EKB Labs
← Writing15 July 20263 min read

What happens when your team pastes company data into ChatGPT

Staff pasting customer data into public AI tools is a measurable breach risk. IBM puts the shadow AI premium at 670,000 USD. Here is the governed fix.

  • shadow-ai
  • data-security
  • ai-governance

The real risk is data leaving your control the moment it is pasted. When staff drop customer records or company files into a public AI tool, that text can be logged, retained, and exposed in a breach you never see coming. Unapproved AI is now a measurable, costly breach vector, not a hypothetical.

A written AI policy will not stop shadow AI

Shadow AI is any AI tool your staff use without approval or oversight, and a written policy will not stop it, because the tool is faster and easier than the rule that bans it.

Someone on your team has a deadline. A public chatbot answers in seconds. The policy sits in a PDF nobody has opened since their first week. People do not paste customer data into public models out of malice. They do it because it works and nothing better is in front of them.

The scale is now measured. IBM's 2025 Cost of a Data Breach report found that 20% of breached organisations had a security incident involving shadow AI, and those incidents added as much as 670,000 USD to the average breach.

What one in five and 670,000 USD actually mean

One in five breached organisations had a shadow AI incident, so this is common rather than rare. The 670,000 USD is a premium on top of an already expensive event, and it is the cost of not knowing where your data went. You cannot contain a breach through a channel you never approved and never logged.

Two bars comparing the average cost of a data breach. The bar with shadow AI is taller than the bar without it by a shaded segment marked plus 670,000 US dollars.
Fig. 1 — The shadow AI premium. The gap is what not knowing costs.

Pasted data does not disappear, and customer PII is the exposure

When staff paste text into a public AI tool, that text leaves your control and can be retained, logged, and in some cases used to train the next version of the model. The part that turns a shortcut into a reportable breach is customer personal data, names, contact details, health information, and payment records.

For a business handling EU customer data, that is a GDPR problem before it is a security one. A support agent pasting a full customer thread to draft a reply has just moved personal data to a third party with no contract and no record. I have built systems specifically to stop this. For a US healthcare practitioner we run a PHI-safe inference pipeline on their own API key, where records never leave their data path.

Almost every AI-related breach happened where no access controls governed the AI. IBM's report found that 97% of organisations breached through AI lacked proper AI access controls. The failure is rarely the model. It is the absence of a boundary around it, no authentication, no logging, no limit on what data the tool can reach.

That is good news, because boundaries are buildable. Access control is a solved discipline. It just has to be applied to AI with the same seriousness you already apply to your CRM and your accounting system.

The governed alternative staff will actually use

The fix that works is not a stricter ban. It is a sanctioned AI tool that is as fast as the public one and keeps data on your own path. Staff reach for public models because they are convenient. Remove the convenience gap and the leak closes on its own.

Across 150+ automation projects in 15 countries, the pattern holds. When people have an approved tool that is genuinely quick, they stop using the unapproved one. We self-host on n8n so regulated work stays on client infrastructure. We wire the AI to the data it is allowed to touch and nothing else. The result is a tool staff prefer, which is what actually changes behaviour, not a policy nobody reads.

An inventory to find the shadow AI already inside

Before you govern anything, count what is already running, because most businesses already have shadow AI and have never looked. A short inventory finds it fast.

  • Ask each team which AI tools they used this week, without blame
  • Check browser extensions and unmanaged app subscriptions on expense reports
  • Review which tools have been granted access to email, files, and calendars
  • Look at what staff paste into free chatbots to draft replies and summaries
  • List the AI features already switched on inside tools you pay for

You will almost always find more than you expected. That list is the real starting point, not the policy.

What good AI governance looks like for a 5 to 500 person team

Good AI governance for a smaller team is short. It names the approved tools, defines the data that may never be pasted anywhere, and puts a fast sanctioned option in front of everyone who needs one. Three sentences beat thirty pages, because people follow rules they can remember.

The order matters. Inventory first, then a sanctioned tool, then a policy that describes what already exists. A policy written before the tool is a wish. A policy written after it is a description of how work already happens.

If you want to find the shadow AI in your own business and give staff something governed to use instead, that is what the Diagnostic is for. The governed-tool approach, self-hosted and wired to your own data, lives on the n8n consulting page, and the thinking behind building systems that stay under control sits in the Solar System Architecture.