Here's what's happening in your organization right now, whether you've been told or not.

Your team members are pasting customer data into ChatGPT to draft summaries. Someone in finance is using an AI tool to analyze spreadsheets they emailed to themselves. A coordinator is generating reports with a free browser extension that logs everything to a server you've never heard of.

Nobody told you. Not because they're hiding it — but because there's no policy, no conversation, and no safe way to ask. So they're just doing it.

This is called shadow AI: the use of unsanctioned AI tools by employees, outside of any IT-approved or policy-governed system. It's not theoretical. Salesforce's 2024 AI at Work research found that more than half of employees who use generative AI at work — 55% — do so with tools their employer hasn't approved. That gap has not narrowed since.

The exposure here is real. Data governance breaches. Vendor terms you've never agreed to. Outputs that carry liability your organization doesn't know it has. And if something goes wrong, the question your leadership will ask isn't "why did the employee do that?" It's: "why didn't you know?"

The one question to ask in your next team meeting

Don't make this an interrogation. Don't make it a policy announcement. Make it a conversation.

Try this: "I want to make sure we're all set up to use whatever tools help us most — including AI tools. Who's already experimenting with something? What's it helping you with?"

That's it. You're not asking "who's breaking the rules." You're creating a safe surface for people to tell you what they're already doing. You'll get useful intelligence. And you'll signal that you're the kind of manager who finds out rather than lectures.

Listen to what comes back. Note the tools mentioned, the tasks they're being used for, and whether any of those tasks involve data that has a name on it — customers, employees, financials.

The one policy line to put in writing this week

You don't need a 10-page AI policy. You need one sentence that creates a safe harbor and a reporting path:

"If you're using or want to use an AI tool for work tasks, check with [your name / your IT contact] before using it with company or customer data — no judgment, just a quick flag so we can make sure we're covered."

Put it in a team Slack channel or an email. Not a memo. Not a policy document. A message, from you, this week.

This does three things: it surfaces the tools that are already in use, it creates an informal logging system without bureaucracy, and it positions you as the person who managed this — not the person who didn't know.

What you're actually managing

Shadow AI is a symptom of a gap between what your team needs to get work done and what your organization has officially given them. That gap is not going away. AI tools are getting easier, faster, and cheaper to access.

Your move is not to shut it down. It's to know about it before it becomes a problem. One question. One sentence. This week.

Forward this to a peer who runs a team. The conversation is already happening in their org too — they just haven't started it yet.

P.S. — The Edge goes deeper on this: how to run a proper shadow AI audit, what to escalate and what to quietly regularize, and what to say when leadership asks. If you're staring at a mandate, it's worth the look.

This was a free one. There's a new one every week.

What's signal in the AI noise — and the move to make about it. No hype, no vendor pitch, no link dump.

Aiden Vector is an AI-assisted publication; this content is produced by AI under human editorial direction.