A board director asked me last year, in a real meeting: “Can’t we just ask ChatGPT if our AI strategy is sound?” No judgment in either direction. That question revealed something more important than any single answer would have. The AI literacy gap at the board level is real, it’s widening, and the timeline for closing it just got compressed by regulation.

The Promise

For the first time in my twenty-five years working with enterprise technology, board oversight of a fast-moving technology is not bottlenecked by access. The education infrastructure for board-level AI governance has matured significantly in the last eighteen months. There are programs from NACD and Carnegie Mellon. From Harvard, MIT, Wharton, INSEAD. From the Institute of Directors. Free foundational courses from Anthropic and NIST. Certifications — IAPP AIGP, NIST AI RMF Architect, GARP RAI — that signal governance credibility the way CISSP did for cybersecurity a decade ago.

The promise is simple: directors don’t need to become data scientists. They need enough fluency to ask the right questions and enough framework knowledge to structure oversight. That fluency is now reachable in less than a day of free, well-designed coursework. Boards that invest now will be the ones whose minutes look defensible if a question lands two years from now about what they knew and when.

The Risk

The risk is not that boards don’t know AI. The risk is that boards confuse AI fluency with AI oversight — and skip the second one because the first one feels reassuring. Reading a Harvard exec ed program is not the same as building an AI risk committee. Watching a NIST AI RMF webinar is not the same as approving an AI governance policy that maps to your organization’s specific risk profile. Knowing what a hallucination is doesn’t mean you’ve asked your CIO whether your customer-facing deployment has guardrails against one.

The other risk is timing. The EU AI Act becomes fully operational in August 2026. SEC, FTC, and state-level AI enforcement is ramping up regardless of federal posture. Plaintiff’s bar attention to AI-related harms is growing. The boards that started this conversation twelve months ago are entering this period prepared. The ones starting now will be playing catch-up while regulators are already asking questions. The ones who haven’t started yet will be inheriting the answers.

And here’s the deeper issue: literacy is just the foundation. Beneath it sit five other AI risks that most boards are not actively governing today — reputational risk, agentic AI accountability, shadow AI proliferation, fiduciary liability under Delaware oversight standards, and regulatory fragmentation across jurisdictions. Some of these are already showing up in S&P 500 disclosures. Some are still being under-priced by leadership teams. All six need explicit board-level treatment, and you cannot even start the conversation without literacy.

The Verdict

The Promise & Risk needle is leaning strongly toward Promise — the resources exist, the frameworks are clear, and the cost of starting is genuinely low. But the verdict comes with a caveat: AI literacy is a starting point, not an end state. Boards that treat coursework as the deliverable will check the box and miss the substance. Boards that treat coursework as the foundation for structured oversight — committee charters, reporting cadences, risk frameworks, escalation paths — will be the ones that navigate the next decade with their reputations and their organizations intact.

The cybersecurity parallel is exact. Twenty years ago, boards delegated cyber understanding to the technical team. Then breaches started landing in proxy statements. Then in fiduciary lawsuits. Then in director-level liability. AI is following the same arc on a compressed timeline. The boards that act early will not be the ones surprised by it.

For the full analysis → I wrote a longer piece on what every board needs to know about AI — the six risks above in detail, plus practical questions directors should be asking management on each one and a six-step starting framework for boards that haven't yet established formal AI oversight.

Read What Every Board Needs to Know About AI

Want the curated education resource list? Free courses, board-specific programs, executive education, and certifications — organized by time commitment. Get the full list on LinkedIn →

Going deeper: A dedicated Promise & Risk of AI episode on AI governance for decision-makers — the NIST AI RMF, the 4D Framework, and how to structure board oversight — is coming this season. Subscribe on YouTube → to catch it.