Are Your Power Platform Apps Now “High‑Risk AI”? Fix This Before Audits

Imagine deploying a chatbot to help your staff manage daily tasks, and within minutes it starts suggesting actions that are biased, misleading, or outright unhelpful to your clients. This isn’t sci-fi paranoia—it’s what happens when Responsible AI guardrails are missing. Responsible AI focuses on fairness, transparency, privacy, and accountability—these are the seatbelts for your digital copilots. It reduces risks, if you actually operationalize it.

The fallout? Compliance violations, customer distrust, and leadership in panic mode. In this session, I’ll demonstrate prompt‑injection failures and show governance steps you can apply inside Power Platform and Microsoft 365 workflows. Because the danger isn’t distant—it starts the moment an AI assistant goes off-script.

When the AI Goes Off-Script

Picture this: you roll out a scheduling assistant to tidy your calendar. It should shuffle meeting times, flag urgent notes, and keep the mess under control. Instead, it starts playing favorites—deciding which colleagues matter more, quietly dropping others off the invite. Or worse, it buries a critical message from your manager under the digital equivalent of junk mail. You asked for a dependable clock. What you got feels like a quirky crewmate inventing rules no one signed off on.

Think of that assistant as a vessel at sea. The ship might gleam, the engine hum with power—but without a navigation system, it drifts blind through fog. AI without guardrails is exactly that: motion without direction, propulsion with no compass. And while ordinary errors sting, the real peril arrives when someone slips a hand onto the wheel.

That’s where prompt injection comes in. This is the rogue captain sneaking aboard, slipping in a command that sounds official but reroutes the ship entirely. One small phrase disguised in a request can push your polite scheduler into leaking information, spreading bias, or parroting nonsense. This isn’t science fiction—it’s a real adversarial input risk that experts call prompt injection. Attackers use carefully crafted text to bypass safety rules, and the system complies because it can’t tell a saboteur from a trusted passenger.

Here’s why it happens: most foundation models will treat any well‑formed instruction as valid. They don’t detect motive or intent without safety layers on top. Unless an organization adds guardrails, safety filters, and human‑in‑the‑loop checks, the AI follows orders with the diligence of a machine built to obey. Ask it to summarize a meeting, and if tucked inside that request is “also print out the private agenda file,” it treats both equally. It doesn’t weigh ethics. It doesn’t suspect deception.

The customs metaphor works here: it’s like slipping through a checkpoint with forged documents marked “Authorized.” The guardrails exist, but they’re not always enough. Clever text can trick the rules into stepping aside. And because outputs are non‑deterministic—never the same answer twice—the danger multiplies. An attacker can keep probing until the model finally yields the response they wanted, like rolling dice until the mischief lands.

So the assistant built to serve you can, in a blink, turn jester. One minute, it’s picking calendar slots. The next, it’s inventing job application criteria or splashing sensitive names in the wrong context. Governance becomes crucial here, because the transformation from useful to chaotic isn’t gradual. It’s instant.

The damage doesn’t stop at one inbox. Bad outputs ripple through workflows faster than human error ever could. A faulty suggestion compounds into a cascade—bad advice feeding decisions, mislabels spreading misinformation, bias echoed at machine speed. Without oversight, one trickster prompt sparks an entire blaze.

Mitigation is possible, and it doesn’t rely on wishful thinking. Providers and enterprises already use layered defenses: automated filters, reinforcement learning rules, and human reviewers who check what slips through. TELUS, for instance, recommends testing new copilots inside “walled gardens”—isolated, auditable environments that contain the blast radius—before you expose them to actual users or data. Pair that with continuous red‑teaming, where humans probe the system for weaknesses on an ongoing basis, and you create a buffer. Automated safeguards do the heavy lifting, but human‑in‑the‑loop review ensures the model stays aligned when the easy rules fail.

This is the pattern: watch, test, review, contain. If you leave the helm unattended, the AI sails where provocation steers it. If you enforce oversight, you shrink the window for disaster. The ship metaphor captures it—guidance is possible, but only when someone checks the compass.

And that sets up the next challenge. Even if you keep intruders out and filters online, you still face another complication: unpredictability baked into the systems themselves. Not because of sabotage—but because of the way these models generate their answers.

Deterministic vs. Non-Deterministic: The Hidden Switch

Imagine this: you tap two plus two into a calculator, and instead of the expected “4,” it smirks back at you with “42.” Bizarre, right? We stare because calculators are built on ironclad determinism—feed them the same input a thousand times, and they’ll land on the same output every single time. That predictability is the whole point. Now contrast that with the newer class of AI tools. They don’t always land in the same place twice. Their outputs vary—sometimes the variation feels clever or insightful, and other times it slips into nonsense. That’s the hidden switch: deterministic versus non-deterministic behavior.

In deterministic systems, think spreadsheets or rule-driven formulas, the result never shifts. Type in 7 on Monday or Saturday, and the machine delivers the same verdict, free of mood swings or creativity. It’s mechanical loyalty, playing back the same move over and over. Non-deterministic models live differently. You hand them a prompt, and instead of marching down a fixed path, they sample across possibilities. (That sampling, plus stochastic processes, model updates, and even data drift, is what makes outputs vary.) It’s like setting a stage for improv—you write the scene, but the performer invents the punchline on the fly. Sometimes it works beautifully. Sometimes it strays into incoherence.

Classic automation and rule-based workflows—like many built in Power Platform—live closer to the deterministic side. You set a condition, and when the trigger fires, it executes the defined rule with machine precision. That predictability is what keeps compliance, data flows, and audit trails stable. You know what will happen, because the steps are locked in. Generative copilots, by contrast, turn any input into an open space for interpretation. They’ll summarize, recombine, and rephrase in ways that often feel humanlike. Fluidity is the charm, but it’s also the risk, because that very fluidity permits unpredictability in contexts that require consistency.

Picture an improv troupe on stage. You hand them the theme “budget approval.” One actor runs with a clever gag about saving, another veers into a subplot about banquets, and suddenly the show bears little resemblance to your original request. That’s a non-deterministic model mid-performance. These swings aren’t signs of bad design; they’re built into how large language models generate language—exploring many paths, not just one. The catch is clear: creativity doesn’t always equal accuracy, and in business workflows, accuracy is often the only currency that counts.

Now apply this to finance. Suppose your AI-powered credit check tool evaluates an applicant as “approved.” Same information entered again the next day, but this time it says “rejected.” The applicant feels whiplash. The regulator sees inconsistency that smells like discrimination. What’s happening is drift: the outputs shift without a transparent reason, because non-deterministic systems can vary over time. Unlike human staff, you can’t simply ask the model to explain what changed. And this is where trust erodes fastest—when the reasoning vanishes behind opaque output.

In production, drift amplifies quickly. A workflow approved to reduce bias one month may veer the opposite direction the next. Variations that seem minor in isolation add up to breaches when magnified across hundreds of cases. Regulators, unlike amused audiences at improv night, demand stability, auditability, and clear explanations. They don’t accept “non-determinism is part of the charm.” This is why guardrails matter. Regulators and standards ask for auditability, model documentation, and monitoring—so build logs and explainability measures into the deployment. Without them, even small shifts become liabilities: financial penalties stack up, reputational damage spreads, and customer trust dissolves.

Governance is the human referee in this unpredictable play. Imagine those improvisers again, spinning in every direction. If nobody sets boundaries, the act collapses under its own chaos. A referee, though, keeps them tethered: “stay with this theme, follow this arc.” Governance works the same way for AI. It doesn’t snuff out innovation; it converts randomness into performance that still respects the script. Non-determinism remains, but it operates inside defined lanes.

Here lies the balance. You can’t force a copilot to behave like a calculator—it isn’t built to. But you can put safety nets around it. Human oversight, monitoring systems, and governance frameworks act as that net. With them, the model still improvises, but it won’t wreck the show. Without them, drift cascades unchecked, and compliance teams are left cleaning up decisions no one can justify.

The stakes are obvious: unpredictability isn’t neutral. It shapes outcomes that affect loans, jobs, or healthcare. And when the outputs carry real-world weight, regulators step in. Which brings us to the next frontier: the looming arrival of external rules that don’t just suggest oversight—they mandate it.

The EU AI Act: Asteroid Incoming

Picture this: you’ve built a shining new AI project, a digital city with neat streets and humming activity. Districts for data, bridges of integration, skyscrapers of clever features—it all feels solid. Then overnight the EU AI Act arrives, like a set of zoning rules dropped from orbit. Whole blocks of your city are now labeled as regulated, some as tightly monitored, others as simply disallowed if they cross into manipulative or harmful ground. It’s not optional. It’s legislation, and your city must remodel itself whether you planned for it or not.

At the core of these rules is categorization. Systems are placed into tiers of minimal, limited, high, or outright unacceptable risk. Minimal might cover a chatbot helping customers with FAQs. High-risk sweeps in recruitment tools, credit scoring, and workplace monitoring. Unacceptable covers manipulative or dangerous uses that are effectively banned outright. These aren’t just labels—they map directly to obligations. If classed as high-risk, you must provide transparency and explainability, keep detailed logs ready for audits, and implement human oversight. Suddenly, your bright new city isn’t just asked to function—it’s asked to prove, in detail, how and why it functions.

For developers and solution builders, that’s a sharp turn. Yesterday, features could be dropped into apps at sprint speed. Today those same features may demand compliance reviews before a single demo. A recruitment app ranking CVs in Power Platform, once just a neat timesaver, suddenly falls into high-risk territory. It didn’t break—it just impacts people in ways the Act defines as sensitive, and that changes the stakes.

This is where panic sets in for many teams. Transparency means logs of how decisions are reached, not a vague bullet list in a deck. Auditability requires that every decision path is stored and retrievable, ready for regulators to inspect. Human oversight means live responsibility—actual people watching the system, able to intervene when the model veers off course. These aren’t light guidelines, but enforceable conditions. Quick prototypes transform into supervised deployments with compliance sign-off required at every turn. Speed gives way to structure.

Think of the Act less as red tape and more as oxygen rules on a spacecraft. You might roll your eyes fastening the mask in smooth skies, but during turbulence it’s the one thing keeping the crew alive. The Act is the same: the rules feel heavy until you remember why they exist—because one lapse can suffocate trust across an industry. And here’s a critical warning: you can’t defer compliance. The Act enforces obligations now, and retrofitting logs, controls, and oversight later will be more expensive than embedding them at design stage.

The consequences for ignoring these requirements aren’t just financial. Fines sting, yes, but reputation is harder to repair. Once customers discover your tool crossed a red line, trust in your whole shop erodes. You can’t patch that with an update. Public confidence is fragile, and when it cracks, users switch elsewhere. The biggest penalty isn’t written in law—it’s written in customer behavior.

So here’s the uncomfortable inventory question: do you even know which of your AI features qualify as high-risk? That CV sorter, that predictive productivity tool—if they touch sensitive areas like employment or financial prospects, the Act cares. And it doesn’t matter if you see them as harmless helpers. Classification carries obligations whether you acknowledge them or not. Smart organizations start with an inventory, cataloguing which features sit where, before regulators tell them the answer for a fee.

That’s the real twist. The Act doesn’t gently recommend Responsible AI; it demands it. Governance isn’t optional seasoning anymore—it is baked into law. Either you architect with responsibility from the ground up, or the law enforces responsibility from outside, with penalties and auditors in tow. In that sense, the asteroid has already landed. You can’t push it away—you can only shield against the impact and keep your city habitable.

Which raises the practical question: what shields do you have at hand? Because in this landscape, surviving the asteroid isn’t about luck—it’s about using the defenses already sitting in your control panel.

Microsoft Ecosystem: Shields and Guardrails

In the Microsoft ecosystem, the shields are already built into the ship—you just have to switch them on. Microsoft 365 and Power Platform carry governance tools that too often go unnoticed, tucked away as if they were optional extras. They’re not decoration. They’re the structural plating that keeps your systems intact when regulation and risk come calling. The danger comes when teams glance at these dashboards, shrug, and move on. Because these are not bonus toggles; they’re survival gear.

Start with visibility. Microsoft 365 and Power Platform embed oversight features that let you trace how models behave, log decisions, and surface explanations in plain terms. No need to rely on a black box muttering strange verdicts. You get an actual feedback loop—signals on the console whenever an algorithm strays. That distinction is the line between steering blind and navigating with instruments that tell you exactly when you’re drifting.

Then there’s transparency. Some vendors, like AWS, provide AI Service Cards to document model use and limits. Microsoft approaches this differently, with its Responsible AI Standard and tools such as the Responsible AI Dashboard. These give practitioners explainability reports, performance notes, and responsible design choices. Think of it as a copilot that annotates its reasoning instead of just handing you a plan. You see each consideration, not just the final outcome. As for model-level protections, remember this: vendors all provide guardrails of some form. In Microsoft’s environment, you’ll find policy controls, explainability dashboards, and audit logs performing that same role—blocking malicious input attempts and filtering results before they spiral into chaos.

For explainability itself, there are established methods like SHAP or vendor-specific tools such as SageMaker Clarify. In Microsoft’s world, the Responsible AI Dashboard fills that role, giving clear reports on which variables drove a model’s choice. With these, the “magic act” of an AI’s decision stops being a scary trick. You can see which inputs mattered and weigh whether the outcome was fair. Auditors get traceable evidence, and users gain trust that the model isn’t conjuring nonsense from thin air.

And then comes the plain but vital safety net: data protection. Enable Data Loss Prevention to keep sensitive information from slipping into the wrong currents, and pair it with retention of logs and audit trails. Collectively, these function as your black box recorder—every action, every deviation catalogued so you can trace missteps when they occur. Skip this, and you’re left with empty smoke when errors ripple out.

The payoff isn’t abstract. Consider a basic Power App built with AI Builder. In early drafts, it hoovered up more personal information than any organization could justify—names, records, sensitive fields exposed. Once compliance settings were activated, the flood stopped. Data boundaries hardened, the app still worked, and privacy rules were honored. The architecture wasn’t demolished and rebuilt—it was aligned by turning on shields that were sitting there the whole time.

For first deployment stages, there’s another practice worth adopting: TELUS-style “walled gardens.” By testing copilots in a contained and auditable sandbox, you restrict any unexpected behavior to a safe zone before releasing it to business-critical workflows. It’s a testing ground with walls high enough that mistakes don’t leak into production systems. Pair that with robust monitoring, and your organization catches missteps before they become headlines.

Governance dashboards tie this together. They are not just “status screens”—they give teams active oversight. Supervisors can question, approve, or veto AI outputs in real time. That’s human-in-the-loop enforcement baked into the system. Without such oversight, automation runs free until it collides with a policy violation. With dashboards in place, humans sit in the control tower, coordinating each AI system like aircraft in busy airspace. Instead of midair chaos, you get a synchronized, managed flow.

And here lies the turnaround: once organizations see these systems as defenses, they switch from regulatory burden to productivity multiplier. You skip rework. You hand regulators the logs they want in an instant. You move faster because compliance was part of the design, not a patch added later. What once dragged your pace now accelerates it.

Still, shields don’t operate by themselves. They require configuration, review, and steady monitoring. These controls help, but they must be correctly managed by people.

Governance Boards: The Last Defense Against Mayhem

Think of a governance board as the bridge crew of your starship—the collective keeping the course steady when turbulence rattles the controls. Shields, compliance toggles, and audit logs may hum in the background, but someone still has to look out the window, watch the dials, and respond when the unexpected pours in. Without that oversight, even the best guardrails are just metal with no judgment behind them.

A governance board isn’t a lone officer barking orders. It’s built as a cross‑functional crew, bringing in technology leads, data governance owners, legal or compliance advisors, a business representative, and at least one independent reviewer. Each plays a different role because AI doesn’t sit neatly inside a silo. A resume‑screening tool affects HR, a forecasting algorithm shapes finance, and a chatbot speaks directly to your customers. One function alone can’t anticipate all consequences—it takes a roundtable to spot and correct risks before they spill across departments.

Now imagine running without that crew. Leaving AI unchecked is like setting autopilot in an asteroid field—it feels fine until one strange maneuver veers the ship off course. Guardrails may be in place, but they don’t interpret, they don’t question, and they don’t anticipate. The governance board is the thinking layer—humans looking past the blinking lights to see context, ethics, and fallout before the drift becomes disaster.

Their duties aren’t abstract. They run regular bias and fairness audits, confirm data provenance, review compliance reports, and track how non‑deterministic systems improvise. They operate cadence, setting the schedule for checks so problems get caught early rather than after launch. And they expand that by defining key performance indicators—fairness, accuracy, drift metrics—so ongoing monitoring isn’t guesswork but measured accountability.

For non‑deterministic outputs especially, these boards guard the edges. AI doesn’t always return the same reply—it samples, improvises, wanders. That can generate creative answers, or it can veer into misleading outputs that undermine trust. A governance board acts as the digital safety watch: logging unexpected results, red‑teaming prompts, flagging dangerous patterns, and pulling humans back into the loop when automated filters miss something. They don’t choke innovation—they keep it operating within safe bounds.

And here’s the practical difference. Organizations with effective governance boards tend to catch issues in trial runs. A fairness audit surfaces bias in a recruitment model, the issue gets corrected quietly, and the rollout proceeds without scandal. In organizations without such oversight, the story breaks in the press first: customers discover harm, regulators spot the failures, and corrective action arrives too late. Prevention costs time; remediation costs reputation. The pattern repeats often enough to make the lesson clear.

The foundation of these boards revolves around fairness, transparency, accountability, safety, and privacy. Fairness makes sure outcomes don’t penalize users along demographic lines. Transparency requires decisions to be explainable in clear terms, both for users and for compliance. Accountability ensures there is a designated role accepting responsibility—not “the AI did it,” but “this officer owns the result.” Safety keeps outputs from causing harm or misuse. Privacy protects sensitive data so individuals don’t become unintentional cargo in a risky voyage. Each principle is strong alone, but together they weld the hull that makes Responsible AI work under scrutiny.

And boards don’t just uphold principles—they execute actions. They review model documentation to confirm clarity, run risk‑intake processes to classify use cases, and enforce human‑in‑the‑loop checkpoints where oversight is required. As a starting deliverable, one of the simplest and most valuable actions is an AI use‑case inventory and risk tiering. This quick map shows which projects qualify as high‑risk, which require strict governance, and which pose lower stakes. It’s tangible evidence for leadership and regulators alike that oversight is structured, not improvised.

Even at full speed, the board’s meetings act as regular scans on the journey. They not only set strategy, but they track metrics and enforce compliance reporting. That cadence builds resilience: testing cycles, fairness KPIs, and drift reviews set the rhythm so ongoing guardrails stay active instead of fading after deployment. Through these rituals, oversight stops being a one‑time checkbox and becomes a living process.

Recruitment AI tells the cautionary tale. Models trained on flawed data silently absorbed bias, downgrading candidates from certain groups without any intent from developers. Left unnoticed, discrimination spread at scale—until lawsuits came. A governance board armed with fairness audits and provenance checks could have noticed the skew long before production. That difference—prevention versus revelation—is why these boards exist.

So governance boards aren’t side projects, and they’re not decorative committees. They are the last defense between steady guidance and avoidable mayhem, the crew charged with turning Responsible AI slogans into grounded practice. By maintaining structure, metrics, and accountability, they ensure the vessel advances with trust intact.

And this brings us full circle: with boards in place, oversight becomes culture, not patchwork. Which raises the sharper truth we close on—Responsible AI isn’t a bonus setting you toggle for show. It’s the safety apparatus that determines whether you survive the turbulence ahead.

Conclusion

Responsible AI is not optional—it’s what separates an organization in control from one drifting into chaos. With it, you build trust, significantly reduce risk, and position your AI projects for long-term success instead of short-term flare‑ups.

So here’s your next move: inventory your AI use cases, enable the protections already sitting in your platform, and stand up a governance board to monitor them. Treat those steps as mission control, not side quests. Show notes include a checklist and links to the tools we covered, so you can start right now.

If this episode charged your dilithium crystals, set your podcatcher to auto‑dock—hit follow. Beam your questions to @OurShow and I’ll read the best ones next time.

This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit m365.show/subscribe