AI Governance for Manufacturers: Why Security and Policy Come Before Any AI Tool
Originally published on June 17, 2026
Manufacturers are eager to adopt AI, and that enthusiasm is creating a serious problem. Companies are signing up for AI platforms, loading in sensitive business data and skipping the foundational steps that make AI adoption safe and sustainable. According to Mike Sibley, CPA at James Moore & Company, AI governance for manufacturers isn’t optional, it’s where every implementation has to start.
During a recent James Moore Live episode, Mike Sibley shared his framework for responsible AI adoption in manufacturing. The discussion made clear that the biggest mistake companies make isn’t moving too slowly. It’s moving too fast without the right structure in place.
The Framework Starts With Security
Before a manufacturer touches an AI tool, Mike says the first priority is data security. That means understanding where your data lives, who has access to it and what happens when it enters an AI platform.
This isn’t a hypothetical risk. Mike has seen it happen firsthand.
“Don’t just go sign up for an AI account on any of the platforms and start throwing all your data into it. You can really open yourself up to releasing information that you don’t want released.”
Employees who use personal or consumer-grade AI accounts for work purposes may be feeding proprietary business information into systems that aren’t designed to protect it. For manufacturers handling supplier contracts, pricing data or customer forecasts, that exposure can be significant.
Governance Defines the Rules of the Road
Once security is addressed, the next layer is governance. A governance policy answers the questions most manufacturers haven’t thought to ask yet: Where can AI be used in our business? Where can it not be used? Who is authorized to use it and how?
Mike describes this as a necessary guardrail.
“You need a governance policy. How are you going to govern the use? Where can AI be used, where can it not be used? Because there’s a big risk that you have employees who are just throwing data into an unsecure version or connecting straight to data sources.”
Without this policy, AI use inside a company becomes inconsistent and potentially dangerous, driven by individual habits rather than intentional strategy.
Training Is Part of the Foundation Too
Security and governance set the boundaries. Training ensures people can work effectively within them. Mike is direct about the fact that a lack of understanding, not resistance, is what holds most manufacturers back.
“There’s really a lack of understanding. That’s why we’re spending a lot of time training clients and companies on using it and where it can be used.”
Training isn’t about making everyone an AI expert. It’s about making sure employees know how to use AI tools correctly, how to prompt well, how to read and verify the output and how to recognize when something doesn’t make sense.
Build the Framework First, Then Work Down
Mike’s overall guidance is straightforward: look at the infrastructure before you look at the tools.
“Look at your AI framework first and then go from there down in.”
For manufacturers who feel behind on AI adoption, that reframe is useful. Starting with governance, security and training isn’t falling behind. It’s building the foundation that makes everything else work.
Watch the Full Conversation With Mike Sibley
Mike covers a lot more in the full episode, including how AI fits into supply chain forecasting, where manufacturers are seeing real cost savings and how to balance automation with human decision-making. Watch the full James Moore Live episode to hear his complete framework and how James Moore & Company is helping manufacturers put it into practice.
All content provided in this article is for informational purposes only. Matters discussed in this article are subject to change. For up-to-date information on this subject please contact a James Moore professional. James Moore will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within these pages or any information accessed through this site.
