Overview
- Companies are shifting from bans to enablement by rolling out sanctioned AI, setting plain rules, training staff, and adding monitoring.
- Shadow AI means employees use outside chatbots without approval, and IBM’s 2025 breach report says over 20% of organizations have unprotected use they do not see.
- The risks include data exposure when workers paste code or confidential notes into public models and poor decisions when outputs are not checked.
- Vendor guardrails help but do not erase exposure because crashes and error logs can retain user data that could later leak, IBM’s Jerry Cuomo warns.
- Vendors are building governance layers such as CoChat, which gives teams shared access to leading models, adds visibility, and pauses risky autonomous agent actions for human review.