Shadow AI: your organization uses more AI than you think

Ask any executive team how many AI systems their organization uses, and the answer is often a hesitant "a handful". Ask the people doing the actual work, and the picture shifts entirely.

The marketing team runs copy through a generative AIgenerative AIAI systems that produce new content — text, images, audio, code — rather than only classifying or predicting. Large language models are the prominent example.Open full entry → model. An HR employee uses a convenient CV screening tool. Finance has an Excel plug-in with "smart" predictions. Customer service relies on a chatbot provided by a vendor. And somewhere, a team is running its own workflow on top of a foundation modelfoundation modelA model trained on broad data at scale that can be adapted to many downstream tasks; called a general-purpose AI model in EU AI Act terminology.Open full entry →, well outside IT's line of sight.

Welcome to Shadow AIshadow AIAI tools adopted by staff or business units outside official channels and governance — the predictable product of processes that are too heavy or too slow.Open full entry →: the totality of artificial intelligence used within your organization without being centrally known, approved, or managed. It is the direct successor to Shadow IT, but with a fundamentally higher riskriskIn the EU AI Act's terms, the combination of the probability that a harm occurs and the severity of it if it does. The link between a principle (via the harm that would breach it) and a control (the measure that reduces it). Naming the harm and assessing its risk is required by Art. 9 before any mitigation measure is chosen. See harm, control, residual risk.Open full entry → profile. Under the EU AI Act, this is no longer merely a management problem, it is an acute compliance risk.

The three faces of shadow AI

To address Shadow AI effectively, you need to recognize the forms it takes on the ground.

Deliberately acquired, unreported tools. A department procures an AI service on its own, typically a SaaS subscription that falls just below the threshold for procurement or IT approval. The system works, delivers results, and is never reported.

AI embedded in existing software. This is the stealth variant. Your established vendor adds AI functionality to a product you have used for years, the "summarize" button in your meeting software, predictive analytics in your CRM, automatic sorting in your email client. You do not need to purchase a new AI product to become a deployerdeployerAn organization using an AI system under its own authority in its activities — carrying operator duties: use per instructions, oversight, input relevance, monitoring, notices.Open full entry → under the law. The obligation arises without any active decision on your part.

Internally built experiments. A technically skilled employee builds a script or workflow on top of a foundation model. This may seem harmless, but building a custom application can legally transform your organization from a deployer into a providerproviderThe actor who develops an AI system (or has it developed) and places it on the market or into service under its own name — carrying manufacturer-style duties: design controls, documentation, conformity.Open full entry →, with considerably heavier statutory obligations as a result.

Why this is a compliance problem, not an IT problem

With Shadow IT, the primary risk was typically a data breach or uncontrolled license costs. With Shadow AI, a serious legal dimension is added on top.

You cannot govern what you do not know exists. The EU AI Act imposes concrete obligations on deployers: human oversighthuman oversightDesigned-in human ability to monitor, intervene in, override or shut down an AI system — meaningful only when the human has authority, information and time to act.Open full entry →, transparencytransparencyOpenness about the fact that AI is used and how it operates in general: disclosures, documentation, notices. Pairs with explainability, which addresses individual outcomes.Open full entry → towards those affected, log retention, and, for high-risk applications, a fundamental rights impact assessmentfundamental rights impact assessmentAn assessment that certain deployers of high-risk AI must perform to identify and mitigate the system's risks to people's fundamental rights.Open full entry →. None of these obligations can be met for a system whose existence is unknown to you.

The burden of proof rests with you. When a supervisory authority comes knocking, or when an individual challenges an AI-assisted decision, your organization must demonstrate through documentation that it is in controlcontrolThe concrete, testable measure that reduces a specific risk, and through that risk protects the principle behind it. Also called a risk management measure, risk response, or risk treatment. Always traceable to the risk it addresses: under EU AI Act Art. 9 every control must map back to a specific risk, and controls recorded separately from their risks is a recognized compliance failure. It works in one of three types: preventive, detective, or corrective. See risk, control types, evidence.Open full entry →. "We were not aware that department was using that" is not a defense, it is an admission that your governancegovernanceThe system through which an organization steers itself: corporate governance, risk management, compliance, lines of accountability, risk appetite, and the operating model. It exists across everything the organization does, before and beyond AI. AI governance is this same system extended for AI. See AI governance, governance design, execution level.Open full entry → framework has failed.

Risk scales with the application. An employee using AI to rewrite an internal memo represents a manageable risk. An HR department quietly using a CV screening tool is operating in a high-risk category (Annex IIIAnnex IIIThe EU AI Act's list of high-risk use-case areas — biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, justice.Open full entry →), with all the substantial compliance obligations that entails. The most dangerous aspect of Shadow AI is not the known, visible application, it is the system that no one in the boardroom knew fell under the most stringent category of the regulation.

From blind spot to managed register

Addressing Shadow AI requires an ongoing process, not a one-time cleanup. Four steps form the core.

Step 1: Inventory broadly, not narrowly.
Asking only "which AI tools have we purchased?" will miss embedded AI and internal experiments entirely. Instead, ask your organization about concrete behaviors: "Which software makes predictions, generates text, or supports your decisions?" That framing surfaces significantly more.

Step 2: Engage the workforce, not just IT.
IT cannot map the blind spots by definition, precisely because these are systems that operate outside the network. A structured consultation with department heads will yield more than a technical scan. Make clear that the goal is not to catch people out, but to make the organization compliant. A culture in which employees feel safe disclosing their AI use is your most effective line of defense.

Step 3: Classify on application, not on technology.
Once you have identified an AI systemAI systemA machine-based system that, for explicit or implicit objectives, infers from input how to generate outputs — predictions, content, recommendations or decisions — that can influence physical or virtual environments. The OECD-style definition followed by the EU AI Act.Open full entry →, determine which risk category under the AI Act it falls into. A critical principleprincipleOne of the seven responsible-AI values a governed system should live up to (fairness, safety and reliability, privacy, security and robustness, transparency and explainability, accountability, human oversight). A principle is abstract: it states an outcome, not a lever you can pull. It becomes governable by naming the harm that would breach it, assessing the risk that harm carries, and placing controls against that risk. When GovCompass holds a principle this way it calls it a pillar. See pillar, harm, risk.Open full entry → applies here: classify based on the actual use case, not the underlying technology. The same language model may represent a minimal risk in one context, and in another, such as supporting medical decisions or screening job applicants, constitutes a high-risk system to which the most demanding obligations apply.

Step 4: Make it an ongoing process.
An inventory is outdated within six months. Embed periodic re-inventorying in your governance structure, and make reporting new AI applications a standard part of procurement and IT procedures.

Shadow AI is a symptom, not the disease

It is tempting to combat Shadow AI with an outright ban. In practice, that does not work. A ban drives usage further underground and strips your organization of the productivity gains AI genuinely offers.

When employees do not know how to report AI use, or when that process is slow and bureaucratic, they take the path of least resistance. Shadow AI is, in that sense, a symptom of absent governance, not the disease itself.

Organizations that handle this well make AI use easier to surface than to conceal: a central register, a low-friction reporting process, and clear risk criteria. Only once you know which AI your organization actually uses can you begin the real work: innovating with confidence. Inventory is not the final step towards compliance, it is the very first.