← Back to blog
AI Governance 7 min read

You Already Have the Tools Against Shadow AI. You're Just Not Using Them Yet

Uros Vujic 7. juli 2026

From "we assume it happens" to "we can see it"

In May, we wrote about how Claude Memory quietly builds a private bank of work information for employees using personal AI accounts. The reaction from several of you was the same: "We assume this is happening at our place too. We just don't know how much."

That's an honest, common starting point. It's also one you don't have to stay in.

What surprises most leaders we talk to isn't that employees use AI tools outside the business's control. It's that the answer to "how much, and how risky" is already sitting there — in tools most Norwegian SMBs on Microsoft 365 are already paying for, but have never switched on.

This post is about how you move from assuming to knowing.


"Surely no one is pasting sensitive data into ChatGPT... right?"

Ask a leader whether employees paste customer data, contract clauses, or personal information into personal AI accounts, and the typical answer is some version of: "I don't think that's a problem for us."

That's rarely an honest "no". It's a "we haven't checked".

Shadow AI follows the same pattern as every other kind of shadow IT: it doesn't start as a deliberate breach of policy. It starts with an employee solving a problem quickly — drafting a difficult email, summarising meeting notes, getting help assessing a candidate — using whatever tool is fastest in the moment. Usually a personal, free AI account.

The point that gets lost: employees aren't the problem. They're solving the task in front of them with the tools at hand. The problem is that no one in the business has visibility into what's actually being used, by whom, and with what data. And visibility isn't something you get by asking. It's something you get by measuring.


What it can look like at your place

A typical picture when a business switches on AI-discovery tooling for the first time (more on which tools, below): a handful to several dozen different AI apps in use across the organisation — most of them unknown to IT or leadership.

Some are harmless. But there's almost always one app that stands out sharply: large volumes of data uploaded, hundreds of transactions, dozens of users, spread across a large number of devices and networks — a single, unsanctioned, consumer-grade AI service accounting for a disproportionate share of the traffic and the risk.

That's not an unusual outcome. It's the usual outcome. The difference between the businesses we talk to isn't whether this exists for them. It's whether they've seen it yet.


Same behaviour, different risk outcome

Here's the core of the problem, and why this isn't about banning AI: an employee using Microsoft 365 Copilot and an employee using a personal, free AI service appear to be doing exactly the same thing. They type a question, paste in some context, get an answer.

The risk outcome isn't remotely the same.

Microsoft 365 Copilot (business plan) Unsanctioned AI (personal/free)
Data use Answers grounded in your own tenant data Your prompt may be stored or used to train the model further
Model training No training on your data No guarantee — depends on the vendor's consumer terms
Sensitivity Inherits existing sensitivity labels and DLP policies No awareness of which information is sensitive
Access control Respects Conditional Access and identity controls Accessible from any browser, on any device
Traceability Audit trail in Purview No visibility into who used what, when, or why
Contract terms Commercial data protection in the agreement Consumer terms apply — no data processing agreement

Same behaviour. Completely different risk outcome. That's why "ban AI" is the wrong strategy, and "govern AI use" is the right one.


The tools are already inside Microsoft 365

What most people don't know: if you have Microsoft 365, you probably already own most of what it takes to solve this. It doesn't require new technology. It requires someone to switch it on and put it into a system.

Think of it as three questions, in order:

Discover — what's actually happening? Microsoft Defender for Cloud Apps can show which AI services are actually in use across your network — sanctioned and unsanctioned — with volume, user counts, and a risk score per service. This is the step almost no one has taken, and it's the step that makes the rest of the list possible.

Protect — where is the sensitive data, and where can it leak? Microsoft Purview maps where sensitive information actually lives, and can enforce rules for what's allowed to be pasted into, or uploaded to, AI tools — sanctioned or not.

Govern — is usage in line with your rules? Microsoft Entra governs identity and access; Intune governs the devices. Together, they decide who gets to do what, from which device, under which conditions.

This isn't three separate projects. It's three questions built on top of each other — and most businesses we meet already own the licences, but have never connected them into one picture.


Four questions that reveal your risk

Before you touch anything technical, ask these four questions. Few businesses can answer all four today:

  1. Where does your sensitive data actually live? Customer records, contracts, HR data, candidate assessments — where is it, and do you know?
  2. Who has access to it? Not just who "should" have access — who actually does, including access left over from roles people no longer hold.
  3. How can it be exposed to AI? Through copy-paste into a personal chatbot. Through a file shared with an unsanctioned app. Through an integration nobody remembers setting up.
  4. Where is the risk concentrated? It's rarely spread evenly. Usually it's one department, one role, or one type of data driving most of the exposure.

The answers give you something most AI discussions lack: an actual basis for decisions, instead of a gut feeling.


What you can start on Monday

The good news is that this process doesn't need a big project to get moving. It needs four weeks, in the right order:

Week 1 — Get visibility. Turn on AI app discovery. Don't act on the numbers yet. Just see them.

Week 2 — Assess the risk. Review which apps are actually in use, and rank them by risk: how much data, how many users, what kind of information.

Week 3 — Apply controls. Sanction the safe options. Block or restrict the clearly risky ones. This is also where you set up RBAC — role-based access control — so access actually matches what people need, not what they've accumulated over time.

Week 4 — Turn on data protection. Activate policies that stop sensitive information reaching unsanctioned AI tools in the first place, not just after the fact.

Notice the order: visibility before control, control before automation. Most businesses don't fail at shadow AI because the tools are missing. They fail because they jump to week 3 without having done week 1.

This is also exactly what a light-touch DPIA and an AI Ready assessment are meant to catch before you scale AI use further — not as a formality, but as the foundation you build the rest on.


The point that keeps repeating

Shadow AI isn't a technology problem. It's a structure problem that happens to show up through technology. The tools to see and govern it are usually already sitting inside the licences you pay for every month. What's missing isn't functionality — it's someone switching it on, in the right order.

The businesses that get furthest with AI over the next few years won't necessarily be the ones that buy the most technology. They'll be the ones with visibility, control, and structure over what they already have.

AI starts not with technology. It starts with structure.

Get in touch for a free AI Ready assessment →


Read also: Claude Now Remembers Every Employee — Do You Know What It's Storing?

UV

Uros Vujic

Daglig leder, IT Buddy AS

Uros hjelper norske SMB-er med å innføre AI på en kontrollert og bærekraftig måte. Bakgrunn fra IT-infrastruktur i bank og finans, med spesialisering i AI governance, RBAC og GDPR-compliant implementering.

Ready for the next step?

Take our AI Ready assessment and find out where your business stands.

Take AI Ready Assessment