• Coworking
  • Technology
Emily Nguyen on July 1, 2026

How Operators Can Use AI Without Losing Control of Member Data

Somewhere in your business right now, someone is probably pasting member data into an AI tool. Maybe it’s a list of members whose plans are expiring, a batch of support tickets, or a spreadsheet pulled from old invoices. They’re not trying to break any rules – they’re just trying to get through their tasks faster.

This is happening at workplaces everywhere, whether IT teams know about it or not. And it puts companies in an uncomfortable position: AI is clearly useful, but member data is exactly the kind of information that shouldn’t end up scattered across third-party tools with no oversight.

Why blanket bans don’t work

The instinctive response is to lock it down. Block the tools, write a policy, tell staff not to upload customer information into AI assistants.

Some organisations have tried this. In practice, it rarely holds. If a tool can summarise a week’s worth of support tickets in seconds, draft renewal emails, or flag overdue invoices before someone has to go digging for them, people will use it – policy or no policy. Banning the tools doesn’t remove the time pressure that drove people to them in the first place; it just pushes the behaviour out of sight.

The real challenge isn’t stopping staff from using AI. It’s making sure they use it responsibly and the systems they’re using it on are built to handle that safely.

The software model is shifting

For most of the last decade, workspace software has worked the same way: a person logs in, clicks through a dashboard, reviews the information in front of them, and decides what to do next. A human is in the loop at every step, and the platform doesn’t need to ask who’s looking or why.

AI agents don’t work like that. Increasingly, they interact with software directly – through APIs, command-line tools, and automation layers – without a person manually reviewing each screen along the way. Instead of just displaying information, the software is being asked to analyse it, draw conclusions, and act.

That’s a meaningful shift. It means AI needs enough access to data to actually be useful, while operators need confidence that the access being granted is proportionate, appropriate, and something they can account for if asked.

Why this needs to be a platform decision, not just a policy one

Policies still matter, but they can’t be the only safeguard. A policy only works if every person remembers it, every time, under deadline pressure – which is precisely the condition under which people are most likely to ignore it.

The more durable approach is building the distinction into the software itself: the platform should know whether it’s talking to a human user or an automated agent, and should treat personal data accordingly by default.

Most of the tasks operators actually want AI to help with don’t require it to see a member’s name, email, or phone number at all. Identifying overdue invoices, spotting occupancy trends, clustering support requests, flagging churn risk – none of this requires personal identifiers to be useful. If the platform handles that distinction automatically, it stops depending on whether someone remembered to use the right prompt or toggle the right setting.

How Nexudus approaches AI governance

We’ve been thinking about AI governance alongside AI capability.

As we develop tools like our MCP server and command-line interface (CLI), we’re also building controls that recognise who or what is interacting with the platform.

We’ve built these safeguards directly into the Nexudus CLI, where AI agents interact with the platform.

When it’s used interactively by an authorised person, it returns the information they need to do their job.

When it’s accessed by an AI agent or automated workflow, personal information is automatically replaced before it’s returned. The AI can still analyse accounts, identify trends and complete operational work, but it doesn’t automatically receive member names, email addresses or phone numbers.

Where access to personal information is genuinely required, there’s a deliberate, time-limited process that requires human confirmation and is fully auditable.

Adrian Palacios (co-founder and CTO) explores the thinking behind this approach in more detail, explaining why structural protection will become increasingly important as AI becomes part of day-to-day operations. operations.

 

Where this is heading

Most operators aren’t trying to replace their teams with AI. They’re trying to spend less time copying data between spreadsheets, hunting for the right invoice, or doing administration that a tool could handle in seconds.

AI is becoming another way to interact with business software – much the way mobile apps changed how people accessed systems a decade ago. It’s not a separate category to be managed at arm’s length; it’s becoming a normal access point, alongside the dashboard and the mobile app.

The operators who benefit most from this shift won’t necessarily be the ones adopting the newest tools first. They’ll be the ones whose platforms were built to handle that access responsibly from the start, giving teams room to experiment with AI without putting member trust on the line.

You probably don’t need another policy document. You need software with the safeguards already built in.

Emily Nguyen Marketing
Author

Want to know more about
how Nexudus could help your business?

We’re here to answer any questions you have.

Get in touch

Latest articles