Shadow AI in the SMB: What Your Team Is Already Doing With ChatGPT and Claude
Your employees are pasting customer data, contracts, and source code into AI tools you never approved. Here's the actual risk and four controls you can deploy this week.
If you haven't issued an AI use policy yet, your real policy is: whatever 47% of your employees decide to paste into ChatGPT today.
Industry surveys from late 2025 show 60–75% of knowledge workers at SMBs use generative AI tools at work. Less than 20% of those SMBs have a documented policy. The math is uncomfortable.
What's actually leaving your environment
In our last six client engagements, we found employees pasting all of the following into public consumer AI tools:
- Customer lists with contact information, for "help me draft outreach"
- Vendor contracts, for "summarize the indemnification terms"
- Internal financials, for "build me a forecast model"
- Source code with embedded credentials, for "fix this bug"
- HR documents including performance reviews, for "make this softer"
Once pasted into a consumer-tier ChatGPT, Claude.ai, or Gemini account, that data is — at minimum — outside your network perimeter and your DLP controls. Depending on the provider's settings, it may be used for model training. Even where it isn't, you have no audit trail.
Three exposure vectors that get overlooked
1. Browser extensions. Productivity extensions that summarize web pages, generate replies, or "improve" your writing often send the active tab content to a third-party endpoint. That includes whatever's in your CRM or webmail when the extension fires.
2. Personal accounts on corporate devices. An employee signed into their personal Claude or ChatGPT account on a company laptop bypasses every audit, retention, and DLP control you put in place at the org level.
3. AI-enabled SaaS features added by vendors. Your existing tools — Notion, Zoom, Slack, HubSpot — are quietly turning on AI features that process your data through OpenAI, Anthropic, or their own models. If you didn't review the data processing addendum when it was added, you're operating on assumption.
A "free trial" of an AI feature in a SaaS tool is still a vendor relationship subject to your written information security program. If you operate in a regulated industry (HIPAA, GLBA, NY DFS 500), you need a DPA on file before the feature is enabled.
Four controls you can deploy this week
1. Issue a policy that distinguishes approved tools from prohibited ones. Don't write "no AI." Write "approved tools: Microsoft Copilot (M365 commercial data protection), ChatGPT Team, Claude for Work. Prohibited: free consumer tiers using personal accounts." Be specific.
2. Stand up an approved tool with commercial data protection. Microsoft Copilot via M365 Business Standard or higher keeps your prompts inside your tenant's compliance boundary. ChatGPT Team and Claude for Work both contractually exclude your data from training. Pick one, license it, and tell your team it's there.
3. Block consumer endpoints at the network layer or via Defender. It's heavy-handed, but if you can't deploy an approved alternative this month, blocking is more defensible than tolerating the current state.
4. Audit your existing SaaS tools for AI features. Pull the list of vendors that touch sensitive data. For each, document what AI features exist, whether they're enabled, what data they process, and whether your DPA covers them.
The trap
The wrong response to shadow AI is "ban it all." Your competitors aren't banning it; they're channeling it. The right response is to give your team a sanctioned path that's actually as fast and useful as the unsanctioned one — and then enforce the boundary.