On Signal — Discovery Questions Last updated: May 2026. Scheduled for review: November 2026.
Who you're talking to — and what they already know
The IT Director has done this work before. The operational version of it — hunting an orphaned service account that was still running against a production database six months after the project it supported was cancelled. Finding an API key in a config file left by a contractor who's been gone for two years. Wondering, at some point, who provisioned this thing and why it still has access. That instinct is real, and it's your entry point.
What they haven't done is apply it to the AI tools their teams have been quietly enabling over the last eighteen months. Those tools needed to connect to something — a ticketing system, a data warehouse, an HR feed, an internal API — and someone provisioned the access. Maybe it went through a formal request. Maybe someone generated a key on a Friday afternoon because the pilot needed to work by Monday. Either way, the credential exists. The tool may or may not still be in active use. The access almost certainly hasn't been reviewed since it was created.
This is the same problem they've always had with service accounts and automated processes. It's just growing faster than anyone's been watching.