By: Shayne Champion | Published: July 6, 2026 | 5 Min
Summary:
AI offers real capacity gains for human services organizations. But rushing adoption without security guardrails creates risks that are hard to fix down the road. CaseWorthy CISO Shayne Champion breaks down the three AI categories, how large language models actually work, what Model Context Protocols are, and the three bedrock security principles every human services leader needs to understand before moving forward.
The organizations doing the most important work in our communities right now — housing people experiencing homelessness, supporting adults with disabilities, connecting families to behavioral health care — are being asked to do more with less. Budget cuts are hitting the sector at precisely the wrong moment: demand for services is up, complexity is rising, and the workforce is stretched thin. Agencies already operating on razor-thin margins are now facing funding reductions that force impossible choices. Cut staff. Reduce capacity. Or find smarter ways to work.
That last option is where AI enters the picture — and where it gets complicated.
Artificial Intelligence (AI) can be a genuine lifeline for human services organizations. Done thoughtfully, it can help your team reclaim hours, reduce administrative burden, and spend more time with the people you’re there to serve. But if we rush into it (and plenty of organizations are feeling that pressure right now) it can introduce serious risks that are hard to undo. That’s what this series is about: helping you understand AI clearly enough to use it confidently and securely.
The organizations that take the time to get AI security right will ultimately leapfrog those that just threw it out there and hoped for the best.
Not All AI is the Same
Before we talk about securing AI, it helps to understand what we’re actually dealing with. There’s a lot of hype and a lot of confusion, so let me clear some of that up. Most people use the term AI to mean everything from a grammar checker to science-fiction robots. In reality, the tools we interact with today fall into three rough categories:
Systems built to do one specific thing really well. Grammarly checking your grammar, Otter.ai transcribing your meeting—that’s narrow AI. Think of it like a screwdriver: very good at the one job it was made for, and not much else.
Systems that can understand and apply knowledge across a broad range of tasks, much like a human can. Think of it as a cognitive Swiss army knife: it can do a lot of things reasonably well, but it’s not the best at any single one. The large language models most of us use, e.g. ChatGPT, Claude, Microsoft Copilot, live in this space. They seem incredibly capable (and they are useful), but they don’t truly understand the world the way a person does. They have access to an enormous amount of information, but comprehension at a human level? Not yet. Most researchers estimate we’re still 15 to 35 years away from that.
AI that surpasses human intelligence across every cognitive domain. This is still science fiction. We are not close to achieving this. As Cary Elwes’ Westley quipped in The Princess Bride, “Anyone who says differently is selling something.”
Under the Hood: How AI Actually Works
You don’t need to be a software engineer to have a working understanding of how AI functions. But a little context goes a long way when it comes to understanding why security matters so much. Three techniques power most of the AI we encounter today:
1. Machine Learning
The foundation of modern AI. Instead of being explicitly programmed with rules, machine learning systems find patterns in data and improve over time based on what they see. Your email spam filter learns what junk looks like. Your Netflix recommendations get better the more you watch. That's machine learning at work.
2. Natural Language Processing (NLP)
This is what makes tools like ChatGPT and Claude actually work. NLP enables computers to understand, generate, and respond to human language — text and speech. Underneath many of these tools is something called deep learning: multi-layered networks that process enormous volumes of raw information to develop language capabilities.
3. Computer Vision
The ability for systems to interpret and act on visual input. Face ID on your iPhone. License plate readers. Even the silly Snapchat filters your kids use. That's computer vision.
Connecting with AI: MCPs & Tokens
There’s one more idea I want to introduce, because you’re going to hear the term more and more, and it matters for security. It’s called the Model Context Protocol, or MCP. I’ll be honest, that’s a terrible name for something fairly intuitive. Here’s the simplest way I can put it: An MCP is a universal standard that lets your AI assistant safely connect to the tools and data you already use every day. Think of it like a USB adapter for AI.
On their own, AI assistants like Claude or ChatGPT only know what they were trained on. They can’t see your calendar, check your email, or look anything up in your case management system. If you want their help with any of that, you have to be the go-between, pulling up the information yourself and feeding it in by hand.
An MCP removes that bottleneck by giving the AI a secure, standardized way to reach the systems it needs. By the way, each request you make of an LLM or output it generates is called a token. Tokens are how AI companies measure and bill for usage, and tokens will be important in a later article. However, the entire process of an AI model getting your request, calculating, and generating the response is called an inference.
Picture this: you need to schedule a meeting with five colleagues tomorrow. Without an MCP, you’re checking everyone’s calendar yourself, then asking the AI to help draft an agenda once you’ve done the legwork. It saves you some time, but you’re still doing all the tedious back-and-forth. With an MCP connected, you could simply ask the AI to find a time that works for everyone and schedule the meeting, and it would reach out to your calendar system directly, on your behalf, and get it done.
Here’s the part that matters most from a security standpoint: the AI itself never touches your systems directly. It sends a request to an MCP server—think of it as a secure middleman—and that server is the only thing that actually talks to your calendar, your email, or your CRM. That separation is intentional, and it’s a good thing: It means the AI isn’t roaming freely through your systems, but rather is making specific, structured requests through a controlled channel.
An MCP isn’t just automation. It’s AI automation — letting the right system pull the right information at the right moment, without you being stuck in the middle.
Not every AI tool needs an MCP to be useful, and in some cases, connecting one without the right safeguards in place can introduce new risk rather than reduce it. That’s a topic we’ll come back to.
But used well, MCPs are a big deal for two reasons:
- First, efficiency: instead of building a custom, one-off integration every time you want your AI to talk to a new tool, MCP gives everyone a common standard that works across the board.
- Second, and more importantly for our purposes, security: that standardized, structured connection is far easier to monitor, govern, and lock down than a patchwork of ad hoc integrations ever could be. Together, these technologies make AI remarkably powerful. They also make it remarkably complex, and that complexity is exactly why security requires our attention.
Three Things Every Human Services Leader Needs to Know About AI Security
Over the next few weeks, we’re going to talk about addressing these AI concepts operationally from security, privacy, and governance perspectives. For now, I want to start with three bedrock concepts that are at the core of information security around AI.
Security isn't the reason to stop. It's the reason to move smarter.
There's enormous pressure right now to adopt AI fast, I hardly need to tell you. The productivity gains are real, and nobody wants to be left behind. But of all the technologies I've seen organizations spin up over the past three decades, AI has more potential to cause harm when implemented carelessly than anything else I can recall.
That doesn't mean stop; it means slow down long enough to do it right. Organizations that take the time to implement AI with proper security controls will outpace those who didn't, because they won't spend years circling back to clean up breaches, fix misconfigurations, or explaining to clients why their data ended up somewhere it shouldn't have.
The people your organization serves, the individuals in your caseloads, the families in your programs—they cannot afford for us to get this wrong. That's not abstract; it's personal. It’s also why CaseWorthy is investing heavily in getting AI right, not just getting AI fast.
Many of the security controls you already have still apply.
AI may be new, but the security fundamentals around it are not. Zero trust networking, strong identity and access management, data classification, encryption in transit and at rest. All of these still matter, and they address a significant portion of the AI risk surface right out of the gate.
Will there be new challenges? Absolutely. Not every traditional control maps cleanly to an AI environment and new measures need to be taken. However, don't let the novelty of the technology make you feel like you're starting from scratch. You're probably not as far behind as you think.
AI doesn't follow algorithms — it pursues objectives.
That's a fundamental difference. This one matters a lot, so let me be direct about it. Traditional software follows algorithms, defined, predictable flows. You put information X in one end, and you reliably get result Y out the other. AI doesn't work that way. It doesn't follow rules; it pursues objectives. And here's the hard truth: we often don't fully know what those objectives are.
Remember earlier when we talked about an inference? That’s important, because these AI systems aren’t just providing data; they’re trying to infer (deduce or conclude) rather than just looking up information and AI is progressing and growing at an unprecedented rate. Early AI models had tens of millions of parameters—the decision points they use to arrive at an output. Today's models have trillions— that's roughly 100,000 times more complex than what we started with. Not only do AI agents have their own social media platform (Moltbook), but there are also already documented cases of AI systems developing their own communication patterns that humans couldn't fully understand.
The field of interpretability, a whole new branch of computer science, exists precisely because researchers are trying to understand how these systems actually make decisions. There is credible research suggesting that because AI is now being used to build better AI, we may soon reach a point where humans won’t fully understand how AI works.
Taken together, these facts mean that we must treat AI and AI agents not as programs but as untrusted users. In CaseWorthy’s internal training, we tell our users to treat AI like it’s a brand new, book-smart new college graduate—not just any graduate, either, but a genius who’s graduated from college at the age of 12. That individual would have absolutely zero experience and, relatively speaking, less common sense because those are things that you’ve built through years and years of interactions. If we manage the identities of our AI agents with that perspective in mind, we’re on the right track.
AI is not just another program; it must be treated as an untrusted user — something with its own objectives.
What's Coming Next
Over the next several weeks, we’re going to break down practical things you need to do for implementing security, privacy, and governance for your AI, and we’ll do it in plain language designed for human services professionals, not IT specialists. You don’t need to become a cybersecurity expert. You do need enough context to make smart decisions and ask the right questions.
As Microsoft founder Bill Gates said, “At every juncture, advanced tools have been the key to a new wave of applications, and each wave of applications has been key to driving computing to the next level.” AI is the advanced tool that has the capability to push not just applications, but us as users, to that next level, but only if we get it right. Ultimately, we all must accept that the proverbial AI genie is out of the bottle. The question isn’t whether to engage with it, but whether we do so with our eyes open. We think you should, and we’re here to help you do it right.
About the Author
Shayne Champion
Shayne Champion is the Chief Information Security Officer at CaseWorthy. Shayne has worked in the information security field for over 30 years, including BlueCross Blue Shield and for the 3rd largest public hospital system in the US. He hold a number of professional certifications, including his CISSP, C|CISO,