Need support? Helpdesk: (780) 800-5528
Home / Insights & Resources / Shadow AI

Risk 01 of 13 · AI Risk Series

Shadow AIMay 2026 • 7 min read

Shadow AI: the tools your IT team cannot see

AI may already be in your business, even if leadership has never formally approved an AI tool.

AI tools may already be running on business work through personal accounts, outside identity, procurement, and offboarding.

Where it comes from A genuine work need meets no approved option and a free signup form. The business has no rule.
What the business loses The ability to inventory, audit, transfer, or terminate AI accounts that hold customer work and reusable prompts.
What ends it A short list of approved AI tools with company-managed accounts and an intake path staff will use.
← Series introduction Article 01 of 13

Staff have been signing up for AI because work needed doing: newsletter drafts, client summaries, RFP language, data cleanup, meeting notes, spreadsheet cleanup, and rough first drafts that save half an hour. They often use personal Gmail accounts, personal credit cards, work laptops, home computers, and personal phones already used for work. Most did not set out to hide anything. The business had no clear rule, no approved option, and no quick path for asking.

Shadow AI is what happens when a genuine work need meets no sanctioned option and a free signup form.

The security issue is control. A tool signed into with a personal account has no relationship to the business's identity provider, procurement process, vendor list, device management, or offboarding routine. Microsoft 365 may have MFA and conditional access. Google Workspace may have strong account controls. The business may have a careful checklist for approved vendors. Those controls govern the tools the business knows it has. A personal AI account sits outside that administrative surface.

What the risk is

Shadow AI is uncontrolled AI adoption. Tools enter the business through staff action, outside the systems the business uses to approve, monitor, and terminate access.

If a business approves an AI tool and provides company-managed accounts, it can answer basic questions: who may use it, what data may go into it, which contract applies, who administers it, and how access ends when someone leaves. If staff use personal accounts or install AI tools on their own, those decisions move into individual habit.

Common examples include:

  • A staff member uses a personal ChatGPT, Claude, Gemini, or similar account for business drafting.
  • A browser extension offers to summarize pages, rewrite text, or assist with research.
  • A desktop AI app is installed on a work laptop because it helps with notes, screenshots, PDFs, or writing.
  • A personal productivity tool adds AI features and starts handling business content inside a staff-owned account.
  • An AI tool asks for permission to read email, calendar, files, or contacts through a consent screen.
  • A staff member reads work mail on a personal phone where AI keyboards, mobile assistants, or operating-system AI features can process work content outside company management.

Some tools only receive whatever the staff member pastes into them. Others can read more through browser permissions, OAuth grants, connectors, or device access. Those technical differences matter, but the first problem is more basic: the business cannot produce a reliable list of the AI tools touching its work.

This is separate from the vendor-feature problem covered later in the guide. If a CRM, accounting platform, HR system, or document tool the business already pays for adds AI, the business at least knows the vendor relationship exists. Shadow AI is the situation where the business does not know the tool exists in the first place.

How it happens in a normal SMB

A small Alberta service business has one operations coordinator who quietly becomes the team's "AI person." She signs up for a chat-style AI writing workspace with her personal email because it is faster than asking for a new tool. She uses it to rewrite customer emails, summarize complaints, draft quotes, clean up job descriptions, and turn rough notes from the owner into polished client updates.

The tool works well, so the habit spreads informally. Other staff send her rough notes and ask her to "run it through AI." Over time, the account accumulates customer names, pricing language, internal service explanations, complaint history, draft HR material, and reusable prompts that make the business sound more professional.

The work is useful, and the employee is trying to help. The business has never given staff an approved AI path, so nobody treats the account as a system that needs to be owned, documented, or offboarded.

Then she resigns with two weeks' notice.

The owner asks IT to make sure her access is removed. IT disables Microsoft 365, payroll, and CRM, then collects the laptop. The AI account is absent from the offboarding checklist because the business never knew it existed. It is tied to her personal email, her personal phone, and her personal subscription.

Two weeks later, the replacement coordinator cannot recreate the same quote language, customer response templates, or job posting drafts. Staff keep saying, "She used AI for that." The owner asks which tool she used, and nobody knows for sure.

The former employee is cooperative at first, but she is now working somewhere else and still controls the AI account. The business asks her to delete anything related to company work, and she says she did. The business has no admin console, export function, logs, ownership transfer, or way to verify deletion.

By then, useful company work is sitting in a tool IT cannot administer: customer details, quote language, HR drafts, complaint summaries, and prompts the replacement now needs.

The failure path

In plain language, the failure path looks like this:

Case file Sequence 01 · Shadow AI

  1. Staff have a business need that AI can help with.

  2. The business has no approved AI path that is useful enough, clear enough, or fast enough.

  3. Staff choose a personal AI account, browser extension, desktop app, or mobile assistant.

  4. Business content, reusable prompts, templates, and informal process knowledge move into that tool.

  5. The tool sits outside company identity, procurement, vendor review, and offboarding.

  6. The employee leaves, the laptop is replaced, a client complains, or the owner asks what AI tools are in use.

  7. The business cannot recover, audit, delete, transfer, or terminate what it never controlled.

Company-managed tools give IT an administrative surface; personal AI accounts usually sit outside it. Conditional access, MFA, SSO, and identity-based offboarding cannot terminate a relationship the business never owned.

Three related paths deserve attention during discovery.

OAuth consent grants happen when staff sign into an AI tool using a company Microsoft or Google account and approve access to mail, files, calendar, or contacts. In that case, there may be a record in the admin console. Many SMBs review those grants only during a problem or a major rollout. In small tenants, an owner or administrator may also approve broader access than intended because the consent prompt is treated like a routine sign-in screen.

Browser AI extensions are often more powerful than they look. An extension that rewrites email tone or summarizes web pages may request permission to read or change content on every page the browser visits. That can include authenticated sessions in email, CRM, accounting, file storage, and banking sites. On managed devices, browser extension inventory and browser policy are often the cleanest way to find and control this path.

Personal phones create a separate gap. Many SMBs allow staff to read company email or Teams messages on personal devices. Mobile AI features, AI keyboards, and app-level assistants can process work content on phones outside company management. Without mobile device management, the business is mostly relying on policy and staff disclosure for that surface.

Business consequence

Shadow AI creates a business continuity problem and a data-control problem at the same time.

The continuity issue is familiar. A process quietly becomes dependent on a staff member's personal AI account. The useful prompts, examples, drafts, customer language, and formatting habits live in that account. The company systems hold only fragments of the workflow. When the employee leaves or changes devices, the business loses part of the process.

The data-control issue follows immediately. Customer names, complaint details, pricing language, HR drafts, and internal service notes may remain in saved chats, projects, memory features, or vendor systems. The business cannot inspect the account, preserve the history, export the useful work, transfer ownership, or confirm deletion through an administrative process.

That sounds like an internal cleanup problem until someone outside the business asks a direct question. A client, insurer, buyer, regulator, or lawyer may ask which AI tools handled company or customer information. An SMB with Shadow AI can list known vendors, while personal tools and unmanaged extensions remain outside the answer.

The consequences are practical:

  • Staff turnover breaks workflows that were never documented.
  • Useful prompts, templates, and customer-response patterns remain in personal accounts.
  • The business cannot verify deletion when company work was stored in a staff-owned AI account.
  • Vendor questionnaires may be wrong when signed.
  • Contractual representations about approved tools, subprocessors, or data handling may be challenged later.
  • Vendor terms for unknown AI tools have never been reviewed.
  • Offboarding is incomplete because staff-owned AI accounts stay alive after employment ends.
  • Insurance renewal or claim questions may become harder to answer where AI use was never inventoried.

Shadow AI also makes incident response weaker. If sensitive data is found in an unapproved tool, the first question is often, "Who else used this, and what else went into it?" With no sanctioned account, no admin console, and no central log, the business is left reconstructing the history from staff memory, browser history, endpoint telemetry, and whatever the vendor exposes to a personal account holder.

At that point, the business is investigating under pressure with weak evidence.

Controls that interrupt the failure path

The strongest control is a sanctioned AI tool list with an intake path staff will actually use.

A policy that only says "ask before using AI" will fail if staff have no approved option for common work. The business needs a short list of approved AI tools, company-managed accounts for those tools, a plain rule for what data may go into them, and a simple way to ask for a new tool or use case. Staff route around approval when the approved path is missing, slow, or disconnected from the work they are trying to do.

Start here

  • Maintain a sanctioned AI tool list and update it as tools are approved, paused, or retired.
  • Provide company-controlled accounts for approved AI tools.
  • Give staff a fast intake path for new tools and use cases, with a practical alternative when the answer is no.
  • Inventory installed AI applications on managed devices.
  • Inventory browser extensions and block unapproved AI extensions where browser policy supports it.

Add where needed

  • Use DNS or web filtering to restrict consumer-AI categories on managed devices when the business has decided those tools are out of bounds.
  • Use endpoint DLP where available to detect work content moving to unknown AI destinations.
  • Review OAuth grants in Microsoft 365, Google Workspace, and major SaaS platforms on a schedule.
  • Decide whether personal phones with work mail require mobile device management or a stricter device-access rule.

Identity controls still matter for tenant-integrated tools. Conditional access can restrict sign-in to sanctioned tools and approved devices. OAuth grant reviews can find AI apps that staff authorized under company accounts. For personal AI accounts in a personal browser session, the useful controls sit in endpoint, browser, network, mobile, procurement, and staff intake.

Procurement has to support the rule. If the approved route takes weeks for a basic writing or summarization use case, staff will route around it. Intake can be light for low-risk use and heavier when the tool wants connectors, broad permissions, sensitive data, or company-wide rollout.

With that path in place, staff have somewhere legitimate to go, and IT has specific surfaces to monitor.

Policy rule this creates

Rule 01 of 13

AI tools may only be used for business work after they are approved and listed on the sanctioned AI tool list. Staff may not sign up for AI tools using personal credentials for business purposes, install AI applications or browser extensions on work devices without approval, or authorize AI applications to access company mail, files, or accounts.

One of 13 rules for your AI usage policy

The rule above is one of 13 that make up a working AI Usage Policy. The SMB AI Policy Builder walks you through the full set of decisions and produces the policy, working documents, and a 90-day implementation plan.

Launching soon. Join the waitlist to be notified.

Get practical insights like this in your inbox

Occasional articles and updates on technology, risk, operations, and support.