Turn shadow AI into safe, scalable innovation
Shadow AI is spreading faster than most enterprises can govern, with employees flocking to consumer-grade GenAI tools for speed and convenience despite mounting risks. KPMG argues that the answer is not a crackdown but a structured strategy that blends clear guardrails, curated choice, and safe sandboxes. Done right, organizations can convert policy-violating habits into a distributed engine of innovation without hemorrhaging data or trust.
Points clés
- KPMG LLP’s August 2025 report finds 44% of employees have used AI in ways that violate policy, 57% have made mistakes by relying on AI without evaluation, and only 41% say their organization has a GenAI policy.
- Up to 58% of employees use AI productivity tools daily, drawn by time savings, ease of use, and productivity gains.
- “Shadow AI” describes unsanctioned AI use outside IT or central AI governance, often driven by outdated official tools, rigid provisioning, and overreaching security protocols.
- Nearly half of employees admit uploading sensitive company data to unapproved platforms, heightening risks of data leakage, exfiltration, and compliance failures.
- Behavioral drivers—convenience, curiosity, consumer-grade simplicity, and fear of missing out—accelerate adoption, especially among digital natives; a KPMG–University of Melbourne survey underscores these trends.
- A January 2025 breach at the AI chatbot platform DeepSeek exposed over 1 million records due to misconfigured infrastructure, prompting regulatory scrutiny and reputational damage.
- “Vibe coding” speeds prototyping by generating code from natural language but, in unsanctioned tools, can yield undocumented code, hidden vulnerabilities, and data leakage.
- KPMG outlines benefits of safe experimentation—accelerated testing, grassroots innovation, upskilling, and cross-functional collaboration—if channeled through sanctioned environments.
- The report recommends a proactive program: a central AI transformation office, an AI Technology Review SteerCo, clear governance policies, secure AI labs, automated audits, and a curated “choose your own AI” stack.
- Authors include Swami Chandrasekaran (Global Head of AI & Data Labs) and Bryan McGowan (Global and US Trusted AI Leader), with contributors Prasad Jayaraman and Aisha Tahirkheli.
À retenir
Start with the boring stuff: write a simple GenAI policy people can actually read, then give them approved tools that don’t feel like dial-up internet. Stand up a sandbox so experimentation happens inside the fence, add automated audits so you sleep at night, and let teams “choose their own AI” from a vetted menu. Do that, and you’ll turn shadow AI from a data-leaking gremlin into your most enthusiastic intern—minus the coffee breaks.
Sources
Quiz sur le document: 10 questions
