Your employees are already using AI. They just aren't using your company when they do.

Your employees are already using AI. They just aren't using your company when they do.

Published: May 22, 2026 - 22 min read

Your employees are already using ChatGPT. They are already using Claude. They are probably using two or three other AI tools you have never approved and do not know about.

You did not need to roll any of this out. They opened a tab. They started asking questions. They got answers that were faster than asking a colleague and felt safer than interrupting their manager.

That is happening today, in your company, at scale, and almost no one in the building has tracked the implications.

Here is the gap nobody is naming.

The AI they are using has no idea who your company is. It does not know your products. It does not know your internal terminology. It does not know how your team prices the work, how your senior people frame the problems, how your most experienced person would actually answer the question your newest hire just asked.

So your employees do the only thing they can do. They get a generic answer to a question that needed a specific one. Or — and this is the part most leadership teams have not yet calculated — they paste enough company context into the chat window to make the question specific, and that context just got transmitted to a third-party tool whose data policy you have never read.

Two weeks ago I wrote about how individual humans are about to be packaged into AI. The thesis was that the protocol now packaging brands into AI tools (Gmail, Notion, Shopify, Booking.com) does not care whether the thing being packaged is a brand or a person. A person's methodology, voice, judgment, and frameworks can be packaged the same way.

The category I did not address in that piece is the one most readers actually run.

Companies.

Specifically, the part of a company that is not customer-facing. The internal knowledge. The methodology that took the senior people fifteen years to refine. The recordings of the lunch-and-learns nobody can find. The eight-step process the sales team uses that lives in the head of one person who is two years from retirement.

That layer has never been packaged. It is the largest untouched knowledge surface in business. And it is the next obvious move on the same protocol that already packaged Salesforce.

Let me show you exactly what becomes possible when you do.

The Current Tax Most Companies Are Quietly Paying

Walk into a typical mid-sized company today. Let us say it has around 200 employees, eleven client-facing teams, an actively used Slack, a CRM that holds a few years of history, a shared Drive, a Notion workspace someone set up three years ago, and a folder of Loom recordings that the senior consultants made when they had time.

Now watch what happens when a newer employee needs to do something they have never done before.

They search Notion. The page they need either does not exist or is two years out of date. They search Drive. They find seven folders with similar names and no way to tell which one is current. They ask in Slack. The person who actually knows is in a meeting. They ask ChatGPT. ChatGPT does not know your company.

So they do one of three things.

They paste a stripped-down version of the question into ChatGPT and get a generic answer that does not quite fit.

They paste a fuller version of the question, with company specifics, and get a better answer that just sent your internal context to a third-party tool you do not control.

Or they wait. They interrupt three people, get half-answers from two of them, and finally get the right answer from the senior consultant who has done this thing forty-seven times before. That senior consultant just lost twenty minutes from her actual work to explain something she has explained, by her own count, eleven times this month.

Multiply that across the team. Multiply that across the year. Multiply that across every new hire who has gone through this exact loop. The numbers get embarrassing fast.

This is the tax. And almost no one calculates it because no one ever puts a dollar number on it.

The AI tools your employees are already using are not solving this problem. They are quietly making the smaller version of it worse, because they create a low-friction option to leak company context outside the company in exchange for slightly better answers.

The version of this that ends well is not "ban ChatGPT" or "train employees on safer AI usage." Those are losing strategies because they fight the gravity of how your team already works.

The version that ends well is the one where the AI your employees are already using suddenly knows your company.

What an MCP for a Company Actually Is

If you read the previous piece, you already know the framework. If not, here is the compressed version.

MCP stands for Model Context Protocol. It is the open standard that connects AI assistants like Claude and ChatGPT to external systems. It is what allows Claude to read your Gmail, draft a Notion page, or pull data from your Shopify store. Anthropic released the standard at the end of 2024 and by 2026 it is supported by every major AI client (Claude, ChatGPT, Gemini, Copilot, Cursor, and 500+ others).

Every MCP, under the hood, has three layers.

Resources are what the AI can read as background context. Documents, recordings, knowledge base pages, project archives, customer call transcripts. The AI walks into the conversation already holding this folder.

Tools are the actions the AI can take on your behalf. Send a Slack message. Update a CRM record. Pull a report. Create a draft. Tools are the verbs.

Prompts are the team-facing workflows you wire up so that anyone on your team can run a complex sequence by clicking one menu item. "Draft a client follow-up using the firm's standard structure." "Summarize this week's customer calls into the format the leadership team expects." Prompts make the system usable by non-technical staff.

Now think about what those three layers look like when the thing they are pointed at is not a brand. Not a person. Your company.

Resources become every Loom recording your senior team has ever made. Every methodology document buried in Drive. Every internal training video. Every customer call your sales team has had in the last three years. Every internal Wiki page. Every product spec. Every onboarding doc. The full archive of how your company actually thinks, organized so the AI can draw from it on demand.

Tools become the live actions your AI can take inside your stack. Pull a contact from the CRM. Update a deal stage. Post in a specific Slack channel. Create a Linear ticket. Query a database. The AI stops being a chat window and becomes a teammate that can actually move things.

Prompts become the workflows your team runs every week. "Onboard this new hire to the project methodology." "Brief me on the client account before this call." "Summarize the customer conversations from this region for the Friday digest." Each one is a button anyone on the team can click without writing prompts from scratch.

This is what packaging a company looks like. And the moment you stand it up, the gap I described earlier closes.

A Scenario That Probably Looks Like Yours

I just finished building something in this shape for a real client. The work is confidential so I am going to walk you through a representative scenario instead. The shape of the problem and the shape of the solution will look familiar regardless of your industry.

Picture a mid-sized B2B services firm. About 200 employees, eleven client-facing teams, a stack made of Notion, Slack, a CRM (call it HubSpot or Salesforce, it does not matter), Google Drive, and a couple of years of recorded internal training videos that nobody watches because nobody can find them.

Here is what life looked like before they packaged any of it.

A new analyst joined in March. By June she had asked the same three senior people the same six questions, in slightly different forms, more than a hundred times. The senior people did not mind the first ten times. By call twenty, the cost was real. By call fifty, two of them had blocked entire afternoons "for deep work" partly to escape the interruptions.

Meanwhile the new analyst had started using ChatGPT to fill the gaps. She did this responsibly at first — paraphrasing questions, stripping out client names. By month four she was pasting in real engagement details to get useful answers. Nobody told her this was a problem. Nobody told her it was fine either. There was no policy. There was just a tool that worked and a deadline that did not care.

This pattern was not unique to her. It was the firm's default operating mode. Multiply it across eleven teams.

Then they packaged.

The senior consultants' Loom recordings (the ones they had made over the past three years and never indexed) became Resources. Twenty-eight hours of training video, transcribed, chunked, and queryable. The Notion workspace got cleaned up and exposed as another Resource — every methodology page, every template, every past client write-up. The customer call archive (sitting in their meeting recorder, never looked at again after the call ended) became its own Resource.

Slack and the CRM became Tools. The AI could now post messages, look up deal status, update stages, and pull customer history.

The team prompts came last and were the most leveraged piece. Eleven one-click workflows, designed around the actual jobs the team did every week. "Brief me on this account." "Draft a kickoff email for the engagement that just signed." "Find every internal example we have of solving X."

The new analyst stopped pasting client details into ChatGPT — because Claude (her tool of choice, with the company MCP connected) was now giving her sharper, faster, fully-grounded answers using the firm's own data. The senior consultants got their afternoons back. Onboarding time for new hires dropped by weeks because the institutional knowledge that used to live in three people's heads was now searchable by anyone on the team.

The unit economics were small. Infrastructure ran under $50 a month. Per-content-generation cost stayed well under a dollar. The build took roughly eight to twelve weeks of focused engineering. The asset will run for years.

That is the shape of it. The names change. The stack changes. The pattern does not.

The Recording Library Most Companies Forgot They Have

There is a particular slice of the company-packaging case that is worth pulling out, because almost every company has it and almost no company has done anything with it.

Your senior people have recorded themselves explaining things.

Maybe they did it during onboarding. Maybe they did it for a half-built internal training program. Maybe they did it because somebody asked them to write up "how I think about X" and they recorded a Loom instead of writing the doc. Maybe a training vendor recorded them years ago and the videos sit in a forgotten folder.

These recordings are gold and they are wasted.

They are wasted because nobody on the team watches them. They are wasted because the search inside Drive cannot find them by content. They are wasted because the people who would benefit most from them (newer hires, cross-team transfers, anyone outside the senior's direct orbit) do not know they exist.

Package them.

The recordings get transcribed. The transcripts get chunked and indexed. The whole library becomes a Resource the AI can query.

Now any employee can ask "how does our senior consultant explain the discovery process to a new client?" and get the actual answer in that consultant's actual voice, sourced to the moment in the video where she said it.

The senior consultant did not have to record anything new. The asset already existed. It was just dark. The packaging is the move that turns it on.

For companies where senior people are nearing retirement or already gone, this is the difference between losing decades of methodology and keeping it operational forever. The wisdom does not have to leave with the person.

Extending the System to Slack, the CRM, and Whatever Else You Run On

The Resources layer is the part most people think about first because it is intuitive. "Make the documents queryable." That is the easy frame.

The Tools layer is where the leverage is.

Once your company's MCP can take actions inside the systems your team uses every day, the AI stops being a search box and becomes something closer to a junior staffer.

A few examples of what becomes possible:

Tools for Slack. Define functions that let the AI post into specific channels, read recent threads in a channel before answering a question, drop a summary into the Friday digest channel automatically. An employee can say "find the last five conversations in the engineering channel where we discussed the indexing architecture and summarize the decisions made" and the AI does it without anyone copy-pasting threads.

Tools for the CRM. Define functions that let the AI look up a contact, read the full account history, pull the open opportunities, update a deal stage, log a call note. An employee preparing for a customer meeting can say "brief me on the Henderson account, including the last six months of activity and any unresolved issues" and walk into the meeting fully prepped in two minutes instead of forty.

Tools for project management. Linear, Jira, Asana, Monday — whichever your team runs on. Define functions that let the AI create tickets, update statuses, query backlogs, find blockers. A team lead can say "show me every ticket that has been blocked for more than two weeks and identify the common cause" and get an actual answer.

Tools for internal docs and knowledge bases. Notion, Confluence, Google Drive. Define functions that let the AI not only read the docs (the Resources layer) but also create new docs, update existing ones, comment on them, and reorganize them. The maintenance burden of keeping internal docs current starts to shrink.

Tools for calendars and scheduling. Define functions that let the AI read availability, find meeting slots, draft and send invites. The AI can also see who attended which meetings and surface patterns ("Sarah has been in nine cross-functional meetings this month — most of them about the onboarding redesign — and her core team has lost twelve hours of her time to it").

Tools for email. Define functions that let the AI draft, send, summarize threads, identify follow-ups that have not happened. The "I have 240 unread emails and I am scared to open the inbox" problem becomes manageable.

You do not turn all of these on at once. You start with the two or three that map to your team's biggest daily friction. The system grows from there.

The point is that an MCP for your company is not just a smarter search interface. It is the substrate that turns the AI tools your employees are already using into something that can actually move work through your organization.

What About the Data Leak Risk?

When an employee asks Claude or ChatGPT a question, and your company's MCP is connected, the AI still receives the relevant context from your knowledge base in order to answer. That is how the system works. So a fair question is: does this just shift the leak from "employees pasting context" to "the MCP transmitting context"?

The honest answer is yes, the AI still sees the data — but you decide what counts as "the data." That decision happens at the packaging step, before anything reaches an AI. There are two steps most companies use to make sure what reaches the AI is safe to send.

Step 1: Clean the data before anything gets packaged.

Before any document, recording, customer call transcript, or database record goes into the MCP, it runs through a data preparation pipeline. The pipeline identifies confidential elements automatically:

• Named entity recognition flags people's names, client names, deal values, and other identifying details
• PII detection libraries (open-source tools like Microsoft Presidio, or AWS Comprehend's PII detection) pattern-match on standard sensitive data: SSNs, credit cards, addresses, account numbers, emails
• Industry-specific rules handle the markers unique to your work — case numbers for legal, patient IDs for healthcare, deal codes for finance

The output is a sanitized version of the knowledge base where the sensitive bits are either redacted, tokenized (replaced with placeholders the AI can use without knowing the underlying value), or excluded entirely. The structural knowledge stays intact — how your team approaches a problem, what frameworks you use, what the standard process looks like. The specific identifying details that would be a real exposure get stripped before anything reaches the AI.

Role-based access control sits on top of this: a junior analyst gets different slices of the knowledge base exposed than a senior partner. The MCP enforces it at query time.

Step 2: For the cleaning work that needs AI judgment, run that AI locally so the raw data never leaves your network.

The cleaning work in Step 1 can be done with non-AI pattern-matching tools (regex, named entity recognition libraries) for most of it. But some preprocessing genuinely needs AI judgment — summarizing a sensitive transcript down to its non-sensitive structural points, deciding what level of detail is safe to expose, paraphrasing a confidential case study into a generic-enough form to be useful.

That AI judgment work, for the most sensitive data, can be done on a local open-source model running entirely inside your infrastructure. Llama, DeepSeek, Mistral, and Qwen are all capable open-weight options. You deploy them on your own servers using standard frameworks like Ollama or vLLM. The raw confidential data goes in, the sanitized output comes out, and nothing leaves your network during the prep.

After this preprocessing step, the sanitized version of your knowledge base is what gets exposed through the MCP — and the MCP can safely talk to whichever cloud AI your employees prefer, because what is flowing through it is no longer raw confidential data.

Alongside both steps above, your company should be on the paid business plan with whichever AI your employees use. That gives you a written agreement about how the AI company handles your information, which your legal and IT teams will want to have on file.

The real reframe.

The question is not "MCP versus no MCP." The question is "structured access where you control what gets exposed, versus unstructured leakage where every employee individually decides what to paste into a chat window."

Without the MCP, every employee is the security boundary. They decide, in the moment, how much company context is acceptable to paste in to get a useful answer. They have no training in this. They have no visibility into what their colleagues are doing. The leakage rate is uncountable and uncontrolled.

With the MCP, the security boundary moves to the packaging layer, where a small number of people make explicit decisions about what gets exposed, under what conditions, to which roles. The leak rate goes from "uncountable" to "designed and auditable."

That is the move. Not "no AI touches the data." It is "we control what AI touches the data and how."

Why Most Companies Have Not Done This Yet

The technical lift looks bigger than it is.

Most engineering teams have not seen this pattern yet because the open MCP standard is barely two years old. The tooling has matured fast in 2026 but the awareness has not caught up. Most CTOs are still mentally categorizing AI as "ChatGPT and prompt engineering" rather than as a connector standard that can be wired into the company's actual systems.

The build itself, when done right, is roughly eight to twelve weeks of focused work for the first version. Infrastructure costs could come in under $50 a month. The asset runs for years and compounds — every new conversation, every new document, every new senior recording added to the system makes the next answer sharper.

The companies that move first in this window will operate at a pace the rest cannot match. Not because their AI is smarter. Because their AI knows things their competitors' AI does not.

The companies that do not move will keep paying the senior-person-interruption tax. They will keep watching their employees paste company context into chat windows. They will keep onboarding new hires the slow way. None of those things will be catastrophic. All of them will compound quietly into a productivity gap that the leadership team eventually has to explain.

This is one of those rare windows where the cost of moving early is small and the cost of moving late is steep but invisible until it is too late.

The Closing Argument

When I wrote the previous piece on humans being packaged into AI, the thesis was that the protocol does not care what is on the other end of the connector. Brands first. Humans next. Companies are the third category and the largest.

Your employees are not waiting for permission to use AI. They started years ago. The question is no longer whether AI is in your company. The question is whether AI in your company is grounded in your company's actual knowledge or borrowing from a generic internet trained on everyone else's.

The companies that package what they know are about to operate at a different speed. They will onboard faster, retain institutional knowledge longer, and stop paying the interruption tax that senior people have absorbed for decades. They will also stop quietly leaking their context into AI tools they do not control.

The companies that do not will keep doing what they are doing. It will keep working, sort of. Until it does not.

That is the choice. And the window for being early on it is open right now.

If you are interested in packaging your company's knowledge into an MCP and you do not know where to begin, reach out to me here.

As always, thanks for reading.