Posted: 30th September 2025
Artificial intelligence tools like ChatGPT, Copilot, and countless browser extensions are popping up everywhere. They’re fast, clever, and, let’s be honest, pretty tempting to use when you’re trying to get work done. The challenge is that many employees are experimenting with these AI tools without their employers’ knowledge. This is what we call ‘Shadow AI’.
35% of UK workers admit to using generative AI “covertly” in their job.
For businesses, Shadow AI in the workplace is both an opportunity and a risk. Let’s unpack what it means for you and how you can keep your business and employees safe..
What is Shadow AI?
You may be familiar with ‘Shadow IT’ - when staff use unapproved devices for work. Well, Shadow AI isn’t the issue of rogue laptops but employees using AI tools without official guidance or policies. That could mean a team member pasting sensitive client information into ChatGPT to draft an email or using AI code generators to speed up development without checking licensing, AI security risks, or data protection implications.
Why can Shadow AI cause a problem?
Shadow AI can lead to serious data leaks. Once sensitive company information is entered into a public AI tool, you may lose control over where that data goes. It could be stored, analysed, or even used to train future AI models without your knowledge.
There are also GDPR implications to consider. Sharing customer or employee data with AI tools that don’t comply with UK or EU data protection standards can put your business at risk of regulatory penalties. For businesses, ensuring GDPR compliance while using AI is crucial to maintaining trust and avoiding costly mistakes.
Reputation is another concern. If clients discover that their sensitive information was fed into an AI tool without proper controls, it could damage your business relationships and credibility.
Finally, AI is not infallible. While these tools can be clever, they can also generate inaccurate or biased results, which could mislead your team or clients if not carefully checked.
4 simple ways to manage Shadow AI
This isn’t to say you should ban AI tools altogether. Instead, you can get ahead of the issue with clear policies and safer alternatives.
#1. Create an AI usage policy
Spell out what staff can and can’t do. For example: “Don’t enter personal or confidential data into public AI tools.” Keep it clear, concise and practical.
#2. Offer approved tools
If staff find AI genuinely helpful, provide safe AI tools for business, whether that’s Microsoft Copilot with enterprise controls or other platforms with proper data protection guarantees.
#3. Train your team
A quick training session can help employees understand the risks and how to use AI responsibly. Think of it like cybersecurity awareness, but with an AI focus.
#4. Review regularly
AI is evolving fast. Revisit your policies every few months to make sure they’re still relevant and continue to address emerging AI security risks with your teams.
Jupiter IT – your proactive IT department
AI in the workplace can be an incredible productivity booster for businesses, but without the right guidance, it can also introduce unnecessary risk. By being proactive and setting policies, offering safe AI tools, and keeping employees informed, you can harness the benefits while avoiding the pitfalls.
If you need support with Shadow AI in your business, or any other aspect of cyber security awareness, get in touch. We offer free cybersecurity awareness training for all our clients, delivered to teams as large or small as you like.
