I'm not referring to 'AI in general'. I mean the everyday use that doesn't show up in meeting minutes. The kind that happens when a tired and stressed employee, with no ill intent, opens a web service and pastes in something that 'just needs to be worded better'. Aaron Warner describes it sharply: Shadow AI no longer requires anyone who can code; it only takes someone with a browser wanting to finish before lunch, and data can start leaking to places the organisation can neither see, review, nor control.
And that's precisely what makes Shadow AI more dangerous than classic shadow IT. An old 'shadow solution' was often something IT could find and shut down. Shadow AI is more subtle. It leaves no cables. It needs no installation. It enters as a convenient habit. It also spreads like a cough in an open-plan office: someone shares a prompt, another tries it out, and suddenly you don't have one leak but fifty, without the security team even knowing.
When I say 'leak', it's easy to think about espionage, intellectual property, and big secrets. Sometimes it is. But what worries me more is what happens in the grey area. Things no one really intended. Personal data ending up in a text box. Sensitive matters becoming 'a quick summary'. A termination process in HR that's worded a little more neatly. Warner gives an example that stings because it's so plausible. It's HR pasting in dismissal details to get help with tone and language, unaware that the information is leaving the organisation's walls.
This is where GDPR becomes very tangible. It doesn't require everything always to be encrypted, but it demands 'appropriate technical and organisational measures' based on risk, with encryption explicitly mentioned as an example. It's risk logic, not formalities. Real risk logic, indeed. (European Union, 2016). The Swedish Data Protection Authority has also issued guidance on GDPR when using generative AI, addressing issues such as automated decision-making and transfers outside the EU. (Integritetsskyddsmyndigheten, 2024).
So where exactly is the leak, behind which 'wall'?
It's almost always where organisations call 'common sense'. That is, where a clear, safe, and effective working method hasn't been established. When people don't know what's acceptable to input, which tools are approved, how to anonymise, or what to do when uncertain, they do what people always do: they choose the quickest route that seems reasonable. Another word for common sense here is proportionality.
And here I must come to what is best described as the uncomfortable truth. I believe bans often make the leak worse. Not because bans are wrong in themselves, but because a blanket 'no' almost always breeds workarounds. Warner puts it plainly: trying to lock everything down and say no to every AI request leads users to find shortcuts, leaving the organisation with less insight than before. That's why I much prefer the Swedish guidelines created by Digg and the Data Protection Authority for public administration. They are written for the public sector, but the logic is universal. The aim is to provide guidance and create confidence in use so that generative AI can be employed in a way that meets business needs without losing control. (Digg, 2025).
With all that said, it's time to say the core of this post out loud. Shadow AI is not an individual problem. It's a governance problem. It's easy to blame 'humans as the weakest link' when things go wrong. But in an organisation, humans are almost always a mirror. If the system rewards speed, if routines are unclear, if approved tools are missing or complicated, Shadow AI will grow. Not as rebellion. As everyday logic.
And this is where it becomes relevant even in an NIS2/CSL context, without turning this into a lecture on regulations. NIS2 is risk-driven and concerns measures that reduce the likelihood of incidents and lessen their impact. (European Union, 2022).
When data leaks through a chat, when vendors embed new AI features in existing tools without involving IT or security, and when an organisation doesn't even know where the flows go, a risk problem has been created. Not just a compliance problem.
And the risk isn't just the 'leak'. The risk is the consequences. Being unable to investigate. Unable to show control. Unable to respond quickly when asked what happened, where the data went, and who may have seen it. I want to end on the same note I began with. Leaks are silent, but they're also manageable in a way. They can be handled, as long as we stop pretending they don't exist. That doesn't mean demonising generative AI. It means stopping treating it as a private hobby within the business. It must be integrated into the same order as everything else concerning information, risk, and trust. Because in a digital world, trust isn't a soft issue. It's hard currency.
When we gain control over the leak, something interesting happens. Generative AI ceases to be a stress factor and a hidden problem. It becomes a tool you can use with confidence, without the house slowly filling with mould.
References
Digg. (2025).Guidelines for generative AI. The Swedish Agency for Digital Government.
European Union. (2016).Regulation (EU) 2016/679 (General Data Protection Regulation), Article 32.
European Union. (2022).Directive (EU) 2022/2555 (NIS2 Directive).
Swedish Data Protection Authority. (2024).GDPR and the use of generative AI(IMY report).
Warner, A. (2026, March 4).Shadow AI: When everyone becomes a data leak waiting to happen.
