Analysis Cybersecurity AI Compliance

Shadow AI: the data leak hiding in your organisation's everyday tools

Across most organisations, employees are pasting customer data, financial records, and confidential strategies into personal AI accounts every working day. Most IT and security teams have no visibility into this. Shadow AI is not a future risk; it is a current exposure combining GDPR liability, IP loss, and compliance failure in a single activity.

CE
Cyvra Editorial Team
Cybersecurity & AI Practice
26 June 2026
8 min read
Key takeaways
  • Between 40% and 75% of employees use AI tools their IT team has not approved, depending on the survey
  • Pasting personal data into a personal AI account almost certainly violates GDPR Article 28, because no Data Processing Agreement exists
  • Many consumer AI tiers use inputs to improve their models; sensitive business information entered this way may not stay private
  • NIS2 and ISO 27001 both require an inventory of information processing tools; AI tools your IT team has not discovered are a control gap
  • Blocking access without providing a sanctioned alternative pushes usage to personal devices, out of reach of your DLP controls

What shadow AI actually looks like in practice

Shadow AI is not a single tool or a deliberate policy violation. It is the accumulated result of thousands of small, individually reasonable decisions. A sales manager drafts a client proposal in ChatGPT because it is faster. A developer asks an AI assistant to review a block of code. An HR professional pastes a job description and a candidate's CV into a free AI tool to help score responses. An analyst summarises a board report using a consumer AI service because your company has not provided an alternative.

None of these people are acting maliciously. They found tools that make their work easier and they use them. The gap between their intent and the risk your organisation now carries is the problem.

Shadow AI is the AI-era equivalent of shadow IT: technology used without IT oversight. With shadow IT, the concern is unsupported systems, unpatched software, and data stored in the wrong place. With shadow AI, your staff are actively inputting sensitive data into external systems. The exposure is immediate and often irreversible.

40-75%
of employees use unsanctioned AI tools, across multiple surveys (Microsoft, IBM, others)
0
DPAs covering most personal AI use, meaning GDPR Article 28 is typically unmet
4%
of global annual turnover: maximum GDPR fine for serious violations

The three risks that matter most

Most shadow AI discussions focus on data security. Three distinct risk categories converge whenever your staff use an unsanctioned AI tool at work, and the compliance exposure runs well beyond a stolen password.

1. GDPR and data protection

GDPR Article 5 requires personal data to be processed lawfully, for a specified purpose, and in a proportionate manner. Article 28 requires that any third party processing personal data on behalf of your organisation does so under a Data Processing Agreement that sets out the purpose, safeguards, and responsibilities. Personal AI account use involves none of this.

When a staff member pastes a customer record, a patient's information, or HR data into a consumer AI service using their personal account, that data goes to a third-party processor with no DPA, no purpose limitation, and often no clarity about where it is stored or which jurisdiction's law applies. GDPR does not care that the employee meant well. Your organisation, as the controller, carries the liability.

Cross-border transfer rules add another layer. Many AI services process data on infrastructure outside the EEA. Without appropriate transfer mechanisms in place, sending personal data to these services may itself constitute a violation, separate from the Article 28 issue.

2. Confidentiality and intellectual property

Beyond personal data, your staff regularly paste commercially sensitive material into AI tools. Source code, acquisition plans, client contracts, pricing strategies, and competitive research all find their way into consumer AI sessions. AI providers operating free or consumer-tier products use conversation inputs to train or improve their models. Data your staff enter may not remain private.

Even where a provider does not train on inputs, the information has left your control. If the provider suffers a breach, if a regulator requests data under a different jurisdiction's laws, or if the employee uses the same personal account for other purposes, the information is exposed in ways you did not anticipate or approve.

Your staff are not trying to leak data. They are reaching for tools that work, tools that were built for consumers and carry no enterprise data governance commitments.

3. Inaccurate outputs used without verification

AI tools produce confident-sounding outputs that are sometimes wrong. When your staff use those outputs in customer-facing documents, compliance filings, or internal decisions without checking them, your organisation carries the accuracy risk. This failure often runs alongside the data exposure: the same person pasting sensitive data in is also the one relying on the output without cross-referencing it.

In regulated sectors the stakes are higher. Incorrect AI-generated content in medical or financial advice can create liability that far exceeds the efficiency gained.

Why GDPR exposure is larger than most teams realise

Article 28 is the GDPR provision most often overlooked in shadow AI discussions. It requires a written Data Processing Agreement with every vendor that processes personal data on behalf of your organisation, setting out the subject matter, duration, nature, and purpose of the processing, the type of personal data and categories of data subjects, and the obligations and rights of the controller.

A member of staff logging into ChatGPT with a personal account has no DPA. You do not know this processing is happening. No purpose limitation exists. No safeguards have been agreed. No deletion schedule is in place. Your organisation is the controller of whatever personal data that employee handles as part of their job. Sending that data to an external AI system is processing it, regardless of what the employee intended.

Key point

A Data Processing Agreement is required for every third-party vendor that touches personal data on behalf of your organisation. Personal AI accounts used by employees carry no DPA. That makes the processing unlawful under GDPR Article 28, and the liability sits with the organisation, not the employee.

Every customer name, employee record, patient detail, and client contact pasted into an unsanctioned AI tool is a potential regulatory event. With 40-75% of your staff using these tools, the volume of incidents is not marginal. It is structural.

Supervisory authorities in Germany, Italy, and Spain have already issued enforcement actions related to AI tools and personal data. The Irish Data Protection Commission, which regulates many large US tech companies operating in the EU, has AI use firmly on its agenda. Informal tolerance is ending.

Where shadow AI hides beyond the obvious

When you think about shadow AI, you probably think about ChatGPT. The actual surface is wider and harder to map.

  • Browser extensions: Grammarly, Otter.ai, and similar tools sit in the browser and read whatever the user is typing or viewing. Many now incorporate generative AI features. The extension has access to everything the employee types, including into internal systems.
  • AI features inside SaaS tools already in use: Notion AI, Slack AI, HubSpot's AI assistant, Canva's Magic Write, and dozens of others ship AI features inside platforms your staff already trust. Because the tool is approved, the AI feature inside it is assumed to be approved too. That assumption is rarely checked.
  • Consumer-tier access to enterprise-branded tools: Microsoft Copilot has an enterprise tier with data residency and DPA commitments, and a consumer tier without them. A staff member accessing Copilot through a personal Microsoft account rather than their work tenant is using the consumer version, regardless of whether your company pays for the enterprise product.
  • Personal devices: AI tools accessed on personal phones and laptops during work hours are invisible to corporate DLP controls. Remote work has made this more common.
  • Voice and meeting tools: AI meeting transcription services such as Fireflies, Otter.ai, and similar tools record and process meeting audio, sometimes including commercially sensitive discussions.
Important

AI features embedded inside already-approved SaaS tools carry the same data risk as standalone AI tools. A staff member using Notion AI, Slack AI, or HubSpot's assistant with personal data creates the same GDPR exposure as one using ChatGPT directly. The approval of the parent tool does not extend to its AI features unless you have reviewed and documented them.

What NIS2 and ISO 27001 require

NIS2 requires in-scope organisations to implement appropriate technical and organisational measures to manage cybersecurity risks, including risks from third-party services. Unapproved AI tools that process sensitive data fall within this requirement. Supervisory authorities under NIS2 can request evidence of how you identify and manage third-party information processing risks. "We did not know employees were using these tools" is not a satisfactory answer.

ISO 27001:2022, specifically Annex A control 5.23 (Information security for use of cloud services) and 5.10 (Acceptable use of information and other associated assets), requires you to maintain a register of information assets and define acceptable use policies. Unapproved AI tools are information assets by use; they process information belonging to or entrusted to your organisation. An AI acceptable use policy is not optional under ISO 27001. It is a control requirement.

If you are pursuing or maintaining ISO 27001 certification, auditors will ask about AI tool governance. A missing documented policy, absent approved tools list, or no evidence of staff awareness will be flagged as a nonconformity.

Building a shadow AI response your employees will actually follow

The instinctive response to shadow AI is to block it. Blocking without providing alternatives drives the behaviour to personal devices, out of reach of any controls you have. The underlying motivation is straightforward: your staff use these tools because they work and you have not given them a sanctioned alternative.

A practical shadow AI programme has seven components, roughly in order of priority.

  1. AI acceptable use policy: A short, clear document telling your staff which tools are approved, what data they can use with each, and what to do when an AI feature appears inside a tool they already use. Keep it to one page with a clear approved-tools list. A ten-page document will not change behaviour.
  2. Approved AI tools list with data-tier guidance: Not all data is equally sensitive. Give your staff a simple framework: public information can go into tool X; internal business information can go into tool Y with a work account; personal data, client confidential information, and source code cannot go into any AI tool without specific approval. Clarity removes the guesswork that currently drives poor decisions.
  3. Data classification: Your staff cannot make good decisions about what to enter into AI tools if they do not know what counts as sensitive. A lightweight classification scheme with clear examples is a prerequisite for the acceptable use policy to work.
  4. Enterprise-grade alternatives: Give your staff access to tools that meet governance requirements: Microsoft 365 Copilot under an enterprise agreement, an enterprise Claude deployment, or products that process data under a DPA and keep it within defined residency boundaries. Remove the reason to use the consumer tier.
  5. DLP monitoring for AI endpoints: Data Loss Prevention tools can detect and log traffic to known AI service endpoints. This does not block use, but it gives you visibility and enables targeted conversations with teams where usage patterns indicate risk.
  6. Audit existing SaaS tools for embedded AI features: Review every tool in your approved software estate for AI features that have been added or are in development. Identify which carry data privacy implications and update DPAs or acceptable use terms. Vendors add AI features on a rolling basis, so this is an ongoing task.
  7. Regular staff awareness, not annual checkbox training: Short, relevant communications tied to specific use cases reach your staff more effectively than a once-yearly module. Link updates to AI tool changes as they happen.

Where to start

Shadow AI is already happening in your organisation. Waiting for a data incident or a regulatory inquiry to trigger action will cost more than addressing it now.

A useful first step is a short staff survey asking which AI tools your people currently use and for what. The results are consistently surprising and give you a concrete picture of where to focus. Policy and approved-tools decisions made from a real evidence base will stick better than those made from assumption.

Three actions are worth prioritising above the others:

  • Publish an AI acceptable use policy, even a brief interim version, before your next staff review cycle. A policy in place limits liability and gives your staff something to refer to.
  • Review your DPA register and identify every AI tool that processes personal data on your behalf. Confirm each one is covered by a written DPA. This is the most direct GDPR risk reduction step you can take.
  • Audit your existing SaaS estate for AI features. Many tools have added capabilities in the past twelve months that were not present when you ran the original vendor assessment. Update your records and, where needed, your DPAs.

Shadow AI is a gap between how your staff work and governance structures designed before these tools existed. Close it with policies your staff can follow and tools that give them a legitimate path to the productivity they have already found on their own.

How Cyvra helps

Cyvra combines security and AI expertise to help organisations understand where shadow AI is happening, assess the GDPR and confidentiality exposure, and build a response your staff will follow, by giving them better tools rather than a blanket prohibition.

  • Shadow AI audit: identify which AI tools your staff are using, including AI features embedded in SaaS platforms your IT team approved for other purposes
  • GDPR Article 28 review: identify which AI services are processing personal data on your behalf without a Data Processing Agreement, and assess the exposure
  • AI acceptable use policy: draft a policy that gives your staff clear guidance on approved tools and permitted data types, distinguishing between use cases rather than issuing a blanket prohibition
  • Approved AI tooling: recommend enterprise-grade alternatives that meet your data governance requirements, so staff have a sanctioned route to the productivity they are looking for
  • Staff awareness training: run targeted sessions that explain data classification in the context of AI tools, not generic annual compliance exercises
  • DLP configuration: configure data loss prevention controls to detect and block sensitive data transfers to unsanctioned AI endpoints

Contact our cybersecurity or AI practice to start with a shadow AI audit.

Frequently asked questions

What is shadow AI?

Shadow AI is the use of AI tools by your staff without the knowledge or approval of your IT or security team. This includes personal ChatGPT accounts, consumer-tier Claude or Gemini access, AI features embedded in third-party SaaS tools, and browser extensions with AI capabilities. Unlike shadow IT, where the concern is unsupported systems, shadow AI means your staff are actively inputting sensitive content into external services with no data governance controls in place.

Does using a personal ChatGPT account at work violate GDPR?

It depends on what data is entered. If a staff member pastes personal data about customers, patients, or employees into a personal AI account, that data goes to a third-party vendor with no Data Processing Agreement in place. GDPR Article 28 requires a DPA for any vendor processing personal data on behalf of a controller. Without one, the processing is unlawful. Your organisation, not the employee, bears the regulatory liability.

Do free AI tools use your inputs to train their models?

Many consumer-tier AI services use conversation history to improve their models, though policies vary by provider and change over time. OpenAI's free tier has used inputs for training unless users opt out. Enterprise tiers and API access typically include contractual commitments that inputs are not used for training. Direct your staff to approved enterprise tools rather than leaving them on personal accounts.

What should an AI acceptable use policy cover?

An AI acceptable use policy should cover: which tools are approved and for which use cases; what data your staff cannot enter into any AI tool (personal data, client confidential information, source code, financial data, M&A information); how to handle AI-generated outputs before using them in customer-facing work; and what to do when an AI capability appears inside a tool they already use. Keep it short enough to read and specific enough to act on.

Talk to Cyvra

Map your shadow AI exposure

We help you identify which AI tools your staff are using, build a policy they will follow, and deploy enterprise tools that give them a compliant alternative.

Get in Touch AI Services

Disclaimer: This article is for general informational purposes only and does not constitute legal, regulatory, or professional advice. Cyvra makes no warranty as to the accuracy or completeness of this content. Readers should seek independent advice appropriate to their specific circumstances. Cyvra accepts no liability for any loss arising from reliance on this content.