The Question Every Nonprofit Leader Needs to Ask About Their AI — Before Someone Asks It for Them

For the past year, most conversations we've had with nonprofit and civic leaders about AI have started in the same place:

How can we use this to do more with less?

It's a fair question. AI promises efficiency, scale, better targeting, stronger engagement. And in a sector chronically under-resourced, the appeal is real.

But something shifted recently and it's worth slowing down for.

When the model doesn't get released

Anthropic recently developed a model internally called Mythos. They chose not to release it broadly.

Instead, they gave limited access to a small group of organizations — not to showcase capability, but to help them stress-test their defences. Because Mythos can identify system vulnerabilities at scale, execute complex multi-step attacks, and surface weaknesses faster than most teams can respond.

This isn't a story about a dangerous AI. It's a story about what happens when the people building these systems decide the responsible move is restraint.

That's a different kind of moment. And it deserves a different kind of conversation.

You're more embedded than you think

Most nonprofits aren't building AI models. But they are starting use AI more frequently — often without a full picture of how deeply it's embedded in the tools they already rely on:

CRMs running predictive engagement scores. Email platforms making decisions about who receives what message and when. Fundraising tools optimizing outreach timing. Content systems shaping how your organization sounds.

Here's the part that matters: you are accountable for how those systems behave — even if you didn't build them.

If something goes wrong, it's your donor data. Your community relationships. Your reputation. And unlike private sector organizations, nonprofits rarely get a second chance at trust.

The compliance gap isn't what you think it is

In Canada, we're still operating without binding AI regulation. That's created a quiet false sense of security. No law, no urgency.

But compliance in this space was never only about regulation. It's about expectations and those expectations are already here. Donors expect transparency. Communities expect consent. Partners expect accountability. The public expects you to have thought this through.

Now layer in AI systems that are increasingly complex, not always explainable, and capable of behavior that surprises even the teams who deployed them. That's where the gap starts to show.

The question has changed

Most organizations believe they're using AI responsibly. In many cases, they are. But the question governing this space has quietly shifted.

It's no longer: What are we trying to do with AI?

It's: What is our AI actually doing — over time, under pressure, at scale?

Advanced systems don't just follow instructions. They optimize. And sometimes that optimization prioritizes engagement over nuance, surfaces the wrong audiences, reinforces unintended bias, or generates decisions that are genuinely hard to explain — not because anyone intended harm, but because the system did exactly what it was designed to do.

Just not what anyone expected.

What this actually looks like in practice

Getting this right doesn't require a full governance framework overnight. But it does require visibility — a willingness to ask harder questions about tools that have become part of the background.

Could you explain to a donor how AI influenced their experience with your organization? Do you understand why certain people are being targeted or prioritized? Are you confident your data use aligns with what your community actually expects — not just what's legally permitted? Do you know what AI capabilities are embedded in the platforms you're already paying for?

These aren't compliance questions. They're leadership questions. And the organizations asking them proactively are the ones building the kind of trust that holds when things get complicated.

The risk hiding in plain sight

The biggest issue we’re seeing isn't misuse. It's assumption.

Assuming the platform has it covered. Assuming the outputs are neutral. Assuming the system is understood.

As these tools get more powerful, the gap between perceived control and actual control quietly widens. That gap is where reputational risk lives — and where community trust erodes long before anyone names it as an AI problem.

What leadership looks like from here

Human-centered AI, for nonprofits, has to go beyond language.

It means keeping people — not performance metrics — at the centre. It means ensuring there's always meaningful human oversight. It means protecting the integrity of your voice and your mission, even as you scale.

Because your relationship with your audience isn't transactional. It was built on trust. And that trust is worth more than any efficiency gain.

The organizations that stand out in the next few years won't be the ones using the most AI. They'll be the ones who understood — before anyone required them to — what their AI was actually doing and why.

That's what it means to lead with clarity in this moment.

Wondering where your organization actually stands? Our Engagement Healthcheck™ was designed to give nonprofits and civic organizations a clear, honest picture of their engagement data — including how AI-influenced signals are being interpreted. It's a low-barrier starting point. Reach out to us to learn more.