Shadow AI: 3 Steps to Regain Control

Video Briefs
Written By Chris Cook

Published on November 14, 2025

KPMG reported that 46% of employees admitted uploading sensitive company information or intellectual property into public AI tools. In regulated and data-intensive environments, “shadow AI” is rarely a behavior problem - it’s usually a tooling and policy gap. The video outlines three concrete actions that move you from guessing to measurable control.

Key takeaways

  • 1) Measure actual AI traffic. Have your CIO/security team pull network logs (DNS, proxy, firewall) to identify which public AI endpoints are being used and at what volume.

  • 2) Sanction the path to “safe use” and publish a clear policy. Decide what AI tools are allowed, what data is prohibited, and what employees should do instead. Then communicate it in one unambiguous policy. With no sanctioned tools, usage will route around governance.

  • 3) Add technical controls: restrict domains and monitor outbound data. Implement domain restrictions where appropriate and outbound data monitoring so you can detect when sensitive information crosses the perimeter..

Watch the video: https://youtu.be/TNrv0Zzzqxw

Chris Cook
Previous

Shifting From Compliance to Competitive Advantage Through AI Governance
Next

The One Question You Should Never Ask AI