Salesforce UK warns on rushed AI rollouts

Salesforce's UK head did not mince words in May 2026. Badly used AI tools, he told The Times, could be "catastrophic" for businesses. That warning did not come from an AI sceptic. It came from the leadership of one of the world's largest enterprise software companies. That is worth sitting with for a moment.

The real story here is not that AI is dangerous. It is that AI deployed without trained staff, clean data, or documented rules is where the danger lives.

What Salesforce actually said

The Times reported on 27 May 2026 that Salesforce's UK head issued a direct caution about the risks of poorly governed AI. The specific risks named were poor systems, weak data, and inadequate governance around AI deployment.

This was not a general anxiety about artificial intelligence. It was a precise warning about what happens when organisations move fast without foundations. Bad inputs produce bad outputs. Bad outputs drive bad decisions. Bad decisions harm customers, damage reputations, and attract regulatory attention.

For enterprise customers, Salesforce has the account managers, the implementation teams, and the contracts to enforce minimum standards. For SMEs testing AI tools on a free tier or a monthly subscription, none of that scaffolding exists. You are largely on your own.

Why this matters more for SMEs than for large firms

Large organisations have compliance teams, legal departments, and data governance functions. They are slow to adopt AI precisely because they have layers of scrutiny. That scrutiny is not bureaucracy for its own sake. It is the infrastructure that catches bad outputs before they reach a customer or a regulator.

SME owners and compliance managers often do not have that infrastructure. A sales manager pilots a chatbot on live customer enquiries. A finance director asks an AI tool to summarise contracts without checking whether those contracts contain personal data. A marketing team feeds customer records into a third-party AI platform without reading the data processing terms.

None of these people are reckless. They are busy, and the tools are easy to start. The Salesforce warning is a signal that this phase of casual experimentation is closing. Regulators, boards, and insurers are beginning to expect documented governance, not ad hoc experiments.

Poorly governed AI decisions affecting customers or staff can trigger scrutiny under UK consumer protection law, FCA expectations for regulated firms, and UK GDPR accountability requirements where personal data is involved. The accountability burden falls on the organisation using the tool, not the vendor supplying it.

At gecco, we work with SME owners and compliance managers to build the documented frameworks that turn ad hoc AI use into a structured, auditable practice. That work starts with understanding where AI is already being used, often informally, before formalising it.

Three actions to take this week

1. Map where AI is already running in your business. Ask every team lead to name the AI tools they are currently using, including free tools, browser extensions, and personal subscriptions. You cannot govern what you cannot see. This takes under 30 minutes and costs nothing.

2. Limit live pilots to low-risk internal workflows. Drafting internal documents, summarising meeting notes, and running basic analysis on non-personal data are appropriate starting points. Customer-facing outputs and decisions involving personal data should remain human-reviewed until you have a written approval process in place.

3. Assign a named owner for AI sign-off. Identify one person, often the operations lead or compliance manager, who must approve any new AI deployment before it goes live. This does not need to be a formal role. It needs to be a named person with a documented checklist. Create that checklist this week.

None of these actions require specialist technical knowledge. They require an hour of your time and a shared document.

The honest limitation

A lightweight AI use policy will not eliminate risk. It will reduce the most common and avoidable risks. An SME with 20 staff using four different AI tools informally will not become a fully governed AI operation in a week.

The Salesforce warning is also worth reading critically. Salesforce sells AI governance tools and enterprise AI platforms. A public warning about AI risk from a vendor in that space is not purely altruistic. That does not make the warning wrong. The risks named are real. But SMEs should be aware that the recommended remedy from enterprise vendors will often be a product you need to buy from them.

The actions that matter most in the short term are process changes, not new purchases. A documented approval workflow costs nothing. A named human accountable for AI outputs costs nothing. Cleaning the data you already feed into AI tools costs time, not money.

The technology is not the hard part. Getting your team to change how they work is where most AI rollouts actually fail. That is 80% of the challenge.

Where to take this next

If you are an SME owner or compliance manager weighing up how to govern AI your team is already using informally, the AI Readiness survey is built to surface exactly that picture. Taking the survey gives you access to 65+ free resources and a custom AI Readiness report, followed by a free 45-minute AI Readiness call to walk through the results with you.

Website · LinkedIn · Case Studies · Newsletter