Sign in Subscribe

Shadow AI in your business: What to do next

Steve Dunn

8 min read
Shadow AI in your business - Peaky Blinders theme
Shadow AI in your Business - Peaky Blinders theme

There's a reasonable chance your business is already using AI — you just don't know it yet.

While you're reading articles about whether to adopt AI, several members of your team may already be using tools like ChatGPT to draft emails, write reports and speed up admin. No policy. No oversight. No visibility from you as the owner or director.

This is called shadow AI. And in a number of SMEs I speak to, it's happening.

I'd argue, the most important AI conversation UK small business owners aren't having — and the best possible starting point for anyone who wants to get AI right in their business.

So that's where we're going to start. Not with a list of tools. Not with a strategy framework. With the thing that's probably already in your business, and what to do about it — positively, practically, and without drama.

Then we'll get to the three practical steps that will give you the most immediate value, fastest.

⚠️ Why Shadow AI Is the Right Place to Start

The tools involved are usually ChatGPT, Gemini, Claude or Copilot. The pattern is always the same: staff using them quietly, with good intentions, and no guidance from above.

The numbers are striking. A 2024 study by CybSafe and the National Cybersecurity Alliance — surveying more than 7,000 people across the US and UK — found that 38% of employees who use AI have submitted sensitive work-related information to AI tools without their employer knowing (CybSafe × National Cybersecurity Alliance, 2024). And that's just the people willing to admit it.

For small businesses specifically, the picture is just as clear. The 2025 State of Shadow AI Report found that companies with just 11–50 employees averaged more than one in four staff members actively using unsanctioned AI tools — often because there's no policy in place and no one watching (Reco.ai, 2025).

The problem isn't that they're using them. The problem is the absence of any framework — which means:

  • Sensitive client data could be entered into consumer AI tools without the right privacy settings, approvals or safeguards in place.
  • AI-generated content could be going out under your brand without being checked
  • Staff could be acting on AI outputs that are confidently wrong
  • You have no visibility, which means you can't support them to do it well

And here's the thing that most businesses get wrong when they find out: banning AI tools doesn't fix it — it just drives it underground. Salesforce research found that more than half of employees using generative AI at work do so without formal employer approval. Analyst firms and security researchers have repeatedly warned that simply trying to ban AI use rarely solves the problem on its own; it is usually more effective to provide clear guidance and a sanctioned alternative. You can't ban productivity.

The good news — and this is the most important point — shadow AI is not something to panic about. It's something to get ahead of. The businesses that handle this best are the ones who create a simple, positive framework that helps staff use AI well.

👉 The simplest fix is a one-page "how we use AI" guide for your team. Not a legal document. Not a policy manual. Just a clear, friendly page that says: here's what we encourage, here's what to be careful with, and here's what not to do. It takes an hour to write and removes the ambiguity that makes shadow AI risky, which is a great start.

I covered the detail in two earlier posts — Generative AI Risk: Your UK SME Defence Plan, and Ethical AI Governance for UK SMEs: Moving Beyond Compliance. Both are worth reading alongside this one.

📊 Where Does Your Business Actually Stand?

So if shadow AI is already widespread, what does formal AI adoption actually look like? “DSIT’s AI Adoption Research, based on research with 3,500 UK businesses and published in 2026 — gives us the most credible UK-specific picture we have (DSIT, 2025):

  • Only 1 in 6 UK businesses currently uses AI in any formal, structured way
  • Of those that do, 85% are using it for writing and text tasks — drafting, summarising, generating content
  • On average, around 30% of staff in those businesses use AI tools day to day

💡 In other words: most businesses are still at the very beginning. The starting point is genuinely accessible, low risk, and closer than most people think. Which brings us to the three steps that deliver the most value, fastest.

🚀 Where to Actually Start: Three Practical Steps

With that context in place, here are the three areas that deliver the most immediate, practical value for small businesses — in order of how quickly most SMEs benefit.

Step 1 — Start with writing and communication tasks

This is where most SMEs save the most time, fastest. It's also low risk to start with because you're not sharing sensitive data — you're drafting content that you then review and edit.

What to try:

  • Drafting client emails — give it the key points and let it write a first version you then edit
  • Summarising long documents, meeting notes or reports
  • Writing social media posts, newsletter copy or website content
  • Brainstorming ideas for marketing, new services or solving a problem

🛠️ Tool to use: ChatGPT (free at openai.com) or Google Gemini (free at gemini.google.com). Both work in plain English — just describe what you need as if explaining it to a person.

A quick note on free vs paid.

ChatGPT, Gemini and Claude all offer free versions — and they're genuinely useful for getting started. The free tiers do have limits though: usage caps, slower responses at busy times, and in some cases access only to older, less capable models. Paid plans (typically around £16–20 per user per month for ChatGPT Plus, Gemini Advanced or Claude Pro) unlock the most powerful versions of each tool, higher usage limits, and faster responses. On the question of data privacy, however, paying for an individual plan doesn't automatically protect you — on ChatGPT for example, even Plus users need to manually opt out of having their conversations used for model training in the settings. The business-grade plans (which cost significantly more) are where you get firm commitments that your data won't be used for training by default. For occasional personal use, free is fine. For regular business use involving any client or company information, it's worth checking the privacy settings of whatever tool you're using — paid or free — and adjusting them accordingly.

⚠️ One thing to watch: AI sounds confident even when it's wrong. Always read and edit before using. Think of it as a capable first draft, not a finished product.

👉 Once you're comfortable, my guide to writing better AI prompts will help you get consistently better results.

Step 2 — Use it for research and getting up to speed quickly

AI has transformed how quickly you can understand a topic, compare options, or get answers to business questions. The key is using a tool that shows its sources so you can verify what it tells you.

What to try:

  • Getting a plain English overview of a topic, regulation or market
  • Comparing tools, suppliers or options without spending an hour on Google
  • Understanding compliance requirements — GDPR, employment law, HMRC
  • Quick competitor research — what are others in your space offering?

🛠️ Tool to use: Perplexity AI (free at perplexity.ai). Perplexity is built as a research tool first — every response is grounded in cited sources by default, so you can click through and verify. ChatGPT and others will show sources when they search the web, but will also answer from their training data without sources, which is where errors can creep in unnoticed. For business decisions, being able to check where the answer came from matters, human oversight matters.

⚠️ One thing to watch: AI research is a starting point, not a conclusion. For anything legal, financial or compliance-related, always verify with a qualified professional.

Step 3 — Automate one small, repetitive task

This is where longer-term value starts to show. Most small businesses have at least one task they do every week that follows the same pattern — a report, a summary, a client update. AI can dramatically speed these up with the right instructions.

What to do:

  • Pick one weekly task that follows roughly the same structure every time
  • Write a reusable prompt describing exactly what you need — include context, tone and format
  • Save that prompt and paste it in each time, updating only the details that change
  • Refine it over a few weeks until the output is consistently useful

⚠️ One thing to watch: Keep a human in the loop for anything client-facing or sensitive. AI is excellent at structure and drafts — the judgment and accountability are still yours.

👉 My post on 5 AI features that save SME leaders time, money and stress covers practical options once you're ready to go further.

💬 Turning Shadow AI Into a Positive

Now you've started using these tools yourself, the next logical step is to think about how your team is using them — and to get ahead of it positively.

The goal here isn't control. It's confidence. You want your team to feel empowered to use AI productively, while you have the peace of mind that it's being done sensibly. Here's a simple approach that works well for most SMEs:

1. Start a conversation, not a crackdown
Ask your team whether they're already using AI tools. Create a safe space for honest answers — you might be surprised. Most staff using AI tools are doing so because they want to do their job better.

2. Write a simple one-page guide
Outline what's encouraged (drafting, summarising, brainstorming), what needs care (anything involving client data or external communications), and what's not acceptable (sharing confidential information in free tools that may use inputs for model training). Keep it short, positive and practical, you can then build on this.

3. Nominate an AI champion
Identify one person who's curious about AI and ask them to explore tools, share what works, and help others. This spreads capability organically and gives your shadow AI users a legitimate channel to contribute. It costs nothing.

Done well, this turns shadow AI from a risk into one of your biggest assets.

✅ Your First Week Action Plan

Reading about AI is useful. Doing something with it is where the value actually comes from. Here's a low-pressure plan for your first week.

  • Day 1 — Sign up for ChatGPT (chat.openai.com) or Google Gemini (gemini.google.com). Free. Takes 5 minutes.
  • Day 2–3 — Use it for one writing task. Draft an email, summarise a document, write a social post. Don't overthink it — just try.
  • Day 4–5 — Try Perplexity (perplexity.ai) for one piece of research you'd normally Google. See how it compares.
  • End of week — Have a brief, informal conversation with your team about whether they're already using any AI tools. You might be surprised.
  • Week 2 — Write your one-page AI guide. Encourage what works, flag what needs care, and give people a legitimate way to share what they're discovering.

👉 You're not committing to anything here. You're exploring. The businesses getting the most from AI right now aren't the ones with the biggest budgets — they're the ones who started, learned as they went, and brought their teams with them.

🔮 The Bottom Line

AI doesn't need to be complicated, expensive or overwhelming. The three steps in this post cover the vast majority of what AI can do for a UK small business right now. And the shadow AI conversation is one most businesses need to have — sooner rather than later.

Start with one step. Get comfortable. Have the conversation with your team. Then build from there.

The learning curve is shorter than most people expect. And the biggest barrier for most UK small businesses right now isn't technology — it's just deciding to start.

📩 Stay in the Loop

Every month I share one new, practical insight about AI for UK small businesses — no hype, no jargon, just what's worth knowing. Subscribe free at aiforsmes.co.uk — and you can unsubscribe any time.

📚 Worth Reading Next

Sources

Sign up for more like this and it's Free!

Enter your email
Subscribe