A cybersecurity clinic is not where I expected to start a column on association technology. But the one Craig Newmark Philanthropies stood up at NYU this year is worth your attention, mostly for who it was built to protect. The clinic offers free security help to exactly the organizations that hold sensitive data and cannot afford to defend it: community health clinics, legal aid, schools, and nonprofits.1 Read that list again. Every association I work with sits somewhere on it.

The phrase that keeps surfacing in this research is cyber-poor, target-rich.2 It describes an organization that has something worth stealing and almost nothing in the way. That is the association profile with uncomfortable precision. Decades of member records, payment history, event attendance, credentialing data, and board correspondence, most of it now consolidated (as I keep arguing it should be) into the warehouse that has become your system of record. Guarding it: often one overworked IT generalist and a firewall configured before the current membership director was hired.

Here is the part the AI conversation has stayed quiet about. Almost every move associations made this year to become "AI-ready" also made them a larger, softer target. You connected the warehouse to a copilot. You opened a self-serve layer so departments could query member data without waiting on IT. You made the data legible to agents, which I argued for in The Agent at the Door. Each of those is a real capability gain. Each is also a new door, a new credential, a new integration that somebody has to secure, monitor, and revoke. Readable by your copilot and readable by whoever phishes your copilot's service account are closer together than the demo made them look.

The threat side is not speculative. Verizon's 2026 breach report found ransomware in nearly half of all breaches it studied, the highest share it has ever recorded.3 The AI findings are more interesting than the headlines suggested. AI is not yet magically defeating well-defended organizations. What it is doing is raising the floor: the volume of AI-generated text in malicious email has roughly doubled, and a novice can now produce a renewal notice indistinguishable from your real one.3 That barely dents the association with real detection and trained staff. It flattens the one running on a volunteer's inbox and good intentions.

If you want to see how this plays out, look at what happened to Instructure this spring. Attackers got into Canvas twice in about two weeks, in what is now the largest education-sector breach on record, by abusing a feature built for convenience: a program that let teachers create accounts without institutional verification.4 No zero-day, no genius. A frictionless onboarding flow was the front door. Now count how many of your member-facing systems are optimized for exactly that frictionless signup, and how few of them were ever threat-modeled.

None of this would sting so much if associations were quietly good at security. They are not, and they will tell you so. In NTEN's assessments across hundreds of nonprofits, security ranks lowest of any capability, consistently, regardless of budget or mission.5 Cloudflare's numbers on civil-society organizations, the bucket associations fall into, show attacks up 241 percent year over year, running at several times the rate the rest of the web sees.6 Target-rich is measurable now. It is not a forecast.

I have spent whole columns arguing that governance belongs wired into the data, not written into a PDF (the AI policy almost nobody can prove works). Security is the same argument with the stakes raised. You cannot bolt it on after the AI roadmap ships. The self-serve layer, the agent access, the copilot's read scope: those are security decisions wearing product clothing, and if the only person in the room framing them that way is your AMS vendor's account manager, you have already lost the thread.

The move is not to slow the AI work down. It is to make a security floor the precondition for it, the way you would not add a wing to a building without confirming the foundation holds. Before the next integration goes live, someone who is not selling it should be able to answer three plain questions: what member data can this reach, who holds the credentials, and how do we cut it off in an afternoon if it is compromised. If nobody in your organization can answer those, that gap is the project. The copilot can wait a week.

Quick takes

Anthropic put money where the talent gap is. The new Claude Corps program commits 150 million dollars to place 1,000 fellows inside mission-driven nonprofits, the first cohort of roughly 100 starting in October, applications closing July 17.7 Strip the AI framing and it is a response to the same shortage this column is about: the organizations holding the most sensitive data cannot hire the people who would protect or properly wire it. Philanthropy is now routing that talent in by hand.

Every vendor is bolting AI onto donor and member data at once. In recent weeks Bloomerang wired in Dataro's predictive modeling, Euna acquired the AI grant-discovery startup GrantExec, and Chariot launched automated gift processing.8 Each is a reasonable feature. Each also pushes more member and donor data into more connected systems, and I have yet to see one of these launch announcements name who now secures the new pipe.

The free-clinic model is scaling faster than most associations realize. NYU and St. John's both stood up Newmark-funded community cyber clinics this spring, joining a national consortium that now spans dozens of clinics across many states.9 No-cost security assessments for under-resourced mission organizations are increasingly a phone call away. The catch is that the associations who need them most do not know to ask.

Worth a read

Verizon 2026 Data Breach Investigations Report. The industry's most-cited breach data, and the clearest read on what AI is and is not actually doing to attackers this year.

NTEN, Nonprofit Cybersecurity Readiness. The uncomfortable mirror: where security actually sits in the priority stack for organizations that look a lot like yours.

CyberPeace Institute, "Cyber-poor, target-rich". The framing this column borrows, argued out at length with the sector data behind it.

My prediction: within two years the grantmakers and cyber-insurers who fund this sector will require a security floor before they will touch an AI program, the way they already require financial controls, and the associations that treated security as the entrance fee to their AI roadmap will walk through while the rest find the cleanup priced into their premiums. The real question is whether your board hears that signal before the breach notice goes out, or after.

Quick answers

Does adopting AI tools actually make our member data less secure?

Not inherently, but in practice often yes, because most associations add the AI capability without adding the security to match. Every copilot, agent, or self-serve layer is a new connection to member data that someone has to secure, monitor, and be able to shut off. The risk is not the AI itself. It is bolting it onto a system nobody was defending well to begin with.

Are nonprofits and associations really bigger cyber targets than other organizations?

Yes, and it is measurable. Attackers screen for organizations that hold valuable data but lack the resources to defend it, a profile researchers call cyber-poor and target-rich. Cloudflare recorded attacks on civil-society organizations rising 241 percent in a single year, running at several times the rate the rest of the web experiences.

What is the most useful first step for an under-resourced association?

Before adding the next AI tool, have someone who is not selling it answer three questions: what member data can this reach, who controls the credentials, and how fast can we cut it off if it is compromised. If no one can answer, that gap is the real project. Free help exists too, since university cybersecurity clinics now offer no-cost assessments to mission-driven organizations.