Here's a conversation I have a lot. Leadership tells me they're "still figuring out their AI strategy" and haven't rolled anything out yet. Then we look at the data. Engineering is pasting stack traces into ChatGPT. Sales is drafting proposals with an AI assistant on last quarter's pricing. Someone in ops uploaded the customer spreadsheet to summarize it. The strategy meeting hasn't happened, but the company is already an AI company. It just isn't a governed one.
This is shadow AI — employees using AI tools nobody sanctioned, usually through personal accounts, on real company data. And it's not a fringe risk anymore. It's the main event.
The numbers are worse than the vibe
The instinct is to treat this as a productivity story with a bit of risk on the side. The data says it's the other way around.
- IBM's 2025 Cost of a Data Breach report found roughly one in five breaches now involve shadow AI, and those breaches cost about $670,000 more on average. The organizations getting hit overwhelmingly had no AI access controls in place.
- Zscaler's ThreatLabz 2026 AI Security Report clocked over 400 million data-loss-prevention violations from ChatGPT alone in a single year, and more than 18,000 terabytes of corporate data flowing into AI apps — nearly double the year before.
The reason this stays invisible is structural: most of it happens through personal accounts on unmanaged tabs. Your firewall doesn't see it, your SaaS security tools don't see it, and it never shows up in a log. The most-cited cautionary tale is still Samsung, which banned ChatGPT internally back in 2023 after engineers pasted confidential semiconductor code into it. That wasn't a sophisticated attack. It was a Tuesday.
Why "just ban it" fails
The reflex is to block the tools. It doesn't work, for two reasons.
First, you lose. People will use AI on their phones, on home laptops, through a dozen new tools a week. A block turns a visible, coachable behavior into a completely invisible one.
Second, you're leaving enormous value on the table. The productivity is real. The goal isn't to stop people from using AI — it's to make sure that when they do, your regulated and confidential data isn't the thing being typed into a box you don't control.
Banning shadow AI doesn't remove the risk. It removes your visibility into the risk. Those are very different outcomes.
What actually matters is data, not tools
The trap is thinking about this as an app problem — approve these five tools, block the rest. New tools appear faster than any allowlist can keep up. Govern the data, not the tool names.
That reframes the whole thing. You don't need to predict every AI product. You need to know what your sensitive data is, where it's classified, and enforce rules on that — regardless of which AI tab it's about to be pasted into.
What I'd actually do
You can get most of the risk under control without a committee or a six-figure platform.
- Find out what's actually in use. Before you write a policy, discover reality — endpoint and browser telemetry, an anonymous survey, a look at expensed subscriptions. You'll almost always find more AI in the building than anyone admitted.
- Write one page of acceptable use, tied to data classification. Not a legal treatise. Plain rules: never paste credentials, customer PII, source code, or anything under NDA into a consumer AI account. Say what's fine (public info, general questions) so the policy is usable, not just a "no."
- Give people a sanctioned option. Most leakage happens because there's no approved path. Provide an enterprise AI tool with a contract that says your data won't train their models and isn't retained — then the safe choice is also the easy choice.
- Put controls where the paste happens. Network-layer tools miss roughly half of this because it lives in the browser. Endpoint or browser-based DLP that can see and block a sensitive paste — regardless of tool or account — is what actually moves the number.
- Focus on the few who move the most. A small fraction of employees drive the majority of sensitive-data egress. Find them, coach them, and you've addressed most of the exposure without policing everyone.
- Use a real framework as scaffolding. You don't have to invent governance. NIST's AI Risk Management Framework (govern, map, measure, manage) and ISO/IEC 42001 give you a defensible structure. And if you touch the EU market, the EU AI Act obligations are already phasing in — being able to show you have controls is quickly becoming table stakes, not a nice-to-have.
The bottom line
Nobody sat down and decided to become an AI company. It happened by copy-paste, one helpful shortcut at a time, while the official strategy was still in draft. Pretending otherwise doesn't buy safety — it just guarantees the first time you learn how AI is being used is when the data's already gone.
Govern the data, give people a safe path, and put a control where the risk actually is. That's a week of work, not a transformation program. The alternative is finding out you were an AI company all along — from the breach report.
- shadow AI
- AI governance
- data loss
- compliance
- NIST AI RMF