Shadow AI AI Governance NIST AI RMF GRC Small Business

Blog  /  Shadow AI Governance

Your Employees Are Already Using AI Without You. Here's What That's Costing You.

June 24, 2026  ·  12 min read  ·  By Ashwameth Ravilla

New to shadow AI governance? Start with our primer: AI Tools Your Team Is Already Using — And Why That's a Governance Problem.

A majority of office workers use AI tools without IT approval — including features inside software you already pay for. Here's what's actually at stake, and the minimum-viable governance plan any small business can build this week.


The Tuesday Afternoon Problem

It's a Tuesday afternoon. A well-meaning employee at a Maryland marketing firm pastes a client proposal into an AI writing tool to clean up the language. No malice. No awareness of risk. They experience it as editing — the same way they'd use spell-check. The prompt contains the client's name, their budget, their campaign strategy for the next quarter.

Three weeks later, a new enterprise prospect sends over a vendor questionnaire before signing a contract. Question 14: Does your organization have a documented AI acceptable use policy?

The deal stalls.

Here's what makes this scenario worth paying attention to: it's not hypothetical. It's a pattern. A pattern that plays out in professional services firms, healthcare-adjacent businesses, legal offices, and government contractors across Maryland every week — usually without anyone realizing it happened until a client asks, a contract clause surfaces, or an incident occurs.

You already have an unmonitored data pipeline running through your employees. This post names it precisely, shows you what's at stake, and gives you the minimum you need to close it — without an IT department, an enterprise security budget, or a six-month consulting engagement.

What Is Shadow AI — And Why Your Current Policies Don't Cover It?

DIRECT ANSWER

Shadow AI is any artificial intelligence tool — or AI feature inside an existing tool — used by employees without formal IT review, security approval, or policy coverage. It differs from traditional shadow IT because AI tools don't just access data; they ingest, process, and potentially retain it. Most small business acceptable-use policies were written before generative AI existed and cover none of this.

This is where most shadow AI content gets it wrong: it focuses on rogue tools. Employees secretly downloading sketchy apps. Consumer AI accessed from a personal device.

That's not where most of your exposure lives.

Your real primary risk surface is the software you're already paying for — and the AI features being quietly added to it every quarter:

Every one of these is shadow AI if your organization hasn't reviewed, approved, or set governance rules for it. Most haven't. And the vendors rolling out these features aren't waiting for you to catch up — new AI capabilities ship on their update schedule, not yours.

This is the approved-tool paradox: the tools your team trusts most are the ones creating the exposure you can't see.

Shadow AI Risk Spectrum Where exposure actually lives — from invisible to obvious Most SMB exposure sits here BAND 1 Unreviewed AI features inside approved tools BAND 2 Unapproved consumer AI tools on work data BAND 3 Confidential data placed in external models M365 Copilot · Slack AI · Einstein Personal AI accounts · browser tools Client PII · financials · strategy Lower visibility, higher prevalence Higher severity per incident
Most organizations sit in Band 1 without knowing it. The risk isn't always rogue tools — it's unreviewed features inside trusted platforms. Source: Reco AI (Oct 2025); Palo Alto Networks (2025).

What Employees Think Is Happening vs. What Actually Is

DIRECT ANSWER

Employees don't perceive prompts as data transfers. When a team member pastes a client brief into an AI tool to clean up the language, they experience it as editing — not as transmitting client data to an external system operated by a third party under terms your organization never reviewed. That perception gap is where most shadow AI exposure lives.

The data doesn't create the problem — it reveals how widespread this perception gap already is.

A majority of office workers — 71% in a 2025 survey of enterprise employees — use AI tools without IT approval (Reco AI, October 2025). 38% have shared confidential data with an AI tool without authorization — a figure drawn from a survey of 7,000 employees (CybSafe + NCA, late 2024). GenAI traffic surged 890% in 2024, and most organizations are still in the early stages of forming any governance approach (Palo Alto Networks, 2025). Among those using AI, 58% are doing it daily (KPMG, 2025).

And the dominant platform? OpenAI accounts for 53% of all shadow AI usage across enterprises — more than the next nine platforms combined (Reco AI, October 2025). Which means your exposure isn't spread evenly across a dozen obscure tools. It's concentrated in the most capable, most widely distributed consumer AI product ever built — used daily, at scale, by people who think they're just getting work done faster.

That's not a training failure. It's a design reality. Consumer AI tools are built to feel like productivity features, not data pipelines. The friction is intentionally low. The visibility into what happens to the data is intentionally minimal.

What Employees Think vs. What's Actually Happening WHAT THE EMPLOYEE EXPERIENCES “I'm just cleaning up the language.” Feels like spell-check or autocorrect Work gets done faster Nothing appears to leave the office WHAT'S TECHNICALLY OCCURRING Data transmitted to a third-party system Processed under vendor terms — not yours Potential retention and model training No DPA, no audit rights, no deletion path
The perception gap between what employees experience and what's technically occurring is where most shadow AI exposure originates. Source: Reco AI (Oct 2025); Palo Alto Networks (2025).

Why Small Businesses Are the Most Exposed

DIRECT ANSWER

Small businesses face maximum shadow AI exposure with minimum visibility. Employees have the same access to powerful AI tools as enterprise workers — but without IT oversight, security tooling, or vendor review processes. Most SMBs also lack data processing agreements for AI tools, meaning client data handled through unapproved AI may already be violating contract obligations the business didn't know applied.

Three factors make small businesses disproportionately vulnerable:

No one is watching the tooling.

In a large enterprise, IT teams monitor application usage, flag new SaaS adoptions, and review AI features before they're enabled at scale. In a 10-person firm, the new Copilot feature ships silently into everyone's Microsoft 365 account on a Tuesday — and by Thursday it's being used on client work, with no review, no approval, and no awareness that anything changed.

No contracts cover the AI layer.

Most small businesses have never executed a data processing agreement (DPA) for an AI tool. They accepted the vendor's standard terms at sign-up and moved on. Those standard terms — for consumer-tier AI — typically give the vendor broad rights to use input data. If your employees are using consumer-tier tools on client data, your client's data is operating under terms your client never agreed to.

Client contracts are already being violated.

This is the piece that surprises founders most. Standard professional services agreements, vendor contracts, and SaaS customer agreements routinely include data handling obligations: data must not be shared with unauthorized third parties; personal data must be processed only under compliant terms; confidential information must not be disclosed. An employee pasting a client's strategy document into an unapproved AI tool may have already breached all three — before anyone knew shadow AI was a category worth thinking about.

For Maryland businesses specifically, MODPA enforcement is now live as of April 2026. If employees are feeding personal data about Maryland consumers into unapproved AI tools — even incidentally, even while doing something else entirely — that's a potential processor obligation that your current vendor stack doesn't address. The law doesn't distinguish between intentional data collection and unintentional AI ingestion. The data moved. That's what matters. (For the full MODPA picture, see our MODPA enforcement deep-dive.)

What's Actually at Risk: The Chain of Liability

DIRECT ANSWER

Shadow AI creates a chain of liability that moves faster than most small businesses can respond: employee action → AI tool ingestion → vendor model behavior → contract breach → client notification obligation → regulatory exposure. Each link is invisible until the chain breaks. 80% of IT leaders have already experienced a negative AI-related data incident; 13% report financial or reputational harm.

Walk through that chain slowly, because each step is where a different kind of damage originates:

Employee action: A team member uses an AI tool on client data. Routine. Intended to be helpful. Entirely invisible to leadership.

AI tool ingestion: The tool processes the prompt under its own terms of service — not yours, not your client's. If it's a consumer-tier tool, those terms may permit using your input to improve the model. The data is now outside your control.

Vendor model behavior: What the vendor does with that data is governed by a contract your employee clicked through at sign-up, not a DPA you negotiated. You have no audit rights, no deletion mechanism, no visibility.

Contract breach: Your client agreement says their data stays confidential and isn't shared with unauthorized third parties. It just was. Whether anyone ever finds out is a separate question. The breach occurred the moment the prompt was submitted.

Client notification obligation: Depending on your contract language and the nature of the data, you may have a legal obligation to notify your client. Most small businesses discover this clause for the first time during an incident, not before.

Regulatory exposure: If personal data was involved — employee data, client PII, health-adjacent information — MODPA, GDPR (for any EU-connected clients), or HIPAA (for health-related businesses) may now apply. Regulators don't require evidence of harm. They require evidence of compliance.

On the financial side: vendor-reported averages suggest AI-related data exposure incidents cost hundreds of thousands of dollars in direct costs before legal fees, client notification, and contract penalties. One industry report puts the average at $670,000 for companies with high shadow AI exposure (Reco AI, October 2025). For context, IBM's 2024 Cost of a Data Breach Report puts the average breach at $4.45 million — suggesting the Reco figure represents smaller-scale incidents. For a 10-person firm, either figure is existential. The more relevant question isn't the dollar amount — it's what your current client contracts say about unauthorized data processing.

⚠  Data disclosure: The $670K figure is drawn from a vendor-commissioned survey (Reco AI, 2025) and should be treated as directional, not actuarial. No independent SMB-specific AI breach cost data currently exists in the public record.

One more signal worth tracking: enterprise clients with EU operations are already embedding AI governance questions into vendor security questionnaires. The EU AI Act's high-risk provisions activate August 2026. Maryland SMBs selling to enterprise clients or government contractors are already feeling this pressure — even where direct EU Act obligations don't yet apply. Your procurement contact at a large client may ask before any regulator does.

The Minimum-Viable AI Governance Plan (Built for a 10-Person Team)

DIRECT ANSWER

Small businesses don't need an enterprise AI governance program. They need five things: an AI tool inventory, a one-page acceptable use policy, a data classification rule, a vendor review checkpoint, and an incident trigger. Every step is achievable in under a day — with no dedicated security staff and no enterprise budget. NIST AI-600-1 (released July 2024) maps each step to a formal framework for businesses that need to show clients they've done the work.

Here's what each step looks like in practice:

Step What Time Owner
1. InventoryList every AI tool in use — approved and not30 minFounder / Ops
2. Acceptable use policyOne page: permitted uses, prohibited data types, approval process1–2 hoursFounder + counsel
3. Data classification ruleWhat can/cannot go into AI — client PII, financials, health data, strategy = off-limits by default15 minFounder
4. Vendor checkpointAny new AI tool or feature = 15-min review before use15 min/toolOps / IT contact
5. Incident triggerDefine what counts as an incident and who is notified within 24 hours30 minFounder

Step 1 — Take inventory (30 minutes / Founder or Ops)

Ask every person on your team — in a single Slack message or team meeting — to list every AI tool they use, including features inside existing tools. You will be surprised. What this looks like in practice: a shared spreadsheet with three columns: Tool name, What it's used for, Approved by whom. If the third column is blank for most rows, that's your baseline.

Step 2 — Write a one-page acceptable use policy (1–2 hours / Founder, with light legal review)

This does not need to be a 20-page policy document. One page. What's permitted, what requires approval, what's off-limits. What this looks like in practice: "Employees may use [list of approved tools] for [approved use types]. Any new AI tool or new AI feature in an existing tool requires a 15-minute review with [name] before first use. The following data types may never be entered into any AI tool without explicit approval: client PII, financial data, health information, proprietary strategy, personnel matters."

That's it. A policy that exists and has been communicated is infinitely more defensible than a perfect policy that's still in draft.

Step 3 — Set a data classification rule (15 minutes / Founder)

Define what data is off-limits for AI tools by default — no exceptions, no judgment calls required. What this looks like in practice: a one-line rule employees can memorize: "If it has a client's name on it, a dollar figure attached to it, or a person's health information in it — it doesn't go into AI without explicit approval." Simple enough to internalize. Clear enough to enforce.

Step 4 — Create a vendor review checkpoint (15 minutes per tool / Ops or IT contact)

Any new AI tool — or new AI feature in an existing tool — gets a 15-minute review before use. What this looks like in practice: four questions on a shared doc — (1) Who makes this tool and where is their privacy policy? (2) What data does it retain and for how long? (3) Is there an enterprise or zero-data-retention tier? (4) Does our use case involve any data types from our classification rule? If you can't answer all four in 15 minutes from the vendor's own documentation, that's your answer.

Step 5 — Define an incident trigger (30 minutes / Founder)

Decide in advance what counts as a shadow AI incident and who gets notified within 24 hours. What this looks like in practice: "If an employee uses an unapproved AI tool on data covered by our classification rule, or if a client asks whether their data has been used in AI tools, that triggers an immediate notification to [Founder name] and a review within 24 hours. If personal data was involved, we notify our legal contact within 48 hours."

For businesses that need to point clients or partners to a formal framework, these five steps map directly to NIST AI-600-1 — the Generative AI Risk Management Profile released July 2024. Steps 1–2 are Govern. Step 3 is Map. Step 4 is Measure. Step 5 is Manage. You don't need to read the full document. But if a client's procurement team ever asks whether you follow a recognized AI governance framework, you now have a defensible answer.

NIST AI RMF, Translated for a Small Team The four functions of NIST AI-600-1 — mapped to the five steps above NIST AI-600-1 GOVERN MAP MEASURE MANAGE GOVERN → Steps 1–2 Inventory + acceptable use policy MAP → Step 3 Data classification rule MEASURE → Step 4 Vendor review checkpoint MANAGE → Step 5 Incident trigger + 24-hour response
NIST AI-600-1 (July 2024) is the emerging U.S. benchmark for generative AI governance. These four functions map directly to the five-step plan above — giving small businesses a defensible framework without enterprise overhead.
The 5-Step AI Governance Checklist · one day, start to finish 1 · Take an AI tool inventory 30 min · Founder / Ops 2 · Write a one-page acceptable use policy 1–2 hrs · Founder + counsel 3 · Set a data classification rule 15 min · Founder 4 · Create a vendor review checkpoint 15 min/tool · Ops / IT 5 · Define an incident trigger 30 min · Founder
Start here. A one-page policy that exists and is communicated beats a perfect policy in a backlog every time.

Free Tool: AI Inventory & Risk Register

Step 1 of the plan, done for you. Build your organization's AI tool inventory in minutes — including the AI features hiding inside tools you already use — and generate a print-ready risk register.

🔒 Runs entirely in your browser. We don't store your name, organization, or results.

Use the Free AI Inventory Tool →

2026–2027: This Is Becoming a Requirement, Not a Best Practice

DIRECT ANSWER

Shadow AI governance is transitioning from voluntary best practice to contractual and regulatory expectation. Enterprise procurement teams are already adding AI governance questions to vendor questionnaires. The EU AI Act's high-risk provisions activate August 2026. NIST AI-600-1 is the emerging U.S. benchmark. Maryland businesses with even a minimum-viable program in place will be ahead of the requirement curve — and ahead of competitors who are still waiting to be asked.

The direction is already clear. Connecticut's June 2025 privacy amendments require disclosure when personal data is used to train large language models — effective July 1, 2026. Maryland is watching. The patchwork of state-level AI disclosure requirements is tightening, and the threshold for "we didn't know we needed a policy" is shrinking fast.

The businesses that move now — that inventory their tools, write the one-page policy, and set the data classification rule — won't just be protected. They'll be the ones that close deals faster, answer procurement questionnaires confidently, and earn the trust that comes from being able to say: we have a governance program and here's what it covers.

That is not a compliance outcome. It is a competitive one.

Ready to know what's running in your organization?

DARS LLC offers a free 30-minute AI governance assessment for Maryland small businesses. We'll inventory your current AI tool exposure, identify the gaps your current policies don't cover, and hand you a one-page action plan before the call ends.

Start with the Free Tool Schedule Your Free Assessment

Already have tools in place? Ask about our one-hour AI policy review — flat fee, no retainer.

Data Gap Disclosures

⚠  The $670K breach cost figure is sourced from a vendor-commissioned survey (Reco AI, October 2025) and should be treated as directional, not actuarial.

⚠  The 890% GenAI traffic surge (Palo Alto Networks) is vendor-reported platform data, not an independent audit — used as an illustrative growth signal.

⚠  No independent SMB-specific AI breach cost data currently exists in the public record. Enterprise figures are used with explicit framing.

⚠  EU AI Act enforcement obligations for U.S.-only SMBs remain legally ambiguous. This post treats EU Act provisions as indirect commercial pressure, not direct legal obligation.

Sources

By Ashwameth Ravilla | DARS LLC | All citations verified June 2026

Comments

Loading comments…

Leave a Comment

Comments are moderated and typically approved within 1 business day. Your email is never published or shared.