OpinionDiscussion

Il pericoloso fenomeno dell'AI ombra (di cui nessuno parla)

Raffaele Gaito

Shadow AI—unauthorized use of AI tools by employees without company approval—affects 70-80% of workers and poses serious risks including data leaks, compliance violations, and cybersecurity vulnerabilities. The video addresses both management and employee responsibilities, offering practical recommendations for companies to establish clear policies and training, and for employees to use approved tools and protect sensitive data.

Summary

Shadow AI refers to the phenomenon where employees independently adopt and use AI tools without authorization, often paying for personal subscriptions or using unapproved platforms. This occurs when companies ban AI, lack clear policies, or provide tools that don't meet employee needs. Research cited shows 71% of people engage in this behavior according to Microsoft, while IBM data suggests 78% use unauthorized tools, and Upgard reports 81% participate in shadow AI—making it a widespread phenomenon affecting 70-80% of workers.

The speaker identifies six major risks associated with shadow AI. First, sensitive data leakage occurs when employees paste confidential information, customer data, or strategic documents into unauthorized tools without company control. Second, privacy and compliance issues arise from bypassing internal policies, GDPR requirements, and regulatory constraints. Third, cybersecurity risks expand when unapproved tools on personal devices lack logging, monitoring, and corporate security protections, creating weak points in company infrastructure. Fourth, bad decision-making increases when employees lack formal training and awareness of AI biases, hallucinations, and cognitive prejudices. Fifth, loss of governance means companies lose visibility over which tools are used, who uses them, and what data is involved. Finally, the speaker emphasizes that these risks are concrete, not theoretical.

For companies, the speaker recommends five primary actions. First, establish clear AI policies defining approved tools, prohibited tools, and justification for restrictions. Second, ensure safe alternatives are available, easy to use, and integrated into daily workflows—noting that approved tools often fail because they lack practical utility. Third, implement periodic risk assessments to evaluate internal processes, data usage, and external suppliers. Fourth, strengthen auditing and access controls to track who uses what tools with what data and permissions. Fifth, invest in continuous, differentiated training on AI usage, privacy implications, and cybersecurity risks rather than one-time sessions.

For employees, the speaker provides five key recommendations. First, never upload internal documents, customer data, proprietary code, or confidential information to unapproved AI platforms without proper authorization and policy frameworks. Second, use only company-approved tools rather than personal subscriptions. Third, always verify accuracy of AI outputs, check sources, and conduct human review before deploying information in production, client presentations, or websites. Fourth, rather than using tools secretly, propose useful tools to management and IT, suggesting they be evaluated and officially integrated with proper guardrails and training. Fifth, treat AI as an assistant requiring human control, not as an infallible oracle or philosopher whose outputs should be accepted at face value.

Key Insights

  • 71% of people use unauthorized AI tools according to Microsoft research, while IBM data shows 78% of employees use unapproved tools, indicating shadow AI affects between 70-80% of workers across organizations
  • Employees adopt shadow AI for specific reasons: companies ban AI entirely, lack clear policies about AI usage, or provide approved tools that don't match what employees actually need for their daily tasks
  • The primary risk of shadow AI is uncontrolled data leakage when employees paste sensitive company information, customer data, or strategic documents into unauthorized AI platforms without any company oversight
  • Shadow AI creates governance blindness where companies lose complete visibility over which tools employees use, who uses them, what data is being processed, and cannot assign responsibility for security incidents
  • Approved corporate tools often fail to prevent shadow AI adoption because they lack practical utility for employees' actual workflows, making them unwilling to use official alternatives even when available

Topics

Shadow AI definition and prevalenceData security and privacy risksCompliance and governance issuesCybersecurity vulnerabilitiesCorporate AI policies and approval processesEmployee training and awarenessData protection best practicesAI tool risk assessmentAccess control and auditingAI as assistant vs oracle paradigm

Transcript

[0:00] AI, shadow. Let's see what this dangerous phenomenon of shadow AI is, they say in English, and it's probably because it concerns you too, given that the numbers speak of 70 to 80% of people. Eh, what is this phenomenon and why is it important? well, it's called shadow AI, precisely, shadow AI, this trend that's been happening in some companies lately. People are deciding to [0:31] use AI tools on their own, autonomously, independently, and often unauthorizedly. It happens for various reasons. It happened to me too a few times when I went to a company to talk to people because maybe the company refuses to use artificial intelligence and so the employees say no way, I use…

Full transcript available for MurmurCast members

Sign Up to Access

More from Raffaele Gaito

Get AI summaries like this delivered to your inbox daily

Get AI summaries delivered to your inbox

MurmurCast summarizes your YouTube channels, podcasts, and newsletters into one daily email digest.