{"slug": "think-twice-before-using-that-unsanctioned-ai-app-at-work", "title": "Think Twice Before Using That Unsanctioned AI App at Work", "summary": "Shadow AI, the use of unapproved artificial intelligence tools like ChatGPT or Gemini at work, is creating data security risks as employees inadvertently expose company information. Edward Wu, CEO of Dropzone AI, warns that once proprietary data is entered into unsanctioned AI apps, companies lose control over its storage and protection.", "body_md": "You know that moment when you ask [ChatGPT](https://www.cnet.com/tech/what-is-chatgpt-everything-you-need-to-know-about-the-ai-chatbot/?_gl=1*1qds85q*_up*MQ..*_ga*MTkxMzY2MTMyMi4xNzgyMTIyMTM1*_ga_R820W8QX02*czE3ODIxMjkzNTgkbzIkZzAkdDE3ODIxMjkzNTgkajYwJGwwJGg4MzYyNTM3MA..) to polish a work email or summarize meeting notes? It may seem harmless at first, but using the wrong tool or giving it the wrong information can create a much bigger problem.\n\nShadow AI is what happens when people use artificial intelligence tools at work without company approval, oversight or security review. That could be ChatGPT, [Gemini](https://www.cnet.com/tech/what-is-gemini-everything-you-should-know-about-googles-ai-tool/?_gl=1*1qds85q*_up*MQ..*_ga*MTkxMzY2MTMyMi4xNzgyMTIyMTM1*_ga_R820W8QX02*czE3ODIxMjkzNTgkbzIkZzAkdDE3ODIxMjkzNTgkajYwJGwwJGg4MzYyNTM3MA..), an [AI note-taker](https://www.cnet.com/tech/services-and-software/thine-ai-notetaker-app-ces-2026/?_gl=1%2a1b2qr27%2a_up%2aMQ..%2a_ga%2aMTkxMzY2MTMyMi4xNzgyMTIyMTM1%2a_ga_R820W8QX02%2aczE3ODIxMzU1NDkkbzMkZzAkdDE3ODIxMzU1NDkkajYwJGwwJGgxNTc0NDUxNTIw) during a meeting, an [image generator](https://www.cnet.com/tech/services-and-software/best-ai-image-generators/?_gl=1%2agji0m4%2a_up%2aMQ..%2a_ga%2aMTkxMzY2MTMyMi4xNzgyMTIyMTM1%2a_ga_R820W8QX02%2aczE3ODIxMzU1NDkkbzMkZzAkdDE3ODIxMzU1NDkkajYwJGwwJGgxNTc0NDUxNTIw) or some other tool you opened because it helped you [finish something faster](https://www.cnet.com/tech/services-and-software/9-ways-to-streamline-work-productivity-with-ai-that-you-should-try-and-1-you-shouldnt/?_gl=1%2azity7k%2a_up%2aMQ..%2a_ga%2aMTEzMzkyMzE1NS4xNzgxNzAyOTI0%2a_ga_R820W8QX02%2aczE3ODE3MDI5MjQkbzEkZzAkdDE3ODE3MDI5MjQkajYwJGwwJGg0ODgyNDE3MTY.).\n\nMost people aren't trying to leak company secrets or do anything nefarious. They're doing it because work is full of long documents, messy spreadsheets, meeting notes and [wordy emails](https://www.cnet.com/tech/services-and-software/i-tried-ai-to-soften-my-professional-emails-it-worked-surprisingly-well/?_gl=1%2a7f92p9%2a_up%2aMQ..%2a_ga%2aMTg1MDU5ODk0NS4xNzgyMTM1NjIx%2a_ga_R820W8QX02%2aczE3ODIxMzU2MjEkbzEkZzAkdDE3ODIxMzU2MjEkajYwJGwwJGg3MjUwMDQ4MTI.).\n\nBut the road to hell is paved with good intentions. Once you put work information into an unapproved AI tool, your company may lose control over where that information goes, how it's stored and whether anyone can protect it.\n\n\"Once the proprietary sensitive and confidential data is out, it's out,\" [Edward Wu](https://www.linkedin.com/in/edwardxwu/), founder and CEO of [Dropzone AI](https://www.dropzone.ai/), told CNET.\n\nThat's why shadow AI is becoming one of the trickiest workplace AI problems. It can save time, but it can also move company information to somewhere your employer can't control it.\n\nLet's break down what this means for you and how to [use AI at work](https://www.cnet.com/tech/services-and-software/using-ai-at-work-may-actually-make-your-days-longer-and-more-unpleasant-study-finds/?_gl=1%2afb7v1v%2a_up%2aMQ..%2a_ga%2aMTEzMzkyMzE1NS4xNzgxNzAyOTI0%2a_ga_R820W8QX02%2aczE3ODE3MDI5MjQkbzEkZzAkdDE3ODE3MDI5MjQkajYwJGwwJGg0ODgyNDE3MTY.) without creating a mess for yourself or your company.\n\n## What is shadow AI?\n\n\"Ultimately, shadow AI is the usage of AI tools that have not been preapproved, reviewed and sanctioned by the IT and security team,\" Wu said. It's similar to shadow IT, which is when employees use unapproved apps or software at work.\n\nThat's usually where the trouble starts. Not because you used AI to clean up a sentence, but because you gave it something your company would rather keep private. A quick shortcut can turn into an accidental [data leak](https://www.cnet.com/tech/services-and-software/your-personal-data-may-be-exposed-in-a-future-data-breach-heres-what-to-about-it-now/?_gl=1%2ae7t94r%2a_up%2aMQ..%2a_ga%2aMTEzMzkyMzE1NS4xNzgxNzAyOTI0%2a_ga_R820W8QX02%2aczE3ODE3MDI5MjQkbzEkZzAkdDE3ODE3MDI5MjQkajYwJGwwJGg0ODgyNDE3MTY.). That could be customer names, internal documents, source code or financial information.\n\nThat doesn't mean every use of AI at work is dangerous. Asking AI to rewrite a generic email is different from pasting in a customer complaint or a legal memo.\n\nApproved AI tools usually come with privacy controls, [security settings](https://www.cnet.com/tech/services-and-software/cybersecurity-checklist-for-college-students/?_gl=1%2a10nc8oo%2a_up%2aMQ..%2a_ga%2aMTEzMzkyMzE1NS4xNzgxNzAyOTI0%2a_ga_R820W8QX02%2aczE3ODE3MDI5MjQkbzEkZzAkdDE3ODE3MDI5MjQkajYwJGwwJGg0ODgyNDE3MTY.) and rules about what happens to your data. A random free tool may not. Even if the tool says it doesn't train on your data, you may not know how long it stores your prompt or who can access it.\n\n\"When you have your entire codebase and copy and paste it into a free-tier AI tool, you bet that code is going into training data immediately, and there's no way to undo that,\" Wu told CNET.\n\n## Why people use shadow AI\n\nLet's be honest, [AI tools are useful](https://www.cnet.com/tech/services-and-software/i-tried-this-ai-tool-for-productivity-but-the-learning-curve-was-steep/?_gl=1%2afb7v1v%2a_up%2aMQ..%2a_ga%2aMTEzMzkyMzE1NS4xNzgxNzAyOTI0%2a_ga_R820W8QX02%2aczE3ODE3MDI5MjQkbzEkZzAkdDE3ODE3MDI5MjQkajYwJGwwJGg0ODgyNDE3MTY.). That's the uncomfortable truth.\n\n[Generative AI](https://www.cnet.com/tech/generative-ai-everything-to-know-about-the-tech-behind-chatbots-like-chatgpt/?_gl=1*vbujc9*_up*MQ..*_ga*MTkxMzY2MTMyMi4xNzgyMTIyMTM1*_ga_R820W8QX02*czE3ODIxMjkzNTgkbzIkZzAkdDE3ODIxMjkzNTgkajYwJGwwJGg4MzYyNTM3MA..) can [help you draft emails](https://www.cnet.com/tech/services-and-software/if-youre-comparing-ai-email-tools-heres-one-worth-your-time/?_gl=1%2a1c95nji%2a_up%2aMQ..%2a_ga%2aMTg1MDU5ODk0NS4xNzgyMTM1NjIx%2a_ga_R820W8QX02%2aczE3ODIxMzU2MjEkbzEkZzAkdDE3ODIxMzU2MjEkajYwJGwwJGg3MjUwMDQ4MTI.), summarize reports, record meeting notes, clean up messy text, analyze data and brainstorm ideas. Those tasks eat up huge parts of the workday, and AI tools often feel faster than waiting for your company to approve something official.\n\nMicrosoft's 2026 Work Trend Index shows why workers keep reaching for AI. The [report](https://www.microsoft.com/en-us/worklab/work-trend-index/agents-human-agency-and-the-opportunity-for-every-organization) found that 58% of respondents said it helps them take on tasks they couldn't have handled a year ago.\n\nWu tells CNET that's the point companies shouldn't ignore.\n\n\"The existence of shadow AI means there is [productivity](https://www.cnet.com/tech/services-and-software/heres-how-you-can-boost-your-productivity-at-home-with-this-ai-tool/?_gl=1%2azity7k%2a_up%2aMQ..%2a_ga%2aMTEzMzkyMzE1NS4xNzgxNzAyOTI0%2a_ga_R820W8QX02%2aczE3ODE3MDI5MjQkbzEkZzAkdDE3ODE3MDI5MjQkajYwJGwwJGg0ODgyNDE3MTY.) to be gained by certain functions. I don't think people are using AI tools for fun at work,\" Wu said.\n\n**Read more:** [AI Essentials: 29 Ways You Can Make Gen AI Work for You, According to Our Experts](/tech/services-and-software/features/ai-essentials-29-ways-to-make-gen-ai-work-for-you-according-to-our-experts/)\n\nEmployees are moving faster than company policies. Some workplaces still don't have clear AI rules. Others have rules buried in security documents no one reads unless they're already in trouble. Some companies ban public AI tools but don't offer a useful alternative.\n\nShadow AI also doesn't always look like a separate app. It can live inside a browser extension, email plug-in, search engine, spreadsheet assistant or meeting recorder. You may think you're just clicking the helpful button, not using AI.\n\nWhen you're under pressure to do more with less, the free [chatbot](https://www.cnet.com/tech/what-is-an-ai-chatbot-everything-to-know/?_gl=1*1dc227v*_up*MQ..*_ga*MTkxMzY2MTMyMi4xNzgyMTIyMTM1*_ga_R820W8QX02*czE3ODIxMjkzNTgkbzIkZzAkdDE3ODIxMjkzNTgkajYwJGwwJGg4MzYyNTM3MA..) sitting in the next [AI browser](https://www.cnet.com/tech/ai-browsers-what-to-know-chatgpt-atlas-perplexity-comet-copilot-brave-opera-one-dia-duckai-gemini/?_gl=1*1dc227v*_up*MQ..*_ga*MTkxMzY2MTMyMi4xNzgyMTIyMTM1*_ga_R820W8QX02*czE3ODIxMjkzNTgkbzIkZzAkdDE3ODIxMjkzNTgkajYwJGwwJGg4MzYyNTM3MA..) tab starts to look tempting.\n\n## The risks companies see in shadow AI\n\nOne small shortcut can expose more than you meant to share.\n\n\"I think the biggest risk, obviously, is kind of uncontrolled data exposure,\" Wu said.\n\nAI tools need context to work well. That context might include internal tickets, documentation, customer details, contracts and code. Once that information is entered into an unapproved tool, the company may be unable to track it or retrieve it.\n\n[IBM's 2025 Cost of a Data Breach Report](https://www.ibm.com/reports/data-breach) found that 20% of organizations had unauthorized AI tools in their environments, while 63% had no AI governance policy or were still developing one. That's another sign that companies are still catching up to how fast AI is being used.\n\nAI output [can also sound right even when it isn't](https://www.cnet.com/tech/hallucinations-why-ai-makes-stuff-up-and-whats-being-done-about-it). That's called an [AI hallucination](https://www.cnet.com/tech/what-are-ai-hallucinations-why-chatbots-make-things-up-and-what-you-need-to-know/). A chatbot can summarize the wrong point, invent a detail, miss context or produce a confident answer that falls apart once someone checks it. If you use that output in a financial analysis or technical document, the shortcut may create more work than it saves.\n\nIf AI-generated work goes out with false details, private information or sloppy mistakes, your company may not only have to fix the error but also deal with reputational damage. Being put on the internet wall of shame nowadays can come with a hefty price. For example, [Deloitte faced public backlash](https://fortune.com/2025/11/25/deloitte-caught-fabricated-ai-generated-research-million-dollar-report-canada-government/) and a mandatory review after submitting a million-dollar government report that contained fabricated, AI-generated research citations.\n\nThe net consequence is clear: A tool that saves you 10 minutes can create a problem your company spends weeks cleaning up. Lawyers have already learned this the hard way after filing court documents with [fake AI-generated case citations](https://www.cnet.com/tech/services-and-software/lawyers-using-ai-pitfalls-sanctions-aba-guidance/).\n\n## Why banning AI usually doesn't work\n\n\"Banning AI tools generally pushes more people to go kind of underground,\" Wu said. \"Very similar to when parents tell teenage kids to stop using Instagram. That kind of never works.\"\n\nIf you know [AI can save time](https://www.cnet.com/tech/services-and-software/ai-saves-workers-less-than-an-hour-each-day-new-openai-report-shows/?_gl=1%2afb7v1v%2a_up%2aMQ..%2a_ga%2aMTEzMzkyMzE1NS4xNzgxNzAyOTI0%2a_ga_R820W8QX02%2aczE3ODE3MDI5MjQkbzEkZzAkdDE3ODE3MDI5MjQkajYwJGwwJGg0ODgyNDE3MTY.) and your company doesn't provide a useful approved option, you may look for another way. You might use a personal account, your phone, a browser plug-in or a tool that looks harmless enough to slip by.\n\nA better policy focuses on what you're using AI for and what data you're putting into it. Your company might allow AI for brainstorming or summarizing public information, while banning customer data, confidential documents, unreleased product plans, financial records or source code in public tools.\n\n\"[The] marketing team may feel free to use AI tools to generate images, right?\" Wu said. \"But you know, customer success team, please don't copy-paste customer interactions directly into unsanctioned tools.\"\n\nThat kind of rule works better because it tells you where the line is. Wu says it's hard for individual workers to self-police what's appropriate, especially when AI tools have different privacy settings that aren't always obvious.\n\n\"If things are not clearly spelled out, then it's left for interpretation,\" Wu said.\n\nCompanies need clear guidelines that explain which tools are approved, which data is off-limits and which tasks require human review.\n\n## What to do if you use AI at work\n\nIf you use AI at work, assume anything you paste into a tool is out there forever.\n\nCheck whether your company has an approved AI tool or policy. Don't upload sensitive, internal information in public tools or anything marked confidential, unless your company has explicitly allowed it. If you're not sure, don't paste it.\n\nTreat AI like Santa's little helper, but [don't outsource your intelligence](https://www.cnet.com/tech/services-and-software/ai-can-probably-do-some-of-your-work-tasks-that-doesnt-mean-it-can-do-your-job/?_gl=1%2afb7v1v%2a_up%2aMQ..%2a_ga%2aMTEzMzkyMzE1NS4xNzgxNzAyOTI0%2a_ga_R820W8QX02%2aczE3ODE3MDI5MjQkbzEkZzAkdDE3ODE3MDI5MjQkajYwJGwwJGg0ODgyNDE3MTY.). Check facts, verify summaries, rewrite awkward lines and make sure the final version still sounds like a person who knows what they're talking about. While AI may have done the writing or summarizing, remember that it's your reputation -- or your company's -- at stake if there are mistakes.\n\nShadow AI exists because people have found tools that help them work faster. That's not going away. The real challenge is making sure the shortcut doesn't turn into a security problem or one very awkward meeting with IT and HR.", "url": "https://wpnews.pro/news/think-twice-before-using-that-unsanctioned-ai-app-at-work", "canonical_source": "https://www.cnet.com/tech/services-and-software/shadow-ai-work-approval/", "published_at": "2026-06-30 11:00:50+00:00", "updated_at": "2026-06-30 12:27:04.991031+00:00", "lang": "en", "topics": ["ai-safety", "ai-policy", "ai-tools", "large-language-models", "generative-ai"], "entities": ["ChatGPT", "Gemini", "Dropzone AI", "Edward Wu", "CNET"], "alternates": {"html": "https://wpnews.pro/news/think-twice-before-using-that-unsanctioned-ai-app-at-work", "markdown": "https://wpnews.pro/news/think-twice-before-using-that-unsanctioned-ai-app-at-work.md", "text": "https://wpnews.pro/news/think-twice-before-using-that-unsanctioned-ai-app-at-work.txt", "jsonld": "https://wpnews.pro/news/think-twice-before-using-that-unsanctioned-ai-app-at-work.jsonld"}}