Skip to Content

Shadow AI: The AI Your Employees Are Already Using (Without Telling You)

One year after our post on Shadow IT, the phenomenon has a new face. Here's how to rein in unauthorized AI without making anyone feel guilty.

In March 2023, Samsung engineers did what many of us have already done without much thought: they pasted their work into ChatGPT to move faster. A snippet of source code to debug, a meeting recording to turn into minutes, code for spotting defective equipment to optimize. Three times in twenty days. Except that work was confidential intellectual property, gone off to servers the company didn't control. Soon after, Samsung banned generative AI for its employees.

If a company that size, full of brilliant engineers, got caught off guard, the problem isn't a matter of skill. It's the sign of a deeper trend, and it's already inside your organization, SMBs included.


Shadow IT now has an AI accent

We've already devoted an article to Shadow IT, the tools teams adopt without going through IT. The takeaway from back then still holds: people work around procedures when they're slower than the need. What changed in a year is the star of the show. Yesterday, it was a task-management app or a personal Dropbox. Today, it's artificial intelligence.

It's called “Shadow AI”, or ghost AI: the use of generative AI tools like ChatGPT, Gemini, or Copilot without the organization knowing, approving, or overseeing it. What sets it apart from classic Shadow IT is the speed and the discretion. Adopting new software leaves traces: a subscription, an install, an invoice. Pasting three paragraphs into a chat window leaves none.


Why your people do it, and why it isn't carelessness

According to Microsoft'sWork Trend Index, 78% of people who use AI at work bring their own tools, outside any official framework. The figure climbs to 80% at small and medium-sized businesses. So this isn't a marginal drift, it has become the norm.

And here's the statistic worth pausing on: more than one in two people who use AI at work are reluctant to admit using it for their most important tasks. Take a second on what that reveals. Your employees don't hide AI because they're doing something wrong. They hide it because they sense it would be frowned upon, or that they'd be told to stop. The instinct to hide isn't a discipline problem, it's a symptom of silence.

Because deep down, people turn to these tools for good reasons: finishing a report faster, unblocking a turn of phrase, understanding a technical document, translating an email. These are the motivations of conscientious people who want to do their job well. The problem is never the person. It's the vacuum: when no one has said what's allowed, everyone improvises on their own, and often without realizing it.


What ghost AI actually exposes, in recent numbers

The risk isn't theoretical, and it isn't a reason to panic either. It's simply a reality to face. The IBM 2025 Cost of a Data Breach report measured the effect of Shadow AI for the first time. Across the 600 breached organizations it studied, one breach in five was linked to unapproved AI tools. And where shadow AI use runs high, the average bill reaches US$4.74 million, US$670,000 more than where it is low or absent.

Two more figures from the same report show the size of the gap. Among organizations whose own AI systems were targeted, 97% had no adequate access controls. And 63% of breached organizations had no AI governance policy, or were still writing one. AI left unmanaged is breached more often, and costs more when it is. Shadow AI incidents were also more likely than average to expose customer personal information, 65% of cases against 53%, and intellectual property, 40% against 33%.

The other danger is invisibility. An analysis of more than 22 million enterprise AI prompts in 2025 found that nearly 17% of sensitive-data exposures went through free personal accounts: no logs, no audit trail, and content that can be used to train public models. That's exactly what makes Shadow AI hard to manage. What happens in an employee's personal account shows up nowhere on your side.

Add to that a distinctly Quebec issue. Putting personal information into a consumer AI tool potentially means disclosing it to a third party, often outside Quebec. This isn't just an abstract fear: a joint investigation by Canadian privacy authorities concluded in May 2026 that the way OpenAI initially trained and deployed ChatGPT did not comply with personal-information protection laws, notably for lack of valid consent. So the invisible use of AI tools is also a compliance blind spot, not just a security one.


Blocking backfires

The first instinct, faced with these numbers, is to shut off the tap: block AI sites on the network, send out a ban memo. It's understandable, but it rarely solves the problem. Blocking AI at the office only moves it to the personal phone, where you no longer have any visibility. Worse still: it penalizes the cautious employee, the one who would have asked, and rewards the one who works around it without a word.

A ban pushes the phenomenon further into the shadows, when the whole point is to bring it into the light. The goal isn't to stop AI, it's to make its use visible, guided, and safe. And that starts with simple moves.

The gut instinct What works better
Block AI sites on the network Offer an approved tool that's at least as convenient
Send out a ban memo Name what's allowed, and with which data
Wait for an incident to act Ask right now what's already in use
Blame the person who got it wrong Fix the vacuum that put them in that position


Moves to make this week

Reining in ghost AI takes neither a big project nor a budget. Here are five moves that deliver the most effect for the least effort, doable in a few days.

1. Ask, without setting a trap. First, know what's going on. A short anonymous survey, or a simple round-table at a meeting: “which AI tools are helping you right now?” Framed without threat, the exercise almost always reveals uses you didn't suspect, and it sends the message that the subject is no longer taboo. It's your map of the terrain.

2. Name one or two approved tools, today. The vacuum is the enemy. As long as no one knows which tool is fine, everyone picks their own. Designate one or two, even provisionally, so your teams have a clear answer to the question “what am I allowed to use?”

3. Set the right tier. One detail changes everything: in consumer tools, your content can be used to train the model by default, including on paid plans like ChatGPT Plus. Business plans make the opposite commitment: ChatGPT Business and Enterprise, Microsoft 365 Copilot, Gemini in Workspace. Watch the name collision: consumer Copilot does train on your exchanges by default. Moving to the right tier, or turning on the “don't use my data” option, is a matter of a few clicks. Two caveats: the setting isn't retroactive, and giving feedback on a response can put the whole conversation back into the training pool.

4. Give the pocket rule for data. Your employees don't need a treatise, they need a rule they can apply in one second: if you wouldn't put it on a poster in the waiting room, it doesn't go into a consumer AI tool. When in doubt, treat it as confidential.

5. Talk about it for fifteen minutes, in person. A quick point at a team meeting, with two examples drawn from your own day-to-day, beats a policy PDF no one opens. People remember stories, not clauses.


The deeper solutions to prioritize

Quick moves put out the fire. To make it last, four efforts are worth the investment.

Offer an official alternative, and a pleasant one

This is the centerpiece, and the one most often forgotten. A policy with no fallback tool is a ban in disguise. If the approved option is slower or more painful than ChatGPT, your employees will go back to ChatGPT. Adoption follows comfort, not the rulebook. For sensitive data, the best alternative is often a private AI assistant, hosted in-house, where nothing leaves your network. Your teams keep their “ChatGPT-like” tool, you keep your data.

A short policy, and a living one

An AI policy doesn't need to be long to be useful. It names the approved tools, says which data can go into them, reminds everyone that a human reviews what goes out, and gives a point of contact in case of doubt. The rest is detail. We wrote a complete guide to writing this policy, with a one-page template and a data classification ready to adapt. The secret isn't the document: it's keeping it alive and reviewing it once a year, because the tool landscape changes fast.

A minimum of governance, without bureaucracy

Overseeing doesn't mean watching everyone. It means knowing what's used, by whom, and for what type of data, and having designated someone to answer questions. To build that foundation, the Canadian Centre for Cyber Security publishes clear advice on the risks of generative AI and concrete measures for organizations of every size. A free, neutral backbone, useful for starting off on the right foot.

Treat your people as allies

The last solution isn't technical, it's a tone. Your employees use AI because it helps them do their job. An approach that acknowledges that, trains them, and involves them will earn their cooperation. An approach that waves the threat around will send them back into the shadows, and the wild use will resume stronger than before. AI security is won with your teams, not against them.

The most solid way to make ghost AI disappear is to offer something better. We deploy private AI assistants, hosted in Quebec, where your data never leaves your walls, so the approved tool is also the most convenient one. Let's talk about AI in your organization.


What oversight doesn't solve on its own

In the interest of candor, a few limits to keep in mind.

AI is wrong with confidence. Even well managed, an AI tool sometimes invents a number, a clause, or a reference, and does it with assurance. Human review of everything that leaves the organization stays non-negotiable. No policy replaces that reflex.

A private tool is less powerful. A model you host yourself doesn't have the finesse of the largest commercial models. For plenty of office tasks, it's more than enough, but not for everything. The hybrid approach, private for the sensitive and a well-configured commercial tool for the rest, is often the most sensible.

The landscape moves fast. The tools of eighteen months ago aren't the ones of today. A frozen framework ages badly. That's why an annual review, even a quick one, makes all the difference.


How we approach this at Blue Fox

We always start from the ground before the rules: see what's already in use, understand why, then build a framework that fits your reality rather than a generic template copied from elsewhere. We help choose and configure the approved tools, tie it all to your Law 25 process, and deploy the private assistant that makes the framework workable. The goal isn't to slow AI down, it's to reap its benefits without opening a breach.

AI has already come into your organization, without anyone really deciding it? This is the right moment to set the framework, calmly. Want to bring AI out of the shadows without putting anyone on the defensive? Let's take stock together.


Sources

  • Microsoft, Work Trend Index (2024) : 78% of AI users bring their own tools to work (80% at SMBs), and more than one in two are reluctant to admit using it for their most important tasks.
  • IBM, Cost of a Data Breach Report 2025 : across 600 breached organizations, one breach in five linked to shadow AI, average bill US$670,000 higher where its use runs high, and 97% of organizations whose AI systems were targeted lacking adequate access controls.
  • Harmonic Security : analysis of more than 22 million enterprise AI prompts in 2025, of which nearly 17% of sensitive leaks went through free personal accounts.
  • Forbes : Samsung bans generative AI on company devices and internal networks after a source-code leak (May 2023).
  • CIO Dive : the detail of the three Samsung incidents, which happened within twenty days in March 2023, per The Economist Korea.
  • Canadian Centre for Cyber Security : risks of generative AI and mitigation measures (ITSAP.00.041).
  • Office of the Privacy Commissioner of Canada : joint investigation with Quebec, Alberta and British Columbia concluding in May 2026 that OpenAI's initial training and deployment of ChatGPT did not comply.
Employee retention: what if the problem is your tools?
Every extra piece of software is one more account to learn, to secure and to forget. What simpler tools and a good start really change about turnover.