Shadow AI: the tools your team already uses (and the risk)
Ask most security or IT leaders which AI tools their organisation uses, and you will get a short, tidy list: the ones that were formally approved. Ask the same question of individual employees, and the real list is usually much longer: a browser extension someone installed to summarise emails, a free transcription app a manager uses for one-on-ones, a personal ChatGPT account a marketer relies on for first drafts. That gap between the approved list and the actual list is shadow AI, and closing your eyes to it doesn't shrink it.
Why it happens
AI tools are uniquely easy to adopt without anyone noticing. There is often no purchase order, no IT ticket, no install beyond a browser tab and an email address. An employee under deadline pressure who finds a tool that saves them an hour isn't trying to create risk; they are solving their immediate problem with whatever is available, and a formal procurement process is rarely available at 4pm on a Thursday.
Where the risk actually sits
The risk isn't the existence of the tool; it is what goes through it once real data enters the picture. A support rep pastes a customer's account details into a chatbot to draft a reply. A paralegal uploads a contract to get a quick summary. A clinician runs patient notes through a free transcription tool because it is faster than typing. None of that shows up on an approved-vendor list, and none of it gets caught if the vendor changes its data policy six months later, because nobody who owns vendor risk knows the tool is in use at all. There is a second, subtler risk: even for tools that are 'approved' at the brand level, employees often end up on the free or personal tier rather than the business tier that was actually vetted. The same product name can carry a materially different training and retention posture depending on which plan someone happens to be signed up on, a distinction that gets lost the moment someone says 'oh yeah, we use that.'
What doesn't work
Blanket bans tend to backfire. They do not remove the underlying pressure that drove adoption in the first place, so usage doesn't stop; it just moves further out of sight, onto personal devices and personal accounts where there is even less visibility than before. A policy nobody can realistically comply with produces quiet non-compliance, not compliance.
What actually closes the gap
Closing the gap takes four moves. Find out what is really in use, through expense reports, SSO or OAuth app logs, or simply asking teams directly what they have adopted on their own. Build a living register, not a one-time survey, since new tools get adopted faster than any annual review cycle can track, so the register needs to be something people add to as they go. Vet quickly, not eventually: a fast, lightweight risk check (training posture, BAA or DPA availability, SOC 2) beats a slow formal process that people route around out of necessity. And give tier-specific guidance: 'use the Business plan of this tool, not the free one' is often the single highest-leverage instruction you can give, since it fixes the risk without taking the tool away. ModelCharter's AI Tool Risk Directory lets you look up any AI tool's sourced risk facts in seconds, and the team dashboard keeps a living tool register, so shadow AI becomes visible AI instead.
The realistic goal
You are not trying to get to zero unapproved tools; that is not achievable, and chasing it wastes effort that would be better spent elsewhere. The realistic goal is a register that reflects what is actually happening, a fast path to vet new tools as they come up, and clear guidance on which tier of each tool is safe. That turns shadow AI from an unknown liability into a known, managed one. The free AI vendor risk assessment at /ai-vendor-risk-assessment is a good place to start, and the team dashboard's tool register keeps track of everything your team actually uses.