Shadow AI – a step too far, or an opportunity?

Opinion
By published

AI is getting baked into departmental processes without proper governance

A robot standing thoughtfully in front of a giant digital display with code on it
(Image credit: Getty Images)

Businesses are facing a new challenge - shadow AI. For decades, enterprise teams struggled with ‘shadow IT’, in which employees would bypass procurement processes and approvals to adopt their own cloud platforms and SaaS apps.

Today, employees are rapidly adopting generative AI, AI copilots, and automation platforms outside of controls put in place by centralized IT department. Teams are unleashing the potential AI, but IT isn’t always aware and that’s creating a real risk related to ‘shadow AI’.

Claire Agutter

Founder of Scopism and author of the SIAM Foundation and Professional Body of Knowledge.

The speed of AI adoption is outpacing governance. Yes, employees should absolutely be experimenting with AI. It can automate manual tasks, help employees focus on higher-value work, and drive better decision-making.

Latest Videos From

The challenge is that companies aren’t always aware of AI usage. Unlike traditional software, AI models and automation tools don’t require significant infrastructure or procurement. Users can adopt new tools right away, without IT’s involvement.

Operational visibility

As adoption grows, AI is getting baked into departmental processes without proper governance or oversight. Companies are no longer just struggling with procurement. They’re struggling with operational visibility.

They don’t know what AI tools their employees are using. They don’t know what data is being uploaded. They don’t know where sensitive data is stored and that leaves companies exposed to operational, compliance, and reputational risk.

Vendor sprawl is creating additional complexity, as it is one of the biggest challenges with unmanaged AI usage. Many companies have woken up to the fact that AI is already being used throughout the business. The problem? They’re trying to simplify operations by adding more AI tools on top of already fragmented technology landscapes.

Every department is procuring different AI platforms. Employees are creating custom automations. Suppliers are dropping AI capabilities into their products with little oversight.

It’s created a disjointed ecosystem of tools, suppliers, and automated workflows. Vendor sprawl is only exacerbated when you throw multiple providers into the mix, such as outsourcing vendors, public cloud platforms, and SaaS vendors, where accountability is divided among parties.

AI blind spots

Add AI into the mix and you’re creating additional blind spots. When an automated workflow breaks, produces incorrect results, or violates compliance standards, who is responsible? The AI model supplier? The underlying software vendor? The automation platform? The person who deployed it? The data source?

If companies don’t have strong governance around AI activity and service integration, these questions will be difficult to answer. AI transformation is an operating model problem, not just tech and many are looking at AI transformation the wrong way. Rather than just trying to deploy AI tech, leaders need to consider how AI tools are used across the business.

Building AI resilience isn’t about using the most AI tools. It’s about building governance, responsibility, and operational resilience into AI activity from the start.

It requires a shift in mentality. IT teams can’t just be gatekeepers anymore. More teams will use AI tools with or without IT approval. Attempting to restrict AI usage will lead to more shadow IT.

IT and IT service management teams need to evolve to focus on service integration, governance, and operational oversight. This includes:

  • Creating transparency into AI usage
  • Setting responsible AI usage guidelines
  • Managing supplier risk
  • Integrating AI into operational workflows
  • Setting accountability for AI-driven decisions
  • Enabling innovation with proper governance

Organizations need end-to-end visibility into AI usage across teams, suppliers, automation tools, and third-party AI services. Without it, there will be cracks that appear in their operational resilience.

Governance will become even more important as regulatory pressure mounts. Governance is only going to become more important as legislators turn their attention to AI. With new regulations like the EU AI Act coming into play, as well as new interpretations of existing data protection legislation, companies are going to be expected to account for how AI tools are monitored, governed, and used.

But most companies are adopting AI long before they have considered AI governance. By the time governing bodies step in to regulate how businesses use AI, businesses will likely be far behind on governance considerations.

Employees may inadvertently share sensitive information through public AI systems. Companies may start using AI-generated content for customer-facing operations without fact-checking or validating quality. Internal decisions may be made by automated workflows with no visibility or auditability.

4 Steps to avoid a shadow AI crisis

It’s not too late for businesses to avoid a shadow AI crisis. However, they need to take action to responsibly manage AI tools and usage.

  1. Understand how AI is being used Gain an understanding of what AI tools are being used across the organization, by who, and for what purpose. This includes informal or department-led initiatives happening outside of IT.
  2. Define responsible usage guidelines Set clear guidelines for responsible AI use, data practices, supplier risk management and accountability. You don’t need to create restrictive approval processes. But you should create practical guardrails for teams to follow.
  3. Treat AI as an operational service AI is increasingly being integrated into business-critical workflows. As such, it should be treated like any other critical service. Define who’s responsible for AI activity, how suppliers are managed, and how security and compliance is enforced.
  4. Approach AI governance as a company-wide initiative AI governance shouldn’t be the sole responsibility of IT. Procurement, security, HR, operations, legal, and executive leadership all need to work together.

The reality is organizations don’t need to fear AI. But a starting point is recognizing how unknowingly they’re already losing visibility and control around the technology that’s increasingly powering their business.

We've featured the best AI chatbot for business.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

TOPICS
Claire Agutter

Founder of Scopism and author of the SIAM Foundation and Professional Body of Knowledge.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.