You probably already have a shadow AI problem. Here is how to see it, and what the three highest-leverage moves are.
Shadow AI is any AI tool your team is using that your organisation did not procure, evaluate, or sanction. That is the whole definition. It is not a security incident, it is not a scandal, and it is not anybody’s fault — it is the normal state of affairs in a business where AI features have been quietly embedded into every SaaS product in the stack over the last two years. The honest question is not “do we have shadow AI?” because you almost certainly do. The honest question is “do we know what it is, and are the highest-risk uses covered?” Most SMEs I work with find the answer to both is “not really,” and then spend an hour with a whiteboard and a coffee turning “not really” into “yes, and here is the one-page policy.” That is the whole arc. This article is the whiteboard and the coffee.
How to see it
You cannot govern what you cannot see, so the first move is visibility. There are four cheap diagnostic moves that take about half a day between them.
Audit your SaaS expenses for embedded AI features. Microsoft 365, Google Workspace, Notion, Slack, Zoom, HubSpot, Asana, Canva, GitHub, and most of the rest of the stack now ship with AI features enabled by default or available on the current plan. You are probably already paying for AI you did not know you had bought. Make a list.
Check browser extensions and personal-account logins. With the team’s consent, run a lightweight survey on what AI tools people use day-to-day. Browser extensions — LLM-in-browser tools, writing assistants, meeting summarisers — are the most invisible category because they sit outside IT procurement entirely. Personal ChatGPT Plus accounts used on work machines are extremely common and rarely logged anywhere.
Ask the team directly, with no blame framing. The single most useful question is “what AI tool has saved you time this month that you would not want to give up?” Phrased that way, people tell you. Phrased as “are you using anything unapproved,” they do not. This is not a trick, it is an acknowledgement that shadow AI exists because the tools are genuinely useful.
Check embedded features in your line-of-business software. CRM, finance, HR, support, and analytics platforms have been bolting AI into features for two years. Turn one of them on by accident and you may have created an automated decision path nobody is reviewing.
By the end of these four, you should have a list. The list is the visibility. The list is the thing.
Why it matters (without the scare tactics)
There are four genuine risks. None of them are hypothetical, none of them require a nightmare scenario, and none of them should be dressed up as a crisis.
Data leakage into training sets. Some AI vendors use inputs to train or improve their models unless you opt out. For most free-tier tools this is the default. If an employee pastes a customer list, a financial spreadsheet, or a draft contract into a tool with training-on-inputs enabled, that data is materially out of your control. The risk is not dramatic — the tool is unlikely to reproduce your spreadsheet verbatim to a competitor — but the exposure is real and it is the kind of thing a procurement team at a larger prospect will ask about when they diligence you.
Article 28 data processing exposure. Where an AI vendor processes personal data on your behalf, UK data protection law treats the vendor as a processor and expects a written data processing agreement with specific contents. See UK Regulatory Overlay for the detail. A shadow AI tool is almost by definition a tool without a DPA in place. For a B2B SME with customer data in play, this is the most common and most recognisable gap a regulator or an acquirer would flag.
Inconsistent quality and reputational risk. When everybody uses a different AI tool for the same task — drafting emails to clients, producing reports, writing proposals — the output quality is uneven and the voice drifts. Worse, because nobody is reviewing outputs against a standard, the errors that do escape are the kind that damage reputation quietly: a hallucinated statistic in a client report, a citation that does not exist, a tone that does not match the brand. You do not find out about these until a client mentions them.
Accountability gap. UK policy thinking on AI governance, shaped by DSIT’s five cross-sectoral principles, expects organisations to have clear lines of accountability across the AI life cycle. Shadow AI by definition has no owner. If something goes wrong with an unapproved tool, there is no named person to answer for it — which usually means the person nearest the fire ends up wearing the blame, and the actual governance gap persists unchanged.
The three highest-leverage moves
The good news is that closing the gap is short work. Three moves, in order, and most SMEs can finish all three in a week of calendar time.
1. Write a one-page AI acceptable-use policy
One page. Not a legal document. It needs to answer three questions in plain language: which tools are approved for work use, which categories of data must never be pasted into any AI tool (customer personal data, financial data, credentials, legal privilege material, anything labelled confidential), and who to ask if you are unsure. Add a two-line incident procedure — “if you think something sensitive has gone into an AI tool, tell X, no blame, we will work out what to do.” This is the operational home of the SAFE-AI Stage 3 - Secure acceptable-use activity, compressed to the minimum viable version for an SME.
2. Run an AI vendor evaluation for the top three tools your team already uses
You do not need a procurement department for this. For each of the top three tools, ask four questions: is input data used for training by default, can that be disabled, where is the data processed, and is a data processing agreement available under Article 28. The answers are in the vendor’s terms of service and trust centre. Write the findings on half a page per tool. That half-page is the evaluation, and it is enough to decide whether the tool stays, the tool gets an opt-out switched on, or the tool gets replaced.
3. Nominate an AI governance owner
One named person, not a committee. Their job is small: own the one-page policy, review the approved tools list quarterly, and be the first call if something breaks. Crucially, they do not need to be the deepest technical person in the building — they need to be the person who can actually get a decision made. In a 25-person firm, this is often the operations lead or the founder themselves. In a 200-person firm, it is usually whoever already owns IT risk. The name is what matters.
What to do next
If any of this landed, there are two low-commitment next steps. The first is the free AI Readiness Scorecard — a 25-question self-assessment that covers shadow AI exposure alongside four other readiness pillars, produces a tiered result, and tells you where to put your attention first. Takes five minutes. AI Readiness Scorecard. The second is the AI Readiness Assessment — a two-to-three day structured engagement that maps exactly this — shadow AI inventory, vendor evaluations, acceptable-use policy, governance owner — and produces a written report and a 90-day action plan. It is designed for SMEs and priced for SMEs.
Neither of those requires a commitment to anything larger. They are both diagnostic tools. The point of a diagnostic is to tell you what you have, not to sell you a transformation.
