Artificial intelligence has become part of everyday business operations — often faster than organisations can control it. Many employees use AI tools without official approval. According to IDC, 56% of employees use unauthorized AI tools in the workplace, while only 23% use officially provided AI tools.
Shadow AI — often referred to as shadow artificial intelligence — is a subset of Shadow IT and describes the use of AI tools such as chatbots, AI tools, code assistants or text generators without approval or oversight from the IT department.
Shadow AI often emerges when employees want to work more productively with AI, while organisations do not provide officially approved and secure AI tools. It includes not only chatbots, but also AI-driven development, analytics and automation tools.
For organisations in Switzerland, this is particularly relevant because AI adoption often happens decentrally across business units, dissolving traditional system and location boundaries. At the same time, several regulatory frameworks apply: the revised Swiss Data Protection Act (nDSG), GDPR and, in the future, the EU AI Act. In the financial sector, FINMA further reinforces these requirements through clear expectations around risk and technology governance.
Shadow AI therefore becomes more than an IT issue. It is a matter of compliance, governance and operational control.
Key Risks
Shadow AI creates loss of control in two critical dimensions: data and intellectual property. The root cause is the use of external AI services outside defined security and governance structures.
Shadow AI often emerges through browser-based SaaS services used outside central security controls.
Data Leaks & Compliance
Sensitive information such as customer data, source code or internal analyses is entered into external AI solutions without central control over processing or storage. Some AI services store prompts server-side or use submitted content for model improvement unless explicitly disabled. In free versions, this is often not possible, creating compliance risks.
Studies also show that 38% of employees have entered sensitive business information into AI tools without approval.
Risks:
Loss of control over personal and confidential data
Unclear processing by third-party providers, including potential use for model training
Violations of internal policies as well as nDSG and GDPR requirements. GDPR violations can result in fines of up to EUR 20 million or 4% of annual global revenue.
As a result, the risk shifts from traditional data leakage towards interactive data exfiltration through AI interfaces.
Organisations are also responsible for AI-generated content and decisions when these influence business processes or operational decisions.
Security Gaps & IP Risks
Shadow AI threatens intellectual property (IP), such as source code, architecture information or internal business logic, through the external processing of sensitive content.
The risk is particularly driven by the use of unapproved AI tools to process this information outside organisational control.
Key risk drivers:
Use of unauthorized AI models and APIs
Processing of sensitive content in external AI systems
Insecure integrations into existing environments
Lack of control at prompt, agent or plugin level
Exposure of API keys or tokens
Data leakage through AI systems can also significantly damage trust among customers, partners and regulators. Attacks such as prompt injection can manipulate AI systems into bypassing security policies or disclosing sensitive information. Additional risks also arise through AI ecosystems and third-party integrations.
Strategy: Enable instead of block
Employees often use AI solutions to improve productivity, efficiency and speed in their daily work. Banning AI usage is operationally ineffective, as employees will continue using AI tools outside central IT controls — for example through private accounts or external services. This does not prevent usage, but instead shifts it into Shadow AI channels. Prohibition therefore does not eliminate the risk.
The effective strategy is controlled use within clearly defined security and governance boundaries. This also includes providing secure and officially approved AI tools through IT teams in order to reduce the use of uncontrolled shadow AI.
Governance & Policy
Governance defines the framework for AI usage within the organisation. AI governance is not an isolated discipline, but part of existing cybersecurity and data protection processes.
It regulates risk classification, permitted data categories and the approval of AI tools and workflows. At the same time, it ensures that AI is integrated into existing security and privacy structures. Continuous collaboration between IT departments, security teams and business units is also required to align on risks, use cases and permitted AI usage.
The goal is to reduce uncontrolled usage through clear guardrails and binding decision-making processes.
Regular audits and continuous review of AI usage also help identify unapproved AI tools at an early stage.
Technical Control & Visibility
Governance only becomes effective through technical enforcement and continuous operational visibility. Organisations need transparency into which AI services and external endpoints are actually being used.
This requires:
Access controls at application and API level
Enforcement of defined policies during operations
Visibility into AI usage, AI services and models across the network
SASE and API security architectures support this by treating AI usage as a dedicated security context.
Without end-to-end visibility and technical enforcement of AI usage, Shadow AI remains an uncontrollable risk that continuously expands through SaaS- and API-based usage channels.
Practical Implementation: Technology as an Enabler
The technical implementation combines security mechanisms across the network, API and application layers.
On one side is the use of external AI services (AI you use), such as SaaS applications. Modern SASE architectures such as Cato Networks enable the detection and classification of AI usage within network traffic as well as policy enforcement based on usage context.
On the other side is the protection of internally developed or provided AI applications (AI you build). Here, the focus shifts from usage control to securing the underlying APIs and interactions with AI systems. Modern AI applications are often heavily API-based, significantly expanding the external attack surface of organisations.
Solutions such as the AI Firewall from Cato enforce security policies at both input and output level of AI applications to prevent unwanted data flows or misuse. At the interface and interaction layer, specialised API security platforms such as Wallarm secure AI integrations themselves — for example through request analysis, attack detection and access control for APIs or MCP-based architectures. This also enables the detection and blocking of prompt injection attacks.
The result is a control architecture in which external AI usage and internal AI systems are secured through different but equally important security mechanisms.
Conclusion
Shadow AI will not disappear — quite the opposite. Usage will continue to increase. Organisations therefore face a choice: attempt to prevent AI usage or manage it in a controlled way.
The only sustainable approach is controlled integration through governance, technical enforcement and continuous visibility.
Inaction does not lead to stability. It leads to increasing lack of transparency and operational loss of control.
Only this approach enables organisations to reduce risks while still benefiting from productive AI adoption.
Next steps
Many organisations underestimate the actual extent of Shadow AI within their environment.
Without visibility into existing usage, uncontrolled risks emerge around data, compliance and security.
Consulteer InCyber supports organisations in assessing their current exposure, evaluating risks and developing controlled AI governance. In addition, we support operational implementation through suitable security architectures and Managed Security Services to ensure AI usage is not only defined, but remains continuously visible, controllable and secure.
