Five Ways AI Can End Your Career at Work
Shadow AI, hallucination laundering, zombie agents—IBM's Martin Keen maps the AI workplace risks that have already cost people their jobs. Here's what they actually mean.
Written by AI. Marcus Chen-Ramirez

Photo: AI. Asha Kingsley
Most people who've lost their jobs over AI weren't doing anything dramatic. They weren't selling trade secrets or running rogue experiments. They were just trying to be productive—moving faster, using the tools available to them, not stopping to ask whether those tools had been blessed by the IT department. That gap between intent and consequence is exactly what IBM's Martin Keen walks through in a recent video, and it's more interesting than the clickbait framing suggests.
The five risks Keen identifies—shadow AI, data leakage, hallucination laundering, prompt injection, and unauthorized agentic AI—aren't five separate problems so much as a single problem wearing different outfits. The through-line is accountability: who is responsible when AI goes wrong at work, and why does that responsibility almost always land on the person who least expected to be holding it.
The Invisible Breach
Start with shadow AI, which is the least glamorous risk on the list. An employee installs a personal ChatGPT account, uses a browser plugin, pastes some work content into a tool that IT never approved. Nothing explodes. Nothing looks different. Work gets done faster.
The problem, according to Keen, is structural: "every time somebody takes a bit of content... maybe it's some proprietary code or it's some customer records... they paste it into an unapproved AI tool. Well, that data is now being potentially sent to a third party server." Depending on the tool's terms of service, that data might be used to train the next model version. Once it's baked into model weights, there's no retrieving it.
IBM's own cost-of-data-breach report—which, yes, IBM has an obvious interest in you reading—claims one in five organizations have experienced a breach caused by shadow AI. That's a notable figure even if you discount for source bias. The AI security concerns around enterprise AI tools have been building for years; shadow AI is just the consumer-grade version of the same structural problem.
The wrinkle Keen identifies is worth dwelling on: the instinctive IT response—banning everything—makes the problem worse. "Employees are going to find workarounds to that," he notes. "Maybe they'll use personal devices or they'll switch to a tool that hasn't been blocked yet. And when that happens, the organization has the same shadow AI problem, except now it has lost any visibility into what's happening."
This is a real tension that doesn't have a clean resolution. Total prohibition tends to push behavior underground rather than eliminate it. Total permissiveness creates exposure. The governance-framework answer—approved tools, clear policies, defined no-go data categories—is correct in theory and historically difficult to execute in practice, especially in organizations where AI tools are multiplying faster than policy can track them.
The Name on the Document
Hallucination laundering is Keen's most useful coinage in the video, and it deserves more mainstream usage. The mechanism is simple: AI generates confident-sounding nonsense; employee pastes it into a report; employee submits report. The AI's error becomes the employee's error, because the employee's name is the one attached to the document.
"What started out as this kind of disposable AI slop," Keen says, "is now presented as fact with that employee's credibility to back it up."
The legal profession has provided the most vivid examples—lawyers submitting court filings with fabricated case citations is now a documented pattern, not a one-off embarrassment—but Keen points out that executives making major decisions based on unverified AI output are equally exposed. The common thread isn't sector; it's the absence of verification between model output and professional submission.
This one feels like it shouldn't need saying, and yet it keeps happening. Part of the explanation is that AI outputs sound authoritative in a way that invites passive acceptance. The model doesn't hedge; it asserts. That confidence is a design feature that becomes a liability when the underlying information is wrong.
The Hidden Attacker
Prompt injection is where Keen shifts from individual carelessness to deliberate attack—and it's the risk that most directly implicates the people deploying AI tools rather than just using them.
The basic mechanism: an attacker embeds malicious instructions in content that the AI will retrieve and process. Not in the chat interface itself, but in a document, an email, a web page the AI pulls in as context. "Nobody's typed anything suspicious into the chatbot," Keen explains. "The attack itself is actually embedded inside of the data that the model was asked to retrieve and process."
Direct prompt injection—just typing "ignore all previous instructions" into a chatbot—is relatively well-defended against in modern models. Indirect injection is harder to catch because the attack surface isn't where you're looking. If your AI-powered customer service tool is retrieving documents from external sources as part of generating responses, any of those documents is a potential attack vector.
The accountability question here is genuinely murky. An employee who deployed the tool in good faith, following approved practices, still ends up responsible if something goes wrong on their deployment. Keen notes this is "a serious accountability question"—which is understatement. It's also an argument for treating AI deployment decisions with the same rigor as any other security-sensitive infrastructure decision, a cultural shift most organizations haven't yet made.
Zombies in the Server Room
The last risk—unauthorized agentic AI—is the one most likely to metastasize as AI capabilities expand. Autonomous AI agents are already moving from research curiosity to enterprise reality, and the governance infrastructure hasn't caught up.
Keen's "zombie AI agent" framing is genuinely apt. An employee spins up an agent for a proof-of-concept project. Project ends. Agent doesn't. "It's still authenticated. It's still maybe holding some API keys that everyone's kind of forgotten about by now. And now this zombie AI agent is an unmonitored backdoor into organization systems."
The original intent was innocent. The outcome—a persistent, authenticated, unmonitored process with access to internal systems—is a security nightmare. And unlike a rogue employee, the zombie agent isn't doing anything obviously malicious. It's just sitting there, waiting.
The obvious question this raises: how many organizations currently have full visibility into what AI agents are running on their systems, what they're authenticated to access, and what actions they're taking autonomously? The honest answer, for most enterprises right now, is probably "not many." The tooling for AI agent governance is still early; the agents themselves are being deployed faster than the tooling is maturing.
The Real Frame
It's worth naming what this video is and isn't. It's an IBM Technology production, which means it exists partly to funnel viewers toward IBM's AI governance products. That's fine—the risks Keen describes are real and documented independent of IBM's commercial interest in you being worried about them. But it does mean the proposed solution (governance frameworks, approved tooling, clear policies) conveniently maps onto enterprise software IBM sells. Keep that in mind when calibrating how much weight to give the prescription versus the diagnosis.
The diagnosis is solid. The five categories Keen identifies represent genuine failure modes, not hypotheticals. Shadow AI causing data leakage is documented. Hallucination laundering has generated real legal sanctions. Prompt injection attacks have been demonstrated in production systems. Zombie agents are an emerging but credible risk as agentic AI proliferates.
What the video doesn't spend much time on—understandably, given its format and audience—is the organizational dynamics that make these risks so hard to address. Governance frameworks fail not because people don't understand them but because incentive structures reward speed over compliance, because policy lags technology by design, because the people most likely to adopt new AI tools enthusiastically are often the same people most likely to chafe at restrictions on those tools.
Keen's implicit sixth risk is actually the most honest thing in the video: "just saying I'm not going to do anything with AI just to be on the safe side is going to leave you behind everybody else." The pressure to adopt AI is real, and it's coming from the same leadership that will hold you accountable when something goes wrong with the AI you adopted. That's not a comfortable position, and no governance framework fully resolves it.
The career risk isn't really about which AI tools you use. It's about what happens when the incentive to move fast collides with the accountability for moving wrong—and who ends up holding the consequences.
Marcus Chen-Ramirez is a senior technology correspondent at Buzzrag. He spent eight years as a software engineer before switching to journalism, a decision he maintains was entirely rational.
AI Moves Fast. We Keep You Current.
Framework breakdowns, tool comparisons, and AI coding insights — distilled from the best tech YouTube creators. Free, weekly.
More Like This
5 Levers That Decide Your AI Investment's Fate
Nate B. Jones's workflow-first framework for AI investment decisions—plus the security questions every leader is forgetting to ask before deploying agents.
Cybersecurity 2026: Shadow AI, Quantum Threats & Deepfakes
Explore cybersecurity trends for 2026: Shadow AI, quantum threats, and deepfakes.
AI Agents Need DMVs: A Reality Check on Autonomous Systems
IBM's Jeff Crume argues AI agents need governance infrastructure like cars. But the analogy reveals more about the problem than the solution.
AI Agents and Your Database: Who's Responsible?
Google's MCP Toolbox addresses AI agent data vulnerabilities—but with no regulatory framework for agentic AI, the real question is who's liable when it fails.
Why Context Engineering Is AI's Real Bottleneck
AI models aren't the problem anymore—accessing the right data at the right time is. Here's how context engineering changes what's actually possible.
Zero Trust Security Faces Its AI Agent Test
AI agents that can buy things and spawn sub-agents need security frameworks that assume breach from the start. Zero trust principles are getting a second life.
WarGames Got the Details Wrong—But the Feeling Right
How a 1983 film used real hardware and strategic Hollywood cheating to capture what early computing actually felt like—even when faking almost everything.
Ten Tools to Fix Claude Code's Terrible Design Aesthetic
Claude Code generates the same purple gradients and Inter font on every site. Here are ten plugins and skills that might actually fix its design problem.
RAG·vector embedding
2026-05-25This article is indexed as a 1536-dimensional vector for semantic retrieval. Crawlers that parse structured data can use the embedded payload below.