Shadow AI: The Business Risk You Can't See

Shadow AI: The Business Risk You Can’t See

An accountant pastes a client’s full balance sheet into ChatGPT to write a board summary. A marketing manager uses personal Claude to draft a campaign strategy that includes unreleased product pricing. A developer feeds proprietary source code into an AI coding assistant to fix a bug. All three finished faster. None thought they were doing anything wrong. And in none of those cases did the business know it happened. This is the shadow AI business risk: it is already inside your organisation, largely invisible to leadership, and growing.

TL;DR: Shadow AI refers to AI tools employees use at work without employer approval or oversight. Research from 2025 puts the rate at 78% of workers using unapproved AI tools, and 75% of those workers admit to sharing sensitive data through them. The risk is real and present, but a blanket ban is not the answer. A governance framework that acknowledges AI’s value while protecting the business is.

What Shadow AI Actually Is and Why It Is Spreading

Shadow AI is the use of AI tools by employees that has not been approved, procured, or governed by the organisation. That means free-tier ChatGPT, personal Claude or Gemini subscriptions, Perplexity, Copilot personal accounts, AI writing tools like Jasper, GitHub Copilot personal accounts, and AI image generators. None of these sit inside the corporate perimeter with appropriate data controls.

Employees use them because they make work faster, and they do not ask for IT approval because they expect to be told no. A 2025 Cybernews survey of more than 1,000 employees found that 59% use AI tools their employer never approved, and 75% of those admitted sharing potentially sensitive information including customer details, employee data, and internal documents.

For most business owners, this is not a future risk to plan for. It is happening now.

The Real Risks: What Is Actually at Stake

Data privacy and the Australian Privacy Act

When an employee pastes client data into a personal ChatGPT account, that data may be retained by OpenAI, subject to US law, potentially used to train future models, and entirely outside the business’s control. OpenAI’s free and Plus consumer tiers default to using conversation data to improve their models unless a user actively opts out. Most employees using personal accounts have not changed that default.

Under Australia’s Privacy Act 1988, businesses have legal obligations around how personal information is disclosed to third parties. The Privacy and Other Legislation Amendment Act 2024 strengthened those obligations: businesses with annual turnover above $3 million must verify that international third-party vendors handling personal information comply with Australian standards and must update contracts accordingly. An employee copying client data into a free ChatGPT account creates an undocumented disclosure to an international third party, regardless of intent. Penalties for serious or repeated breaches can reach $50 million, three times the benefit obtained, or 30% of adjusted turnover, whichever is greater.

Intellectual property exposure

Code, product designs, competitive strategy documents, unreleased product names, pricing models, client proposals. These are the assets a business depends on. If employees paste this material into personal AI accounts, it may enter training data. Samsung found this out quickly: within 20 days of allowing employees to use ChatGPT, three separate incidents exposed proprietary semiconductor source code and confidential meeting notes to OpenAI’s systems. Samsung moved to ban the tool internally within weeks of the incidents becoming public.

The policy picture is more nuanced than it was in 2023. OpenAI’s Team and Enterprise plans now explicitly commit to not training on business data, and Claude for Enterprise carries the same guarantee. But personal-tier accounts at most major providers still carry training risk unless the user opts out, and most employees using personal accounts have not done so.

Audit trail gaps

If an AI-assisted decision is challenged in litigation, a client dispute, or a regulatory audit, can the business reconstruct how that output was produced? In finance, healthcare, and legal services, this matters. With shadow AI, the answer is almost always no. There is no record of the prompt, no record of the output, and no way to demonstrate whether the AI contributed to the decision at all. It is a governance gap that becomes a liability the moment a dispute arises.

Security and access control

Employees copying data between internal systems and external AI tools bypass data loss prevention controls, access logging, and security monitoring. Cyberhaven’s 2025 AI Threat Report found that generative AI-related DLP incidents increased more than 2.5 times in the past year, now making up 14% of all DLP incidents. Once data is outside the corporate perimeter, there is no mechanism to retrieve it.

Shadow AI governance framework showing approved versus unapproved tool pathways with risk indicators

How to Address It: A Practical Governance Framework

A blanket ban is the wrong response. Research from 2026 found that when organisations provide approved AI tools, unauthorised use drops by 89%. The employees using shadow AI are not malicious actors. They are productive people solving problems. The job of a governance framework is to give them a safe way to do that.

Step 1: Audit what is already in use

Before writing policy, understand the actual landscape. Run an anonymous employee survey asking which AI tools people use at work, what they use them for, and whether they share any work data with them. Anonymous is important: an attributed survey will underreport. Supplement the survey with a review of browser extensions across managed devices, installed applications, and network traffic logs for known AI service domains. The goal is not to catch people out. It is to get an honest picture so the policy you write reflects reality rather than a governance team’s assumptions.

Step 2: Establish a clear AI use policy

Keep it short. A 12-page policy with legal boilerplate will not be read. A one-page decision tree that answers “can I use AI for this?” will be. At minimum, define three data categories: freely shareable with approved AI tools (public marketing copy, general research), shareable only with specific enterprise tools (internal documents, client deliverables), and never into any AI tool (client personal data, financial records, legally privileged material, M&A information). Include acceptable use guidelines and a clear escalation path for employees who are unsure.

Building a policy that fits your risk profile, regulatory exposure, and existing tool stack takes structured work. Avatar Studios helps businesses develop this as part of a strategy and advisory engagement.

Step 3: Provide approved alternatives

This is the most consequential step. If employees are using personal ChatGPT because it makes them faster and no approved equivalent exists, banning personal ChatGPT does nothing except hide the behaviour. The solution is to provide an enterprise equivalent with appropriate controls. Microsoft Copilot for Microsoft 365, priced at approximately USD $30 per user per month, is the logical choice for organisations already on Microsoft 365. It integrates directly into Word, Excel, Outlook, and Teams, and Microsoft contractually commits to not training on your data. Google Gemini for Workspace is now included in Business Standard ($12/user/month) and Business Plus tiers at no extra cost, with equivalent data protections. For organisations with specific needs around large documents, legal analysis, or complex reasoning, Claude for Enterprise includes SSO, role-based permissions, audit logs, and a 200,000-token context window with no model training on business data. All three provide the AI capability employees want, with the corporate controls the business needs.

Step 4: Train the team on the reasoning, not just the rule

A policy without context is a liability document. Employees need to understand why the policy exists. A lunch-and-learn that walks through the data classification framework, uses real examples (Samsung, the NSW Reconstruction Authority contractor who uploaded disaster recovery data into ChatGPT in 2025), and gives people a clear decision framework for ambiguous situations is more effective than a compliance email. The message should be direct: AI is a legitimate productivity tool and the business supports its use, with appropriate safeguards.

Step 5: Monitor and iterate

Network-level monitoring for AI service traffic and periodic DLP alert reviews are reasonable and proportionate. Microsoft Purview monitors data flowing to AI tools across the Microsoft ecosystem. Nightfall AI and Reveal Security detect sensitive data moving into external AI services from SaaS applications. Cloud Access Security Broker tools can apply policy-based controls on AI service access without blocking tools entirely. Review the policy quarterly for the first year, annually once stable. When a violation occurs, respond proportionately: a first incident with no malicious intent warrants a conversation, not disciplinary action.

Frequently Asked Questions

Is shadow AI actually illegal in Australia?

Shadow AI is not illegal in itself. But it can create liability. Under the Privacy Act 1988, sharing personal information about clients or employees with an uncontracted third-party AI provider without appropriate safeguards can constitute a breach of Australian Privacy Principles. Depending on what data is shared, it can also breach client confidentiality obligations and potentially employment contract provisions around handling of confidential information. The exposure is real, even when the employee’s intent was entirely innocent.

What is the difference between shadow AI and approved enterprise AI tools?

Enterprise-tier plans from OpenAI, Anthropic, Microsoft, and Google contractually commit to not training models on your data. They provide admin consoles and audit logs that record what data was accessed and include data processing agreements that align with Australian privacy obligations. Personal-tier accounts provide none of that. No training guarantees, no audit trail, no contract.

Should we ban AI tools entirely until we have a policy?

A temporary pause while you put a framework in place is reasonable. A permanent ban is not. Research consistently shows that blanket bans reduce visible use while driving actual use underground, where it is harder to monitor and govern. The more effective approach is to move quickly toward an approved toolset with a simple interim policy: do not share client personal data, confidential business strategy, or proprietary code with any AI tool until further notice. Then build the full framework within 30 to 60 days.

How do we know if our employees are already using AI tools at work?

Start with a survey, anonymous if you want honest answers. Then check managed devices for AI browser extensions and installed applications. Review network traffic logs for connections to ChatGPT, Claude.ai, Gemini, Perplexity, and similar services. Endpoint detection tools can identify local AI application installations that network monitoring misses. In most organisations, the results of this audit are surprising. The 78% figure on unapproved AI tool usage is not an outlier. Assume use is widespread and audit from that starting point.

Shadow AI governance is a strategy and risk question before it is a technology question. If you want to map your exposure and build a framework that gives employees the tools they need while protecting the business, we can help.