Every technology brings positive and negative implications. With the bright side of innovation comes the dark side of risk. Artificial intelligence is no different. But in the case of AI and large language models in particular, the benefit is instantly visible while the risk is not immediately obvious to the untrained eye. For this reason, many users are drawn to experimenting with AI without always thinking about the implications of their activities.
I recently met with JR Williamson, SVP and CISO at Leidos, for a Cyber at the Top podcast conversation about a hidden threat that exists in many organizations today. Because of the immediate productivity gains, employees and contractors are experimenting with AI outside of their organizations’ policies.
This is what we call shadow AI, and it introduces risks that may not be readily apparent. In many cases, users don’t even realize they’re taking a risk at all. During our discussion, JR unpacked what shadow AI is, why it’s important to address, and how organizations can bring it into the light without stifling innovation.
Defining the Boundaries of Shadow AI
JR defined shadow AI as the “unauthorized or informal use of AI tools outside of enterprise governance.” He explained that while the term may be new, it’s actually not much different than what we’ve seen before with shadow IT, where employees would adopt software, hardware, or IT tools without formal approval. But shadow AI is fundamentally different, because AI systems are not static. By interacting through natural language processing, they continuously learn and evolve. That combination makes them extraordinarily powerful and potentially dangerous.
Take Leidos, for example, A large-scale aerospace and defense contractor, the company has been using AI for decades, whether it’s to drive uncrewed vehicles in dangerous territory or using autonomous systems to execute missions and learn on the job. AI has long been used, but generative AI changes the game. “What’s really different,” JR noted, “is that humans can now interface with the machines through natural language. That’s highly disruptive.” It lowers the barrier to entry and accelerates adoption. Tools that are so easily accessible expand the attack surface drastically.
What Makes Shadow AI So Risky?
On the surface, experimenting with AI tools can seem harmless, or even helpful. Employees are usually trying to be more productive, more efficient, or more creative. But without proper guardrails, those actions can introduce serious risks. Sensitive data may be shared unintentionally. Intellectual property can be exposed. Outputs may be inaccurate, biased, or ethically questionable. And, perhaps most concerning, all of this can happen outside the visibility of the organization. “When shadow AI exists,” JR explained, “we might be operating outside of [established] norms, and accidentally potentially doing something that is inappropriate or unethical.”
Shifting from “No” to “Know”
From JR’s perspective, managing shadow AI risk is not about shutting it down, but bringing it into the light through understanding. “It’s less about N-O you may not use this stuff to K-N-O-W: this is how we do it properly, safely, and effectively and under the enterprise governance of the company,” he explained.
At Leidos, the approach began with awareness. When tools like ChatGPT first emerged, they didn’t immediately block access. Instead, they introduced a “speed bump,” a moment of pause to remind users of acceptable use and potential risk. From there, they layered in more technical controls over time, informed by real usage patterns.
How to Detect Shadow AI
If shadow Ai is happening in your organization (and it most likely is), how do you find it? The good news is that shadow AI often leaves a trail. Many AI tools operate over web channels, making them detectable through network monitoring. Organizations can look for anomalies in traffic, identify unsanctioned tools, and even use AI itself to detect patterns of AI usage.
APIs are another area to watch. While prompts get most of the attention, much of the real activity and risk happens through integrations and automated workflows.
There are also more traditional approaches, such as:
- Monitoring network and firewall activity
- Using allowlists and blocklists for approved tools
- Leveraging cloud access security brokers (CASBs)
And sometimes, the simplest sign comes from employees openly sharing and discussing how they are using the tools to get work done.
Using AI to Address the Problem
As someone who spent years working in data loss prevention (DLP), I can say that even before AI, protecting data was hard. With AI, it becomes exponentially more complex. JR echoed this reality. Traditional DLP approaches struggle in environments driven by natural language and unstructured data. Monitoring prompts directly is very difficult.
Data classification is an important milestone. If you don’t know what your data is, where it lives, and how sensitive it is, you have little chance of controlling how it’s used. By clearly labeling and tagging data and ensuring those labels persist across systems, organizations can start to apply more consistent policies and controls.
There’s also an opportunity to use AI to help solve the problem. By training models to recognize sensitive information, organizations can detect and intervene when protected data is being used inappropriately.
Education as a Security Control
You cannot govern what people don’t understand. And in the case of AI, the gap between capability and comprehension is wide. That’s why education can be such an important security control.
At the same time, JR explained that you have to go deeper than educating people on what the risks are, because everyone has different risk tolerance levels. “As a large enterprise, it’s important to share the principles,” he added. Explain to employees, contractors, or any customers who might have access to your data using AI tools:
- What, as a company, are we trying to achieve with AI?
- What risks should we be aware of?
- What does responsible, ethical use look like?
JR emphasized the importance of real-world scenarios to help people see what good and base usage looks like in practice. “It’s not user experience OR security,” he said. “It’s about how do we do the things we need to and want to do that’s differentiating for our business or our customers but do it safely.”
When people understand the “why”, they are far more likely to make the right decisions on their own.
Bringing Shadow AI into the Light
So, as a security leader, where do you start?Try beginning with a conversation. If you discover someone using an unapproved tool, the goal shouldn’t be to shut it down immediately but to understand:
- What are they trying to accomplish?
- Why did they choose that tool?
- Is there a safer way to achieve the same outcome?
From there, you can guide them toward approved tools, better practices, and a shared understanding of risk. Because the reality is that AI is already here. The organizations that succeed won’t be the ones that try to wall themselves off from it. It will be the ones that embrace itthoughtfully, with governance, principles, and an informed workforce.
To listen to my full conversation with JR, watch the video here.