Brian Greenberg is CIO of RHR International, professor of cybersecurity at DePaul University, board member, trusted advisor and speaker.getty​A new icon—the ubiquitous "sparkle" for AI—shows up in an app, but nobody in IT put it there. A user opens a support ticket asking what it does, and the help desk has no answer. You didn't see it on any roadmap, but it's live in your system right now, available to everyone and already processing your data.​That's the new normal in enterprise SaaS, but it shouldn't be.​For decades, vendors have shipped features at a measured pace, and you knew what was coming. However, many platforms have been enabling AI by default lately. Sometimes, they've done this without notice. Other times, it's been with lead times so thin that the people responsible for securing the systems barely have time to react.​In July 2024, Zoom users reported seeing an in-portal banner announcing that AI Companion features would auto-enable on July 25 and that admins had until July 21 to click "do not auto-enable" to keep their existing settings. Users then reported seeing a second wave of announcements in September 2024 that AI Companion on host accounts would be auto-enabled.According to Emerson College's published Zoom security guidance cataloging the default state of controls, recordings, automated captions, full transcripts, smart recording with AI Companion and in-meeting chat are all enabled by default. Zoom Hub is also "enabled by default," and chat cloud retention defaults to two years. The cumulative effect is that a Zoom administrator who doesn't actively shut down defaults inherits a tenant in which every capture mechanism is on.​The legal risk that follows is real. Many U.S. states require two-party consent for recording. The question of whether a meeting summary or smart recording counts as a "recording" under wiretap laws is very real. Add transcripts and AI summaries that capture the same content the recording would, plus a default chat retention period that holds two years or more of conversations, and you have data sprawl and legal exposure for e-discovery that no one signed up for.​Microsoft 365 Copilot inside the admin center is automatically enabled for every admin user if your tenant has even one paid Copilot license. Opting out requires creating a special security group and adding the admins you want excluded. In October 2025, Windows devices that already had the Microsoft 365 desktop apps began background-installing Copilot. The push is on by default for tenants outside the European Economic Area. Admins who didn't want the install had to know about it in advance and clear a checkbox in the admin center.​Google launched Workspace Intelligence in April 2026, giving Gemini access to Gmail, Drive, Chat and Calendar for every user. The default setting for each data source is on. Rollout took one to three days for feature visibility, meaning the corresponding admin controls could lag the live feature by up to 72 hours.​OpenAI's ChatGPT Enterprise ships with all apps and connectors disabled by default. Workspace owners enable each one explicitly. However, ChatGPT Business ships with apps enabled by default. Two organizations, same vendor, opposite defaults.​Vendors do communicate, sort of. Google's announcement was posted on the Workspace Updates admin blog ahead of rollout. Microsoft publishes detailed deployment documentation on Microsoft Learn. Zoom posts release notes for every Workplace app update. The problem is that notification mechanisms are scattered across product-specific blogs, release feeds and in-portal banners that admins may or may not see in time. Lead times are usually measured in days, training materials are rarely provided in a form you can hand to your workforce and the default posture for too many of these features is "on" rather than "available." That combination quietly transfers governance work from the vendor to you and opens up your company to great risk.​Software that pipes meeting audio or documents into a generative model isn't neutral. It carries data residency, retention and consent implications that may not align with your contractual obligations with your clients, obligations under wiretap laws or your own internal policies. When features ship default-on, your organization is exposed before anyone has had a chance to evaluate the risk.​There's also the human cost. Every new feature that appears triggers a wave of tickets. Managers field questions they can't answer. Power users discover capabilities and start using them with sensitive data. That's what change fatigue looks like. It's a measurable drag on productivity, and it stacks on top of every other change happening in your organization—to say nothing of the security, governance and IT teams that need to review each new feature.​There's a better way, and it isn't complicated. New AI features should ship off by default.Vendors should send a single, structured notification to administrators well in advance of any change, naming the feature, the data it accesses, the controls available and the date it goes live. They should publish a risk matrix that maps the feature to common compliance standards such as SOC2, ISO 27001 and wiretap laws. They should provide ready-to-use training materials you can rebrand and distribute to your workforce and give you a real evaluation window measured in weeks rather than just a few days.​It's basic vendor care, the kind that software companies practiced as a matter of course before the AI race convinced so many of them that adoption metrics matter more than customer trust.​For CIOs and CISOs, the hard truth is that you can't wait for vendors to fix this. You have to assume the next AI feature is already on. Treat tenant configuration reviews as a recurring operational task. Document every default-on incident you find and raise it with your account team. Factor the pattern into renewal decisions. Those are the few levers you have.​The vendors who figure this out first will earn the trust of the people who sign the renewals​.Default-on is a choice. So is governance.​Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?