I've spent more than two decades helping small and mid-sized businesses stay operational, secure, and compliant. I've seen technologies come and go - some that changed everything, some that were just noise. I learned early on to pay attention to the difference.
AI is not noise.
But the thing that finally pushed me to build AISafeIQ wasn't AI itself. It was a conversation I had with a client - one I'd worked with for years - who called me in early 2024 and asked a question I couldn't answer with any of the tools I had at the time.
She said: "Our cyber insurance renewal is next month. The carrier added a bunch of new questions about AI. What do I tell them?"
The Question Nobody Had a Clean Answer To
She wasn't asking about cutting-edge AI strategy. She wasn't asking me to explain large language models or build her a custom chatbot. She was asking something much simpler and much more urgent: Can I document that my employees know how to use AI responsibly?
I walked her through what I knew. She had a solid IT policy. She had good security awareness training from a reputable vendor. But none of it covered AI specifically - what employees could and couldn't do with it, what data was off-limits, how to handle AI-generated outputs, what happened if someone pasted a client's financial records into ChatGPT.
She had no AI use policy. She had no AI-specific training. And she had no way to prove either to an insurer asking pointed questions.
I told her I'd look into what was available.
That search is what eventually led me to build this company.
What I Found When I Looked
I spent the next several months talking to clients, colleagues in the MSP space, insurance brokers, and HR consultants. The pattern was consistent:
Businesses knew they had an AI problem. Nobody had a solution that actually fit.
The tools that existed fell into one of three buckets:
Enterprise platforms built for Fortune 500 legal and compliance teams. Expensive, slow to deploy, and designed for organizations with dedicated GRC staff. My clients don't have GRC staff.
Generic policy templates you could download from a lawyer's website or a trade association. Useful as a starting point - but a PDF sitting in a Google Drive folder doesn't train your employees, doesn't track completion, and doesn't produce anything you can show an insurer or an auditor.
Security awareness platforms that were excellent at phishing simulation and general cyber hygiene but hadn't yet built AI-specific content. When I asked my existing vendor about AI training modules, I got a roadmap answer. My clients needed something now.
The gap was specific: there was nothing that combined an AI use policy, AI-specific employee training, and documented proof of both - in a package that a 50-person company could actually deploy and afford.
What 25 Years in MSP Taught Me
When you've been in managed services as long as I have, you stop being surprised by how the same pattern repeats itself.
I watched security awareness training go from a nice-to-have to an insurer requirement. I watched multi-factor authentication go from a recommendation to a mandate for anyone who wanted coverage. I watched endpoint protection, backup documentation, and incident response planning all follow the same arc: ignored, then suggested, then required.
Every time, the MSPs who moved early - who built the capability before clients were forced to ask - were the ones who owned the conversation. The ones who waited were constantly reacting.
I knew within six months of that first conversation that AI governance was on the same trajectory. The EU AI Act had already made AI literacy training a legal requirement in Europe, with enforcement coming in 2026. U.S. carriers were starting to add AI governance questions to renewal questionnaires. It wasn't a question of whether this would become table stakes - it was a question of when.
The answer was: sooner than most people thought.
Why I Built What I Wished Existed
I'm not a software entrepreneur by background. I'm an MSP operator. But I knew what the product needed to do because I was living in the exact environment it needed to serve.
It needed to be fast to deploy - not a six-week implementation project. It needed to produce something a business could hand to an insurer or a regulator as evidence. It needed to cover the actual behaviors that created risk: employees pasting sensitive data into ChatGPT, using personal AI accounts for work projects, uploading meeting recordings to AI summarizers without thinking about what those tools did with the data.
And it needed to be something an MSP could offer as a managed service - wholesale pricing, white-label-friendly, zero ongoing support overhead.
AISafeIQ does four things:
- AI Use Policy - A professionally drafted policy that establishes the rules for how your organization uses AI tools. Not a generic template - a real policy.
- Employee Training - A 10-minute AI literacy course covering the actual risk behaviors employees engage in, the regulatory context, and what your policy requires of them.
- Completion Certificates - Individual certificates for every employee who completes training, timestamped and downloadable. This is the documentation that matters when an insurer or regulator asks for it.
- Insurance Proof Pack - A packaged evidence file with everything a carrier needs to see: your policy, your training completion records, your employee acknowledgments.
That's it. No dashboard sprawl. No six-month onboarding. Ten minutes of employee time, one afternoon of admin time, and you have documented proof that your organization has addressed AI governance.
The Part I Didn't Expect
What surprised me, once I started talking to more businesses, was how relieved people were to have something concrete to point to.
The anxiety around AI in the workplace is real. Business owners know their employees are using AI tools - they just don't know how, or for what, or whether it's creating exposure they can't see. They feel like they're supposed to have answers and don't know where to start.
The businesses I've walked through AISafeIQ don't just get a compliance checkbox. They get clarity. Their employees know what the rules are. Their policy is on file. Their training is documented. When the insurance question comes up at renewal - or when a client asks, or when an auditor wants to see evidence - they have an answer.
That's what I built AISafeIQ for. Not to capitalize on an AI trend. To give the kinds of businesses I've spent my career serving a way to get ahead of something real, before it becomes a crisis.
Where We Are Now
AISafeIQ is live. The platform is in production and accepting its first customers.
If you're a business owner wondering whether you need this: if you have employees who use AI tools at work - and you do, whether you know it or not - and if you have a cyber insurance policy, the answer is yes.
If you're an MSP reading this: the clients who are going to be asking this question at renewal aren't a small segment. They're all of them. The question is whether you have something to offer when they do.