AI Risks and Realities for Nonprofits: Traps for the Unwary and Tips for Avoiding Them

By Sly Atayee and Kirstie Tiernan, BDO USA, and Cynthia Rowland, Farella Braun + Martel

Artificial intelligence is rapidly becoming a transformative force in the nonprofit sector. From drafting grant proposals and donor outreach content to analyzing program data and automating administrative tasks, AI tools are offering organizations new ways to operate more efficiently and expand impact. And importantly, these innovations are not just for large, well-funded organizations. As we’ve seen in the experience of small startup community organizations, AI has made it possible for lean teams to produce materials, communications, and systems that simply were not attainable before. In fact, data from BDO’s 2025 Nonprofit Standards Benchmarking Survey found that 97% of nonprofit leaders say they are using AI at their organizations. 

But alongside the enthusiasm and momentum comes a necessary pause. The nonprofit sector’s core assets are not merely financial; they include trust, mission integrity, and community relationships. And those assets can be put at risk if AI is adopted without clear oversight and thoughtful governance.

This article offers a practical guide for nonprofit executives and board members to understand the risks of AI, and more importantly, what to do about them. The goal is not to create fear or hesitation. The goal is responsible enablement: helping nonprofits innovate while protecting the communities and stakeholders they serve.

Data Security and Oversight: Guardrails for Mission-Critical Information

Nonprofits often manage sensitive data: donor identities, financial records, beneficiary demographics, medical information, and sometimes data involving children or vulnerable populations. Feeding that data into AI tools, particularly open, cloud-based, or “free” platforms, can introduce real risks if the organization does not understand how that data will be stored, shared, or used.

Questions every nonprofit should ask before using any AI tool:

A common pitfall is adopting a tool simply because it promises immediate efficiency. A staff member eager to streamline workflows may enable features or upload data without reviewing terms or even informing leadership. This isn’t malicious; it’s the reality of mission-driven work where time is scarce and urgency is high.

Board and leadership oversight is essential. The answer is not to prohibit AI tools altogether; it is to set clear, appropriate governance on day one. A strong AI policy does not need to be lengthy. A one-page policy can define:

• What categories of data may never be entered into AI tools
• Which platforms are approved for use
• Who must review or approve new tools before adoption
• What training the users should complete before using AI tools

This policy can and should evolve, just as the organization’s comfort and capabilities evolve.

Bias in AI Systems: Why the Data You Use Matters

AI systems learn from data. If the data reflects historical inequities or incomplete representation, the results will reproduce those biases, sometimes subtly, sometimes dramatically.

This risk becomes especially serious when AI is used to:

• Prioritize donor engagement or stewardship
• Select volunteers or screen job applicants
• Evaluate service recipients or eligibility criteria
• Rank or review grant applications

Even when intentions are good, a biased model can unintentionally reinforce existing disparities.

Practical Steps to Reduce Bias Risk

1. Audit Your Data Regularly
   Look for patterns: Are certain geographic regions, demographics, or partner organizations over-represented in your historical records?
2. Ask Vendors What Data Trains Their Models and Request Model System Cards
   If a vendor cannot explain the source of their training data or provide documentation that explains how their AI models are built, tested, and monitored, that is a risk signal.
3. Test Outputs With Purpose
   Run comparison scenarios and look for inconsistent results across different demographic categories.
4. Use Synthetic Data to Fill Gaps
   If the organization lacks diverse historical data, AI can generate supplemental data to broaden the training set, though it should not replace real data entirely.
5. Re-evaluate Models Over Time
   Even a well-designed model can drift as circumstances change. AI is not set-and-forget technology.

Bias can never be eliminated entirely—but it can be identified, monitored, and reduced.

Ethical Governance and Stakeholder Trust: Transparency is the Foundation

Nonprofits depend on trust. Donors trust that their gifts will support the mission. Staff trust leadership to act in alignment with the values of the organization. Beneficiaries trust organizations to safeguard personal information and treat them with dignity.

Introducing AI without transparency can erode that trust, even when no harm is done.

Actions That Build Confidence and Integrity

• Be open about how AI is being used.
  Share high-level information publicly or in donor communications. Transparency inspires confidence, not concern.
• Give stakeholders a choice.
  If beneficiary data is used in machine-learning systems, provide an opt-out.
• Align every AI use case with mission values.
  Ask: Does this change support our people-first commitments, or does it simply reduce headcount?

The measure of ethical AI is not whether it makes work easier, it is whether it enables mission-aligned impact without compromising human relationships.

A Practical Framework: Apply Internal Controls to AI

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control Framework, commonly used for financial oversight, translates cleanly to AI governance:

In short: Manage AI with the same discipline you use to manage your finances.

Vendor Sprawl and Tool Overload: Managing the Ecosystem

With new AI tools emerging daily, organizations may end up using multiple platforms, often without leadership realizing it. The result is overlapping subscription costs, conflicting data storage environments, redundant or inconsistent workflows, and increased exposure to security and compliance risks. 

To manage the AI ecosystem, nonprofits should supplement existing vendor inventories, which are required by most privacy laws. This supplement could be in the form of a shared spreadsheet, with columns for the type of AI tool, who is using it, the data input type, risk level, renewal cycle, and internal owner. Then take one additional step to track AI vendor roadmaps.  Major vendors are rapidly integrating AI features that may replace niche third-party tools. Knowing what’s about to be released can prevent unnecessary purchases or help determine whether an interim short-term solution is justified.

The Opportunity Ahead

AI does not replace people in a mission-driven organization. It unlocks capacity. It expands reach. It gives small teams leverage.

The nonprofits that will thrive in the AI era will be those that approach its adoption with:

• Curiosity—not fear
• Discipline—not chaos
• Transparency—not silence
• Mission—not convenience

You don’t need to fear AI. But you do need to manage it with intention. And the good news is: You don’t have to do everything at once. Start with one thoughtful step and build from there.

Sly Atayee is a director at BDO USA and a certified fraud examiner. He can be reached at [email protected]. 

Cynthia Rowland is a partner at Farella Braun + Martel and chair of its Exempt Organization Group. She can be reached at [email protected]. 

Kirstie Tiernan is a Principal & ​AI Solution Market Leader at BDO USA. She can be reached at [email protected].

Learn more about how nonprofit organizations can use AI for impact by listening to the EO Radio Show AI podcast series.

AI Risks and Realities for Nonprofits: Traps for the Unwary and Tips for Avoiding Them, Sly Atayee, Cynthia Rowland, and Kirstie Tiernan, Board and Administrator for Administrators Only, Volume 42/No. 6, Copyright © 2026, copyright owner as specified in the Newsmagazine, Wiley Periodicals Inc.