Shadow AI: How to Get Visibility Into the AI Your Employees Are Already Using

TL;DR

• 60-80% of knowledge workers in Asian mid-market enterprises use at least one unsanctioned AI tool. The figure is stable and growing.
• Banning shadow AI does not work. Discovering, cataloguing, and gating it does.
• The four-step playbook (Discover, Catalogue, Triage, Sanction) reaches steady state in 90 days.

Why now

Shadow IT was the IT problem of the 2010s. Shadow AI is the IT problem of the mid-2020s. Microsoft's Work Trend Index 2024 reported that 78% of knowledge workers globally bring their own AI tools to work, up from 55% in 2023.[^1] In Asia mid-market enterprises the figure is similar: ChatGPT, Claude, Copilot, NotebookLM, regional providers, and a long tail of niche tools all show up in surveys.

The CIO who tries to ban shadow AI loses twice: the productivity benefit goes to competitors, and the usage goes underground where it cannot be governed at all. The CIO who acknowledges shadow AI and brings it into a governance loop wins twice: visibility increases, and the productivity benefit stays.

What shadow AI looks like

Five categories cover most shadow AI in Asian mid-market enterprises.

Personal accounts on consumer AI services. Employees pay for ChatGPT Plus or Claude Pro out of pocket and use them for work. The most common shadow AI category.

Free tier of enterprise AI services. Employees use the free tier of Microsoft Copilot, Google Workspace AI, or Notion AI without IT signoff.

Browser plugins and extensions. Grammarly, summarisers, AI search assistants. Often installed silently.

Low-code AI features in approved SaaS. AI features in Slack, Notion, Salesforce, HubSpot, etc., enabled by users without IT review.

Coding copilots. GitHub Copilot, Cursor, Tabnine. Common in engineering teams. Often paid out of departmental budgets.

Each category has different risk profile and different discovery mechanism. A discovery approach that only finds category 1 misses 80% of the actual usage.

Why bans fail

Three reasons bans fail.

The productivity gap is too large. Once an employee experiences a 30-50% time saving on a specific task with an AI tool, they will not return to manual work voluntarily. They will use the tool covertly.

Personal devices are out of IT's control. An employee with a personal laptop and personal mobile can run any AI tool, paste in work content, and IT cannot stop them.

Enforcement is socially unviable. A CIO who fires an employee for using ChatGPT to draft an email becomes a story. The next 50 employees use the tool more carefully, not less.

The model that works is "discover, catalogue, triage, sanction." Make the safe path the easy path.

Step 1: Discover

Discovery starts with the data sources you already have.

Network egress logs. Identify traffic to known AI service domains. The list is published by various security vendors and is updated monthly. Volume per user gives a rough usage signal.

SSO logs. Many AI services support SSO even when used personally; SSO logs reveal sign-ins. Cross-reference with known shadow services.

Expense reports. AI tool subscriptions show up. Search for "OpenAI", "Anthropic", "ChatGPT", "Copilot", "Cursor", and similar.

Browser extension inventory. Where IT has visibility into managed browsers, the extension list reveals AI tools.

Anonymous survey. A clearly framed "we want to know what you use, no consequences" survey from the CIO or CHRO. Participation rates of 50-70% are common when the no-consequences commitment is credible.

The first discovery pass typically uncovers 3-5x more shadow AI than IT expected. Do not panic. Catalogue first, judge later.

Step 2: Catalogue

For each shadow AI tool discovered, capture:

• Tool name and provider
• Estimated user count and team distribution
• Use cases (from survey or interview)
• Data sensitivity processed
• Vendor's data handling stance (training on inputs? data retention? location?)
• Existing approved alternatives (if any)

The catalogue is the working document for triage. It does not need to be exhaustive in v1. It needs to be honest. Tools that everyone is using but no one will admit to should be in the catalogue.

Step 3: Triage

Triage routes each tool to one of four outcomes.

Sanction as-is. The tool is acceptable, the data handling is appropriate for the use cases, and there is no business reason to block it. Document the decision and tell employees they can use it.

Sanction with conditions. The tool is acceptable for some use cases but not others. Document the conditions, communicate them, and provide approved alternatives where the conditions exclude legitimate uses.

Replace with an approved equivalent. The shadow tool has a sanctioned alternative that is comparable. Help employees migrate. Acknowledge the friction.

Block. The tool poses unacceptable risk and the use cases can be served by alternatives. Block at the network and SSO layers. Communicate clearly why and what to use instead.

Most tools fall in "sanction with conditions" or "replace." Pure block should be rare. A high block rate signals that the catalogue is being used to enforce IT preferences rather than govern actual risk.

Step 4: Sanction

The sanction step is where shadow AI becomes governed AI. For sanctioned tools:

• Add to the AI System Inventory (NIST AI RMF Map function)
• Standardise procurement (move from personal to enterprise contracts where appropriate)
• Negotiate enterprise terms (data handling, retention, support, pricing)
• Provide training on safe use
• Add to the periodic review cycle

The procurement consolidation is often where the cost savings appear. A mid-market enterprise that discovers 200 employees using personal ChatGPT Plus accounts at US$20/month each can typically negotiate an enterprise contract at US$28-40/employee/month with proper data handling, audit logs, and admin controls. The total spend rises modestly; the risk profile improves dramatically.

Implementation playbook

A 90-day plan to bring shadow AI into governance.

1. Days 1-15: Discovery. Network logs, SSO logs, expense scan, survey. CIO or CHRO sponsors with explicit no-consequences message.
2. Days 16-30: Catalogue. Document every tool found. Estimate usage. Note vendor terms.
3. Days 31-50: Triage. Per-tool decision: sanction, sanction with conditions, replace, or block. Steering committee approves at category level.
4. Days 51-70: Communication. Clear, employee-facing guidance: here is what you can use, here is what you cannot, here is why, here is the alternative.
5. Days 71-90: Procurement and controls. Move sanctioned tools to enterprise contracts. Add to inventory. Set up periodic review.
6. Day 90+: Cadence. Re-run discovery quarterly. New tools appear. Old tools change terms. The catalogue is a living document.

What good looks like

A mid-market enterprise that has run this playbook well has:

• An AI System Inventory that includes both sanctioned and discovered shadow tools
• Clear employee guidance on what is permitted and what is not
• Enterprise contracts for the highest-volume tools, replacing personal accounts
• Periodic discovery scans to catch new shadow tools
• A "report a tool" mechanism for employees to surface new finds without consequences

Employees know the rules and can find the answer to "can I use this?" in under a minute. IT knows what is being used and can answer regulator and customer questions. Procurement consolidates spend. Risk decreases.

Counter-arguments

"We do not have the political capital to do this." The political capital cost of a public AI incident from shadow AI usage is much higher than the cost of running discovery. The longer the delay, the higher the eventual incident probability.

"Employees will lie on the survey." Some will. The network and SSO data will catch most of what surveys miss. Triangulate.

"Sanctioning shadow AI legitimises rule-breaking." It legitimises useful work. The framing matters: this is not about rewarding rule-breakers. It is about acknowledging that the rule was wrong (a blanket ban that ignored productivity) and replacing it with a working rule (per-tool, per-use-case decisions).

Bottom line

Shadow AI is the dominant AI deployment pattern in mid-market Asian enterprises today. Banning it loses twice. Discovering, cataloguing, triaging, and sanctioning it brings the productivity benefit into governance. The 90-day playbook is achievable. The CIO who runs it ends with visibility and goodwill. The CIO who does not eventually deals with the fallout when an incident makes the local press.

Next read

• AI Governance for Asian Enterprises: Mapping HK, SG, JP, KR, CN
• Responsible AI in Practice: A NIST AI RMF Walkthrough for Operators

By Hyejin Lee, Director, CFO Advisory.

[^1]: Microsoft and LinkedIn, Work Trend Index Annual Report 2024, May 2024.