A CISO at a UAE financial services firm told us last year that his organisation had "not adopted AI yet." We ran a short discovery exercise. Within a week we could show him that his staff were pasting client data, draft contracts, and internal spreadsheets into a dozen different consumer AI tools every single day. He hadn't adopted AI. His people had adopted it for him, quietly, months earlier, because it made their jobs easier and nobody had given them a sanctioned alternative.

That gap — between what leadership thinks is happening and what's actually happening on employees' screens — is Shadow AI. And in our experience it is now the single most underestimated data-exposure risk in most enterprises.

Why this is not just shadow IT with a new coat of paint

We've dealt with unsanctioned software for two decades. Someone installs a tool that isn't approved, it doesn't get patched, and eventually it becomes a foothold. Annoying, but familiar. Shadow AI is a different shape of problem, and the difference is where the risk lives.

With shadow IT, the danger is usually the software. With Shadow AI, the danger is the data you feed it — and you feed it deliberately, in seconds, with no obvious trace. An employee pastes a customer list into a chatbot to "clean it up." A developer drops proprietary source code in to debug it. A junior analyst uploads a board pack to get a summary before a meeting. Each of those is a data-transfer event to a third party you have no contract with, no visibility into, and often no ability to retrieve from.

The exposure doesn't announce itself. There's no download, no install, no scary popup. Just a person doing their job faster, unaware that the shortcut routed sensitive information somewhere it can be stored, logged, or used to train a model that isn't yours.

Banning it is a policy that fails on contact with reality

The instinct, especially in regulated sectors, is to prohibit. Block the domains, write the memo, be done. We've watched several organisations try exactly this, and it fails the same way every time.

People don't stop using tools that make them dramatically more productive. They route around the block. They use their phones on the office wifi's guest network, or their personal laptops, or a browser extension the proxy doesn't recognise yet. You haven't eliminated the risk — you've made it invisible and pushed it somewhere you can't see. A ban that everyone quietly ignores is worse than no ban, because it gives leadership the comforting but false belief that the problem is handled.

The organisations that manage this well start from a more honest premise: our people are going to use AI, so the question is not whether but how safely.

You cannot govern what you cannot see

This is why discovery has to come first, before policy, before tooling, before the acceptable-use document nobody reads. You need to know what's actually being used, by whom, and for what — and specifically, what kind of data is going where.

A proper Shadow AI discovery exercise answers three questions. Which AI tools and assistants are in active use across the business? What is the data-sensitivity of what's being fed into each? And where are the concentrations of risk — the teams, workflows, or individuals routing the most sensitive material through the least controlled tools?

Once you can see that clearly, governance stops being abstract. You're no longer writing a policy against a hypothetical; you're making specific decisions about specific tools that specific people rely on. That's a conversation that actually goes somewhere.

From discovery to control, without killing productivity

The goal of all this isn't to catch people out. It's to make the safe path the easy path, because that's the only kind of control that survives contact with a busy workforce.

In practice that means a few things working together. Sanction the tools that genuinely add value, with the right data controls and an enterprise agreement that keeps your information out of training sets. Provide an approved alternative for the tasks people were using consumer tools for, so there's somewhere legitimate to go. Put guardrails and data-loss controls at the points where sensitive information would otherwise leave. And monitor usage over time, because the tool landscape shifts monthly and last quarter's inventory is already out of date.

None of that works if it's built on a guess. It only works if it's built on what people are really doing.

The regional angle nobody should ignore

In the UAE, this isn't only a security question — it's a data-protection one. The UAE Personal Data Protection Law places real obligations on how personal data is processed and transferred, and "an employee pasted customer records into a foreign AI service" is, legally, a cross-border transfer of personal data to an uncontrolled processor. For banks under Central Bank expectations, healthcare providers under ADHICS, or any organisation handling resident data, Shadow AI is a compliance exposure hiding inside a productivity habit.

That reframing tends to get attention in the boardroom. It's one thing to say "staff are using AI tools." It's another to say "we have undocumented, ongoing cross-border transfers of regulated personal data, and we can't currently prove otherwise."

Where to start

Don't start with a policy. Start with a look. Find out what's actually in use, classify the data risk honestly, and then make deliberate decisions — sanction, replace, or block — tool by tool, grounded in reality rather than assumption. The organisations that get this right end up more productive and more secure, because they stopped pretending AI wasn't happening and started governing the version of it that already was.

Handle it as a productivity problem, not a discipline problem

One last piece of advice that has nothing to do with technology. When you run discovery and find that half your marketing team has been feeding campaign data into a consumer AI tool, resist the urge to treat it as misconduct. It almost never is. Those people found something that made them better at their jobs, and the fault sits with an organisation that didn't offer them a safe alternative, not with the individuals who filled the gap. We've watched heavy-handed responses backfire badly — staff simply stop being honest about what they use, and your visibility, which you just worked to build, evaporates. The organisations that come out of this well frame it as "here's the approved way to get the same benefit," not "you're in trouble." Bring people with you. The goal is to make the safe path the obvious one, and you don't get there by making the useful path a punishable one. Governance that fights your own workforce loses; governance that helps them do what they were already trying to do, safely, is the kind that actually holds.

If you'd like to see what your own Shadow AI footprint actually looks like before you write a single policy, we can help you find out.