Shadow AI is the unapproved use of artificial intelligence tools by your staff — pasting company data into ChatGPT, running client calls through a free transcription app, installing a browser AI extension — without IT knowing or approving it. It is happening in your business right now, whether you have a policy or not.
The instinct is to ban it. That fails. This post covers what shadow AI actually looks like, the real risks, how to find what is already in use, and how to give staff a safe option instead of a locked door.
What shadow AI actually is
Shadow AI is the AI cousin of shadow IT — staff using software the business never sanctioned. The difference is that AI tools are free, browser-based, genuinely useful, and they ingest whatever you feed them. That makes adoption fast and the data exposure quiet. In a typical Melbourne SME it shows up as:
- Public chatbots — staff pasting contracts, client emails, financials or source code into the free tiers of ChatGPT, Google Gemini or Claude to summarise, rewrite or debug.
- Free transcription tools — meeting bots that join Teams or Zoom calls and quietly record and transcribe board meetings, HR discussions and client briefings to a third-party server.
- Browser AI extensions — Chrome and Edge add-ons that promise to “summarise this page” while reading everything on screen, including data inside your line-of-business apps.
- AI features bolted onto consumer apps — note-takers, design tools and PDF readers that have added an AI feature most users never think twice about.
None of this is malicious. It is a marketing manager hitting a deadline, an accounts clerk speeding up a reconciliation, a salesperson who wants their call notes written for them. The intent is fine. The data trail is the problem.
The real risks
The risks are concrete, and several carry legal weight in Australia.
Confidential and customer data leaving the business
When someone pastes a client list, a draft contract or a spreadsheet of personal details into a public AI tool, that data has left your control. On free and consumer tiers you generally have no contractual data-handling guarantees, no Australian data residency, and limited ability to demand deletion. Once it is out, it is out.
Your data becoming training data
Several consumer AI services reserve the right to use submitted content to improve their models unless you are on a paid plan that explicitly opts out. A confidential prompt today could influence an answer given to a stranger tomorrow. For a law firm, an accountant or anyone handling commercial-in-confidence material, that is a genuine professional problem.
Intellectual property and privacy breaches
Feeding proprietary code, product designs or unpublished strategy into an external tool can weaken your claim over that IP. More seriously, if the data includes personal information — names, contact details, health or financial records — you are likely engaging the Privacy Act 1988 and the Australian Privacy Principles, which require reasonable steps to protect personal information and to control offshore disclosures. A staff member uploading a customer database to a US-hosted chatbot can put you on the wrong side of those obligations, and a serious breach is reportable to the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches scheme.
Inaccurate output, trusted blindly
The risk that gets least attention is the most common in practice. AI tools produce confident, fluent answers that are sometimes wrong — fabricated case citations, invented figures, misremembered policy. When staff paste that output straight into client advice, a board paper or a compliance document without checking it, the error is now yours. The tool does not sign off on the work; your business does.
Why banning it outright fails
The first reaction from a nervous business owner is “block all of it”. It does not work, for three reasons.
First, the tools are too accessible. You can block a domain on the corporate network, but staff will use their phone, home laptop or personal browser profile. You have not removed the risk; you have just lost sight of it.
Second, AI genuinely makes people faster and your competitors are using it. A blanket ban tells your best people the business is behind, and they will route around it.
Third, a ban with no sanctioned alternative guarantees the worst outcome: people still use AI, but only the unmonitored consumer versions, because you gave them nothing else. The goal is not zero AI. It is governed AI — the same logic that underpins sensible cyber security everywhere else.
How to discover what is already in use
You cannot govern what you cannot see, and most businesses have no idea how deep shadow AI already runs. Three practical ways to find out:
- SaaS and cloud app discovery (CASB) — a Cloud Access Security Broker, or the app-discovery capability in Microsoft Defender for Cloud Apps, inventories which cloud services staff sign into and ranks them by risk. The fastest way to see that thirty people are logging into AI tools you never approved.
- Network and DNS logs — your firewall and DNS resolver already record outbound connections. Filtering for known AI domains shows traffic volume and which devices generate it, even before you have a CASB in place.
- Conversations — the most underrated method. Ask teams, without blame, what AI tools they use and why. People are usually happy to tell you, because they do not see it as a security issue. That honesty tells you where to provide a safe option.
A construction firm in Box Hill we work with ran exactly this exercise. A discovery scan plus a few honest conversations turned up four AI transcription tools quietly joining site-coordination meetings, and two project managers pasting subcontractor agreements into a public chatbot to summarise variations. Nobody was acting in bad faith. They simply had no sanctioned tool and no rule telling them where the line sat.
Building a sane AI position
The fix is a short, clear acceptable-use position backed by a real alternative — not a 40-page policy nobody reads.
A short acceptable-use position
Write a one-page AI acceptable-use statement that answers the questions staff actually have: which tools are approved, what data must never go into a public tool (client personal information, financials, contracts, anything under NDA), and that AI output must be checked by a human before it is used in client work. A policy people understand is worth ten they ignore.
Provide a sanctioned, safe option
This is the part most businesses skip, and the part that makes the policy stick. Give staff an enterprise-grade AI tool with proper data protections — most commonly Microsoft 365 Copilot, which operates inside your tenant, respects existing permissions, and does not use your prompts to train public models. When people have a fast, sanctioned tool that works, the pull towards consumer apps drops sharply.
The catch is that Copilot surfaces anything the asking user can already reach, so loose permissions become a liability the moment you switch it on. That is why governance comes first, and why conditional access policies matter for controlling which devices and users can reach these tools at all. The data-governance groundwork sits alongside the rest of your Microsoft 365 setup.
The governance and DLP layer
A policy tells people what to do; technical controls back it up when they forget. This is the AI data governance layer, and for Microsoft 365 businesses it largely lives in Microsoft Purview.
Two Purview capabilities do most of the work:
- Sensitivity labels — tagging documents as Confidential or Highly Confidential, with encryption on the top tier, so the most sensitive data is marked and protected before any AI tool can touch it.
- Data Loss Prevention (DLP) — rules that detect sensitive content (Tax File Numbers, Medicare numbers, credit card numbers, client records) and warn or block when someone pastes or uploads it to an unsanctioned destination. Endpoint DLP extends that to the browser and clipboard, which is precisely where shadow AI lives.
Start DLP rules in audit-only mode for a fortnight, tune out the false positives, then move the high-risk ones to block. Turn everything to block on day one and you will have the finance team locked out of legitimate work by Tuesday.
| Concern | Consumer AI (free tier) | Sanctioned enterprise AI |
|---|---|---|
| Data residency / control | Usually offshore, no guarantees | Inside your tenant, contractual terms |
| Used to train public models | Often, unless opted out | No |
| Respects existing permissions | No concept of them | Yes |
| Auditable | No visibility | Logged via Purview audit |
| DLP enforceable | No | Yes |
Staff training closes the loop
Tools and policies fail without the why. A thirty-minute session showing real examples — what happens to a contract pasted into a free chatbot, why the transcription bot in the board meeting is a problem, how to use the sanctioned tool instead — changes behaviour far more than a signed policy ever will. The message is not “AI is dangerous, stop”. It is “AI is useful, here is how we use it safely”. Train people to treat AI output as a draft to verify, never a finished answer.
Frequently asked questions
Is using ChatGPT at work illegal in Australia?
Using it is not illegal. The risk is what you put into it. If staff feed personal information into a public AI tool, you may breach the Australian Privacy Principles, particularly the rules on protecting personal information and disclosing it overseas. A serious breach can trigger reporting obligations to the OAIC. The tool is fine; uncontrolled data going into it is the problem.
Does Microsoft 365 Copilot solve the shadow AI problem?
It removes most of the pull towards consumer tools by giving staff a fast, sanctioned alternative that keeps data inside your tenant. It does not replace governance. You still need sensitivity labels, sensible permissions and DLP, because Copilot surfaces whatever the user can already access. Provide the safe tool and govern the data underneath it.
What is the first thing we should do about shadow AI?
Find out what is actually in use. Run a SaaS discovery scan or check your DNS logs, and have a few honest conversations with staff. You cannot write a sensible policy or pick the right sanctioned tool until you know what problem people are solving and which tools they have reached for.
Where to start
Shadow AI is not a reason to panic, and certainly not a reason to ban a technology your staff find useful. It is a reason to look. Find out what is in use, write a one-page position people will follow, give them a safe enterprise tool, and back it with Purview labelling and DLP. That sequence — discover, sanction, govern, train — turns an invisible risk into a managed one.
TechAssist has run Microsoft 365 and security for Melbourne SMEs since 2014, with thirteen Australian-employed engineers and a 24/7 NOC in Tecoma. If you would like a hand finding what is in use and putting a sane AI position in place, get in touch with TechAssist. We will tell you plainly what is happening, what to allow, and what to lock down.