Default-On AI: Are SaaS Vendors Outsourcing Their Risk To You?

InnovationDefault-On AI: Are SaaS Vendors Outsourcing Their Risk To You?ByBrian Greenberg,Forbes Councils Member.for Forbes Technology CouncilCOUNCIL POSTExpertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. | Membership (fee-based)Jun 10, 2026, 09:15am EDTBrian Greenberg is CIO of RHR International, professor of cybersecurity at DePaul University, board member, trusted advisor and speaker. getty​A new icon—the ubiquitous "sparkle" for AI—shows up in an app, but nobody in IT put it there. A user opens a support ticket asking what it does, and the help desk has no answer. You didn't see it on any roadmap, but it's live in your system right now, available to everyone and already processing your data.​That's the new normal in enterprise SaaS, but it shouldn't be.​For decades, vendors have shipped features at a measured pace, and you knew what was coming. However, many platforms have been enabling AI by default lately. Sometimes, they've done this without notice. Other times, it's been with lead times so thin that the people responsible for securing the systems barely have time to react.​In July 2024, Zoom users reported seeing an in-portal banner announcing that AI Companion features would auto-enable on July 25 and that admins had until July 21 to click "do not auto-enable" to keep their existing settings. Users then reported seeing a second wave of announcements in September 2024 that AI Companion on host accounts would be auto-enabled.According to Emerson College's published Zoom security guidance cataloging the default state of controls, recordings, automated captions, full transcripts, smart recording with AI Companion and in-meeting chat are all enabled by default. Zoom Hub is also "enabled by default," and chat cloud retention defaults to two years. The cumulative effect is that a Zoom administrator who doesn't actively shut down defaults i...