In brief
- Shadow AI is staff using AI tools the business has not approved, from free chatbot accounts to AI features quietly switched on inside existing software.
- IBM’s Cost of a Data Breach Report 2025 found that breaches at organisations with high levels of shadow AI cost about US$670,000 more than the global average, and one in five breached organisations reported a breach linked to it.
- The core risk is data leaving your control: customer records, financials, and intellectual property pasted into tools with unknown data handling.
- 63% of organisations in the IBM study had no AI governance policy, so most shadow AI spreads unchecked rather than maliciously.
- Discovery plus an approved alternative works better than a ban. The ACSC recommends a clear AI use policy backed by staff training.
What is shadow AI?
Shadow AI is the use of AI tools inside a business without approval or oversight. It usually looks mundane: a free chatbot account used to draft client emails, a browser extension that summarises documents, a transcription app in meetings, or an AI feature switched on inside software the business already licenses.
It is the same pattern as shadow IT, but it spreads faster. There is nothing to install, the useful tiers are free, and the value is immediate. Staff are not being reckless; they have found something that helps them work and nobody has told them where the boundaries are. In IBM’s Cost of a Data Breach Report 2025, 63% of organisations studied had no AI governance policy at all.
What are the risks for your business?
The main risk is data leaving your control. When staff paste customer records, financials, source code, or contract terms into an unapproved tool, that information is now held by a third party your business never assessed. The ACSC notes that some AI providers may use submitted data to train or refine their models, depending on the subscription and settings. It also cites a 2025 Australian case where a contractor uploaded personal information, including health records, into an AI system, resulting in a notifiable data breach.
Unapproved tools also sit on personal accounts outside your identity systems. There is no audit trail, no way to apply retention or access rules, and no way to cut off access when someone leaves. Among organisations that suffered an AI-related security incident in the IBM study, 97% lacked proper AI access controls.
The costs are measurable. The same report puts the global average breach at US$4.44 million, with high levels of shadow AI adding about US$670,000 on top. There is also a quieter operational risk: AI outputs used in client work without review. AI systems can produce confident, wrong answers, and unapproved tools sit outside any checking process your business has.
How do you find out what staff are using?
Start by asking. A short, blame-free survey of which tools people use and what for will surface most of it, and it signals that the goal is safe use rather than punishment.
Then verify with data you already hold. Microsoft 365 sign-in and consent logs show third-party apps connected to work accounts, DNS and firewall logs show which AI services are being reached from the network, and expense claims show paid subscriptions. Reviewing installed browser extensions closes the loop. A managed IT provider can run this discovery as part of routine monitoring rather than a one-off audit.
What should your business do about it?
A blanket ban rarely works; it pushes use onto personal devices where you have no visibility at all. A more durable response has three parts.
Give staff an approved path. Business plans from the major providers, such as Microsoft 365 Copilot and Anthropic’s Claude, do not use business prompts and data to train their models by default, and add admin controls, audit logs, and central user management. The tool staff are offered should be good enough that the unapproved one loses its appeal.
Set the boundaries in writing. The ACSC recommends an AI use policy that defines which tools are approved and what data must never be entered into them, supported by staff training. Keep it short enough that people read it.
Keep a human in the loop. Require review of AI output used in decisions or client-facing work, and fold new AI tools into your normal vendor assessment before they are adopted, not after.
Where to start
Shadow AI is a visibility problem before it is a policy problem, and most businesses are surprised by what discovery turns up. Sybre helps Australian businesses find unapproved AI use and set up governed alternatives through its Managed IT and AI Enablement services. Contact us to talk through what is already in use in your business.
Frequently asked questions
What is shadow AI?
Shadow AI is the use of AI tools that a business has not approved and usually does not know about, such as free chatbot accounts, browser extensions, or AI features switched on inside existing software.
Is shadow AI the same as shadow IT?
It is the same pattern with a faster spread. Shadow IT required staff to install or subscribe to something. Most AI tools need only a browser and a personal email address, so they appear in a workplace with no procurement step at all.
Should we ban unapproved AI tools outright?
A blanket ban tends to push use further out of sight. Most businesses get better results by providing an approved business-grade tool, setting a clear policy on what data can and cannot be entered, and training staff on both.
Can pasting customer data into an AI tool cause a data breach?
Yes. The ACSC cites a 2025 Australian case where a contractor uploaded personal information, including health records, into an AI system, resulting in a notifiable data breach. Personal information entered into a tool is a disclosure and must be handled accordingly.
