Artificial intelligence (AI) is profoundly transforming the business world, but not always in an official way. More and more French companies, especially SMEs and VSEs, are facing the Shadow AI phenomenon.
A single figure suffices to explain the scale of the subject: 68% of AI users in a professional context don't tell their managers (BPI France Le Lab - Dec 2024). Behind this term lies a complex reality: employees using AI tools not approved by their company to gain efficiency.
Although the deployment of AI in SMEs and VSEs is progressing, its adoption by managers remains too slow compared to that of their own employees. All the more so as over 50% of managers have no intention of using AI in the short term, and 14% have explicitly forbidden its use.
While shadow AI can boost creativity and productivity in the short term, it also entails major risks over the long term. So how can we turn this challenge into an opportunity? On bringsyou our insights and a number of ways of getting out of this situation.
What is Shadow AI?
The Shadow AI, or "hidden AI", refers to the use of artificial intelligence tools by employees without prior validation by their hierarchy or IT department. These tools include platforms such as ChatGPT, Google Gemini, DALL-E, or software specialized in data analysis, project management or content creation.
Why do employees use them?
- Lack of suitable official tools. The solutions proposed by the company may be perceived as too limited or ill-adapted to the specific context of the business or competitive environment.
- Productivity. AI tools can automate repetitive tasks (writing, analysis, translation, reporting), quickly solve complex problems (Excel macro, ) or propose a "first version" that meets 80% of the employee's needs.
- Spontaneous innovation. Some employees want to experiment with new technologies to improve their performance or demonstrate their ability to use new tools, sometimes to get their own management to react.
However, this informal adoption often escapes the radar of senior management and IT departments, posing a number of challenges in terms of organizational coherence, the ability to retain Internet know-how and, of course, data security and compliance.
What are the implications for SMEs and VSEs?
Shadow AI is not just a problem. It also reflects a need for innovation within the company, and a willingness on the part of employees to adapt to digital challenges. It's also the mark of a dynamic team, ready to embrace new ways of working.
- Time saving. This is the benefit most recognized by all users. AI tools enable employees to automate certain time-consuming tasks (sorting e-mails, writing reports, reporting tables) or tasks that usually require much more time to complete (responding to a call for tenders, redesigning a website).
- Process improvement. On production lines, better forecasting of maintenance times to limit machine downtime directly increases operational efficiency.
- Increased creativity. In marketing or communications, for example, generative AIs, seen by many employees as an "expert digital assistant", are used to rapidly create engaging content or personalize customer interactions. These tools also help to reduce the "blank page syndrome" for creative teams, which in turn reduces the mental load on employees.
- Bottom-up initiatives. The spontaneous use of AI tools in different departments of the company shows that employees are proactive in the search for innovative solutions. This is a corporate culture value worth developing!
However, Shadow AI also entails its share of risks, particularly for smaller organizations which are often less equipped to deal with this type of problem.
- Data leakage. Information shared with these tools can be stored or used without the company's knowledge, increasing the risk of cyber-attacks or disclosure on the Internet (customer names in an Excel spreadsheet, for example).
- Internal fragmentation. Uncoordinated use of different tools can lead to inconsistency in internal processes and complicate collaboration between teams.
- Know-how transfer. If an employee leaves the company with his informal practices, it will probably be difficult to take over his methods or tools, which can be a major loss of time and experience.
- Legal and regulatory risks. SMEs and VSEs must comply with the RGPD (General Data Protection Regulation). However, some non-validated AI tools can process sensitive data on external servers outside the EU (ChatGPT is an American tool and, in most cases, all data is sent to US servers), exposing the company to sanctions
Enable the entire company to focus on its core objectives: spending more time with employees, partners and customers!
What can be done to rectify the situation?
Rather than repressing the Shadow AI phenomenon, SMEs and VSEs have every interest in integrating it into an overall strategy of responsible innovation. Here are some suggestions from Gorillias on how to capitalize on employee interest and create a general framework compatible with corporate objectives and obligations.
1- Recognizing and managing Shadow AI
- Map existing uses. Organize an internal audit to identify which AI tools are used by your teams and in which contexts (marketing, HR, customer service, legal, finance, production, logistics...). At the current stage of AI development (generative AI and specialized AI agents), all company departments can be impacted by the deployment of AI solutions.
- Draw up a clear AI charter. Define what is and isn't allowed when it comes to using AI tools in your company, while explaining the risks associated with certain practices (data security, RGPD compliance, know-how transfer, internal collaboration between different tools).
2- Propose official alternatives
- Integrate validated tools. Offer employees access to secure AI solutions that comply with legal requirements (e.g. hosted in Europe). Different platforms enable AI to be used while guaranteeing data security. This is how Gorillias works, with data servers hosted in France.
- Simplify access to technology. Make sure that these tools are easy to use and respond concretely to operational needs (automatic content generation, predictive analysis, etc.).
3- Train your teams and raise their awareness
- Organize targeted training. As with any technological "revolution", training is crucial! Explain to your employees how to use approved AI tools while respecting internal and external rules.
- Encourage open dialogue. Involve your teams in defining AI policies so that they feel involved in this digital transformation and adhere to this new framework on their own, rather than continuing the practice of Shadow AI.
4- Enhancing the value of Shadow AI innovation
- Create a space dedicated to experimentation. Set up a "laboratory" where your employees can freely test certain AI tools under controlled supervision. This unleashes their creativity, maintaining a dynamic approach to rapidly evolving technology while minimizing risk.
- Reward innovative initiatives. Publicly recognize successful ideas and projects from Shadow AI. This motivates your teams and shows that the company is open to change.
In brief
As such, Shadow AI shows that there is a need expressed by employees to work with new tools, better adapted to the current context. The same was true when computers were introduced into the office 40 years ago. It all depends on how the company manages this transition.
For SMEs and VSEs, this is above all a unique opportunity to accelerate their digital transformation and stimulate internal innovation. By adopting a proactive approach - recognizing the phenomenon, providing a clear framework and formally integrating it - they can transform this informal practice into a genuine strategic lever, enabling the whole company to focus fully on the essential objectives: spending more time with employees, partners and customers!
