On site, I always ask the director the same thing: “Who uses AI here?” The answer is usually “nobody, or almost.” Then I ask the teams. Everything changes.
The salesperson pasting call notes into ChatGPT. The assistant having a free AI proofread contracts. Marketing generating visuals on a personal account. It’s called shadow AI: real, useful usage — but invisible and unframed.
Why it’s a problem
AI isn’t the problem. The blind spot is.
- Data leaks. A free account often means your data trains the vendor’s model. Quotes, client files, HR data: gone.
- No trace. If a client asks tomorrow how a decision was made, nobody can answer.
- Hidden dependency. The day that person leaves, their “thing that works” leaves too.
What we do instead
We don’t ban it — that just pushes it further into the dark. We bring it to light:
- List the real usage, no judgement. A field audit, not an HR survey.
- Move what matters onto business accounts, with confidentiality commitments.
- Write two pages of simple rules. Not an 80-page binder no one reads.
Shadow AI isn’t a failure. It’s a signal: your teams already get it. Your job is to make it safe.