Use of Unauthorised AI Sparks Security and Compliance Concerns for Businesses

The rapid proliferation of generative AI tools has outpaced corporate governance, leading many workers to turn to unsanctioned platforms for productivity gains. The Studio Graphene poll reveals that nearly half of UK executives suspect shadow AI is already embedded in daily workflows, especially in larger firms where 54% report such usage. This organic adoption is driven by ease of access, low cost, and the perception that AI can automate routine tasks. However, without visibility into which models are employed, IT departments lose control over data flows, model provenance, and potential bias, creating a fertile ground for security lapses.

From a compliance standpoint, the United Kingdom’s data protection framework—mirroring the EU’s GDPR—imposes strict obligations on how personal and confidential information is processed. Unauthorized AI services often route data to external servers, sometimes outside the European Economic Area, exposing firms to cross‑border transfer violations and hefty fines that can reach up to 4% of global turnover. Moreover, sector‑specific regulations such as the Financial Conduct Authority’s rules on record‑keeping amplify the risk for banks and insurers. The poll’s finding that 64% of leaders fear security or compliance breaches underscores a widening gap between innovation and regulatory readiness.

To bridge that gap, organisations must move from reactive admonitions to proactive AI governance. Crafting concise, company‑wide AI usage policies—something 34% of respondents admit they lack—provides a baseline for acceptable tools, data handling procedures, and escalation paths. Equally critical is communicating these expectations, as 37% have not done so, and training frontline staff who already show higher comfort with AI than senior managers. Deploying monitoring solutions that flag unsanctioned APIs, coupled with a centralized AI catalogue, can restore visibility while still encouraging responsible experimentation. In doing so, firms can reap AI’s productivity benefits without compromising security or compliance.