Shadow AI: The Risk You Can't See in Your Business

Most Australian businesses have an AI strategy whether they wrote one or not. It looks like this: a sales person pasting a draft proposal into ChatGPT to make it sound better. An HR coordinator using Gemini to summarise candidate notes. A finance assistant asking Claude to clean up a forecast spreadsheet.

This is shadow AI: staff using public AI tools at work, without IT involvement, without policy, and often without realising the data they are pasting in is the very data the business has spent money to protect.

It is everywhere. We have yet to walk into a business of more than ten people and not find shadow AI in active use. The question is not whether your team is doing this. The question is whether you know about it, and whether the risk it creates is being managed.

What shadow AI actually looks like

Shadow AI is harder to spot than shadow IT, because there is nothing to install. A staff member opens a browser, signs into a free account with their personal email, and starts pasting. There is no software request, no procurement record, no firewall log that obviously screams "data is leaving the building".

A few real patterns we see regularly:

• Sales and marketing. Pasting client briefs, draft proposals, contract terms, and pricing tables into a public model to "make it sound more professional".
• Finance. Uploading exported reports, pivot tables, and forecast spreadsheets to ask for analysis or rewriting.
• HR. Pasting candidate resumes, interview notes, performance review drafts, and exit interview summaries into a chatbot.
• Legal and contracts. Asking a public AI to "explain" or "summarise" a confidential agreement, often the first time it lands in the inbox.
• Customer support. Drafting replies that include the customer's full message, ticket history, and account details.
• Code and IT. Developers and IT staff pasting configuration files, error logs with credentials, and scripts that contain internal system names.

In every one of those cases, content that the business considers confidential has just been sent to a third party, often a US provider, often on a free tier whose terms of service give the provider broad rights to use prompts for training, debugging, or service improvement.

Why this matters under Australian privacy law

The Privacy Act 1988 and the Australian Privacy Principles still apply when staff use AI tools. The Office of the Australian Information Commissioner has been consistent on this: if your business handles personal information, you remain accountable for what happens to that information, including when an employee chooses to send it to a third-party AI service.

A few risks worth understanding clearly.

Cross-border disclosure. Most major public AI providers process data outside Australia. APP 8 places obligations on businesses that transfer personal information overseas. If you have not done the due diligence on the AI provider, you may not be meeting that obligation.

Notifiable data breaches. If a public AI vendor has a security incident and prompts containing personal information are exposed, your business may have a notifiable data breach on its hands. The recent track record of AI vendors on security incidents is not perfect.

Client contracts. Many B2B contracts include confidentiality clauses, data handling clauses, and obligations not to share client information with subcontractors without consent. A free AI tool you have no contract with is, by most readings, a subcontractor your client has not consented to.

Industry regulation. Health, finance, and legal sectors have additional obligations under their own regulators. A staff member using a public AI tool to summarise a client's clinical notes or financial situation is a problem.

The thing to notice across all of these is that the staff member is almost never trying to do anything wrong. They are trying to get their work done faster. The fix is governance, not blame.

A basic acceptable use policy

You do not need a fifty-page document. A workable AI acceptable use policy fits on two pages and covers four things.

First, what is approved. Name the specific AI tools the business has assessed and approved for staff use. For most Microsoft-centric businesses, that will include Copilot Chat or Copilot for Microsoft 365 because the data stays in your tenant. For other tools, it depends on the contract and the tier.

Second, what data is off limits. Be specific. Client personal information, financial data not already public, contract terms, HR records, anything labelled confidential. List categories rather than try to be exhaustive.

Third, what is permitted with care. General writing improvement on non-confidential content. Coding help on non-sensitive snippets. Research and summarisation of public information.

Fourth, how to ask. Give staff a simple way to request access to a new AI tool, with a one-week turnaround for evaluation. Saying "no" to everything new is how shadow AI returns.

Make it short, make it readable, train on it, and revisit it every six months.

How to detect shadow AI usage

You will not catch every prompt, and you do not need to. The aim is to understand the scale and direction of usage, then steer it.

A few signals worth looking at.

DNS query logs from your firewall or DNS resolver will show traffic to AI provider domains. Compare against your approved tools. Volume to public AI domains is a measure of how much governance work is ahead of you.

Microsoft Defender for Cloud Apps and similar cloud access security broker tools can identify unsanctioned AI services and, with the right licensing, restrict copy-paste to them.

A short, anonymous staff survey often produces honest answers. "Which AI tools do you use for work? Have you ever pasted client or business information into one?" The answers tell you what the policy needs to address.

None of this requires invasive monitoring. The point is to understand patterns, not to surveil individuals.

Where to start

Pick the smallest version of this you can do in a week.

Write a one-page policy. Name two approved tools and one not-approved category. Send it to staff with a short note explaining why. Run a brown bag session showing what Copilot Chat looks like as the safe alternative. Set a calendar reminder to revisit it in six months.

That is enough to move from "no policy, full risk" to "a policy that works and is being followed". You can refine from there.

If you would like a starter AI acceptable use policy, tailored to Australian businesses and the Privacy Act, our team has a template we share with health check participants. Our free IT health check includes a shadow AI assessment: we look at your DNS traffic patterns, your existing policies, and the conversations your team are already having, and we give you a straight answer on where you stand.

Learn more about our AI Strategy & Integration service