Shadow AI Undermines Corporate Governance

Despite growing concerns about data privacy and security, the use of unauthorized AI tools in the workplace, known as “shadow AI,” is rising sharply. Doug Austin, founder of eDiscovery Today, discusses a new ManageEngine study that reveals employees are adopting generative AI tools outside of formal guidelines and sanctioned tools, creating serious governance and risk challenges. 

The study shows that even with formal AI policies in place, unauthorized use is now common. Compared to a year ago, 60% of employees are using unapproved AI tools. Notably, 93% of employees admit to entering information into AI tools without authorization, and over one-third have shared either confidential client data or internal company information.

Employees primarily use shadow AI for productivity tasks such as summarizing meetings, brainstorming ideas, and analyzing data. Additionally, they are using personal devices for AI tasks, which further complicates oversight. Many organizations remain unprepared, with just 54% reporting that they have AI governance frameworks in place. 

IT leaders, legal professionals, and employees agree on possible solutions such as integrating approved AI tools into regular workflows, setting clear usage policies, and maintaining a vetted list of tools. Employees, for their part, want fair, practical guidelines, relevant official tools, and better risk education.

The continued growth of shadow AI suggests that outright bans are ineffective. As one legal professional noted, even companies with strict “no AI” policies can’t realistically prevent use altogether. To regain control, organizations must act swiftly to implement governance that strikes a balance between innovation and accountability.

According to Ramprakash Ramamoorthy, director of AI research at ManageEngine, “Shadow AI represents the most significant governance risk and the biggest strategic opportunity within an organization.” What is needed is a shift from playing defense to proactively building transparent, collaborative, and secure AI ecosystems that employees feel empowered to use.”