“Only approved AI tools must be used for business purposes.”
Sound familiar? It’s a line that features in many GenAI policies.
And yet, 68% of organisations report that staff use unapproved AI tools at least occasionally as part of of their day to day work (SAP News). This is shadow AI.
Most of the time, this is not about people being reckless. It’s actually the opposite. They are curious, keen to learn and experiment, often with a real fear of being left behind. Once again, technology is moving faster than governance can keep up.
In reality, the issue is usually one of two things: the approved tools are not meeting people’s needs, or employees are not clear on what is actually approved in the first place.
The risks of shadow AI include:
- Confidential data being entered into tools
- Data privacy breaches
- Poor decisions based on inaccurate outputs
- Exposure the organisation may not even realise exists
So what actually helps?
- Make approved tools worth using
Most people I meet are already using AI. When they try internal tools and hit quality or performance issues, the response is usually immediate: “It’s just not as good”.
- Educate and build awareness
Help people understand the why, not just the rules.
- Make it easy
A simple, accessible list of what is approved, and what it's approved for, goes a long way.
- Create psychological safety
People need to feel comfortable asking questions without fear of getting it wrong.
- Review your policy regularly
This space is moving quickly. Your approach may also evolve as adoption and awareness grow.
And if you need support with any of this, contact me to find out how we are supporting organisations with their responsible AI adoption.
