The rapid rise of AI tools like Copilot, ChatGPT and DeepSeek has led to a growing phenomenon known as the shadow use of AI in the workplace. Employees are increasingly using AI-driven applications to boost productivity, generate content, write code, and automate tasks, often without their employer’s knowledge or approval. According to Microsoft and LinkedIn, 75% of knowledge workers are already using generative AI in the workplace (Microsoft and LinkedIn 2024). This can lead to efficiency gains, but it also introduces significant risks, including data security threats, compliance violations, and potential inaccuracies in AI-generated outputs. To manage these risks, organisations must take a proactive approach that includes clear policies, employee education, and secure AI governance. A recent news article published by the BBC, titled ‘Why employees smuggle AI into work’ (BBC February 2025) not only highlights how employees see the tangible benefits of AI but also stresses the real damage that can be caused to an organisation by either failing to mitigate the risk or by shutting it down altogether. You don’t want to be that organisation that gets left behind.  

Risks of Shadow AI Usage 

1. Data Security and Compliance Issues 

Employees may unknowingly input sensitive company data, personally identifiable information (PII), or confidential intellectual property into AI tools. If these tools operate on cloud-based platforms without proper data protections, sensitive information could be exposed to third parties or used to train future AI models, risking compliance breaches. 

2. Inaccurate or Misleading AI-generated content 

AI tools, while powerful, are not infallible. They can produce incorrect, biased, or misleading information. If employees rely on AI-generated content without verification, the business risks reputational damage, poor decision-making, or even legal liability. 

3. Lack of Accountability and Control 

When AI is used outside approved processes, IT teams lose visibility over how data is handled and how AI-driven decisions are made. This can create gaps in compliance, making it difficult to audit AI use and ensure it aligns with business policies and regulations. 

4. Intellectual Property and Licensing Risks 

AI-generated content may not always be free to use. Some AI models generate outputs based on copyrighted materials, leading to potential legal disputes if employees unknowingly use AI-generated text, code, or images in business-critical projects. 

How You Can Minimise the Risks 

1. Develop Clear AI Usage Policies 

Organisations should establish clear guidelines on which AI tools are approved, how they should be used, and what data can and cannot be entered into them. Policies should also define accountability for AI-generated work to prevent issues related to misinformation or copyright infringement. 

2. Provide Secure, Approved AI Tools 

Instead of banning AI outright, companies should offer secure, enterprise-grade AI tools that are vetted for compliance and data security. Microsoft Copilot, for example, integrates AI directly into the Microsoft 365 suite of workplace tools while keeping data within the organisation’s security perimeter. 

3. Educate Employees on AI Risks and Best Practices 

Many employees use AI tools simply because they see them as helpful, without realising the risks. The correct adoption strategy can help employees understand the dangers of shadow AI usage and encourage them to use approved alternatives. 

4. Implement AI Governance and Monitoring 

IT, Security and Compliance teams should monitor AI usage within the organisation to detect unapproved tools and mitigate risks. This can be done through network security policies, AI usage tracking, and integrating AI risk management into existing cybersecurity frameworks. 

5. Encourage Ethical and Responsible AI Use 

Companies should foster a culture of responsible AI use by setting ethical guidelines on bias, transparency, and accountability. Encouraging teams to critically assess AI outputs and validate information before using it in business decisions can reduce reliance on unverified AI-generated content. 

By taking a proactive approach, organisations can harness the benefits of AI while mitigating the risks associated with its shadow use.  

So how do you get started on the AI journey?  

Take advantage of Applicable’s free Microsoft CoPilot Assessment and Planning advisory session!  

In the session we’ll cover: 

1. How ready you are to implement Copilot and the benefits that it can bring to your organisation, like empowering your users and improving your business processes. 
2. We’ll show you how to fully realise the benefits of Copilot while helping you plan for robust security and governance. 
3. We’ll take you through Copilot’s security features, including data encryption, access controls and threat detection.  
4. We’ll explore how you can use these features to protect sensitive information and mitigate any potential risks. 
5. We’ll also discuss governance strategies to ensure AI is in line with your compliance and privacy requirements and ethical standards. 
6. We’ll also look at how can you empower employees to use Copilot confidently, ethically and to maximise its potential. 

Need expert guidance?  Book a free advisory session in the contact form below.

60% of managers worry that the leadership of their organisation lacks a plan and vision to implement AI (Microsoft and LinkedIn 2024). Don’t be one of those organisations! 

Microsoft and LinkedIn 2024: Work Trend and Index Annual Report, Available at https://www.microsoft.com/en-us/worklab/work-trend-index/ai-at-work-is-here-now-comes-the-hard-part 

BBC February 2025: Why employees smuggle AI into work, Sean McManus, 4th February 2025, https://www.bbc.co.uk/news/articles/cn7rx05xg2go#comments