Even in the most secure AI uses, shadow AI is a pervasive risk. A quick primer on this growing threat below.
Imagine the following scenario. You’ve just rolled out your new instance of enterprise ChatGPT for your team. One of your most eager sales reps – we’ll call her Susan – immediately spots an effective use case. She connects the corporate Salesforce account to the new ChatGPT instance and, using records from custom Salesforce reports, automates the creation of hundreds of custom-tailored emails to top prospects.
Not satisfied to stop there, Susan decides to go agentic. She works with a friend in IT to stand up an instance of Alice. The bot pulls new prospects from Salesforce every morning, personalizes outreach based on their LinkedIn profiles, and sends out the emails via Outlook.
This all seems like an unquestionably valuable use of corporate AI. Except that there’s one small wrinkle. In the process of getting so much benefit from the AI ecosystem, Susan’s exposed her company to a real and growing risk across AI uses: shadow data.
What is Shadow Data?
Shadow data is unmanaged, untracked organizational data that exists outside official systems. The phrase encompasses many examples – for just two, think “orphaned” data or – going with the story above – sensitive information leaked into AI tools. `
To be sure, shadow data – a close cousin of shadow IT and shadow AI -- has long been a challenge for IT and security teams. But with the AI explosion, shadow data becomes a major new challenge in its own right. Between the sheer volume and variety of data that AI needs in order to run, plus the “messy” and dynamic format that AI operates with, “keeping a lid” on data with AI creates a huge set of challenges. AI use is opening unprecedented opportunity, but also creating a whole new world of data exposure – and the competitive, public relations, and regulatory risks that come with it.
Yes, Shadow Data Should Concern You.
Are your teams unintentionally creating a shadow AI threat? The answer is likely a resounding yes – even if you have enterprise-account security controls in place.
To be sure, the leading LLMs do provide robust workplace-use protection (you can see details on OpenAI’s enterprise privacy here, and Claude’s commercial privacy here). The platforms’ enterprise controls like zero-retention, no-training guarantees, and SSO absolutely can reduce certain categories of risk – especially around long-term storage and training misuse. But even with ever-advancing guardrails in place, these protection mechanisms are far from foolproof:
You’re still exposed during active sessions. Typically, “zero-retention” deletes stored conversations after a configured period. It does not, however, prevent a compromised account (phished SSO, stolen session cookie) from accessing that data while it is being processed.
In addition, keep in mind that large language models hold the full prompt history for the duration of a session so they can answer follow-up questions coherently. That means benign follow-up prompts like “give me sample customer messages based on earlier” can cause fragments of previously supplied data to be reconstructed and returned. Even potentially-leaked data is “gone,” it may not be fully out of the picture.
Humans and other “weak links” in the chain are particularly worth drilling down on here – alongside one other potential failure point: vendors.
The Weak Links are Still Weak
Even with 100% security in place, the two biggest weak links – vendors along the data supply chain and your employees own activity – present huge potential sources of shadow data leakage. OpenAI itself was compromised through partner Mixpanel (albeit not of chat data per se). Meanwhile, a major Microsoft study finds that “that generative AI is now involved in 32% of [workplace] data security incidents,” and that “organizations are deploying generative and agentic AI faster than data security controls can adapt.”
One crucial trend to keep in mind here in particular is “BYOAI” / shadow AI. Even with enterprise AI available – and certainly without it – employees are using their own AI accounts to conduct their work, including when sensitive data is in the mix. To point to just one of many representative statistics on the scope of the shadow AI problem: Gartner predicts that “by 2030 more than 40% of enterprises will experience security or compliance incidents linked to unauthorized shadow AI.”
And if you still think your org is immune to unauthorized data use, remember the time acting director of the US Cybersecurity and Infrastructure Security Agency uploaded at least four sensitive files to the public version of ChatGPT. It’s safe to assume unauthorized uploads are happening in your firm too.
The Best Protection: Go to the Data Itself
As long as employees input data into AI, shadow data exists as a looming danger. In a follow-up piece, I’ll explain exactly how Dymium answers this challenge by securing the data fully before it encounters AI – sealing off shadow data leakage before it strikes.
Eager to learn more right away? Contact our team to learn more.