I’ve been on the road with multiple trips between Ottawa, Toronto and Vancouver, so I’m writing a short newsletter this week from the lounge. It’s odd to have seen more of the staff working the bar at the Air Canada Café in YYZ than friends, family, or colleagues. But here we are. I’ve got a pint of Blood Brothers next to the laptop and it’s got me thinking about shadow tech. Here’s why:

We rolled out our own internal AI agent this week at Crestview Strategy, and I couldn't be more relieved (not to mention happy and proud). Mostly, very relieved. Every team needs to either do the same, or have a clearly identified AI tech stack.

I’m guessing that the worse kept secret on your team is that everyone is using shadow AI tools to get their work done. Do you really have a handle of how much of the work you review every day was produced by AI or by a human? Try this experiment: Next week, run an AI check on every product you receive. I’m guessing the majority of what comes across your desk is produced by AI.

And unless you have approved such usage in a clear AI usage policy, you’ve got a serious problem on your hands.

“Shadow” tech is the use of systems, platforms, services, devices, apps, and services without explicit approval from your business. While these are often used by well-intentioned colleagues who just want to get their work done more efficiently (guilty as charged!), it can introduce security risks and management challenges. Toss in the unique challenges associated with generative AI (false data, hallucinations, biases, etc), and the risk is heightened.

Consider these numbers:

• A staggering 41% of employees are acquiring, modifying, or creating technology that IT isn’t privy to. Gartner, a tech consulting firm, expects this number to increase to 75% by 2027

• 65% of remote workers use non-approved tools.

• Too often, you have only yourself to blame (or your chosen systems) because of the friction they create. 61% of employees are not completely satisfied with the technologies their company provides, and then turn to shadow IT to get the job done.

• Again, good intentions: 91% of teams feel pressured to prioritize business operations over security.

So don’t feel bad. Everyone has this problem. And it is absolutely a problem. Why?

• Security vulnerabilities. This tightens your risk of malware and other security flaws. Not to mention data exposure (some 15.8% of files in cloud-based shadow tech stacks contain sensitive data. How much sensitive data is your team passing off to Open AI? If you can’t answer that, assume the occurrence rate is more than “never”.

• Data loss. “Why is this file stored on Google Drive and not on Sharepoint?” “Are we using Dropbox or WeTransfer to send this to the client?” You’ve no doubt experienced frustration tracking down an important file because someone went rogue once and used their personal tech stack to develop or share the document. That’s what data loss looks and feels like when shadow tech runs rampant. We haven’t even touched on the risk of accidental link shares…And this risk exists when people actively pay attention to information security. What happens when they are pressed for time and are relying on AI to bail them?

• Compliance violations, especially in regulated industries like public affairs. Are you meeting your requirements until HIPAA, PCI DSS, GDPR and every other acronym and invasive regulatory requirement your business, industry, or campaign falls under? What do those penalties look like? Will you pass the next audit?

• Inefficiencies like duplicate systems, integration problems, and support issues. Different departments using different tools for the same task and then the whole team wasting time troubleshooting in response? Is this ChatGPT? Claude? Gemini? What prompts did we use? What knowledge did we provide the AI? Information fragmentation combined with disparate unsanctioned tools can make your team’s workflow even more inefficient. Let alone the costs of unknowingly paying for multiple tools that save the same purpose.

You can see why I’m relieved?

If you’re a senior operator in your business, take it upon yourself to assess how your team’s usage of AI is causing your shadow tech problems. Nip it in the bud before it’s too late.