Like all technology-related things, shadow IT has evolved. No longer just a SaaS app handling some worker’s niche need or a few personal BlackBerries snuck in by sales to access work files on the go, shadow IT today is more likely to involve AI, as employees test out all sorts of AI tools without the knowledge or blessing of IT. The volume of shadow AI is staggering, according to research from Cyberhaven, a maker of data protection software. According to its spring 2024 AI Adoption and Risk Report, 74% of ChatGPT usage at work is through noncorporate accounts, 94% of Google Gemini usage is through noncorporate accounts, and 96% for Bard. As a result, unauthorized AI is eating your corporate data, thanks to employees who are feeding legal documents, HR data, source code, and other sensitive corporate information into AI tools that IT hasn’t approved for use. Shadow AI is practically inevitable, says Arun Chandrasekaran, a distinguished vice president analyst at research firm Gartner. Workers are curious about AI tools, seeing them as a way to offload busy work and boost productivity. Others want to master their use, seeing that as a way to prevent being displaced by the technology. Others became comfortable with AI for personal tasks and now want the technology on the job. Those reasons seem to make sense, Chandrasekaran acknowledges, but they don’t justify the risks that shadow AI creates for the organization. “Most organizations want to avoid shadow AI because the risks are enormous,” he says. For example, Chandrasekaran says, there is a good chance that sensitive data could be exposed, and that proprietary data could help an AI model (particularly if it’s open source) get smarter, thereby aiding competitors who may use the same model.

Full report : Using unsanctioned AI in the workplace is putting company data, systems, and business relationships at risk.