Andrew Feldman, CEO of Cerebras, was asked on 20VC whether data quality is the biggest inhibitor to enterprise AI adoption. He didn't hesitate. No. It's lawyers and security teams.
His argument is simple. These teams have a brutal incentive structure. Nobody gets promoted for saying yes. Everybody gets blamed when something goes wrong. A year where nothing happened? That's the dream. So when a technology shows up with zero precedent, zero case law, zero regulatory playbook, the rational move is to say no.
And he's right that lawyers are trained on precedent. Ask one to work in an area where nobody has done it before and they genuinely don't know what to do. Their whole toolkit is "what has everyone else done?" AI doesn't have a "what everyone else has done" yet.
The data backs up the incentive problem
The data tells the same story. Gallagher surveyed 1,200+ businesses and found 56% cite legal and reputational risk as their top AI concern. Gartner found 70%+ of IT leaders rank compliance as a top-three blocker. Deloitte says only a third of orgs have anything resembling mature AI governance. Everyone else is still arguing about who gets to decide.
Even NVIDIA had to force the issue
Feldman also mentioned Jensen Huang having to battle his own internal teams at NVIDIA to get Cursor adopted. He eventually just decreed it. The CEO of the most AI-forward company on the planet had to force the issue.
That's the part that sticks with me. If NVIDIA has this problem, everyone has this problem.
The cost of waiting for consensus
But here's the thing I keep turning over. Feldman frames legal and security as a drag on adoption, and the incentive analysis is hard to argue with. But there's a real cost on the other side too. Every month you spend in a review cycle, a competitor without a compliance committee is shipping. They're building institutional knowledge, tightening feedback loops, compounding the advantage. That gap doesn't close easily.
So someone has to push the boulder. Not by going around legal or pretending the risks aren't real. But by creating the precedent that legal needs to get comfortable. Ship one thing. Make it work. Don't cause an incident. That's the playbook.
Who actually pushes AI adoption forward
The tricky part is that most companies aren't set up for this. There's no role that owns "push AI adoption past internal resistance." It just kind of falls to whoever cares enough to fight for it. And fighting your own security team is exhausting, even when you're right.
I don't think there's a clean answer here. The cautious approach has real costs. The aggressive approach has real risks. But I think the companies that figure out how to move deliberately, not recklessly but not slowly either, are the ones that end up in a very different position two years from now.
Waiting feels safe. But it's not free.