Executive Insights, DECEMBER 2024
Shadow AI Series 2/3: How to manage and control AI in your organization

MIKAEL MUNCK
CEO AND FOUNDER, 2021.AI
The world of AI is changing fast. We’re not just using more AI, we’re using more complex AI, and in more ways than ever before. This creates a challenge referred to as Shadow AI – where AI models are developed and used without proper oversight or control.
It’s like having a hidden department in your organization making important company decisions with no approval or supervision. This can obviously undermine your overall company goals and create quite the chaos. Which is why you want to avoid Shadow AI.
Shadow AI issues
- Security concerns: Unauthorized operation of AI can open doors to security vulnerabilities and data breaches that otherwise centrally could have been prevented.
- Unpredictable and unacceptable risks: When AI is developed, implemented, and used in the shadows of the organization without oversight, we can’t protect against the risk of misuse, misinterpretation of guidance from AI or mitigate unintended behavior or problems.
- Governance & compliance breaches: As regulations like the EU AI Act come into force, Shadow AI makes it impossible for you to be compliant. Most regulations will require a full AI registry for all AI in use across the organization. The complexity of this challenge only grows with the use across multiple clouds, and AI in 3rd party software products.
The rise of Shadow AI, managing the growing complexity
AI is becoming more complex in how it’s used. We’re seeing more intricate AI tasks, a wider scope of applications across departments, and a growing number of users with varying levels of expertise. This makes it harder to track who is using AI, for what purpose, and how it’s being built. This lack of visibility contributes to the challenge to keep Shadow AI at bay.
How to bring AI out of the shadows
- Establish an AI Registry: Ensure that you have all AI Applications, Systems and Models registered, and establish a clear process for further efficient and structured process to support registration. Involve the procurement department to report all future AI systems including the ones which have AI embedded into their solutions.
- Encourage a culture of transparency and communication: Openly discuss AI initiatives throughout the organization to reduce the likelihood of unauthorized use and promote Responsible AI practices.
- Provide clear guidelines for AI projects: Offer training and resources to help people understand and comply with AI Governance policies and regulations like the EU AI Act.
- Invest in a robust AI infrastructure: Ensure that your organization has a robust AI infrastructure / platforms and resources that make it easier for people to develop according to the agreed upon AI Governance and Responsible criteria.
You might also like…
Shadow AI Series 1/3: The rise of Shadow AI and what it means for your organization
AI tools and platforms are becoming increasingly easy to use, empowering individuals to leverage AI solutions for their specific needs…
Shadow AI Series 3/3: The Shadow AI threat: Are you prepared for unexpected risks?
In this post, I investigate the potential dangers of Shadow AI and propose practical frameworks for managing the emerging risks associated with Shadow AI…