Last month, a compliance officer at a mid-sized healthcare company sent me a Slack screenshot. One of their clinical coordinators had pasted an entire patient interaction log—names, dates of service, insurance details—into ChatGPT and asked it to "summarize the care gaps for my report." The coordinator was using a free personal ChatGPT account. The data was gone. Out the door. Sitting in OpenAI's systems, subject to their data retention policies and training pipelines.
This wasn't a malicious insider. It was someone trying to finish a report before end of day. They saw a tool that could help. They used it. That's shadow AI in 2025.
The pattern I see across regulated industries—healthcare, federal contractors, financial services—is consistent: employees are already using AI tools for work tasks, they're doing it on personal accounts, and they're doing it because your organization either doesn't provide approved alternatives or has made the approval process so cumbersome that workarounds feel inevitable.
Why Shadow AI Is Different From Shadow IT
We've dealt with shadow IT for twenty years. Employees spinning up unauthorized SaaS accounts, sharing files through personal Dropbox, using unapproved collaboration tools. Shadow AI follows the same impulse—people want to get work done—but the risk profile is categorically different.
Shadow IT typically involves storing or transmitting data. Shadow AI involves processing data through third-party models you don't control, often with terms of service that explicitly grant the vendor rights to use inputs for model training. When an employee uploads a contract to a free-tier AI tool to "extract key terms," they're not just storing that contract somewhere unauthorized. They're feeding it into a training pipeline.
The data doesn't just sit there. It gets tokenized, embedded, potentially used to improve the model. Depending on the service and the plan tier, it might be reviewed by human contractors for quality assurance. It might be logged for abuse prevention. The employee thinks they're asking a question. What's actually happening is a unilateral data transfer with no Data Processing Agreement, no Business Associate Agreement, no export control review.
In my experience working with defense contractors subject to ITAR and CMMC, this is the part that keeps general counsel up at night. An engineer pastes a technical drawing or a parts specification into an AI chat interface to generate documentation. If that drawing is export-controlled, you've just violated ITAR. If it's CUI and the tool isn't in your authorized system boundary, you've failed a CMMC requirement. The employee might not even realize what they've done until an auditor asks to see your AI usage logs—which you don't have, because the usage happened outside your environment.
Where Shadow AI Shows Up
The most common pattern is productivity work: summarizing documents, drafting emails, generating reports, writing code. Employees use ChatGPT, Claude, Gemini, Perplexity, or any of the hundreds of smaller tools that have embedded AI features. Microsoft Copilot blurs the line further—it's integrated into tools people already use, so they may not even realize they're invoking an AI service with its own data handling implications.
The Personal Account Problem
Free-tier personal accounts are the biggest exposure. Employees create them with personal email addresses. They use them for work tasks because it's faster than waiting for procurement to evaluate an enterprise agreement. The organization has no visibility into what's being sent, no ability to set guardrails, and no leverage to demand data deletion if something goes wrong.
Even paid personal accounts—employees who subscribe to ChatGPT Plus or Claude Pro out of pocket—don't solve the governance problem. The terms of service still favor the vendor. There's no contract negotiation, no BAA, no data residency guarantees. From a compliance perspective, it's the same risk.
AI Features Embedded in Other Tools
The second pattern is harder to track: AI features that get rolled into tools you already use. Grammarly adds generative writing. Salesforce adds Einstein. Zoom adds AI meeting summaries. Slack adds thread summaries and search enhancements powered by LLMs. Your employees might not think of these as "using AI," but they are. And unless your vendor contracts explicitly address how those AI features handle your data, you're flying blind.
I've reviewed vendor agreements where the AI features were added via a unilateral terms-of-service update, with no opportunity to negotiate data handling terms. The vendor's position: if you don't like it, turn off the feature. But by the time you notice, your employees have been using it for months.
The Compliance and Privacy Exposure
If you operate in a regulated industry, shadow AI creates three categories of risk that auditors and regulators are beginning to focus on.
Unauthorized Disclosure of Protected Data
HIPAA, GDPR, CCPA, state privacy laws—all of them impose obligations on how you handle personal data, health information, or other protected categories. When an employee pastes that data into an unauthorized AI tool, you've likely violated your own data handling policies and potentially triggered a reportable disclosure.
Under HIPAA, if the AI tool is processing protected health information and you don't have a signed Business Associate Agreement, that's a violation even if no breach occurs. The regulation doesn't require harm—it requires contractual safeguards. If you can't produce the BAA, you're out of compliance. I cover the nuances of when AI vendors need to sign BAAs in this breakdown of AI and HIPAA business associate rules.
Loss of Trade Secrets and Competitive Information
This one applies to every organization, regulated or not. Employees inputting proprietary code, customer lists, pricing models, strategic plans, or product roadmaps into third-party AI tools are creating a disclosure risk that's hard to unwind. Some AI vendors have updated their terms to allow customers to opt out of training, but that doesn't address logging, human review, or the fact that the data left your control in the first place.
Samsung famously banned employee use of ChatGPT after engineers uploaded sensitive code. That was the right call, but it came after the exposure. The better approach is to get ahead of it.
Regulatory Frameworks That Explicitly Address AI
The EU AI Act is now in force and applies extraterritorially to U.S. companies offering goods or services in the EU. It imposes obligations on both AI providers and deployers, and "deployers" includes organizations using third-party AI systems for business purposes. If your employees are using unauthorized AI tools to process EU personal data, you're potentially in scope. The compliance expectations around risk assessment, transparency, and human oversight don't disappear just because the AI use was unauthorized. You can read my full breakdown in this explanation of what U.S. companies need to understand about the EU AI Act.
NIST has published the AI Risk Management Framework, which is becoming the de facto standard for federal contractors and organizations in the defense industrial base. If you're building AI governance programs to meet customer expectations or contract requirements, shadow AI is a control failure you'll need to address. Visibility and inventory are baseline expectations. If you can't demonstrate that you know which AI systems are in use, you're not managing risk—you're just hoping nothing bad happens.
And we're beginning to see AI-related provisions in state privacy laws and sector-specific regulations. The trajectory is clear: regulators expect organizations to know what AI tools are being used, how data flows through them, and what safeguards are in place. Shadow AI makes all of that impossible.
Speaking on AI Governance and Regulatory Risk
Carl delivers keynote presentations on AI risk, shadow IT, and compliance for regulated industries. If your leadership team or conference audience is wrestling with how to govern AI without stifling innovation, let's talk.
Book Carl to SpeakHow to Surface Shadow AI Without Creating a Witch Hunt
The goal is not to punish employees. The goal is to understand what's happening and create better paths forward. Most people using unauthorized AI tools are doing it to be more productive, not to skirt policy. If your response is purely punitive, you'll drive the behavior further underground.
Start With Anonymous Surveys and Listening
Before you launch technical controls or policy crackdowns, ask your employees what they're actually doing. Run an anonymous survey. Ask which AI tools they use, what work tasks they use them for, and why they chose those tools instead of submitting a request through IT.
The answers will tell you where the demand is, what friction points exist in your current processes, and which business functions are most at risk. If your legal team is using AI to draft contracts and your procurement process for new software takes six months, you've identified a process problem, not just a compliance problem.
Review SaaS and Network Logs
If you have web filtering, proxy logs, or SaaS management tools, look for AI-related domains: openai.com, anthropic.com, gemini.google.com, perplexity.ai, and the dozens of others. Cloud Access Security Brokers (CASBs) can identify unsanctioned AI tool usage if you've configured them to look for it.
This isn't surveillance for its own sake. It's asset inventory. You need to know what's in use before you can decide what to do about it. If you find widespread use of a particular tool, that's signal: employees need that capability. Your job is to provide it in a way that meets compliance requirements.
Don't Assume Blocking Is the Answer
You can block OpenAI domains at the firewall. You'll stop some shadow AI usage. You'll also frustrate employees, who will find workarounds—personal hotspots, VPNs, mobile apps—and you'll lose visibility entirely. Blocking works for clearly prohibited activity, but if the underlying need is legitimate, blocking just moves the problem.
I've seen organizations block ChatGPT and then wonder why employees started using lesser-known AI tools with worse privacy terms. The behavior didn't stop. It fragmented.
Building a Sanctioned AI Program That People Will Use
The only sustainable solution is to provide approved AI tools with reasonable guardrails. If employees have a legitimate need and you give them a compliant path, most will use it. If you give them nothing, or if the approval process is a six-month odyssey, you're choosing to have shadow AI.
Evaluate and Deploy Enterprise AI Tools
Most major AI vendors offer enterprise plans with meaningful differences in data handling. ChatGPT Enterprise and Team plans don't use inputs for training. Claude for Work offers similar protections. Microsoft Copilot for Microsoft 365 runs inside your tenant with data residency and compliance controls you can configure.
The enterprise versions cost more, but you get what you pay for: Data Processing Agreements, the ability to negotiate terms, audit logs, administrative controls. You can enforce acceptable use policies. You can turn off features that don't meet your risk appetite. You can actually manage the risk instead of pretending it doesn't exist.
If you operate under HIPAA, you'll need a signed BAA. Not all AI vendors will sign one, and not all AI use cases qualify as business associate relationships—but if you're processing PHI, the default assumption should be that you need a BAA unless you've confirmed otherwise with legal. The analysis is more nuanced than most vendors admit. I wrote about the specifics in this guide to ChatGPT and HIPAA risks in healthcare.
Write an AI Use Policy That's Actually Usable
Your AI policy should tell employees what they can and can't do, not just recite principles. "Use AI responsibly" is not a policy. "You may use approved AI tools listed in the IT portal for drafting, summarization, and research tasks; you may not input customer personal data, PHI, export-controlled technical data, or confidential business information" is a policy.
The policy should define categories of data that are off-limits. It should explain how to request access to approved tools. It should clarify what happens if someone uses an unauthorized tool—and the answer should be proportionate. First-time violation by someone who didn't know the rule exists? Training and correction. Repeated intentional violations after clear guidance? Escalation.
If you're building this from scratch, I walk through the structure and key provisions in this article on how to write an AI use policy.
Provide Training That Addresses Real Scenarios
Generic "AI ethics" training doesn't move the needle. Employees need to understand the specific risks in your environment. If you're a defense contractor, they need to know that pasting technical specifications into ChatGPT could be an ITAR violation. If you're a healthcare provider, they need to know that uploading patient data to an unapproved tool is a HIPAA violation even if they're trying to improve care.
Use real examples. Walk through scenarios: "You're drafting a report and want to use AI to summarize your notes. Here's how to do that using our approved tools. Here's what data you can't include. Here's what to do if you accidentally input something you shouldn't have."
Training should also explain why the rules exist. If employees understand the risk—data breaches, regulatory fines, loss of customer trust, contract violations—they're more likely to follow the policy. If it just feels like arbitrary bureaucracy, compliance will be performative at best.
Keynotes That Translate AI Risk Into Action
Carl's keynote presentations help leadership teams and technical audiences understand how to govern AI in regulated environments—without the vendor hype or academic theory. See all keynote speaking topics or reach out about your event.
Book Carl for Your EventTechnical Controls That Actually Help
Policy and training get you halfway. Technical controls close the gap. You want to make the right thing easy and the wrong thing detectable.
Data Loss Prevention for AI Inputs
Modern DLP tools can inspect outbound traffic to AI services and block or alert on sensitive data patterns: Social Security numbers, credit card numbers, patient identifiers, CUI markings, export control warnings. If someone tries to paste a document with a CUI header into a web-based AI tool, your DLP should catch it.
This doesn't prevent all risk—employees can retype information, use mobile devices on cellular, or strip out headers—but it stops the most common and careless exposures. It also creates a paper trail you can audit.
Sanctioned AI Tools Integrated Into Workflow
If employees can access approved AI directly from the tools they already use—Microsoft 365, Google Workspace, Salesforce, your EHR—they're less likely to copy-paste data into external services. The key is reducing friction. If using the approved tool is harder than using the workaround, you'll lose.
API-based integrations can also enforce guardrails. You can configure which data sources the AI can access, what outputs are permissible, and who can use which features. You can log all interactions for audit purposes. This is how you build real AI governance—not as an afterthought, but as part of the architecture.
Monitoring and Logging AI Usage
For approved tools, enable logging. Track who's using AI features, what prompts are being submitted, and what data is being accessed. This is not about spying on employees—it's about having the audit trail you'll need when a regulator or customer asks, "How do you know your AI tools aren't being used to process export-controlled data?"
For unapproved tools, monitor for anomalous network behavior: large uploads to AI service domains, repeated API calls, use of known AI tool endpoints. This won't catch everything, but it gives you visibility into the scale of shadow AI in your environment.
What to Do When You Discover a Shadow AI Incident
Eventually, you'll find out that someone used an unauthorized AI tool and input data they shouldn't have. It might come from a self-report, a log review, or an external tip. How you respond sets the tone for your entire program.
First, contain the exposure. Determine what data was involved, which AI service was used, and whether you have any ability to request deletion. Most AI vendors will respond to data deletion requests if you can demonstrate a privacy or regulatory concern, but don't assume they'll cooperate. Document everything.
Second, assess the regulatory impact. If the data was PHI and there's a reasonable probability of compromise, you may have a HIPAA breach notification obligation. If it was export-controlled technical data, you need to involve your trade compliance office and possibly self-report to DDTC. If it was personal data subject to GDPR or a state privacy law, evaluate whether it qualifies as a notifiable breach. This is where having legal and compliance involved early matters. The decisions you make in the first 24 hours often determine the outcome.
Third, determine whether this was an isolated incident or a pattern. One employee who didn't know the policy is a training issue. A whole department doing it because IT couldn't deliver an approved solution in time is a process failure. The corrective action should match the root cause.
Finally, update your controls. If your DLP didn't catch this, why not? If your policy was unclear, revise it. If employees didn't have an approved tool for the task, fix that gap. Incidents are learning opportunities if you treat them that way. For more on how organizations fail to learn from compliance breakdowns, I wrote about the most common compliance program failures and how to avoid them.
The Broader Governance Question
Shadow AI is a symptom. The underlying problem is that most organizations haven't built a coherent AI governance framework. They're reacting to individual tools and incidents instead of defining how AI fits into their overall risk management and compliance posture.
Good AI governance starts with inventory: knowing what AI tools are in use, who's using them, and what data they process. It includes risk assessment: evaluating which use cases create regulatory, privacy, or security exposure. It requires policy: clear rules that employees can follow without a law degree. And it depends on enablement: providing approved tools and workflows so people can get their jobs done.
If you're in a regulated industry, this isn't optional. The regulatory frontier around AI bias and compliance is already here. The EU AI Act, the NIST AI RMF, sector-specific guidance from HHS and the Department of Defense—all of it assumes you have visibility and control over your AI use. Shadow AI makes that impossible.
For CISOs and compliance leaders, the strategic question is whether you're going to get ahead of this or wait until it becomes a crisis. The organizations that define their AI strategy now—what's permitted, what's prohibited, how risk is managed—will have a defensible program when auditors and customers start asking hard questions. The organizations that ignore it will be scrambling to explain how they let sensitive data flow through unapproved AI tools for months or years without noticing.
What This Means for Leadership
Shadow AI is not a problem you can solve with a memo. It requires investment: in enterprise AI tools, in technical controls, in training, in process improvements that make the compliant path faster than the workaround. It also requires leadership buy-in. If the C-suite is using personal ChatGPT accounts to draft board presentations, your policy enforcement is dead on arrival.
The conversation you need to have with your executive team is about risk tolerance and resource allocation. Are you willing to accept the exposure that comes with unmanaged AI use? If not, what are you willing to spend to manage it? The answer will vary by industry, regulatory environment, and risk appetite, but pretending the problem doesn't exist is not a strategy.
For organizations in healthcare, defense, and other highly regulated sectors, the stakes are higher. A single shadow AI incident involving the wrong kind of data can trigger breach notification, regulatory investigation, customer contract violations, and loss of certification. The cost of getting this wrong far exceeds the cost of building a proper governance program.
The organizations that will succeed in the next few years are the ones that treat AI governance as a business enablement function, not just a compliance checkbox. They'll provide tools that employees actually want to use. They'll set guardrails that protect the organization without crippling productivity. And they'll build the visibility and controls needed to demonstrate—to auditors, regulators, and customers—that they know what's happening in their environment and they're managing the risk.
Shadow AI is happening in your organization right now. The question is whether you're going to surface it, manage it, and turn it into a defensible program—or whether you're going to find out about it the hard way.