AI for Business

Shadow AI at Work: Risks and Fixes

Shadow AI at work: the risks of unsanctioned AI use, and how to manage it.

By aiReview · 2026-06-06 · 2 min read

‘Shadow AI’ is employees using unsanctioned AI tools for work — usually via personal accounts and free tiers. It’s widespread, and it creates data-leakage, compliance and cost risks you can manage with a clear policy.

What shadow AI is

Shadow AI is the unsanctioned use of AI tools at work — staff pasting company data into consumer chatbots, image tools or coding assistants without approval. Surveys suggest a large share of employees use AI tools at work while far fewer organisations have formal AI policies, though figures vary by source. Estimates of how many SaaS apps a company runs vary widely by methodology and source (industry trackers have reported figures from around 100 to several hundred per organisation), so treat any single number as an attributed estimate rather than a settled fact.

Why it’s risky

The risks are real: sensitive data may be stored or used to train models (a leakage and compliance problem), unverified AI output causes errors, and untracked tools add hidden cost and ungoverned exposure. It usually comes from a good instinct — people wanting to work faster — so banning Ai outright tends to push it further underground.

How to manage it

Rather than ban AI, provide approved, governed tools and a simple policy: what data can and can’t go into AI, which tools are sanctioned, and the need to verify output. AI can fabricate facts, figures and citations with total confidence (a “hallucination”). Treat AI output as a draft and verify anything important against a reliable source — this matters most for medical, legal, financial and academic use. Consolidating onto a governed platform (with clear data terms, or self-hosting for sensitive work) channels the genuine demand for AI safely. Make the sanctioned path easy, and shadow AI shrinks.

Businesses weighing data control often look at self-hostable platforms: osFoundry, for example, can run models locally or deploy into your own cloud account, so sensitive data need not leave infrastructure you control.

This article is general information, not professional, legal or financial advice. AI tools, prices and availability change fast — verify current details on the official source before you rely on them.

Frequently asked questions

What is shadow AI?

Employees using unsanctioned AI tools for work — pasting company data into consumer chatbots or other AI without approval, often via personal accounts.

Why is shadow AI a problem?

It risks data leakage (inputs may be stored or train models), compliance exposure, errors from unverified output, and hidden, ungoverned cost.

How do I stop shadow AI?

Don't just ban it — provide approved, governed tools and a simple policy on what data can go into AI and the need to verify output. Make the sanctioned path easy.

Is shadow AI common?

Surveys suggest a large share of employees use AI at work while far fewer organisations have formal policies, though figures vary by source. Treat them as estimates.