How charities can use AI securely

Cyber security is a fundamental element of charity work. It underpins an organisation’s ability to fundraise, deliver services, and keep the data of their donors and beneficiaries safe.  

With the advent of artificial intelligence (AI), cyber security has become even more important. While many charities are currently taking “active steps to adopt AI responsibly and strategically”, working with AI tools throws up potential security risks around how they use data and protect it.  

This is a challenge charities must meet now. As Microsoft points out in its e-book AI-Enhanced Security Fundamentals for Nonprofits, for charities to get the most out of AI, they also have to “be confident that your data is safe both within and beyond your network”. And with more than three quarters of charities using AI tools in their day-to-day work, according to the 2025 Charity Digital Skills report, ensuring they are doing so securely should be a priority.  

Microsoft recommend using a “Zero Trust” approach to protect your data against the rising tide of cyber threats. A Zero Trust philosophy strengthens a charity’s cyber security by assuming everything is a threat until proven otherwise.  

In this article, we explore what goes into a Zero Trust approach to data protection and how AI can be the solution to robust cyber security, with insight from Microsoft’s e-book.  

DOWNLOAD THE FULL E-BOOK HERE
 

What is a Zero Trust approach? 

According to Microsoft, a Zero Trust approach to cyber security must adhere to three principles: 

Let’s explain more about each principle. 

Verify explicitly: This principle involves continuously authenticating and authorising access to data based on “all available data points, including user identity, location, device health, service or workload, data classification, and anomalies”. 

Use least-privileged access: This means only allowing volunteers and employees access to the precise information they need when they need it, employing what Microsoft calls “just-enough-access" and “just-in-time policies”. 

Assume a breach: The third principle of a Zero Trust approach is clear: treat any situation as though a breach has already occurred to improve security and minimise the potential impact. This last step is particularly important given that 70% of nonprofits say they currently don’t have response capabilities in the event of a cyber breach.  

Microsoft’s report also covers seven key risk areas that will enable charities to employ a Zero Trust approach that is suitable for their various security challenges, organisational needs, and available resources. These seven risk areas form a framework to support charities with the decision to adopt a Zero Trust approach and how they can do so with Microsoft solutions.