Every large organisation now has an AI and SaaS estate that is significantly bigger than the one IT has approved. Free-tier chatbots, browser extensions, personal accounts on productivity tools and departmental subscriptions accumulate quietly because they solve a real problem faster than the sanctioned alternative does. The instinct to block this activity outright is understandable and almost always fails, because the underlying need for the tool does not disappear when access is blocked, it simply moves to a personal device or a personal account where it is harder to see and impossible to govern.
Why shadow AI is different from ordinary shadow IT
Shadow IT has existed for as long as employees have had the ability to sign up for a web service, and most organisations have a reasonable playbook for discovering and rationalising unsanctioned SaaS. Shadow AI raises the stakes considerably because the risk is not confined to an unmanaged subscription; it is data leaving the organisation's control the moment it is typed into a prompt. Consumer AI tools may use submitted content for model training, retain it beyond what the organisation would accept, or make it discoverable through the tool's own logging, and by the time this is noticed the data has typically already left the estate.
The volume problem is also different in kind. New SaaS products historically took months to reach a department; a new AI capability can be adopted by an individual in minutes through a browser tab, with no procurement step and no natural point at which IT would ever see the transaction. This means discovery cannot rely solely on procurement records or expense reports the way legacy shadow IT programmes often did.
Why blocking alone drives the risk underground
Blanket network blocks on AI domains have an intuitive appeal, but in practice they push usage onto personal devices and personal networks, where the organisation has no visibility and no ability to apply even basic controls such as data loss prevention. They also penalise the majority of employees who would happily use an approved, safer alternative if one existed and was easy to find. A governance programme that only says no accumulates resentment and quietly loses the trust it needs to be effective when it does need to say no to something genuinely high risk.
The more durable approach treats the demand for these tools as real and legitimate, and competes with the unsanctioned option by making the approved path faster and nearly as convenient, while reserving hard blocks for the small set of tools and use cases that carry unacceptable risk.
Building visibility before building policy
Effective programmes start with discovery rather than policy, because a policy written against an unknown estate is a policy written against a guess. Network and proxy logs, browser extension inventories, expense data, identity provider sign-in logs for SaaS applications using single sign-on, and even a short, honestly framed staff survey together produce a far more complete picture than any single source. This discovery exercise routinely surfaces a shadow estate several times larger than the sanctioned one, and it should be repeated on a cycle rather than run once, because the estate regenerates within months.
Once the estate is visible, tools and use cases can be triaged by the sensitivity of the data involved and the maturity of the vendor's security and data-handling posture, rather than treated as a single undifferentiated risk category. A free-tier consumer chatbot handling customer personal data is a very different problem from a departmental project-tracking tool handling no sensitive information at all, and a governance model that treats them identically will either over-restrict the low-risk case or under-restrict the high-risk one.
A tiered access model that people will actually follow
A workable model sorts tools into a small number of tiers rather than a binary approved-or-blocked list. Tools that meet the organisation's security and data-handling bar are approved for general use. Tools that offer real value but carry moderate risk are approved for specific, defined use cases, typically with data classification limits and monitoring in place. A small remaining category, usually consumer-grade AI tools with weak data controls or vendors that have not been through any assurance process, is blocked, with that decision explained rather than issued silently, since an explained no is far more likely to be respected.
Critically, the model needs a fast lane for evaluating new requests, because the primary driver of shadow adoption is a slow or opaque approval process. A request that takes ten minutes to submit and gets an answer within days competes credibly with simply signing up unofficially; a request that disappears into a queue for months guarantees the shadow alternative wins.
Sustaining the programme
Shadow AI and SaaS governance is not a one-off cleanup project, it is an operating capability that needs an owner, a recurring discovery cycle and a budget line, in the same way vulnerability management or identity governance are ongoing capabilities rather than projects with an end date. The organisations that sustain this well treat the fast-lane approval process as a product with its own users and its own satisfaction metric, and they measure success by the narrowing gap between the sanctioned estate and the discovered estate over successive discovery cycles, rather than by the existence of a policy document.
- Run recurring discovery across network logs, SSO sign-ins, expense data and staff surveys rather than a one-off audit.
- Triage discovered tools by data sensitivity and vendor maturity instead of a single approved-or-blocked list.
- Build a tiered access model with a genuine fast lane for evaluating new tool requests.
- Reserve hard blocks for the smaller set of tools carrying unacceptable risk, and explain the decision.
- Compete with unsanctioned tools by making the approved alternative fast and easy to find.
- Own the programme as an ongoing capability with a budget and a repeat cycle, not a one-time project.
Common pitfalls
The most damaging mistake is relying on a network block as the entire strategy, which reliably pushes the riskiest activity onto personal devices where the organisation has no visibility at all. A second is running discovery once and treating the resulting inventory as durable, when the shadow estate regenerates within months of any audit. A third is writing a single policy that treats every AI tool and every SaaS subscription as an identical risk, which either blocks harmless productivity gains or waves through genuinely risky data handling. Programmes that avoid these traps combine continuous discovery, tiered risk-based access and a fast, credible approval path, and they treat the governance function itself as something that has to earn continued use, not just issue rules.
Need support applying this approach? Email sales@halfteck.com.