Guide · Shadow AI

Shadow AI, explained

Your staff are already using AI tools you haven't approved — pasting work into a chatbot, often on a personal account or phone. That's shadow AI, and in most organisations it's closer to the norm than the exception. The instinct is to ban it. That's the one response the evidence says fails.

What it is

Shadow AI is employees using AI tools at work that the organisation hasn't approved, monitored or risk-assessed. It's the successor to "shadow IT" — but faster and far harder to see. A chatbot needs no installation and no procurement: just a browser tab and a deadline.

How common it really is

It's not a fringe problem.

55–75%
of knowledge workers use AI tools their employer hasn’t sanctioned
78%
bring their own AI tools to work (BYOAI)
57–59%
actively hide their AI use from their employer

Figures from 2025–2026 workplace research (Microsoft's Work Trend Index, KPMG, Harmonic Security and others). Much of this use runs on personal accounts and phones — where your IT team can't see it: by some estimates, under 15% of the AI in use is visible to IT at all.

Why it happens

It's a signal of unmet need — not bad employees.

Staff reach for AI because of real performance pressure: they're asked to do more, faster. Researchers call it "shadow user innovation" — people quietly building better ways to work. They hide it (around 57%) out of fear: of looking like they cheated, of being seen as replaceable.

That changes the maths. Treat shadow AI as misconduct and you don't stop it — you just push it deeper underground, where you can neither see the risk nor learn from the innovation. The goal isn't to catch people. It's to make the safe way the obvious way.

The strategic choice

Three ways to respond.

Every organisation lands on one of three — knowingly or by default.

Ban

Block it

Feels safe; fails in practice. Blocking the websites just moves use to personal phones and accounts. You lose visibility — not the risk.

Tolerate

Do nothing

The risk compounds silently: client data in unknown tools, no oversight, no records, no idea what you'd tell a regulator or a buyer.

Enable

Channel it

The workable one. Give people good tools officially, set clear rules they can follow, and turn the energy already there into a sanctioned, safer path.

What actually works

No single fix — a few layers that reinforce each other.

Enabling isn't a free-for-all. It's defence-in-depth: capture the demand, make the safe route effortless, catch the slips, and keep learning.

  1. 01 Give people the toolsProvide proper enterprise AI accounts — commercial terms, your data not used to train the model. This removes the main reason staff go elsewhere.
  2. 02 Make the safe path the easy pathSingle sign-on, one click. If the sanctioned tool beats the public chatbot on convenience, people use the sanctioned one.
  3. 03 Catch accidental leaksContent checks where prompts are sent — a virus-scanner for prompts, not productivity surveillance. It stops the data, not the work.
  4. 04 Build real AI literacySo staff know what’s safe to paste and why. People who understand how a tool handles their input leak far less than people who’ve only been told “AI is risky” — structural understanding beats a once-a-year awareness slide.
  5. 05 Keep learning from what’s leftTreat the AI people still reach for as a backlog of unmet needs, not a list of offenders: sense what’s used, pilot the best, scale what’s safe. Every workaround is a feature request.
Give people a rule they can actually follow. A simple traffic light beats a forty-page policy: green — go ahead in any tool; amber — sanctioned tools only; red — never put this in any AI. People can hold three colours in their head; they can't hold a binder.
The Luxembourg layer

In regulated Luxembourg sectors this isn't optional. A 2025 CSSF review of the financial sector found roughly 64% of institutions let staff use public generative AI — and about 60% of those have no dedicated policy for it. The data-protection regulator, the CNPD, has been blunt about consumer tools: don't enter personal or confidential data into a public AI interface, because prompts may be recorded, transferred and analysed without safeguards. And professional secrecy (Article 458 of the Criminal Code) means client data dropped into a public chatbot can be a criminal exposure, not merely a policy breach. For banks, PFS and law firms, managed enterprise tools are effectively the only compliant home for client-matter content.

How Kramer Consulting helps

Surface it without a witch-hunt.

We find what your team is really using, zone it by risk, and channel it into sanctioned, safer alternatives — then build the role-based AI literacy that keeps it that way. No surveillance theatre, no blame. The aim is a workforce that adopts AI confidently, on tools you can stand behind.

See the governance advisory The Shadow AI seminar

Find out what your team is really using.

Without the witch-hunt. An honest read, no pitch.

Book a discovery call Read the governance guide
Keep reading

Related guides

HR & Talent

AI for HR, talent & L&D

From easy wins to the hiring decisions the AI Act treats as high-risk — and the trap of using a chatbot as a judge.

Read the guide Governance

AI governance, explained

What it is, why it pays for itself, and how to make it live in your people instead of a binder nobody reads.

Read the guide

All guides