Six Steps to Move From Shadow AI to Innovative AI
What is Shadow AI?
In my work advising companies on AI governance, I encounter many who allow employees to use private AI accounts like ChatGPT – so-called ‘Shadow AI’ or ‘BYOAI’. There’s been growing awareness that this phenomenon (akin to using a personal Gmail to do company work), is:
Bad for the Customer. Their personal data can be put at risk among other risks.
Bad for the Employee. They might be paying for their own work tools, exposed to unnecessary risk, and not to mention an awkward dynamic around using the tool openly in the office.
Bad for the Company. The company has little visibility on what AI is being used for and therefore no data to help them make strategic decisions on where AI deployments could bring the best ROI.
Why “Just Stop” Doesn’t Work
But it’s not just as simple as saying ‘STOP!’. In some cases, employees have deeply embedded private tools in their workflows, and a knee-jerk pause on non-approved tools can alienate governance efforts before they have even begun, not to mention the danger of simply being ignored. To create visible, well-governed AI, that enables company-wide safe, confident, innovative AI use, governance professionals must act pragmatically to get wide buy-in for a responsible AI ethos, while setting clear boundaries.
Six Steps to Innovation
Here are my six steps to bring AI into the light:
Discover
The first stage of any governance project is to understand where AI is being used and what it is being used for. Depending on the size of the organisation, this can be reasonably well discovered through one-off discussions with key stakeholders, an employee survey (I’ve found the best is anonymous but stratified by department to enable more granular insights), or a combination of those two activities leading to a map of the uses and risks associated with AI. At the end of this step, you will have surfaced the AI use in your organisation.
Communicate
Once you understand what you have, be open with company staff about the direction you want to travel in. Discuss the problems with using private AI accounts, the opportunities of governance for getting real value from AI, and the roadmap to safe, confident, innovative AI (outlined at steps 3-6).
Govern
If Step 1 uncovers previously invisible, private-account AI use, do not overreact. In fact, these are sparks of innovation in an organisation. Rather than an immediate ban on private account tools, instead draft an internal AI use policy that puts down interim governance measures that make employees feel safe and confident using AI. For example, prohibit the use of personal data, or sending pure AI-generated content externally without review, and mandate the use of SASP (Stop, Ask, Scan, Prompt) on inputs and VEP (Verify, Edit, Personalise) to provide practical controls to meet those aims. Ensure you have an AI Lead, an individual in your organisation (in larger organisations supported by an AI committee) to deal with issues or incidents. Familiarise yourself with sector-based or national legislation to lay down any additional requirements (i.e. if in the EU, using AI for HR purposes will require additional governance).
Transition
One of the problems in transitioning out of Shadow AI is you might be unsure of what to transition to. After all, AI was invisible for a while in your organisation. You need to generate opportunities for strategic innovation. three tactics I’ve found most useful:
(a) Get to Value Quickly. Hold an initial team-level innovation workshop, and focus on a task where AI is used most (which you should have learned from Step 1). Each team should appoint an AI Champion and set a three-month goal for innovation which the AI Champion will be accountable for implementing. Have employees demo best practice to each other and arrive at standardised prompts and workflows that can be deployed after the session.
(b) Run Micro-pilots. To meet their goals, employees should have the option of requesting a three-month micro pilot of an enterprise-grade AI tool from the AI Lead, either as individuals or teams. This should be accompanied by interim and final reporting to assess ROI). This will require effective vendor due diligence to vet potential vendors but provide a quick way to spot use cases that generate real ROI.
(c) Use Discovery Data. Your employee survey and stakeholder discussions should tell you what employees think AI can help them with, any barriers to AI adoption, and what they use AI for currently. All of this data can be used to build a picture of where to go next.
At the end of this stage, you will have teams using AI openly at your organisation, with governance in place, with your AI Lead (and committee) building up a picture of what might be effective at your organisation on a more strategic level.
Strategise
After a three-month interim phase, in which you have tested innovations on a team level, you should have the first wave of data on where AI use has the potential for ROI on a team level, and for company-wide deployment. Take a look around at what competitors are doing in the space, speak to vendors, consider the governance needs of a given use case, and then make decisions.
Phase out
If steps 1-5 have been successful, the use of private AI accounts should taper off organically, as employees feel like their needs are met by approved tools with additional functionality. Talk to stakeholders or those who may have been sceptical of the changes, to validate this. If signs are positive, it’s now time to close the book on ‘Shadow AI’, update your policies accordingly to mandate approved tools only, and continue to iterate on AI implementation through your Innovation Leads and your AI Lead.
An Innovative Culture
At the conclusion of these six steps, you should have successfully taken your organisation from Shadow AI to a safe, confident and innovative AI culture, encompassing governance and transformation to drive ROI from AI.
Ready to move to Safe, Confident, Innovative AI?
Reach out to our team to connect and learn more.