A decade ago, accounting firms transformed operations by migrating ledgers and workflows to the cloud, adopting security frameworks that provided clear guidelines for managing data.  

Today, artificial intelligence (AI) is redefining accounting at a pace unmatched by previous technological shifts. Unlike the measured rollout of cloud security, AI adoption has surged ahead without consistent security protocols and data governance, exposing firms to significant cyber risks. 

A recent 2025 McKinsey survey reports that 78% of organizations now use AI in at least one business function, reflecting widespread integration across industries, including accounting.  

Cloud platforms like Xero and QuickBooks Online embed AI-supported features for categorisation, transaction management, and analysis; at the same time, accounting professionals now rely on Generative AI or large language models of choice, such as ChatGPT, Claude, and Grok, for quick insight gathering, client communications, and automated reports.  

AI-driven applications are now embedded in daily accounting tasks, from reconciliations and analysing data at a pace that redefines modern practice. These productivity gains are undeniable. However, in the rush to harness AI’s capabilities, governance over the sensitive client data entered into these AI-driven platforms has not kept pace. Speed and convenience become a risk when team members input sensitive client information into personal AI accounts often without considering security implications and oversight, creating new, unmonitored entry points for cyber attacks.  

This rapid, decentralised adoption has left many firms without clear policies or controls, resulting in a dangerous blind spot that expands the attack vector far beyond what cloud migrations ever posed.

How AI Powers Threat Actors 

Cybercriminals are aggressively embracing AI as rapidly as accounting firms, but they use it to strike faster and at scale with hyper-personalised content. AI has become the weapon of choice to accelerate breach velocity. Scouting for entry points and familiarising attack targets, tasks that once took days or weeks, can now be done by AI-powered systems in minutes; scanning networks, identifying vulnerabilities, and mapping potential attack paths automatically. 

AI’s capabilities for attackers include: 

• Automated Reconnaissance: AI scans and identifies weaknesses without human intervention. 
• Intelligent Attack Planning: Machine learning algorithms adapt attack strategies in real time, making detection far more difficult. 
• Adaptive Evasion: AI-powered attacks learn from failed attempts, evolving to bypass existing security measures. 

This closes the gap between attackers and defenders, raising the stakes for firms relying on outdated or piecemeal security defences. 

Meanwhile, accounting firms mirror a “Wild West” of AI adoption: with each team member often deciding which AI tools to use, what data to share, and how to interact with them. Without centralised control, data flows through personal accounts, unsecured devices, and unmonitored channels turning everyday productivity shortcuts into cyber security risks. 

The Wild West of AI: Why Control Matters 

Accounting professionals are not lagging in adopting AI but the current state in many firms resembles the Wild West: ungoverned and unregulated. Team members bring personal AI tools into professional environments, creating security gaps that cybercriminals are eager to exploit; this state is like a time defined by rapid expansion, lack of oversight, and high stakes.  

This decentralised approach mirrors the chaos of frontier towns, where individuals operated independently, using whatever tools they preferred without structure, standards, or shared responsibility. 

The result of this lawless AI adoption is a chaotic environment where sensitive client data flows through personal AI-driven accounts and unsecured platforms, painting a Wild West scenario in cloud accounting technology: 

• No Central Governance: Team members adopt their own AI tools without oversight, creating a fragmented environment where security standards vary wildly. 
• Uncontrolled Proliferation: Different individuals and departments use different platforms, resulting in a patchwork of tools with inconsistent security, making the entire firm more vulnerable to breaches. 
• Productivity-First Mentality: Employees focus on immediate gains, like automating a 4-hour report, without considering long-term risks 
• Lack of Established Policies: Many firms lack clear guidelines on what client data can be entered into AI platforms, what security measures are required, or who is accountable for AI usage. 
• Individual Self-Governance: Employees decide on their own what is safe to share, such as manually removing client names before inputting data, rather than following standardized protocols to protect confidentiality and data integrity. 

Without centralised policies, firm-approved tools, and clear security protocols, this lawlessness can quickly lead to breaches, compliance violations, or business email compromise fraud through AI-driven data leaks of personally identifiable information.  

Jamie Beresford, Practice Protect’s CEO, sums it up best: 

“You don’t want this Wild West scenario where everyone brings their personal AI tools into the office. Without central policies, you have no idea where your client data goes or who can access it.”

Practice Protect’s Integration with Major AI Platforms: Secure Guardrails for Your Client Data 

Practice Protect integrates directly with the AI platforms that accounting professionals rely on, including ChatGPT and Claude. This integration provides secure guardrails around client data, enabling firms to harness AI’s capabilities without exposing confidential financial and identity information to unnecessary risk.  

Figure 1. Practice Protect Dashboard with ChatGPT, Claude, and Cloud Applications 

A controlled login process ensures accounting professionals — including those in distributed teams — can maintain data integrity and uphold responsibility for every piece of information entered into AI-driven tools. 

Practice Protect’s integration lets you do that and stay in control of this wild west of AI adoption with:  

• Secure Login Management: AI platforms are added to the Practice Protect portal, with admin-controlled logins. Credentials never need to be manually entered, and passwords stay hidden during login, eliminating a major risk of credential theft or exposure.  
•  Multi-Factor Authentication (MFA):  MFA can be enforced for AI platform logins through the secure portal, ensuring only authorized users gain access, even if passwords are compromised. 

If requirements are met, Single Sign-On (SSO) can be enabled for Enterprise subscriptions of ChatGPT, streamlining access while maintaining security standards. Practice Protect also provides complete visibility into app usage through the portal, giving firms a clear, real-time view of how AI tools are used across the organization. 

The Audit Trail Advantage: Visibility and Peace of Mind 

Visibility is essential for effective security. Practice Protect’s AI integration includes comprehensive audit trails for user logins and cloud application access, including AI platforms like ChatGPT.

Figure 2. Activity trail of Application Usage and other Cloud Application Logins   

These audit logs go beyond compliance requirements, giving firms a detailed and actionable view of how data flows through their technology stack. Tracking who accesses AI applications, when, and from which locations empowers firms to spot potential vulnerabilities early and address them before they escalate into breaches. With this level of insight, accounting professionals gain the peace of mind that comes from knowing their client data is secure, even as AI adoption accelerates.    

Harness AI Without Compromising Client Data 

AI is already embedded in accounting technology, and it’s evolving fast; each improvement in AI makes both defenders and attackers smarter.  But cyber criminals don’t face compliance obligations; they just innovate. Firms must close governance gaps before the rate of AI-driven attacks outpaces their defences. 

Avoiding AI entirely isn’t realistic; it’s a competitive edge for accounting professionals embracing innovation and workflow automation. However, embracing AI without structured security policies leaves your firm exposed in the Wild West.  

Practice Protect’s AI integrations help firms harness the benefits of AI tools while protecting client confidentiality and maintaining control.  With a secured, trusted platform, you can maximise the advantages of AI while neutralising its risks to your data; all while moving your firm from a reactive to a proactive cyber security posture.