow AI causing data leakage is documented. Hallucination laundering has generated real legal sanctions. Prompt injection attacks have been demonstrated in production systems. Zombie agents are an emerging but credible risk as agentic AI proliferates.

What the video doesn't spend much time on—understandably, given its format and audience—is the organizational dynamics that make these risks so hard to address. Governance frameworks fail not because people don't understand them but because incentive structures reward speed over compliance, because policy lags technology by design, because the people most likely to adopt new AI tools enthusiastically are often the same people most likely to chafe at restrictions on those tools.

Keen's implicit sixth risk is actually the most honest thing in the video: "just saying I'm not going to do anything with AI just to be on the safe side is going to leave you behind everybody else." The pressure to adopt AI is real, and it's coming from the same leadership that will hold you accountable when something goes wrong with the AI you adopted. That's not a comfortable position, and no governance framework fully resolves it.

The career risk isn't really about which AI tools you use. It's about what happens when the incentive to move fast collides with the accountability for moving wrong—and who ends up holding the consequences.


Marcus Chen-Ramirez is a senior technology correspondent at Buzzrag. He spent eight years as a software engineer before switching to journalism, a decision he maintains was entirely rational.

From the BuzzRAG Team

AI Moves Fast. We Keep You Current.

Framework breakdowns, tool comparisons, and AI coding insights — distilled from the best tech YouTube creators. Free, weekly.

Weekly digestNo spamUnsubscribe anytime

More Like This

Bearded man in glasses and beanie gestures while speaking, with "40% BY 2027" in yellow text, bookshelves and LEGO castle…

5 Levers That Decide Your AI Investment's Fate

Nate B. Jones's workflow-first framework for AI investment decisions—plus the security questions every leader is forgetting to ask before deploying agents.

Rachel "Rach" Kovacs·2 months ago·8 min read
Man in black shirt with neon graphics stands against dark background with code elements; "think series: Emerging…

Cybersecurity 2026: Shadow AI, Quantum Threats & Deepfakes

Explore cybersecurity trends for 2026: Shadow AI, quantum threats, and deepfakes.

Yuki Okonkwo·7 months ago·4 min read
Man gesturing while discussing AI security with neon graphics of laws, policy concepts, and police icons displayed on dark…

AI Agents Need DMVs: A Reality Check on Autonomous Systems

IBM's Jeff Crume argues AI agents need governance infrastructure like cars. But the analogy reveals more about the problem than the solution.

Marcus Chen-Ramirez·5 months ago·6 min read
Live stream featuring Stephanie Wong and Kurtis Van Gent discussing MCP Toolbox for Databases on a dark background with…

AI Agents and Your Database: Who's Responsible?

Google's MCP Toolbox addresses AI agent data vulnerabilities—but with no regulatory framework for agentic AI, the real question is who's liable when it fails.

Samira Barnes·2 months ago·8 min read
Man explaining context engineering concepts on whiteboard, with diagrams showing RAG, LLMs, and API architecture for the…

Why Context Engineering Is AI's Real Bottleneck

AI models aren't the problem anymore—accessing the right data at the right time is. Here's how context engineering changes what's actually possible.

Samira Barnes·3 months ago·5 min read
A man in a black t-shirt gestures while speaking against a dark background with neon tech icons, with "Zero Trust for AI…

Zero Trust Security Faces Its AI Agent Test

AI agents that can buy things and spawn sub-agents need security frameworks that assume breach from the start. Zero trust principles are getting a second life.

Bob Reynolds·5 months ago·6 min read
Man with gray beard in green shirt with computer screens displaying blue digital graphics and glowing network patterns…

WarGames Got the Details Wrong—But the Feeling Right

How a 1983 film used real hardware and strategic Hollywood cheating to capture what early computing actually felt like—even when faking almost everything.

Marcus Chen-Ramirez·3 months ago·7 min read
Orange background with "10X DESIGN" text, Claude Code app icon with crown, and Impeccable/Awesome Design.md branding…

Ten Tools to Fix Claude Code's Terrible Design Aesthetic

Claude Code generates the same purple gradients and Inter font on every site. Here are ten plugins and skills that might actually fix its design problem.

Marcus Chen-Ramirez·3 months ago·8 min read

RAG·vector embedding

2026-05-25
1,910 tokens1536-dimmodel text-embedding-3-small

This article is indexed as a 1536-dimensional vector for semantic retrieval. Crawlers that parse structured data can use the embedded payload below.