AI Readiness Starts With Data and Access Control

Too many teams ask which model to use before they know where the source of truth lives. The result is AI that hallucinates from stale spreadsheets or surfaces data the user should not see. The model is rarely the bottleneck. The data layer usually is. We have seen it time and again: "Our AI keeps giving wrong answers" almost always traces back to "our data is a mess."

Reliable retrieval, role-based access and data quality matter more than another round of prompt testing. If your knowledge base is wrong, the best model in the world will give wrong answers. If your access controls are loose, the AI will surface information it should not. These are not problems you can prompt your way out of. No amount of clever prompting fixes bad data.

We worked with a client whose support AI was pulling from a mix of Confluence, SharePoint and a legacy wiki. The same question got different answers depending on which source was queried. Fixing the data layer (one canonical knowledge store, clear ownership, and a simple sync pipeline) did more for accuracy than any prompt change. The model stayed the same. The inputs got better. It is one of those "boring" fixes that actually moves the needle.

When we built the Looper Insights data platform, the brief was clear: turn scattered CRM data, spreadsheets and APIs into a single source of truth before layering on AI-powered summarisation and anomaly detection. The result? Report preparation dropped from days to hours, and the AI-generated insights actually made sense, because the data underneath was clean, governed and accessible. That is the order that works.

Data freshness matters. A support agent that answers from documentation that was last updated six months ago will give outdated advice. Define how often each source is refreshed, who owns it, and how changes propagate. Manual sync is fine for small knowledge bases; automated pipelines are needed as you scale.

Access control is equally critical. An AI that can read everything a user can read is fine until you realise some users have overly broad access. Define what the AI can access, and enforce it at the data layer, not in the prompt. Prompts can be jailbroken; data permissions cannot. It is that simple.

Schema and structure matter for retrieval. Unstructured content (PDFs, long documents) can work with embedding-based search, but structured data often needs a different approach. Know your data types, index appropriately, and test retrieval quality before optimising the model.

A practical AI readiness program starts with knowledge sources, permissions and data flow. Map where the truth lives, who should see what, and how data gets updated. Then layer AI on top. The teams that do this in the right order move faster and avoid costly rework. The ones that skip it? They learn the hard way.