background Layer 1
an international community of IT Leaders: Striving for the Best Practices & Professional Growth Together
Sign in Join Us
Global CIO

How to Bring Artificial Intelligence Out of the Shadows and “Tame” It

While companies are considering introducing corporate AI tools, employees are taking action on their own. The trend of “shadow artificial intelligence” — using external AI services without IT department or security approval — is gaining momentum. On one hand, this signals market maturity: employees see practical value in AI. On the other, it is a source of significant risks: from poor decisions to sensitive data leaks. Ivan Melnikov, Director of Hyperautomation and AI Agents at SL Soft AI, SL Soft, shares how to avoid this and maximize process automation.

What is Shadow AI and What Risks Does It Pose for Companies?

Companies are demanding greater employee efficiency, prompting employees to take the initiative: they seek ways to streamline and accelerate routine tasks, with AI as the logical solution. According to a recent Massachusetts Institute of Technology (MIT) study, in 90% of companies, employees use external GenAI services for work tasks — often without formal approval and outside of the IT department’s oversight.

At first glance, using external cloud neural networks to write emails, analyze data, or prepare presentations seems harmless and even useful. However, serious threats lurk beneath the surface. For example, when an employee uploads fragments of business correspondence, project documentation, or client data to a public AI service, they may unwittingly violate corporate confidentiality policies. Many external AI platforms retain input data for model training or in logs, potentially exposing sensitive information to the public or third parties.

For example, in July 2025, a search engine began indexing public chats from users of a popular GPT model service. As a result, search results included personal communications containing API keys, passwords, logins, and confidential corporate information. This incident vividly illustrates how unregulated use of external AI platforms can cause a company to lose control over where and how business data is stored and processed — and who has access to it.

The damage can be not just reputational, but financial as well — especially considering strict personal data legislation such as GDPR or Russia’s Federal Law-152. According to Gartner analysts, by 2030 more than 40% of companies worldwide will suffer incidents caused by shadow AI.

Another important point: using external AI services for work is simply less effective. They know nothing about the organization (or industry), are not adapted to its processes and policies, and are not trained on corporate data. This increases the risk of inaccurate information, erroneous conclusions, and incorrect decisions.

Moreover, such uncontrolled use of external cloud platforms puts the company at the mercy of an outside vendor and limits risk management options. The business effectively delegates control over workflows to a third-party provider whose unilateral actions — from price spikes to architecture changes or access blocks — can partially paralyze operations at any time.

You may also be interested in the following material from the IT Leaders Club Compass CIO

When Automation Doesn’t Help

The shadow AI phenomenon is reinforced by the fact that many traditional automation systems within the company’s perimeter do not deliver the expected benefits, prompting employees to use external resources.

The global market is facing a paradoxical situation. At first glance, many companies have embraced total automation: implementing vast numbers of information systems, adopting analytical tools, and moving document management online. Yet, these changes often make work more complicated. According to the “2025 Gray Work Report” by Quickbase, 80% of companies have increased investment in software to boost productivity, but 59% of respondents say it is now harder to be productive, and 53% say they spend only half their workday on meaningful tasks.

Companies end up with a “patchwork” IT landscape where information is siloed in separate applications or documents. Employees are forced to play the role of a “live bridge,” manually connecting data across systems, documents, messengers, and more. This is made worse by the nature of corporate content: information is in various formats and remains unstructured — a blind spot for traditional software. For example, finding an answer often means checking documents in different systems and cross-referencing information. In contrast, corporate AI services could provide answers in seconds, citing sources for verification.

As a result, specialists spend time on routine operations — moving data between systems and documents, contract checks, manual knowledge base searches, attribute validation, multi-system data analysis, and more — at the expense of their professional focus.

A Corporate AI Culture Based on Reliable Tools

The simplest solution for IT security might appear to be banning AI use. But this clashes with business needs: without AI, employees will manually perform routine tasks and productivity will drop. The right way is to introduce a corporate AI culture: set up an internal competence center and deploy reliable, on-premise or private cloud AI services. This process involves several key, interconnected stages.

Stage One: Choosing and Implementing Technologies

It’s important to realize that a large language model (LLM) itself is not a ready-to-use product, but merely an “engine.” Without the necessary wrapping, a model can’t be effectively scaled or turned into a business tool.

To maximize the model’s value, extra effort is required: “packaging” (interfaces, APIs, logging mechanisms), further training (including RAG mechanics), protection and control (data filtering, monitoring, role-based access). Only such a comprehensive deployment inside the corporate perimeter enables not just one-off AI usage, but managed lifecycle control, providing stability and predictability for the entire company.

Moreover, to optimize resources and address a broader range of tasks, a combination of generative AI and classical ML, as well as automation (RPA), intelligent document processing (IDP), and more is needed. This multi-pronged approach lays the foundation for hyperautomation — a strategy enabling seamless, organization-wide AI scaling rather than point solutions.

Needed solutions then become “out-of-the-box”: assembled like a construction set from the necessary functional modules, and configured for business processes. This platform approach enables two automation scenarios.

First, intelligent automation at the system level — creating a flexible environment for end-to-end business process automation using AI.

The company gains a tool for quickly configuring end-to-end operational chains, where a no-code workflow engine connects “smart technologies” and disparate IT systems into a unified AI conveyor. For example, a software robot can automatically move email documents to an IDP module for recognition and verification, upload results, and record extracted attributes in ECM or ERP. If data is missing, the system starts communication itself — generating an email to the contractor and requesting the missing files, eliminating manual handovers and employee participation.

Alternatively, intelligent AI agents in a contact center can fully handle incoming inquiries. They classify requests, find information in knowledge bases, analyze the client’s communication history, provide comprehensive responses, and automatically record interactions in the CRM system — ensuring workflow continuity and transparency with every contact.

Second, specialized employee AI assistants that increase efficiency by creating personalized corporate AI services.

The end-user product includes a local LLM with RAG support, which gives the AI model access to corporate knowledge bases for information search, content generation, or data analysis — everything an employee needs to work faster, easier, and more efficiently.

Instead of numerous applications, employees work through a corporate chatbot interface personalized to them. It lets them quickly execute typical operations: get answers on corporate documents, knowledge bases, and instructions; extract data from corporate systems (ABS, CRM, ERP, ECM, and more); process documents with pre-set scripts; generate reports; support end-to-end service processes; and much more. There is also full-featured search and AI agents for interacting with external systems.

Here, AI becomes a true digital assistant, handling the routine of searching and analyzing information, while guaranteeing sensitive corporate data never leaves the organization.

Such an ecosystem is more than a multi-agent environment: it is the deep synergy of diverse technologies (GenAI and MCP ML, RPA, IDP, etc.) working in concert to achieve maximum company efficiency.

Stage Two: Close Integration of AI and IT Security Policies

Clear internal rules on AI usage are essential, including a ban on uploading confidential data to external services. This stage is accompanied by employee training so they understand not just what is not allowed, but why. A key step is gently but systemically steering employees away from insecure external nets to internal corporate solutions.

Stage Three: Fostering a Culture of Trust and Engagement

Instead of outright bans, many companies choose open dialogue.

Once the platform is ready, the main task becomes rolling it out across all departments. Instead of a policy of prohibitions or “sandbox” models (safe but not full-featured), the company opts for open dialogue — demonstrating the benefits of safe, verified, deployed tools.

Training and leadership support (“tone from the top”) play a vital role here. This helps create a culture of trust and involvement, encouraging employees to use corporate AI solutions instead of “shadow” external services.

For coordination and internal adoption of intelligent tools, it makes sense to set up a dedicated competence center — ensuring gradual AI literacy improvement.

At this stage, an experienced vendor is critical, providing not just technology but a proven methodology for implementation, training, and scaling. The vendor will help from the first pilot to full-scale rollout, with training scenarios and best practices for building an AI culture.

So, AI is already a “shadow employee” in your company — even if you don’t realize it. It is important to take control and create conditions in which staff no longer need to hide their use of intelligent services. The best measure against “shadow AI” is a transparent, safe, and convenient legal tool that serves — not harms — the business.

News

Kazakhstan presented the first country report on the development of AI

February 4

Cyberattacks could become one of the main threats to Armenia's infrastructure in 2026

January 21

Microsoft acquired data processing platform Osmos.

January 12

RAM is going to AI: OpenAI has secured up to 40% of the market.

December 22

An AI startup run by former Google employees has approached $300 million+ in revenue in a year: Yoodli. It helps people, not replaces them.

December 8
Events

International online conference "Key Challenges for CIOs in 2026"

February 12
online

Launch of Applications for the Top 100 IT Leaders Ranking

February 25
online

Networking Session “The Personal Brand of an IT Leader”

March 18
online

Conference “AI in Business Automation”

April 29
online

Networking Session “Self-Development of an IT Leader and Team Learning”

May 14
online
We use cookies for analytical purposes and to deliver you the best experience with our website. Continuing to the site, you agree to the Cookie Policy.