May 2026 | Cybersecurity for CPA Firms | AI Tools, Shadow IT & Taxpayer Data Security
AI tools have found their way into accounting workflows fast. Staff use them to draft client communications, summarize documents, research tax questions, and produce written deliverables more quickly. That's happening at your firm right now, whether or not it's been officially approved. The question isn't whether your accounting staff is using AI — a 2024 BlackFog study found that 49% of employees use unapproved AI tools for work tasks. The question is whether they're doing it in a way that keeps client Social Security numbers, tax records, and financial information out of systems your firm doesn't control and hasn't vetted. For a CPA firm subject to IRS Publication 4557 and the FTC Safeguards Rule, the answer matters.
Shadow IT: The AI Edition
Shadow IT is any technology employees use for work without formal approval or visibility from firm leadership. AI tools are the fastest-growing shadow IT category. A 2024 study by CybSafe and the National Cybersecurity Alliance found that 38% of employees share confidential data with AI tools without their employer's knowledge or approval.
In a CPA firm context, 'confidential data' means client names and SSNs entered into an AI tool to draft a letter. Tax return details pasted into a chat interface to get help explaining a complex situation to a client. Business financial statements uploaded to an AI platform to generate a summary memo. Client IRS notices fed into an AI assistant to draft a response. All of this is happening at accounting firms, and most firm partners don't know the extent of it.
The AI Hallucination Problem in Tax and Accounting Work
Beyond the data exposure risk, there's an accuracy risk that carries its own liability. AI language models confidently produce incorrect information — invented tax code citations, wrong deduction limits, inaccurate filing deadline dates, mischaracterized IRS procedures. This is called hallucination, and it happens in authoritative, professional-sounding prose that's easy to mistake for accurate output.
Imagine a staff accountant uses AI to draft a client memo explaining a tax strategy. The AI cites a specific IRS revenue ruling that supports the strategy. The accountant includes it in the memo without checking. The revenue ruling doesn't exist, or was superseded, or the citation is wrong. The client relies on the advice. This scenario creates material liability for the firm — and it's happening at accounting firms across the country.
The professional standards that apply to tax advice don't have an AI exception. Your firm is responsible for the accuracy of guidance you provide, regardless of how the first draft was generated.
What Consumer AI Tools Do With Taxpayer Data
Most free or low-cost AI tools — the ones your staff are actually using — treat your inputs as data that may be retained, reviewed by the provider's staff, or used to train and improve the model. When a staff accountant pastes a client's tax situation into ChatGPT's free tier, that data doesn't stay within your firm's controlled environment.
Enterprise versions of AI tools — Microsoft Copilot with appropriate data handling agreements, enterprise ChatGPT with data opt-out configurations — operate under different contractual terms. But your staff isn't waiting for the firm to evaluate and deploy an enterprise tool. They're using whatever is fast and free.
IRS Publication 4557 and AI Tool Usage
IRS Publication 4557 requires tax professionals to safeguard taxpayer data and implement security practices that protect client information from unauthorized access or disclosure. Entering client SSNs and tax information into a consumer AI tool that retains and potentially shares that data represents a disclosure of taxpayer information outside your firm's controlled environment — exactly what Publication 4557 is designed to prevent.
The FTC Safeguards Rule similarly requires CPA firms to have written policies governing how customer financial information is handled and protected. An undefined, unmanaged practice of staff feeding client data into consumer AI tools creates a Safeguards Rule exposure.
Three Things to Put in Place Now
1. AI Drafts, Accountants Verify — With Primary Source Checks
The right model for AI in accounting work isn't prohibition — that won't work. It's treating AI as a drafting tool, not a source of truth. Any AI output that includes tax code citations, IRS procedures, filing deadlines, or specific financial calculations must be verified against primary sources before it goes to a client.
Build verification into your workflow explicitly. 'AI-assisted draft — tax citations verified against primary sources' as a workflow step is defensible. 'We used AI and trusted the output' is professional liability exposure.
2. Define What Cannot Go Into an AI Tool — In Writing
Write it down and communicate it to your accounting staff. Client Social Security numbers, EINs, bank account information, detailed tax return data, and any information covered by your IRS Publication 4557 obligations should never be entered into a consumer AI tool. Period.
This doesn't require prohibiting AI. It requires being specific about the boundary. Many staff members simply haven't thought about the data privacy implications of pasting client information into a chat interface — a brief written policy with concrete examples changes their behavior.
3. Inventory What AI Tools Your Team Is Actually Using
You can't govern what you don't know about. Survey your staff directly about what AI tools they use for work tasks. Review browser-based tools on firm devices. Ask during team meetings. The shadow IT audit for AI may be surprising, and it gives you a starting point for putting appropriate use policies in place — and for identifying whether you need to evaluate enterprise AI options that provide proper data handling.
A Note on AI Features in Your Existing Software
Tax software vendors including CCH, Thomson Reuters (UltraTax CS), and Intuit (Lacerte/ProConnect) are adding AI features directly into their platforms. Practice management tools like Karbon and Canopy are building AI assistance into workflows. These embedded AI features operate under the data handling terms of your existing vendor agreements — which is a much better security posture than consumer AI tools, but still worth reviewing.
When evaluating AI features your existing software vendors are adding, apply the same vendor due diligence you use for any technology decision: what data does the feature access, where does it go, and what are the retention and confidentiality terms?
What to Do This Month
- Survey your accounting staff on what AI tools they currently use for work tasks
- Draft a brief AI acceptable use policy defining what client data cannot be entered into AI tools
- Add AI hallucination verification as a step in any workflow that produces client-facing tax advice or communications
- Review whether AI tool vendors need to be added to your firm's vendor due diligence list
- Confirm your IRS Publication 4557 plan addresses AI and shadow IT
Qual IT Works With Salt Lake City CPA Firms
We work with Salt Lake City CPA firms to protect client data and keep systems running through tax season. To talk through how to build an AI acceptable use policy that fits your firm's workflow, schedule a free discovery call with Qual IT.
Frequently Asked Questions
Does IRS Publication 4557 address AI tool usage specifically?
Publication 4557 was written before the current generation of AI tools, so it doesn't mention them by name. However, its requirements apply: you must safeguard taxpayer data from unauthorized access or disclosure. Entering taxpayer data into a consumer AI tool that retains and potentially shares that data is a disclosure outside your firm's controlled environment — which falls squarely within what 4557 is designed to prevent. The IRS has indicated that existing safeguard requirements apply to emerging technologies.
Can AI tools help with tax research without creating compliance risk?
Yes, with the right approach. Using AI to identify potential issues, generate draft explanations of general tax concepts, or outline complex topics is low-risk when no client-specific data is involved. The risk materializes when client identifiers or taxpayer information are included in the prompt, or when AI-generated tax citations are used without primary source verification. AI for research scaffolding plus accountant verification against primary sources is a defensible workflow.
What if a vendor we already use (like CCH or TaxDome) adds AI features?
Review the vendor's terms of service and data handling policies for those specific features. Your existing data processing agreement may or may not cover the new AI functionality — don't assume it does. Ask the vendor explicitly: does client data entered into the AI feature get used for model training? Who can access it? How long is it retained? These are the same questions you'd ask about any new technology your firm adopts, and they're specifically required by the FTC Safeguards Rule's vendor oversight requirements.
