Shadow AI is what happens when staff use AI tools your organisation has not approved, usually because the tool is quick, familiar and available in a browser. It might be a free chatbot, a personal AI assistant, an unapproved browser extension or a trial account for a new AI platform.
The risk is not that staff are deliberately trying to leak information. In most cases, they are trying to get work done faster. A marketing manager pastes a draft proposal into a chatbot to improve the wording. Someone in HR asks AI to soften the tone of a difficult letter. A developer uses an AI tool to find a bug in code. A salesperson uploads a customer list to generate follow-up email ideas.
The behaviour is understandable, but the data risk is real. The way to stop it is not simply to ban AI. Bans usually push the behaviour further underground. A better approach is to give staff a safe approved tool, explain clearly what can and cannot be entered into it, and put technical guardrails behind the policy so the rules are more than a PDF nobody reads.
Why Shadow AI Is Bigger Than Old-Fashioned Shadow IT
A decade ago, shadow IT often meant someone using an unapproved cloud storage service, spinning up a software account on a credit card, or sharing files through a personal app. That still happens, but it usually takes a little effort.
Shadow AI is easier. It takes one browser tab and one deadline. That is why it has spread so quickly.
UK research in 2025 showed a major gap between AI adoption and governance. Trustmarque’s AI Governance Index found that 93% of UK organisations were using AI in some form, while only 7% had fully embedded AI governance. More than half had minimal controls or none at all. That means many businesses are already using AI faster than they are managing it.
The regulator is also paying attention. In January 2026, the Information Commissioner’s Office published a report on agentic AI, highlighting data protection and privacy concerns around more autonomous AI systems. The message for businesses is clear: AI adoption does not remove data protection duties. If personal data is used in AI tools, the organisation still needs to understand the risks, lawful basis, transparency, security and oversight.
There is also the well-known Samsung example from 2023, where employees reportedly pasted sensitive source code and internal meeting information into ChatGPT to speed up work. The lesson is not that AI should never be used. The lesson is that staff will use AI unless the organisation gives them a safer way to do it.
What Actually Goes Wrong When Data Leaves
The first risk is data leakage. If a staff member pastes a customer list, contract, financial forecast, legal letter, source code, password, tender document or HR record into an unapproved tool, the business may lose visibility and control over what happens next. The tool’s terms may allow retention, review or further processing in ways your organisation has not assessed.
The second risk is data protection. If the content includes personal data about employees, clients, suppliers or customers, the organisation may have a UK GDPR issue. That risk increases if the data is special category data, confidential HR information, medical information, financial data or anything relating to children or vulnerable people.
The third risk is confidentiality. Not every AI risk is about personal data. Trade secrets, pricing strategy, client proposals, board papers, internal complaints, unpublished financial results and proprietary code can all be commercially sensitive even where they contain no personal data.
The fourth risk is accuracy. AI output can be confident and wrong. If staff use an unapproved tool to summarise a contract, explain a regulation, produce advice or make a decision, mistakes can quietly enter the business process.
This sits alongside the threats you already manage. A leaked credential lets an attacker into your real systems, and you can read why that matters in business email compromise and the basics of how to spot a phishing email. Shadow AI does not replace those risks. It adds another exit door for your data.
The Approved Alternative Comes First
The order matters. Before you tell staff what they cannot use, give them something they can use.
People turn to free AI tools because they are useful and available. If the approved route is clunky, slow or unclear, staff will find their own route. If the approved tool is genuinely useful and easy to access, most people will use it.
For many UK businesses already using Microsoft 365, the practical approved route is Microsoft 365 Copilot or Microsoft 365 Copilot Chat with enterprise data protection. This does not mean every business should switch it on without planning. It does mean there is a governed option where prompts and responses are protected under Microsoft’s enterprise terms and are not used to train foundation models.
That is the practical case for AI tools like Microsoft Copilot, and it is worth reading the advantages of Microsoft 365 Copilot alongside the key features of Microsoft 365 Copilot for business so you understand what you are offering as the replacement. If you are weighing up whether it fits, is your business using Microsoft 365 Copilot yet is a sensible starting point.
All of this falls under the microsoft 365 support services side of what we do, and as a cloud backup company we also make sure the data behind those tools is protected.
The Policy, In Plain English
A policy nobody understands is worse than no policy, because it gives you false comfort. Keep it short, specific and easy to follow.
| What You Want To Do | Approved? | Where To Do It |
|---|---|---|
| Draft an internal email or document | Yes | The company-approved AI tool only |
| Summarise a meeting or report | Yes | Approved tool, inside company controls |
| Paste customer or personal data into a public chatbot | No | Never in a public or personal tool |
| Upload financial figures or contracts | Only if approved | Approved governed tool, with data rules followed |
| Use a free chatbot on a personal account for work | No | Use the company tool instead |
| Try a new AI tool found online | Ask first | Check with IT before using it for work |
Notice what the policy does. It does not say “no AI”. It says: use this AI, not that one, and never put these kinds of information into public or personal tools.
That is a rule people can actually follow. Tie it into your wider approach, because the discipline here is the same one behind why IT compliance matters and good IT service management.
Guardrails That Back The Policy Up
A policy on its own relies on goodwill. Goodwill at 10pm before a deadline is thin. So you need controls behind it.
Start with identity and devices. If staff can only reach approved tools from managed devices and company accounts, you have already closed many of the easiest routes for risky AI use. That is what Microsoft Intune is for, and it pairs with endpoint security for remote teams and practical endpoint hardening steps.
Strong password best practices and modern detection, set out in why EDR matters, round out the foundation.
Then add visibility. Cloud access controls can restrict which AI services are reachable. Data loss prevention can help flag or block sensitive data being copied, pasted or uploaded to unapproved destinations. Browser controls can limit personal accounts on work devices. Logging and reporting can help you understand which AI tools are being used.
A few practical guardrails worth putting in place include:
- Restricting approved AI access to company accounts and managed devices
- Blocking or limiting personal AI accounts on work devices
- Applying data loss prevention rules to sensitive data
- Creating an approved AI tool register
- Reviewing AI usage regularly rather than once a year
- Using sensitivity labels for confidential documents
- Reviewing permissions before connecting AI to SharePoint, Teams or OneDrive
- Making sure staff cannot access information through AI that they should not be able to access directly
If you want the network side of this hardened too, tips for securing your small business network covers the fundamentals, and our network penetration testing and broader security services can test whether the controls actually hold.
Training Beats Threats
Most shadow AI incidents are not malicious. That means training usually works better than fear.
Explain why pasting a customer list into a free tool is a problem. Show staff what the approved tool can do. Give examples of safe prompts and unsafe prompts. Make clear that the business wants people to use AI productively, but not recklessly.
The best training is practical. For example:
- “You can ask AI to improve the wording of a general email.”
- “Do not paste personal data from a client file into a public chatbot.”
- “You can ask AI to create a checklist from public information.”
- “Do not upload an employment contract, grievance letter or medical note.”
- “You can use AI to summarise a policy stored inside the approved company environment, if your permissions allow it.”
- “Do not use a personal AI account for client work.”
This is the same logic that makes anti-phishing controls work, and the foundations in anti-phishing basics and create an anti-phishing policy translate almost directly. As an anti phishing company london businesses trust, we have learned that the same human-first approach that reduces phishing clicks also reduces risky AI habits.
When Data Has Already Leaked
Assume some data may already have gone out, because for many businesses it probably has. The sensible response is to find out what is exposed, reduce the chance of repeat incidents and monitor for fallout.
That is where dark web monitoring explained is useful, along with what to do if your company credentials appear on the dark web and the distinction in dark web monitoring versus breach monitoring. Our dark web monitoring london service gives you early warning when credentials or data surface where they should not.
Protecting the data itself is a separate task. Controlling where AI can send data does nothing if a file is deleted, encrypted or lost. That is why Microsoft 365 backup, the explainer on cloud to cloud backup and the list of common cloud backup mistakes all matter, with Google Workspace backup for teams on that platform.
Multi-Site And Cross-Border Realities
If your company operates in more than one country, shadow AI gets harder to govern because rules and habits vary by office. Different jurisdictions have different data protection regimes, and a tool that is suitable in one place may create issues in another.
We handle this through our european support services and our global it support services for businesses spread across borders. The right moment to set consistent AI rules is often during a system consolidation, which is exactly what our platform migration company work builds in. For wider strategy, our consulting team can help you shape an approach that fits how you actually work.
This is the kind of thing a good managed it support services company should be raising with you before it becomes a problem, not after. If you do not have the internal capacity, outsourcing your IT to an MSP is a fair route, and the case for it is set out in why businesses should consider an MSP for their IT needs.
Frequently Asked Questions
What is shadow AI?
Shadow AI is the use of AI tools that your organisation has not approved, reviewed or configured. It usually becomes a risk when staff use personal or public tools for work and share company data without realising the consequences.
Should we just ban AI tools at work?
A blanket ban rarely works on its own. Staff use AI because it helps them work faster. A better approach is to provide an approved tool, explain the rules and put technical controls behind those rules.
How do staff leak data through AI without realising?
Most leaks are accidental. A staff member may paste a customer list, draft contract, complaint, source code or internal report into an AI tool to improve the wording or save time. The intent is to finish a task, not to expose data.
Can we detect shadow AI usage?
Partly. Standard IT discovery may miss some AI use because it happens through a browser. You need a mix of cloud access controls, browser controls, data loss prevention, logging, staff training and an approved tool register.
Is using a free chatbot a data protection problem in the UK?
It can be if personal data is involved and the organisation has not assessed the tool, its terms, security, retention, processing location and lawful basis. The issue is not simply whether a tool is free. The issue is whether it is approved, governed and suitable for the data being entered.
Is Microsoft 365 Copilot safe for company data?
Microsoft 365 Copilot and Microsoft 365 Copilot Chat can provide enterprise data protection when used with work accounts and configured correctly. That said, businesses still need permissions, sensitivity labels, retention policies, user training and governance. A safe tool still needs safe use.
A Sensible First Step
If you do nothing else, do this. Pick an approved AI tool, write a one-page policy people can actually follow, and put basic technical guardrails behind it. Then train your staff on why the rules exist, not just what they are.
That combination handles the majority of shadow AI risk without turning IT into the team that says no to everything. It gives your people a safe way to use AI, while keeping company data where it belongs.
If you would like help choosing the right tool, writing the policy or putting the controls in place, speak to Northern Star. We will help you give your people a safe way to use AI, so they stop reaching for the risky one.
