Shadow AI risk doesn't announce itself. It shows up quietly—a project manager pasting a client's SOW into Claude to draft a summary, a developer feeding a ticketing script into ChatGPT to debug it faster, a finance analyst using a free-tier AI to reconcile invoices. Nobody asked IT. Nobody asked the client. And nobody is tracking any of it.
At a 25-to-75-person agency or MSP, that adds up faster than you'd think.
How Many Tools Are We Actually Talking About?
Here's a number worth sitting with: according to UpGuard's 2025 research, more than 80% of workers—including nearly 90% of security professionals—use unapproved AI tools on the job. Half of them do it regularly.
Apply that to a 40-person consultancy. You've got roughly 32 people running their own personal AI workflows right now. Each one has probably tried three or four tools over the last 18 months—ChatGPT, Claude, Perplexity, Gemini, a vibe-coded Make.com automation, a Notion AI workspace, a custom GPT someone built on their personal OpenAI account. Some of those tools are still running. Most have touched client data at some point.
The "37 tools" number in our headline isn't a joke. It's a conservative estimate for a 50-person shop once you count:
- Individual LLM accounts (ChatGPT free and Plus, Claude, Gemini)
- AI-native note and docs tools (Notion AI, Otter.ai, Fireflies)
- Vibe-coded automations (personal Zapier, Make.com, n8n instances built outside IT)
- AI embedded in existing SaaS that nobody inventoried (Grammarly Business, HubSpot AI, Linear's AI features)
- One-off tools your ops person found on Product Hunt last quarter
None of these have been security-reviewed. None appear on your vendor inventory. And a meaningful chunk of them are on personal accounts, which means your org has zero visibility into what data left the building—and when.
What Shadow AI Risk Actually Does to Your SOC 2
This is where it gets painful if you're carrying a SOC 2 Type II or actively pursuing one.
SOC 2's Trust Services Criteria—especially CC6 (logical access) and the Confidentiality and Privacy criteria—require you to demonstrate that you know where client data goes and that you control it. When an employee pastes a client's incident log into a free ChatGPT account to draft a post-mortem, two things happen that your auditor will not like:
- The data left your control boundary. OpenAI's free tier uses conversations for model training by default unless the user has specifically opted out. Your employee probably hasn't.
- There's no audit trail. You can't produce a log showing what was sent, when, and what came back. SOC 2 auditors treat "no human request, no audit record" as a controls gap.
A 2024 Cyberhaven report found that more than a quarter of corporate data employees feed into AI tools qualifies as sensitive—things like customer support records, source code, and R&D material. For a 40-person MSP, that's not an abstract stat. That's your client's network topology in a ticket, your SLA data in a report, your HR records in a prompt.
SOC 2 auditors are paying close attention to this now. As Baker Tilly has noted, incorporating AI-specific risks into an existing SOC 2 control environment is no longer optional for firms that process client data. If you can't demonstrate an inventory of AI tools in use, defined data classification policies that govern what can go into those tools, and evidence of monitoring, you're looking at findings. Potentially findings that matter to your clients.
And clients are asking. Any client who's run their own SOC 2 audit in the last 12 months is including AI governance in their vendor questionnaires. "Do you have a policy governing employee use of generative AI tools that may process our data?" is now a standard question. "We're working on it" is not a satisfying answer when you're renewing a $180k annual contract.
Why Banning Tools Doesn't Work
The instinct is to write a policy that says "don't use unapproved AI tools with client data" and call it done. That instinct is wrong.
Software AG's research found that 46% of employees who use unauthorized AI tools say they'd keep using them even if the organization explicitly banned them. They're not being malicious—they're just faster with AI assistance, and they're not going to slow down because of a policy PDF nobody read.
Banning also creates a worse problem: it drives usage underground. Instead of a developer using ChatGPT on their work laptop where you might at least catch it in a browser audit, they use it on their phone. Or they spin up a personal API key. You've lost visibility entirely.
The real fix isn't a ban. It's replacing the chaos with something better.
One Governed Platform Beats 37 Untracked Tools
This is exactly the problem BrioSync's AI-native OS was built to solve. When your team's AI lives inside the same platform as your projects, service desk, CRM, HR, and finance—not scattered across personal accounts—governance is a feature, not an afterthought.
Here's what that actually means in practice:
- Every AI agent operates within your data boundary. Prompts, completions, and the data they touch stay inside your platform. No personal accounts. No free-tier training-data exposure.
- Audit logs exist. When a SOC 2 auditor asks what AI touched client data in Q3, you have an answer. A specific one.
- Role-based access applies to agents, not just humans. A junior tech can't have an AI agent that touches billing data just because they personally can't access it. Permissions propagate.
- You can see the inventory. One place shows every AI automation running in your firm, who built it, and what data it can reach. No more archaeology.
At $19.99/user/month for the full suite, BrioSync isn't a "enterprise governance platform" that takes six months to deploy. It's the system your whole team already uses for tickets, deals, and time tracking—with AI that's built in and accountable from day one. Compare that to the alternative: one compliance finding during a SOC 2 audit can cost more in remediation and client relationship repair than a year of seats.
The vibe-coded tools your team built because the old PSA was too slow? BrioSync's features cover those use cases natively—without the compliance exposure baked into every personal-account automation.
Your team isn't going to stop using AI. The question is whether that AI use is something you can defend to a client, an auditor, or a lawyer. Right now, for most 25-to-75-person firms, the honest answer is no.
That's fixable. But it doesn't get easier the longer you wait.
Ready to replace your team's shadow AI sprawl with governed, auditable AI agents? See how BrioSync works or explore pricing — no enterprise sales process required.