Leadership in the Age of AI

How do we govern AI across teams and stop shadow AI?

Thomas Green 7 June 2026 7 min read
In short

Shadow AI is not a workforce going rogue; it is a trust and visibility signal. Why approved alternatives, not bans, are what bring AI use back into the light, and the three moves that restore clear governance across your teams.

Key points
  • Shadow AI is not mainly a security failure; it is a trust and visibility signal. When people reach for unapproved tools, they are telling you the approved path is slower or does not exist yet.
  • The gap is measurable. Around 90% of executives feel confident they can see their organisation's AI use, while 52% of knowledge workers quietly use unapproved tools, according to an Okta-commissioned study reported in 2026.
  • Prohibition moves the activity further out of sight. Governance restores visibility by giving people an approved alternative that is at least as good as the tool they reached for first.
  • Start with three moves: name what good use looks like, offer a sanctioned tool people actually want, and make disclosure safe rather than punishable.
  • The bottleneck is no longer the technology. It is whether your people trust you enough to tell you what they are already doing.

"My team is using AI and I really do not know what they are putting into it, and I am not sure I want to find out." You have had some version of that thought, probably in the past fortnight. Underneath it sits a quieter sentence you would rather not say out loud: finding out means acting, and acting means a policy, and a policy means a fight you have no appetite to start. So the cursor blinks, the work ships faster than it used to, and you let the question sit.

Here is the way through that stalemate. The fastest way to bring shadow AI back into view is to make the official path better than the unofficial one, then make it safe to tell you the truth. Bans push the activity somewhere beyond your sight. An approved alternative, offered well, pulls it back into the light where you can actually steward it. Treat what your people are doing quietly as information rather than betrayal, and the whole problem changes shape.

What is shadow AI actually telling me about my organisation?

It is telling you the work moved faster than your guardrails did. That is the honest reading, and it is more common than the executive view admits. McKinsey's 2025 Superagency in the Workplace study (McKinsey, the global management consultancy), drawn from 3,613 employees and 238 C-level executives across six countries, found that leaders estimate only 4% of employees use generative AI for at least 30% of their daily work, when the real figure is closer to 13%. Your people are roughly three times more likely to be using AI than you would guess. McKinsey's own framing of the bottleneck is blunt: it is leaders not steering quickly enough, not employees holding back.

So the picture inverts. The instinct is to imagine a reckless workforce that needs reining in. The data describes something gentler and more awkward: capable people solving real problems with the best tool to hand, while the org chart catches up. An Okta-commissioned study by Apprize360 in 2026 (Okta is an enterprise identity and security company) put numbers on the blind spot. Around 90% of executives expressed confidence in their visibility into AI tool use, while 52% of knowledge workers admitted using unapproved tools and 24% used unauthorised ones regularly. In the UK the gap was widest of all, with 96% of executives confident they could see clearly. As Okta's Harish Peri framed it, security teams cannot govern the usage of tools they do not know exist.

Why does banning the tools make the problem harder to see?

Because the demand does not vanish. It relocates. When the sanctioned answer is "no", the work still has to ship, so it ships through a personal account, a phone, a free tier nobody flagged. UpGuard's surveys (UpGuard is a cyber-risk research firm) of 1,500 security leaders and employees found that more than 80% of workers use unapproved AI tools, including nearly 90% of security professionals, the very people meant to model the rules. Fewer than half of employees even understand their company's AI policy. You cannot follow a line you cannot find.

And the leak is real, which is exactly why hiding it becomes the dangerous part. A TELUS Digital Experience survey of 1,000 enterprise employees in January 2025 found 57% had entered confidential information into public platforms such as ChatGPT, Gemini and Copilot: personal details, project data, customer records, financials. Cyberhaven Labs (a data-security research group), watching 1.6 million workers, found 11% of the data pasted into ChatGPT was confidential, and confidential-data incidents rose around 60% across a six-week window in early 2023. A ban does not touch any of that. It simply guarantees you will be the last to learn when something goes wrong.

The visibility gapWhat the research shows
What leaders believe~90% of executives feel confident in their visibility into AI use; 96% in the UK (Okta / Apprize360, 2026)
What is actually happening52% of knowledge workers use unapproved tools; 24% regularly (Okta / Apprize360, 2026)
How widespread78% of employees use AI tools their employer did not provide (WalkMe, 2025)
What is being shared57% have entered confidential data into public AI platforms (TELUS, 2025)
Who leads the behaviour69% of presidents and C-suite, 66% of directors and senior VPs accept unapproved AI use (BlackFog, 2026)

That last line deserves a pause. BlackFog's 2026 survey (BlackFog is a data-security vendor) of 2,000 workers found that shadow AI is led from the top: 69% of presidents and C-suite, and 66% of directors and senior VPs, accept unapproved use, and 49% of all workers adopt tools without approval. The people most likely to be doing it quietly are often the most senior. Which is why the avoidance feels so familiar. It is easier to look away than to admit you are part of the pattern you would have to police.

Turn the blind spot into a clear line of sight

If you can feel the gap between what your team is doing and what you can see, that is the most useful signal you have. A focused session maps where shadow AI is showing up, why, and the approved path that brings it back into the open.

Book your Strategy Session

What does governing AI across teams actually look like?

It looks far more like product design than policing. The category of intervention here is governance-over-prohibition: you compete with the unofficial tool by offering an official one people prefer, and you make the truth safe to speak. The evidence says most organisations are starving the human side of exactly that work. Deloitte's State of AI in the Enterprise 2026 report (Deloitte, one of the big four professional-services firms) found that workforce access to sanctioned AI tools grew by 50% in a single year, climbing from under 40% to around 60% of workers, yet only one in five companies, 21%, has a mature model for governing it. Access raced ahead; the governing caught none of that pace. The WalkMe AI in the Workplace survey of 1,000 US workers in 2025 (WalkMe is a workplace software-adoption company) shows where the human gap bites: 78% use AI their employer never provided, 51% report conflicting guidance on when to use it, and only 7.5% have had extensive training, with another 23% trained not at all. Buy the tool, skip the human work, and your best people will route around you.

Three moves restore visibility, in order.

  1. Name what good looks like. Write one page, not forty, that a busy person will actually read: which tools are sanctioned, what data is fine to use, what stays inside the building. Fewer than half of employees understand the current policy, so clarity alone closes part of the gap.
  2. Offer a tool people want. Provision a sanctioned, enterprise-grade option that is at least as fast and pleasant as the free tier someone reached for first. People route around friction, not around rules. Remove the friction and the routing stops.
  3. Make disclosure safe. Replace the threat of punishment with an invitation to show you. When nearly half of workers hide their AI use to avoid judgement, per WalkMe, the information you need is sitting in the room. It surfaces only when telling you costs nothing.
Shadow AI is not your people breaking the rules. It is your people telling you the rules have not caught up with the work.

Done in that order, governance becomes a way of building trust rather than spending it. You move from the leader who would rather not look to the leader people come to first. And this is where the deeper point sits, quietly, for whoever is ready to hear it. The bottleneck is no longer the technology. The technology is already in your building, in capable hands, doing useful work. The open question is whether your people trust you enough to tell you what they are doing, and whether you have built the kind of clarity that makes telling you the easy choice. That is a human capability, and it is one you can build deliberately. Our work with leadership teams starts exactly there: the visibility, the approved path, and the trust that keeps both honest.

Frequently asked questions

Is shadow AI mostly a security problem or a trust problem?
Both, though the trust dimension is the one most leaders miss. The security exposure is real: 57% of enterprise employees have entered confidential data into public AI tools, per TELUS in 2025. Yet the behaviour itself is a signal that the approved path is slower or absent. Treating it purely as a threat drives it underground; treating it as feedback brings it back into view.
Why do bans tend to make shadow AI worse?
Because the demand persists and simply relocates to personal accounts and free tiers you cannot monitor. UpGuard found in 2025 that more than 80% of workers use unapproved AI tools, including nearly 90% of security professionals. A ban removes your visibility while the activity continues, leaving you exposed and uninformed at once.
Where should we focus first when governing AI across teams?
On the human layer, which is where Deloitte's 2026 research says the gap is widest: access to AI grew 50% in a year while only 21% of companies built a mature way to govern it. In practice that means a one-page policy people will read, a sanctioned tool that beats the free alternative, and a culture where disclosure is welcomed rather than punished. WalkMe found only 7.5% of workers are extensively trained, so the easiest early win is teaching people well.
Thomas Green

About the author

Thomas Green

British technology futurist, AI keynote speaker and advisor. Thirty years across enterprise technology and AI strategy, helping leaders navigate the future of work. The futurist who died.

Get Thomas’ thinking into your inbox

Thoughts, stories and ideas on AI, leadership, and the future of work.