Bridging the AI gap neutralizes the risks of Shadow IT

The top official of the Bangalore, India-based global human resource and payroll solutions firm said it is important for companies to train their workforce skills in artificial intelligence (AI) to dissuade them from using Shadow AI.

“It is paramount. Research indicates that while 76 percent of knowledge workers use AI, only a fraction have received formal training. This skills gap is where the highest risks of Shadow AI reside, notably in data security and regulatory compliance,” said Subramanyam Sreenivasaiah, CEO of AscentHR, in an email interview with BusinessMirror. 

By investing in formal AI skill development, Sreenivasaiah said organizations can train employees on how to use AI without inadvertently violating local labor laws or international data protection standards, helping talent move from experimenting to optimizing within secure, authorized environments, and empowering the workforce to use AI for high-value business intelligence rather than just basic task automation.

In a highly regulated market like the Philippines, Sreenivasaiahan said an unskilled worker using Shadow AI is a significant reputational risk, while a skilled worker using an integrated ecosystem is a competitive advantage.

Sreenivasaiah emphasized that the most effective way to discourage Shadow AI is not through restriction, but through alignment. “Companies must recognize that Shadow AI is a diagnostic signal, which highlights where existing corporate tools are failing to meet the speed and complexity of modern work,”  he said

To encourage a shift toward authorized tools, he said organizations must bridge the capability gap by providing approved, high-performance AI tools that actually solve the friction-filled workflows employees are trying to bypass. He also said that organizations  should establish clear safe zones, where employees know which tools are vetted for security and local compliance.

“Lastly, instead of penalizing unauthorized use, companies must reward teams that identify manual bottlenecks and work with IT to solve them using approved enterprise solutions,” he pointed out.

“At AscentHR, we believe that when the official path is the most efficient one, the incentive to seek digital shortcuts disappears,” he added.

Shadow AI refers to the use of AI tools, applications, or cloud services within an organization without the explicit knowledge, approval, or oversight of the IT department or security team.

Moreover, it is the modern, AI-specific evolution of “Shadow IT.” Instead of downloading unapproved software, employees are inputting company data into consumer-facing generative AI tools to make their daily tasks easier and faster.

The primary driver of Shadow AI is simple: convenience and productivity. Employees want to work faster, and generative AI tools are highly accessible, free or low-cost, and incredibly easy to use. 

The use of unauthorized AI tools creates several critical vulnerabilities:
Data privacy and leakage: Many free, consumer-facing AI tools use user prompts to train their models. When employees paste sensitive corporate data, intellectual property, or trade secrets into these tools, that data enters the public domain or the vendor’s database, risking a severe data breach.

Compliance and legal violations: Uploading regulated data (like financial records, healthcare data, or personally identifiable information) into unapproved AI tools can instantly violate local data privacy laws, such as the EU GDPR or the Philippines Data Privacy Act.

Intellectual Property (Ip) Ownership: If an employee uses an unauthorized AI tool to generate code or creative content for a client, the legal ownership of that output can become highly ambiguous, creating potential copyright and liability issues.

Bias and hallucinations: Unvetted AI tools can produce inaccurate data (“hallucinations”) or biased results. If employees rely on these outputs for business decisions or reporting without quality control, it can lead to operational errors.