In a recent episode of The Building Texas Show, host Justin McKenzie sat down with Perry Robinson, CEO of RocketDocs, to explore a pressing governance challenge: roughly 80% of corporate boards are urging AI adoption, yet only about 20% of companies trust the tools enough to deploy them. The conversation, titled Why 80% of Companies Don't Trust AI (And They're Right), published June 6, 2026, delves into the widening gap between AI enthusiasm and practical trust in regulated industries.
Robinson, who joined the 30-year-old RocketDocs three years ago, attributes the trust deficit to several factors. One major concern is 'shadow AI,' where employees paste proprietary data into free versions of ChatGPT, Claude, or Gemini, inadvertently training competitors' models. He warns, "if you're not paying for the product, you are the product," emphasizing that free tiers often use data for model improvement. This risk is amplified by recent policy shifts, such as Atlassian's move to train on customer Jira and Confluence data, signaling broader trends among SaaS vendors.
The conversation also touches on the EU AI Act, set to take effect this summer, which introduces revenue-based fines for non-compliance. Robinson notes that regulated industries like life sciences, healthcare, insurance, and financial services are particularly vulnerable, as they must balance innovation with stringent data protection requirements. He highlights that buyers now include AI governance committees, chief compliance officers, and general counsel negotiating AI addenda, reflecting heightened scrutiny.
RocketDocs' response to these challenges is Luma, a secure generative AI layer that operates entirely within a customer's VPC, audited against ISO 27001 and SOC 2 Type 2 standards. Robinson describes Luma as "limited on purpose," refusing to crawl the open internet to ensure answers stay grounded in approved, subject-matter-expert-signed content. The platform also includes a new secure file transfer capability for defense, law enforcement, and product launch scenarios where large, sensitive files cannot be emailed.
Robinson's guiding philosophy is simple: "Policy is a promise, architecture is a guarantee." He argues that contractual language alone cannot protect corporate IP once employees route sensitive data through public models. Instead, companies must invest in architectures that enforce data governance by design. This approach, he says, is critical as Salesforce's headless data moves reflect mounting pressure to feed AI pipelines securely.
The episode underscores a broader shift in enterprise AI: from hype to governance. As boards push for adoption, the gap between mandate and trust will likely persist unless companies adopt secure, auditable solutions. For now, regulated industries are leading the way by demanding AI tools that prioritize data privacy and compliance over raw capability.