Within Business Adoption
What happens when workers bring their own AI?
When employees lack useful approved AI tools, informal workarounds can spread quickly and create security, quality and governance risks.
On this page
- Why unofficial AI use spreads
- Security and compliance risks from workarounds
- How governed access can reduce shadow AI
Page outline Jump by section
Introduction
As organisations move beyond AI pilot projects, a new governance problem often emerges: employees start using their own AI tools when approved systems are unavailable, restricted, slow to deploy, or less capable than publicly available alternatives. This phenomenon, commonly called “shadow AI”, is not usually driven by malicious intent. It is often a productivity response. Workers face deadlines, see peers using AI successfully, and adopt consumer tools to fill gaps in official technology offerings. The result is a parallel AI environment operating outside normal oversight, creating risks that may be invisible until a security incident, compliance failure, or quality problem occurs. Research from Microsoft and LinkedIn found that widespread workplace AI use is often accompanied by employees bringing their own tools to work, particularly when organisations have not yet provided a clear AI strategy or approved alternatives. [Microsoft]news.microsoft.comSourceMicrosoft and LinkedIn release the 2024 Work Trend Index on the state of AI at work - SourceMay 8, 2024…
Why unofficial AI use spreads
Shadow AI grows when demand for AI assistance rises faster than organisational governance and procurement processes.
In many organisations, employees can access powerful AI systems through a web browser in seconds, while obtaining approval for an enterprise AI tool may take months. This mismatch creates a strong incentive to bypass formal channels. Microsoft research found extensive use of generative AI among knowledge workers, including significant levels of employee-led adoption outside employer-managed programmes. [Axios]axios.comemployees bring their own ai microsoft linkedinThis independent use reflects rapid adoption of AI tools among employees but also underscores fears of job insecurity—53% of AI users wor…
Several conditions make shadow AI particularly likely:
- Approved tools have limited functionality compared with public alternatives.
- Access is restricted to small pilot groups.
- Procurement and security reviews move slowly.
- Employees receive pressure to increase productivity but little guidance on approved AI use.
- Training and support lag behind employee interest.
The mechanism is similar to the earlier rise of “shadow IT”, where workers adopted unauthorised software and cloud services. However, generative AI introduces additional complications because it does not merely store information. It processes, transforms and generates new content, code, analyses and decisions. This makes governance challenges more complex than traditional software adoption. [ManageEngine]manageengine.comOpen source on manageengine.com.
A recurring pattern appears across organisations: employees often know the tools are unofficial, but perceive the productivity benefit as outweighing the immediate risk. Surveys in the UK and internationally have found large numbers of workers using unapproved AI tools, with some citing the absence of a suitable employer-provided option as the reason. [IT Pro]itpro.comOpen source on itpro.com.
Security and compliance risks from workarounds
The most visible shadow AI risk is uncontrolled data exposure.
Many generative AI systems require users to submit prompts containing text, documents, code, spreadsheets or customer information. When workers upload sensitive material into consumer-grade AI services, organisations may lose visibility over where that information is processed, stored or reused. Security specialists consistently identify data leakage as the primary shadow AI concern. [Securiti+2Security Boulevard]securiti.aiWhat is Shadow AI? Risks, Examples, and GovernanceWhat is Shadow AI? Risks, Examples, and Governance - Securiti…
Sensitive information leaves controlled environments
A common scenario involves an employee copying internal material into a public chatbot to obtain a summary, translation or analysis. The action may take seconds, yet it can move confidential information outside established security controls.
Potentially exposed information includes:
- Customer records and personal data.
- Financial information.
- Internal reports and strategic plans.
- Proprietary code and engineering designs.
- Legal, regulatory or contractual documents.
Researchers and security analysts note that many users do not fully understand how different AI services handle submitted information, creating risks around retention, model training and third-party processing. [Securiti]securiti.aiWhat is Shadow AI? Risks, Examples, and GovernanceWhat is Shadow AI? Risks, Examples, and Governance - Securiti…
Compliance obligations become harder to meet
Regulated industries face additional challenges. Financial institutions, healthcare providers, government agencies and other regulated organisations often need audit trails showing how information was handled and how decisions were made.
Shadow AI undermines these controls because:
- Usage may not be logged centrally.
- Data flows may be unknown to compliance teams.
- Outputs may not be reproducible later.
- Regulators may require explanations that the organisation cannot provide.
Data protection, privacy and intellectual property concerns are repeatedly identified by OECD analyses as important governance issues surrounding workplace generative AI adoption. [OECD]oecd.orgGenerative AI and the SME WorkforceGenerative AI and the SME WorkforceApril 29, 2026…
Hidden quality and decision risks
Security is only part of the problem.
When unofficial AI becomes embedded in daily workflows, organisations may unknowingly depend on outputs that have not been validated. Employees may use AI-generated summaries, analyses, code or recommendations in operational processes without formal review standards.
Unlike traditional software, generative AI can produce plausible but incorrect outputs. If shadow AI use remains invisible, managers may not realise where decisions are being influenced by machine-generated content. This creates governance gaps around accountability, accuracy and quality assurance. Analysts increasingly describe shadow AI as a challenge that extends beyond individual tools into hidden workflows and automated processes. [Ecosystm]ecosystm.ioReport: Shadow AI: Risks, Exposure & GovernanceReport: Shadow AI: Risks, Exposure & Governance - Ecosystm…
Why banning AI rarely solves the problem
A purely restrictive response often fails because it ignores the underlying driver: employees are trying to solve real work problems.
When workers believe AI significantly improves productivity, a ban may simply push usage further out of sight. Several industry studies suggest that many employees conceal AI use from employers, making detection and governance more difficult. [PCWorld]pcworld.comMore workers are using AI, but they're ashamed to admit it | PCWorldMore workers are using AI, but they're ashamed to admit it | PCWorldMay 8, 2024…
This creates a paradox. The organisations most concerned about AI risk can unintentionally increase governance risk if they provide no practical, approved alternative. Employees still face workload pressures and continue searching for ways to work faster.
The challenge therefore becomes less about eliminating AI use and more about bringing it into visible, governed environments.
How governed access can reduce shadow AI
The strongest defence against shadow AI is usually not stricter prohibition but better enablement.
When organisations provide capable, accessible and trusted AI tools, the incentive to seek unofficial alternatives falls substantially. Governance experts increasingly argue that shadow AI should be addressed as an adoption problem as much as a security problem. [Ecosystm]ecosystm.ioReport: Shadow AI: Risks, Exposure & GovernanceReport: Shadow AI: Risks, Exposure & Governance - Ecosystm…
Provide approved tools that meet real needs
Employees are less likely to use unauthorised systems when approved tools are:
- Easy to access.
- Comparable in capability to consumer alternatives.
- Integrated into existing workflows.
- Supported by training and documentation.
Research on enterprise AI adoption consistently shows that usefulness and workflow integration are major factors influencing sustained use of approved systems. [arXiv]arxiv.orgGenerative AI in Knowledge Work: Perception, Usefulness, and Acceptance of Microsoft 365 CopilotFebruary 20, 2026…
Create clear usage boundaries
Workers often need practical guidance rather than broad warnings.
Effective governance typically defines:
- Which data may be entered into AI systems.
- Which tools are approved for specific tasks.
- When human review is mandatory.
- How AI-assisted work should be documented.
- What escalation process applies to new use cases.
Clear rules reduce uncertainty and make compliant behaviour easier.
Monitor patterns, not just violations
Organisations that treat every instance of shadow AI as employee misconduct may miss valuable information.
Unauthorised AI usage often reveals unmet demand. If hundreds of employees independently adopt the same tool, that may indicate a legitimate business need. Some governance specialists therefore recommend identifying high-value use cases and bringing them into approved environments rather than focusing exclusively on enforcement. [IT Pro]itpro.comOpen source on itpro.com.
The governance lesson behind shadow AI
Shadow AI is a symptom of a broader organisational reality: AI adoption does not wait for governance to catch up.
When approved tools lag behind employee expectations, workers frequently create their own solutions. The resulting risks extend beyond data leakage to include compliance failures, unreliable outputs, hidden dependencies and reduced organisational visibility. The central governance challenge is therefore not merely controlling AI use but ensuring that safe, effective and approved AI options arrive quickly enough that employees do not feel compelled to build an unofficial AI ecosystem of their own. [Ecosystm+2Source]ecosystm.ioReport: Shadow AI: Risks, Exposure & GovernanceReport: Shadow AI: Risks, Exposure & Governance - Ecosystm…
Amazon book picks
Further Reading
Books and field guides related to What happens when workers bring their own AI?. Use these as the next step if you want deeper reading beyond the article.
Competing in the Age of AI
Explains organizational systems needed to manage AI use at scale.
AI Governance Handbook
Directly covers enterprise AI controls and governance structures.
Cybersecurity and Cyberwar
Provides context for unmanaged technology risks and policy controls.
eBay marketplace picks
Marketplace Samples
Example marketplace items related to this page. Use the search link to explore similar finds on eBay.
Endnotes
-
Source: news.microsoft.com
Link: https://news.microsoft.com/2024/05/08/microsoft-and-linkedin-release-the-2024-work-trend-index-on-the-state-of-ai-at-work/Source snippet
SourceMicrosoft and LinkedIn release the 2024 Work Trend Index on the state of AI at work - SourceMay 8, 2024...
Published: May 8, 2024
-
Source: axios.com
Title: employees bring their own ai microsoft linkedin
Link: https://www.axios.com/2024/05/08/employees-bring-their-own-ai-microsoft-linkedinSource snippet
This independent use reflects rapid adoption of AI tools among employees but also underscores fears of job insecurity—53% of AI users wor...
-
Source: manageengine.com
Link: https://www.manageengine.com/data-security/what-is/shadow-ai.html -
Source: securiti.ai
Title: What is Shadow AI? Risks, Examples, and Governance
Link: https://securiti.ai/what-is-shadow-ai/Source snippet
What is Shadow AI? Risks, Examples, and Governance - Securiti...
-
Source: ecosystm.io
Title: Report: Shadow AI: Risks, Exposure & Governance
Link: https://ecosystm.io/insights/report-shadow-ai-risks-exposure-governance/Source snippet
Report: Shadow AI: Risks, Exposure & Governance - Ecosystm...
-
Source: oecd.org
Title: Generative AI and the SME Workforce
Link: https://www.oecd.org/content/dam/oecd/en/publications/reports/2025/11/generative-ai-and-the-sme-workforce_83bafdfb/2d08b99d-en.pdfSource snippet
Generative AI and the SME WorkforceApril 29, 2026...
Published: April 29, 2026
-
Source: pcworld.com
Title: More workers are using AI, but they’re ashamed to admit it | PCWorld
Link: https://www.pcworld.com/article/2324694/microsoft-more-workers-using-ai-but-theyre-ashamed-to-admit-it.htmlSource snippet
More workers are using AI, but they're ashamed to admit it | PCWorldMay 8, 2024...
Published: May 8, 2024
-
Source: arxiv.org
Link: https://arxiv.org/abs/2602.18576Source snippet
Generative AI in Knowledge Work: Perception, Usefulness, and Acceptance of Microsoft 365 CopilotFebruary 20, 2026...
Published: February 20, 2026
-
Source: oecd.org
Title: www.oecd.org Generative AI for anti-corruption and integrity in government (EN)
Link: https://www.oecd.org/content/dam/oecd/en/publications/reports/2024/03/generative-ai-for-anti-corruption-and-integrity-in-government_9859b6a8/657a185a-en.pdfSource snippet
AI for anti-corruption and integrity in government (EN)May 13, 2025...
Published: May 13, 2025
-
Source: oecd.org
Title: www.oecd.org A I risks and incidents | OECD
Link: https://www.oecd.org/en/topics/ai-risks-and-incidentsSource snippet
risks and incidents | OECD...
-
Source: itpro.com
Link: https://www.itpro.com/technology/artificial-intelligence/microsoft-says-71-percent-of-workers-have-used-unapproved-ai-tools-at-work-and-its-a-trend-that-enterprises-need-to-crack-down-on -
Source: securityboulevard.com
Title: Security Boulevard Shadow AI: Examples, Risks, and 8 Ways to Mitigate Them
Link: https://securityboulevard.com/2025/06/shadow-ai-examples-risks-and-8-ways-to-mitigate-themSource snippet
Security BoulevardShadow AI: Examples, Risks, and 8 Ways to Mitigate Them - Security Boulevard...
Additional References
-
Source: businessinsider.com
Link: https://www.businessinsider.com/sneaky-rise-shadow-ai-workplace-claude-it-2026-5Source snippet
Despite the security risks, many workers feel compelled to use tools like ChatGPT or Claude to stay competitive and efficient, especially...
-
Source: techradar.com
Link: https://www.techradar.com/pro/security/is-shadow-ai-a-threat-to-your-business-report-claims-workers-are-increasingly-more-willing-to-cut-corners-and-take-risksSource snippet
Is 'Shadow AI' a threat to your business? Report claims workers are increasingly more willing to cut corners and take risks | Te...
-
Source: techradar.com
Title: www.techradar.com A new wave of ‘Shadow AI’ is worrying workplaces | Tech Radar
Link: https://www.techradar.com/pro/security/a-new-wave-of-shadow-ai-is-worrying-workplacesSource snippet
new wave of 'Shadow AI' is worrying workplaces | TechRadarOctober 13, 2025...
Published: October 13, 2025
-
Source: youtube.com
Title: You Ask, I Answer: Managing Enterprise Shadow AI?
Link: https://www.youtube.com/watch?v=aK0NPw3HAP0Source snippet
Enterprise AI Governance: Build Secure, Trusted AI at Scale | Module 1.1...
-
Source: youtube.com
Title: 75% of Your Staff Are Already Using AI (Without You Knowing)
Link: https://www.youtube.com/watch?v=EXer1xELb20Source snippet
Bring Your Own AI: Balance Rewards and Risks...
-
Source: youtube.com
Title: Bring Your Own AI (BYOAI): Risks & Opportunities
Link: https://www.youtube.com/watch?v=No8o3H1bYvASource snippet
You Ask, I Answer: Managing Enterprise Shadow AI?...
-
Source: youtube.com
Title: Bring Your Own AI: Balance Rewards and Risks
Link: https://www.youtube.com/watch?v=7FoDtT3o-A8Source snippet
Bring Your Own AI (BYOAI): Risks & Opportunities...
-
Source: youtube.com
Title: Enterprise AI Governance: Build Secure, Trusted AI at Scale | Module 1.1
Link: https://www.youtube.com/watch?v=0uK-cr5qGGc
Topic Tree