Artificial intelligence in business: an economic security issue before it is a technological one

In just a few months, artificial intelligence has established itself as a central tool for transforming organizations. Task automation, faster decision-making processes, drafting assistance, analysis of complex data: the promises are numerous and, for many companies, already tangible. This rapid adoption has, however, been accompanied by a more discreet but potentially far more structuring phenomenon: the use of AI tools without a real governance framework, without clear control over data flows, and sometimes without real awareness of the implications in terms of security and sovereignty.

It is in this context that a recent memo from the General Directorate for Internal Security (DGSI), relayed in particular by Le Figaro, has drawn attention. French domestic intelligence, usually associated with the fight against terrorism or foreign interference, deemed it necessary to warn companies about the risks posed by uncontrolled use of AI. A strong signal. Because when the DGSI speaks out on a subject, it is not to comment on a technological trend, but to highlight an issue relating to national economic security.

This stance marks an important shift: artificial intelligence is no longer just a performance tool; it is becoming a strategic issue, on the same level as protecting information assets, digital sovereignty, or the competitiveness of French companies.

An institutional alert about losing control

In its note, the DGSI fully acknowledges the productivity gains and opportunities offered by AI. It does not call into question the value of these technologies, but it highlights the possible excesses when their use escapes any framework. Among the examples cited are practices that are now very widespread: employees who copy and paste internal documents into public AI tools, without managerial approval, sometimes without even gauging the sensitivity of the information being transmitted.

The risk is therefore twofold. On the one hand, data leaves the company’s secure environment to be processed by external infrastructures, often located outside the European Union. On the other hand, it may be stored, analyzed, or even reused under terms that completely escape the organization’s control. Some platforms specify that the data may be used to improve their models; others remain deliberately vague. In all cases, the company loses control over what it entrusts.

The DGSI also warns about another drift: decision dependence. In one of the cases mentioned, a company relied exclusively on an AI to assess its business partners and steer its strategic choices, without carrying out any additional verification. This situation illustrates a gradual but worrying shift, where the decision-support tool becomes a substitute for human analysis. Yet, as the note reminds us, AI does not produce truths, but statistically plausible outputs. It can be wrong, hallucinate, produce false or incomplete information, sometimes with a high level of apparent credibility.

Lastly, the DGSI points to the growing use of AI for malicious purposes, notably “deepfakes,” which can imitate a voice or appearance with such realism that they make certain fraud attempts almost undetectable. In this context, AI becomes not only a productive tool, but also a potential vector for manipulation, interference, and attacks on companies’ integrity.

The real issue: data sovereignty

What this alert reveals, beyond the concrete examples, is a deeper issue: AI is becoming a strategic layer of companies’ information systems, without those companies always having rethought their data governance accordingly.

Historically, companies have learned to secure their servers, networks, and databases. They know where their information is stored, who accesses it, and under what conditions. AI, by contrast, introduces a new type of flow: data is no longer only stored or exchanged; it is ingested, analyzed, reformulated, and sometimes integrated into models whose internal workings are opaque.

Using a public AI therefore amounts to delegating part of the processing of your strategic information to a third party, without always having a clear view of:
• the exact location of the servers,
• the data retention period,
• their potential reuse,
• the applicable legislation, in particular extraterritorial laws.

For a company, this is not only a legal or regulatory risk. It is a competitiveness issue. Internal data, contractual documents, business strategies, responses to calls for tenders, or working methods constitute an intangible asset whose value is considerable. Exposing them, even unintentionally, weakens its position in its market.

AI and tenders: a critical use case for both buyers and bidders

Calls for tenders are one of the areas most sensitive to the use of artificial intelligence, because they concentrate strategic information for all stakeholders. The risk is not limited to the companies responding to the consultations. It also concerns the public and private buyers who issue and evaluate them.

On the buyer side, a tender dossier contains particularly sensitive elements:
• sometimes confidential operational needs,
• strategic directions,
• budget constraints,
• internal evaluation criteria,
• organizational and technical trade-offs.

Using unsecured AI to analyze, rephrase, or structure these documents can expose information that directly relates to the organization’s procurement strategy and industrial policy. In some sectors, this data can have economic, competitive, or even geopolitical value.

From the bidder’s side, the risks are just as high. A response to a call for tenders reveals:
• the cost structure,
• positioning strategy,
• production or service delivery methods,
• the internal organization,
• the company’s differentiating factors.

Entrusting this data to a public AI amounts to exposing the very essence of one’s competitive advantage. This can weaken the company’s competitiveness, but also call into question the integrity and fairness of the procedure. In both cases, the issue is the same: AI becomes a focal point for information risk. It does not only process administrative data, but elements that directly shape economic, contractual, and strategic decisions.

Applying AI to tenders without a secure architecture therefore amounts to moving a critical process into an environment whose rules, infrastructure, and potential secondary uses the company controls neither. This is precisely what makes this use case particularly sensitive, and what justifies a higher security requirement than for most other enterprise AI applications. 

A technological response aligned with security requirements

It is precisely to address these challenges that certain solutions were designed from the outset around a requirement for sovereignty and control. At Specgen, data security has never been seen as an optional feature, but as a prerequisite for any use of AI in the field of tenders. Two deployment models are offered.

The first is based on fully on-premises installations. In this case, the entire platform and AI models are deployed on the client’s servers. The AI runs on the intranet, with no communication with the outside. The data remains physically and logically under the company’s exclusive control. This model meets the strictest confidentiality requirements, particularly for organizations subject to high regulatory constraints or handling highly sensitive information.

The second model relies on a highly secure private cloud. The infrastructure is dedicated, hosting is controlled, data is never used to train the models, and the architecture is designed to meet the security standards expected by institutions such as ANSSI. This is not access to a public AI, but a controlled environment, contractually governed and technically isolated. In both cases, the logic is the same: no reliance on consumer AI, no uncontrolled pooling of data, no opacity around processing.

Added to this is a fundamental design principle: the absence of an “autopilot.” The AI never acts autonomously. It assists, analyzes, and suggests, but the decision remains human. This approach ensures that the tool strengthens teams’ expertise without ever replacing it.

Changing how we view artificial intelligence

The DGSI’s warning should not be interpreted as a challenge to AI. On the contrary, it is an invitation to rethink how it is used. Artificial intelligence is neither inherently dangerous nor inherently virtuous. Everything depends on the architecture chosen, the governance framework put in place, and the level of control retained by the company.

In the long run, the real dividing line will not be between companies that use AI and those that do not, but between those that use it without sovereignty and those that integrate it into a controlled strategy. The first category is exposed to growing risks. The second turns AI into a lasting competitive advantage. This shift in perspective is essential. It makes it possible to move beyond a binary view that pits innovation against security. The challenge is not to slow innovation, but to embed it in a framework that protects economic interests, data confidentiality, and the digital sovereignty of French companies.

In this context, AI must not be a factor of dependency. It must become a strategic tool—chosen, governed, and mastered.