AI Principles & Guidance for CTA Partner Organizations

Written By Community Tech Alliance

By: Kat Atwater

Progressive organizations have always been asked to do more with less, and AI tools are increasingly part of the conversation about how to make that possible. At CTA, we believe technology should work for the movement, not the other way around. That means being thoughtful about which tools we use, how we use them, and who stays in control.

This guide is meant to help you think through AI adoption in a way that protects your people, your data, and your mission.

Our core belief

AI is a tool, not a strategy. The most powerful assets in your organization will always be your team, your relationships, and your values, and AI works best when it handles the routine work so your people can focus on what only humans can do. Ironically, all of these agents don’t actually have the agency we humans do to make an impact in the world. 

Start with the problem, not the tool, and keep humans in the loop - especially for anything that touches your community.

You wouldn't sign up for expensive software seats without being able to articulate what problem the software solves for your team. AI is no different. At CTA, we named the problem before shopping for the solution. We noticed friction in client management tasks that ate hours every week, post-event CRM cleanup that nobody had time for, data audits that meant clicking into hundreds of records one by one, administrative tasks that kept our team from meaningful project work… the list goes on. Once we named those problems specifically, we were able to research the right solution for us, just like any tool we would add to our stack. 

Before you adopt a new AI tool

Ask yourself these three questions:

1. Is this an approved tool with a managed account?

Free personal accounts typically have weak data privacy protections - which means the AI company can use your content to train their models. For organizations working with donor data, voter files, member information, or anything else sensitive, that's a real risk. Organizational accounts and paid licenses typically give you stronger protections, centralized control, and the ability to ensure your data stays yours. Whenever possible, use a paid team or org subscription and require your staff to use it too.

2. What's your goal, and how will you evaluate the output?

Take a few minutes before diving in to define what success looks like. What are you trying to accomplish? What constraints matter? How will you check the work? For anything high-stakes, like an email to your universe, a policy document, or an external communication, break it into steps so you can catch and correct errors before they go out the door. I always start by thinking about the 5 things I need to convey, do, or accomplish, and then check the AI’s output against my original thinking.

3. How much access does this tool actually need?

Less is more. AI tools connected to your email, files, or databases can do more, but they can also do more damage if something goes wrong. Grant only the access the task requires, and be especially careful when a tool will be reading content from the outside world (emails, websites, documents from untrusted sources) or taking actions on your behalf.

A note on AI agents

AI agents - tools that can search, click, draft, and act on your behalf - are genuinely useful for all teams. They're also where the most significant risks live.

The riskiest setup is what security researchers call the "lethal trifecta": an AI agent that has access to private organizational data, can communicate externally, and is exposed to content written by people outside your org (emails, web pages, calendar invites). In that combination, a bad actor could plant hidden instructions that redirect the tool to leak data or take actions you didn't authorize.

This is an active and evolving attack surface. If you're using AI agents, minimize their permissions, and keep a human in the loop for anything that matters.

Getting started on solid ground

A few practical steps any organization can take right now:

  • Use organizational accounts with two-factor authentication enforced - ideally a security key or passkey

  • Keep a short, maintained list of approved AI tools your team is allowed to use - and revisit it regularly as the landscape changes

  • Connect with care - AI tools and sensitive data (donor lists, voter files, member records, financial data). Never connect without a clear purpose and a thoughtful risk assessment

  • Treat AI output like a first draft and always have a human review before anything goes to your community, your board, or drives an organizational decision

A note on holding the tension

Many progressive organizations have real, legitimate concerns about AI. Those concerns deserve to be named, not papered over. The environmental cost of large AI systems, the risk of automating away jobs in communities we're fighting to protect, the bias baked into models trained on unrepresentative data, the concentration of power in a handful of tech companies whose values don't always align with ours… These aren't fringe worries, they're part of an honest reckoning with the technology. 

The organizations best positioned to push back on harmful AI adoption and help craft policies to reign in AI are often the ones with the least capacity to opt out entirely. Using AI thoughtfully - to stretch limited staff time, to reach more people, to do more with constrained budgets - isn't a betrayal of progressive values. It's a pragmatic choice that frees up human energy for the work that can't be automated: building power, making judgment calls, showing up for community, and focusing on relationships. The goal isn't uncritical adoption or reflexive avoidance. It's intentional use, grounded in your values, with eyes open to the tradeoffs, and the long-term goals.

We're in this together

CTA exists to give progressive organizations access to data infrastructure and technical capacity that's usually reserved for well-resourced campaigns and institutions. AI is part of that work, and we're committed to using it in ways that are transparent, affordable, and accountable to the communities we all serve.

We don't have all the answers, and the landscape is changing fast. But this is exactly the kind of conversation we want to be having with our partners. If you're wrestling with an AI decision - a new tool, a use case, a policy question - reach out via the link below. Let’s figure it out together.

Let's figure it out together.
Community Tech Alliance
Next

From Chaos to Clarity: Smarter Digital Ads Reporting with CTA