Somewhere in your business, quite possibly this week, someone pasted a chunk of work into a free AI tool because it was faster than doing it by hand. A long email, a set of meeting notes, a section of a report, perhaps a client's details. They did not ask, because asking felt like making a fuss about something that obviously saved them twenty minutes. They are almost certainly not the only one.
This is what people mean by shadow AI: real productivity running through tools nobody chose, governed by nobody, with company and client data quietly along for the ride. The honest answer to whether it is an asset or a liability is that it is both at once, which is precisely why a flat ban is the wrong instinct.
Start with the scale, because it is larger than most leaders assume. MIT's 2025 State of AI in Business report found that staff at more than 90% of companies were already using personal AI tools for work, while only around 40% had bought an official subscription. These are survey figures, best read as directional rather than precise, but the direction is not in dispute, and it explains why prohibition fails. A ban removes the permission without removing the demand. The work still has to be done and the tool still saves time, so the usage does not stop; it just moves somewhere you can no longer see it.
Why is shadow AI a liability?
The exposure is straightforward. The moment a client's details or your management accounts go into a free consumer account, you have lost control of where that data sits and how long it is kept, and on many consumer tiers it may be used to train the model. Harmonic Security, an AI-security firm analysing three million prompts in late 2025, found that just over a quarter of the files staff uploaded to AI tools held sensitive information, and that around 57% of that sensitive material was confidential business or legal data: legal drafts, deal documents, financial projections. The cautionary tale people remember is Samsung, which permitted ChatGPT internally in 2023 and within about three weeks had three separate leaks of confidential material, including source code, before reversing course. Scaled to a smaller firm, the same risk is one capable junior, one client file, one paste.
It is worth being clear that not all of this is dangerous. Someone rephrasing a non-confidential paragraph is not the same as someone pasting payroll data, and treating the two identically is part of why staff stop listening. The risk is specific, and so is the fix.
Why is shadow AI also an asset?
Here is the reframe that matters. Your team using AI unprompted is not only a hazard; it is a signal, and a useful one. It tells you people want to work better and have gone looking for a way to do it. Mapping what they already use, and for which tasks, is essentially free market research into where sanctioned AI would pay off fastest: it shows you where the time pressure sits, which tasks feel like drudgery, and where the business has left a gap that staff filled themselves. Ignored, that is risk. Surfaced and channelled, it is a head start.
How do you turn shadow AI from a liability into an asset?
The move is to manage the usage, not to stop it, and to design the risk out of the system rather than rely on everyone remembering the rules under pressure. In practice that means a few unglamorous things:
- Start with an honest, no-blame audit. Ask people what they already use and for what, framed as amnesty rather than investigation. You will learn more than monitoring would tell you, and you will find the workflows worth supporting.
- Give them one good, sanctioned tool, and make it the easy option. Business and enterprise tiers come with proper data-handling terms and do not train on your inputs by default; free consumer accounts generally do neither. When the secure path is also the faster path, usage moves to it on its own.
- Classify your data simply. Three tiers, something like public, internal and restricted, mapped to what may go into which tool. This one step prevents most of the headline mistakes.
- Write the short list of what never goes into a prompt: client details, financial records, HR information, anything confidential. Short enough that anyone could recite it.
- Keep a human check on anything that leaves the business, and for any AI output that informs a decision materially affecting a person, name someone who can review and overrule it. Recent UK data-protection changes expect exactly that kind of meaningful human involvement rather than a rubber stamp.
- Give it an owner and a review date, roughly six months out, since the regulator's detailed AI guidance is still being updated. This is a living document, not a one-off memo.
Kept to a page or two and explained in half an hour, with one good example of a safe prompt and a dangerous one, this does the opposite of slowing people down. It removes the ambiguity that makes cautious staff avoid AI entirely and reckless staff over-share, and it gives everyone permission to use a small, approved set of tools with confidence.
For a professional-services firm the stakes are sharper, because confidentiality is not a compliance checkbox; it is much of what you sell. The reassuring part is that your existing duties already cover this. The Law Society of Scotland, the ICAEW and the SRA have each said, in their own words, that confidential or client information should not go into public, consumer-grade tools, and that the professional, not the model, remains accountable for the output. The legal driver underneath it all is simple: under UK data-protection law your business is the data controller for what your team feeds into these tools, and that responsibility does not shrink because you are small.
One honest limit. Monitoring is not the answer, because most of this happens on personal accounts you cannot see, and heavy surveillance carries its own cost in trust. The durable fix is not to watch people more closely; it is to make the safe path the obvious one.
So, asset or liability? It is whichever you choose to make it. Left unspoken, your team's AI use is a quiet, growing risk. Brought into the open and given a sensible structure, the same behaviour becomes the fastest, most honest map you have of where AI would actually help your business.
Sources: MIT NANDA, The State of AI in Business 2025; Harmonic Security, GenAI in the Enterprise (Q3 2025); Bloomberg (Samsung, 2023); guidance from the Law Society of Scotland, the ICAEW and the SRA on confidentiality and AI. General guidance, not legal advice.