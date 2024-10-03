Microsoft Office wants your employees to use Copilot when filing reports. PixelPose wants them to rely on a headshot generator instead of sitting for a photo shoot. Amazon suggests they write code with the help of its CodeWhisperer tool. And then there’s the ever-present temptation to outsource research and analysis to ChatGPT.

Workers at all kinds of organizations, pressured to deliver more and keep up with competition, turn to every available tool that might save them time, automate repetitive tasks or give an insightful edge—whether those tools are available through official channels…or not-so-official ones. But dabbling in the latter can create problems.

The unsanctioned use of consumer-facing generative AI tools like public LLMs is known as “shadow AI.” This is a growing subset of shadow IT, which is the deployment of any software, hardware or information technology (IT) on an enterprise network without an IT department’s and/or CIO’s approval, knowledge or oversight.

The rise in unsanctioned LLM use by employees increases the risk of leaking organizations’ sensitive data, such as financial data or trade secrets. In fact, according to published reports, employees have uploaded lines of proprietary code, sensitive business emails and more to ChatGPT and similar public AI tools. One data protection firm counted 6,352 attempts to input corporate data into ChatGPT for every 100,000 workers on its customers’ payrolls.1

When employees input sensitive data, these tools may retain it, and even use that data to train the model. The model may then output that data, creating a data breach and potentially exposing that information to the world.



How do organizations address this risk as employee demand for AI adoption grows? They can choose from four broad approaches: