Unsanctioned AI on the Rise: Risks and Mitigation Tips
New tools, copilots, and AI-powered services appear almost weekly, and employees are quick to experiment with them, often unsanctioned AI. Drafting emails in the browser, summarising documents, generating code snippets, analysing data in tools that never touch the company’s AI roadmap
Much of this tool use doesn’t happen through formally approved platforms. It happens quietly, in tabs and extensions, using personal accounts or free tiers, outside of security review or governance processes. In other words, it’s unsanctioned AI. This blog outlines the risks of unsanctioned AI use and offers some mitigation tips for your business.
Unsanctioned AI Risks
Unlike traditional shadow IT, where new software needs installation or procurement, AI tools are instantly accessible, browser-based, and deeply embedded into everyday workflows. A single prompt can expose sensitive data. A single integration can create a new attack surface. And because usage is fragmented and informal, many organisations don’t realise how widespread the exposure has become.
For context on the scale of the problem, some of the stats below paint a clear picture:
- 93 percent of employees have shared confidential company info with an AI tool
- More than 80 percent of workers use unapproved AI tools in their jobs
How does this unsanctioned AI use translate to risk, though?
Data Leakage Through Prompting and Uploads
The most immediate risk of unsanctioned AI is simple: sensitive data leaving the organisation without anyone noticing.
Employees routinely paste internal information into AI tools to speed up everyday work. Think customer emails, error logs, contracts, financial summaries. In a sanctioned environment, controls might limit what data can be shared and how it’s retained. In an unsanctioned one, there are no such guardrails.
Consider a scenario where a sales manager uploads a draft customer contract into a public AI chatbot to ‘clean up the language’. That document includes pricing structures, customer names, and negotiation history. The tool stores the input for model improvement or logging, outside the company’s control and potentially outside its jurisdiction.
Once information is submitted, organisations lose control over where it’s stored, who can access it, and how long it persists. The challenge here is to recognise that AI prompts are now a data egress channel. Treating them like harmless text fields is a mistake.
Intellectual Property and Code Exposure
Unsanctioned AI use creates a quiet but serious risk to intellectual property, especially in engineering-heavy organisations.
Developers frequently use AI tools to debug code, refactor logic, or explain unfamiliar libraries. When this happens outside approved tools, proprietary code can be exposed to third-party models with unclear retention and reuse policies.
Consider a situation where a developer pastes a chunk of internal application code into a browser-based AI assistant to troubleshoot a performance issue. That code contains proprietary algorithms and references to internal services. The organisation has no visibility into whether the data is retained, shared, or used to train future models.
This risk is particularly acute for companies whose competitive advantage lives in software, algorithms, or internal automation.
Compliance and Regulatory Exposure
Unsanctioned AI creates compliance risk not because AI is inherently non-compliant, but because its use is undocumented, uncontrolled, and unprovable. Regulations increasingly require organisations to demonstrate where data flows, how it’s processed, and which third parties have access. Unsanctioned AI breaks that chain of accountability.
Maybe a HR team uses a free AI tool to summarise performance feedback and generate promotion recommendations. The data includes employee names, roles, and sensitive feedback. During an audit or regulatory inquiry, the organisation can’t demonstrate where that data was processed or whether it left the EU.
Even if no breach occurs, the inability to prove compliance becomes the problem. Regulators care about evidence. Unsanctioned AI creates “compliance blind spots” that are difficult to explain after the fact.
Expanding the Attack Surface
Unsanctioned AI also expands your attack surface in subtle ways. Browser extensions, unofficial plugins, and AI integrations often request broad permissions. These tools may access emails, documents, or internal systems, creating new entry points for attackers.
Consider one scenario where an employee installs an AI-powered browser extension to summarise emails and meeting notes. The extension requests access to the inbox and cloud storage. Months later, the extension is compromised upstream, exposing sensitive communications across multiple users. Because the tool was never approved, it was never monitored.
Security teams can’t defend what they don’t know exists. Unsanctioned AI shifts risk from known systems to invisible ones.
Mitigating the Risks of Unsanctioned AI
Effective mitigation starts with accepting that AI use is already happening. Then, it’s about designing controls that make it visible, governable, and defendable.
Establish Visibility
Most organisations underestimate how many AI tools are already in use across the business.
Actionable steps:
- Inventory AI-related browser activity, extensions, and SaaS usage where possible
- Identify common AI tools being accessed outside approved platforms
- Map which roles and functions are most actively using AI
The goal here is understanding the scale and shape of exposure.
Define What “Sanctioned” Actually Means
Avoid labelling tools as “approved” without clearly defining how they’re allowed to be used.
Actionable steps:
- Document approved AI tools alongside permitted use cases
- Explicitly state what data types must never be entered into AI tools
- Clarify whether outputs can be used in security, compliance, or incident workflows
Clear definitions reduce ambiguity and give teams something concrete to follow.
Put guardrails around data
Some of the most serious unsanctioned AI risk often emerges at the data level, not the application level.
Actionable steps:
- Classify sensitive data that should never be shared via prompts or uploads
- Apply DLP-style controls where feasible to monitor outbound data flows
- Reinforce guidance on copy-paste, uploads, and API integrations
You need employees with the mindset to treat prompts as potential data transfer events, not harmless inputs.
Set Role and Function-Based AI Permissions
Not every team needs the same level of AI access and treating them as if they do creates unnecessary exposure.
Different functions interact with AI in very different ways. Security teams may use AI for summarisation or investigation support. Developers may need API-based tools for prototyping. Marketing teams may only require basic writing assistance. A single, uniform policy rarely fits all of these use cases.
Actionable steps:
- Define which roles can access which AI tools and capabilities
- Tie permissions to specific, documented use cases
- Restrict higher-risk capabilities such as code analysis or API data uploads to teams with a clear business need
This approach reduces overexposure while making enforcement clearer and less contentious.
Unsanctioned AI as A Governance Opportunity?
Organisations lack the visibility, policies, and governance to use AI safely and compliantly.
The risks outlined above are real-world cyber and compliance challenges that demand structured oversight.
This is where a thoughtful Governance, Risk, and Compliance (GRC) approach becomes invaluable. With robust GRC practices, organisations can align AI usage with strategic business goals, identify and mitigate evolving risks, and ensure compliance with legal and regulatory obligations, all while enabling productive innovation.
By shifting from reactive enforcement to proactive governance, organisations can not only mitigate the dangers of unsanctioned AI but also unlock the strategic value of AI adoption in a secure, compliant way.
At DIESEC, our GRC services help companies bring clarity and control to complex security landscapes.
