The real risk is data leaving your control the moment it is pasted. When staff drop customer records or company files into a public AI tool, that text can be logged, retained, and exposed in a breach you never see coming. Unapproved AI is now a measurable, costly breach vector, not a hypothetical.
A written AI policy will not stop shadow AI
Shadow AI is any AI tool your staff use without approval or oversight, and a written policy will not stop it, because the tool is faster and easier than the rule that bans it.
Someone on your team has a deadline. A public chatbot answers in seconds. The policy sits in a PDF nobody has opened since their first week. People do not paste customer data into public models out of malice. They do it because it works and nothing better is in front of them.
The scale is now measured. IBM's 2025 Cost of a Data Breach report found that 20% of breached organisations had a security incident involving shadow AI, and those incidents added as much as 670,000 USD to the average breach.
What one in five and 670,000 USD actually mean
One in five breached organisations had a shadow AI incident, so this is common rather than rare. The 670,000 USD is a premium on top of an already expensive event, and it is the cost of not knowing where your data went. You cannot contain a breach through a channel you never approved and never logged.
Pasted data does not disappear, and customer PII is the exposure
When staff paste text into a public AI tool, that text leaves your control and can be retained, logged, and in some cases used to train the next version of the model. The part that turns a shortcut into a reportable breach is customer personal data, names, contact details, health information, and payment records.
For a business handling EU customer data, that is a GDPR problem before it is a security one. A support agent pasting a full customer thread to draft a reply has just moved personal data to a third party with no contract and no record. I have built systems specifically to stop this. For a US healthcare practitioner we run a PHI-safe inference pipeline on their own API key, where records never leave their data path.
Why 97% of AI-related breaches had no access controls
Almost every AI-related breach happened where no access controls governed the AI. IBM's report found that 97% of organisations breached through AI lacked proper AI access controls. The failure is rarely the model. It is the absence of a boundary around it, no authentication, no logging, no limit on what data the tool can reach.
That is good news, because boundaries are buildable. Access control is a solved discipline. It just has to be applied to AI with the same seriousness you already apply to your CRM and your accounting system.
The governed alternative staff will actually use
The fix that works is not a stricter ban. It is a sanctioned AI tool that is as fast as the public one and keeps data on your own path. Staff reach for public models because they are convenient. Remove the convenience gap and the leak closes on its own.
Across 150+ automation projects in 15 countries, the pattern holds. When people have an approved tool that is genuinely quick, they stop using the unapproved one. We self-host on n8n so regulated work stays on client infrastructure. We wire the AI to the data it is allowed to touch and nothing else. The result is a tool staff prefer, which is what actually changes behaviour, not a policy nobody reads.
An inventory to find the shadow AI already inside
Before you govern anything, count what is already running, because most businesses already have shadow AI and have never looked. A short inventory finds it fast.
- Ask each team which AI tools they used this week, without blame
- Check browser extensions and unmanaged app subscriptions on expense reports
- Review which tools have been granted access to email, files, and calendars
- Look at what staff paste into free chatbots to draft replies and summaries
- List the AI features already switched on inside tools you pay for
You will almost always find more than you expected. That list is the real starting point, not the policy.
What good AI governance looks like for a 5 to 500 person team
Good AI governance for a smaller team is short. It names the approved tools, defines the data that may never be pasted anywhere, and puts a fast sanctioned option in front of everyone who needs one. Three sentences beat thirty pages, because people follow rules they can remember.
The order matters. Inventory first, then a sanctioned tool, then a policy that describes what already exists. A policy written before the tool is a wish. A policy written after it is a description of how work already happens.
If you want to find the shadow AI in your own business and give staff something governed to use instead, that is what the Diagnostic is for. The governed-tool approach, self-hosted and wired to your own data, lives on the n8n consulting page, and the thinking behind building systems that stay under control sits in the Solar System Architecture.