Responsible AI

Shadow AI is already in your business. The question is what you do next.

Liam D.·March 2026·5 min read
Shadow AI is already in your business. The question is what you do next.

By the time leadership has decided it's time to think seriously about AI, the staff have already started. Studies put the proportion of employees using unsanctioned AI tools at 20–30%. The instinct is to treat this as a governance problem. That instinct misses the signal.

Key takeaway

Shadow AI isn't a crisis — it's a signal. The staff already using unsanctioned tools are your best resource for understanding where AI genuinely adds value in your organisation.

One of the more consistent findings from working with organisations on their AI readiness is this: by the time leadership has decided it's time to think seriously about AI, the staff have already started. Research consistently puts the proportion of employees using AI tools their employer hasn't sanctioned at somewhere between 20% and 30%. In some sectors — particularly professional services and media — the number is likely higher.

Bear in mind that AI adoption across businesses is already uneven and early-stage. If organisations are attempting to integrate AI in a logical, responsible way, their job is made harder if staff continue to use their favourite shadow tools. Unless your IT infosec policy is watertight (unlikely) and personal devices are prohibited near company data (near-impossible), a total shadow AI ban is unenforceable.

The instinct of many organisations is to treat this as a governance problem: something to be shut down, regulated, or at least formally acknowledged before anyone ends up in a policy breach. That instinct isn't entirely wrong. There are real risks in unsanctioned AI use — data handling, confidentiality, the quality of work being produced without adequate review. Your IP is at stake.

But if you lead with restriction, you miss the signal.

Shadow AI exists because people have found something genuinely useful. They are using it at home and bringing it to work because it is making their working lives easier, faster, or more interesting. If your organisation's response is to close that door rather than open a better one, you are not solving a problem — you are creating one. You are telling your people that the organisation is slower, less progressive, and less trusting than they hoped.

The more productive framing is this: what is everyone actually doing with AI, and what does that tell us about where value is being created?

That question drives a very different kind of conversation. It surfaces use cases that leadership might never have considered. It identifies where appetite already exists — which is the hardest thing to create from scratch in any change programme. And it gives you a foundation to build a proper AI strategy on, rather than a blank sheet and a lot of guesswork.

From there, the governance piece becomes much easier. Not because the risks disappear, but because people understand why the guardrails are there. You are not restricting AI use — you are channelling it. That is a much easier argument to make to a team that is already enthusiastic, and these are the people who will determine the success of an AI deployment because they're natural cheerleaders and experimenters.

The practical starting point is an audit — not a punitive one, but a curious one. Spend time with your teams. Find out what tools they are using and what they are using them for. Look at the quality of the outputs. Understand the data they are exposing. You will almost certainly find a mixture of genuinely impressive practice and some things that need to change — but you will be starting from a real picture rather than a policy framework built in a vacuum.

Shadow AI is not a crisis. It is an invitation to lead.

This piece was written by Liam D. at Futureformed. If it sparked a thought, we’d be happy to continue the conversation.

Get in touch
AI Adoption3 min read

Prompting Path: A Couch to 5K for AI

AI Strategy4 min read

The AI Skill Gap Nobody Is Training For

AI Adoption5 min read

You Are Never Going to Be Done Learning AI

Responsible AI5 min read

You Don't Always Need the Biggest AI Model

Building with AI6 min read

How My Son and I Built a World Cup Tracker From Scratch

Building with AI5 min read

We Built a Mac App That Switches the AI Model Inside Claude Code and Codex

Responsible AI5 min read

The AI Nightmares We Should Actually Be Having

AI Strategy5 min read

We Built a Live Dashboard of Every AI Tool We Use, Here Is Why

AI Tools5 min read

Using Claude Cowork Efficiently in 2026

Building with AI8 min read

How We Built This: The Futureformed Website

Responsible AI3 min read

AI Wattch: Seeing the Energy Cost of Your Prompts

AI Strategy4 min read

The Hidden Cost of AI Agents

Responsible AI5 min read

GreenPT: Sustainable AI That Doesn't Cost the Earth

AI Strategy4 min read

AI Loyalty is Business Risk

AI Strategy4 min read

Can't justify the compute? Give it the boot!

AI Tools5 min read

Breaking up from ChatGPT (it's not hard to do)

AI Strategy5 min read

The Rise of the AI Orchestrator

AI Strategy6 min read

The Hidden Dividend of AI: Giving Your People Their Time Back

AI Strategy6 min read

AI Isn't a Tool. It's Your Next Operating System.

Skills & Learning5 min read

AI education is vital, but it doesn't need to be complicated

Change Management5 min read

AI isn't failing your business. Your change management is.

Strategy4 min read

The first question I ask every client — and it's never about AI

AI transparency: This article was written by Liam. The analysis, views, and conclusions are his own.