Navigating Shadow AI: Lessons from the Past

The unapproved use of AI tools — known as Shadow AI — can pose significant security and privacy risks. This article explores the phenomenon, the challenges it brings to organizations, and practical steps for addressing the associated risks.

Emil Holmegaard, PhD | Management Consultant at 7N
#

The era of Shadow AI brings both promise and peril. Just as Shadow IT once challenged organizations, the unapproved use of AI tools and models now poses similar risks.

Eager to boost productivity and innovation, some employees may bypass the IT department’s oversight, which can lead to security threats, privacy issues, and poor governance. By learning from the past, we can ensure secure and strategic AI adoption while avoiding the pitfalls of unchecked innovation.

 

Understanding Shadow IT and Shadow AI

Shadow IT and Shadow AI are symptoms of misalignment between management and employees. These phenomena occur when employees use unauthorized technology or AI tools to meet their needs, often due to a lack of provided resources or communication from management.  

 

What is Shadow IT? Shadow IT refers to the use of unauthorized software, applications, or services within an organization. Employees often bypass official channels to access tools they deem necessary for their work, even without IT approval. 

 

What is Shadow AI? Shadow AI extends this concept to artificial intelligence. It occurs when employees independently adopt AI tools, models, or applications without proper oversight. Just like shadow IT, shadow AI emerges because departments cannot wait for executives to make decisions regarding AI adoption. 

 

Why Is Shadow AI on the Rise?

Several factors contribute to the rise of shadow AI: 

 

  1. Urgency and agility: Departments recognize the potential of AI to enhance productivity, streamline processes, and gain a competitive edge. Waiting for centralized decision-making can be slow, so employees take matters into their own hands. 

  1. Availability of AI tools: With the proliferation of AI platforms, libraries, and pre-trained models, employees can easily experiment with AI without formal approval. 

  1. Lack of awareness: Sometimes, employees don’t realize that they’re using AI tools that fall under the shadow AI category. It is unintentional but still poses risks. 

Challenges and risks of Shadow IT and Shadow AI 

IT has played a central role in our daily work activities for the past four to five decades, giving employees a solid understanding of the associated risks and challenges. Even so, shadow IT - systems and tools used outside the company’s formal, approved infrastructure - can introduce specific issues like security vulnerabilities, GDPR violations, and compliance concerns. It also creates the challenge of sub-optimization, where departments implement their own IT solutions, leading to significant cost impacts. In contrast, a centralized approach often provides better cost efficiency and, ultimately, more effective solutions for the business. 
 
When it comes to AI, the risks are even greater, as the lack of subject matter experts (SMEs) within AI in the organization can lead to a poor understanding of these risks, potentially resulting in significant expenses if not managed properly.

Below are some of the key risks: 

 

1. Security and Privacy

Shadow AI can lead to security vulnerabilities. Unapproved AI tools might not adhere to security protocols, exposing sensitive data.

2. Data Governance

Without proper oversight, data quality and governance suffer. Inaccurate or biased data can lead to flawed AI outcomes.

3. Compliance

Organizations must comply with regulations (e.g., GDPR, HIPAA). Shadow AI can inadvertently violate these rules.

4. Fragmented Efforts

Departments working in isolation may duplicate efforts or miss out on synergies.

Solutions to Tackle Shadow IT and Shadow AI 

To address shadow IT and AI, both cultural and technical actions are necessary. Management should empower Enterprise Architects to make swift decisions, enhancing the organization’s agility and adaptability. Additionally, a robust technological foundation is essential to support governance in areas such as transparent and ethical AI. 

Portfolio rationalization (replace AI with IT, and you will have an approach that applies to IT as well)

  • Assess existing AI initiatives: Evaluate ongoing AI projects across departments. Identify redundancies, overlaps, and low-impact efforts. 

  • Prioritize high-value projects: Focus resources on AI initiatives that align with business goals and provide substantial value. 

  • Retire or consolidate: Consider retiring redundant projects or consolidating similar ones to streamline the portfolio. 

Centralized AI governance

  • Business-driven governance: Establish a centralized AI governance body that includes enterprise architects, business leaders, and IT experts. 

  • Business needs alignment: Ensure that governance decisions align with business needs and strategic objectives. 

  • Policy formulation: Develop clear policies for AI adoption, data handling, model deployment, and security. 

  • Oversight and monitoring: Regularly review AI projects, monitor compliance, and adjust governance as needed. 

Navigating the Shadow AI Era Responsibly 

As AI continues to transform organizations, managing shadow AI requires vigilance. By learning from the challenges of shadow IT, we can navigate the shadow AI era responsibly and reap the benefits of emerging technologies. Remember that transparency, collaboration, and proactive governance are key to success. 

Conclusion: Navigating the Shadows 

The dynamic nature of technology adoption brings both challenges and opportunities to the forefront, particularly with shadow IT and shadow AI. Our insights reveal: 

Shadow IT: 

  • Employees often use unauthorized tools to pursue agility and innovation. 
  • This can lead to security vulnerabilities, data governance lapses, and compliance challenges. 
  • Streamlining efforts through portfolio rationalization can be beneficial. 

Shadow AI: 

  • The rise of AI adoption without adequate oversight is noticeable. 
  • Centralized governance and alignment with business objectives are crucial. 
  • A proactive approach is key to balancing agility with responsibility. 

As organizations progress, embracing transparency, collaboration, and strategic decision-making is imperative. Recognizing these ‘shadows’ allows us to leverage technological advancements while protecting our digital ecosystem. 

References: 

 

  • Sondergaard Group: Shadow AI Is Now a Reality — What Are You Doing About It? 
  • MIT Technology Review: The Dark Secret at the Heart of AI 
  • Harvard Business Review: How to Build a Data Science Team 
About the author

Emil Holmegaard, Ph.D.

Emil has a Ph.D. in Software Engineering and over ten years of experience in software development, architecture, and governance of IT projects. He is a software quality and architecture specialist, a management consultant, and a TOGAF certified architect. His passion for analyzing and exploring challenges areas between advanced technologies and business allows him to solve technical issues and help businesses be more agile and profitable.

LinkedIn Contact Emil

Read more about AI

Explore more articles on AI from our in-house expert, Emil Holmegaard, Ph.D.

Comparing AI Language Models
Discover the key features, privacy concerns, and ethical considerations of four leading AI models — ChatGPT, Microsoft Copilot, Gemini, and Claude. By comparing their strengths and trade-offs, it equips organizations with the insights needed to choose the right AI tool.
The Gist of AI Policies
AI offers transformative potential across sectors like healthcare, education, and manufacturing, but its adoption raises challenges like privacy breaches and bias. To address these, robust internal policies are essential for responsible AI development and usage.
AI as a Strategic Asset in Business
Explore how AI is evolving from a buzzword to a strategic asset, reshaping business operations across industries.

This article highlights how businesses can leverage AI architecture and strategic integration to drive growth, enhance decision-making, and maintain a competitive edge in an increasingly digital marketplace.