At some level people are already doing this through LLMs. But large orgs are extremely risk averse to do such things. There’s a reason why we have “security audits” and “compliance certifications”. It’s not like organizations are not capable of securing or standardizing their systems, just they do want to point fingers to somebody when legal proceedings happens.