Shadow AI Risk Is Your Firm's Quiet Time Bomb

Your team's collection of personal ChatGPT tabs, Claude accounts, and vibe-coded Zapier bots isn't just messy—it's a live SOC 2 liability. Here's how to actually fix it.

🕵️AI & ERP

Shadow AI risk doesn't announce itself. It shows up quietly—a project manager pasting a client's SOW into Claude to draft a summary, a developer feeding a ticketing script into ChatGPT to debug it faster, a finance analyst using a free-tier AI to reconcile invoices. Nobody asked IT. Nobody asked the client. And nobody is tracking any of it.

At a 25-to-75-person agency or MSP, that adds up faster than you'd think.

How Many Tools Are We Actually Talking About?

Here's a number worth sitting with: according to UpGuard's 2025 research, more than 80% of workers—including nearly 90% of security professionals—use unapproved AI tools on the job. Half of them do it regularly.

Apply that to a 40-person consultancy. You've got roughly 32 people running their own personal AI workflows right now. Each one has probably tried three or four tools over the last 18 months—ChatGPT, Claude, Perplexity, Gemini, a vibe-coded Make.com automation, a Notion AI workspace, a custom GPT someone built on their personal OpenAI account. Some of those tools are still running. Most have touched client data at some point.

The "37 tools" number in our headline isn't a joke. It's a conservative estimate for a 50-person shop once you count:

None of these have been security-reviewed. None appear on your vendor inventory. And a meaningful chunk of them are on personal accounts, which means your org has zero visibility into what data left the building—and when.

What Shadow AI Risk Actually Does to Your SOC 2

This is where it gets painful if you're carrying a SOC 2 Type II or actively pursuing one.

SOC 2's Trust Services Criteria—especially CC6 (logical access) and the Confidentiality and Privacy criteria—require you to demonstrate that you know where client data goes and that you control it. When an employee pastes a client's incident log into a free ChatGPT account to draft a post-mortem, two things happen that your auditor will not like:

  1. The data left your control boundary. OpenAI's free tier uses conversations for model training by default unless the user has specifically opted out. Your employee probably hasn't.
  2. There's no audit trail. You can't produce a log showing what was sent, when, and what came back. SOC 2 auditors treat "no human request, no audit record" as a controls gap.

A 2024 Cyberhaven report found that more than a quarter of corporate data employees feed into AI tools qualifies as sensitive—things like customer support records, source code, and R&D material. For a 40-person MSP, that's not an abstract stat. That's your client's network topology in a ticket, your SLA data in a report, your HR records in a prompt.

SOC 2 auditors are paying close attention to this now. As Baker Tilly has noted, incorporating AI-specific risks into an existing SOC 2 control environment is no longer optional for firms that process client data. If you can't demonstrate an inventory of AI tools in use, defined data classification policies that govern what can go into those tools, and evidence of monitoring, you're looking at findings. Potentially findings that matter to your clients.

And clients are asking. Any client who's run their own SOC 2 audit in the last 12 months is including AI governance in their vendor questionnaires. "Do you have a policy governing employee use of generative AI tools that may process our data?" is now a standard question. "We're working on it" is not a satisfying answer when you're renewing a $180k annual contract.

Why Banning Tools Doesn't Work

The instinct is to write a policy that says "don't use unapproved AI tools with client data" and call it done. That instinct is wrong.

Software AG's research found that 46% of employees who use unauthorized AI tools say they'd keep using them even if the organization explicitly banned them. They're not being malicious—they're just faster with AI assistance, and they're not going to slow down because of a policy PDF nobody read.

Banning also creates a worse problem: it drives usage underground. Instead of a developer using ChatGPT on their work laptop where you might at least catch it in a browser audit, they use it on their phone. Or they spin up a personal API key. You've lost visibility entirely.

The real fix isn't a ban. It's replacing the chaos with something better.

One Governed Platform Beats 37 Untracked Tools

This is exactly the problem BrioSync's AI-native OS was built to solve. When your team's AI lives inside the same platform as your projects, service desk, CRM, HR, and finance—not scattered across personal accounts—governance is a feature, not an afterthought.

Here's what that actually means in practice:

At $19.99/user/month for the full suite, BrioSync isn't a "enterprise governance platform" that takes six months to deploy. It's the system your whole team already uses for tickets, deals, and time tracking—with AI that's built in and accountable from day one. Compare that to the alternative: one compliance finding during a SOC 2 audit can cost more in remediation and client relationship repair than a year of seats.

The vibe-coded tools your team built because the old PSA was too slow? BrioSync's features cover those use cases natively—without the compliance exposure baked into every personal-account automation.

Your team isn't going to stop using AI. The question is whether that AI use is something you can defend to a client, an auditor, or a lawyer. Right now, for most 25-to-75-person firms, the honest answer is no.

That's fixable. But it doesn't get easier the longer you wait.


Ready to replace your team's shadow AI sprawl with governed, auditable AI agents? See how BrioSync works or explore pricing — no enterprise sales process required.

Frequently asked questions

What exactly counts as shadow AI at an agency or MSP?

Any AI tool an employee uses that hasn't been reviewed and approved by IT or leadership—including personal ChatGPT or Claude accounts, free-tier AI embedded in browser extensions, AI features inside SaaS tools that weren't part of your vendor review, and custom automations built on personal API keys. If it's not on your vendor inventory and your compliance team doesn't know it exists, it's shadow AI.

Does shadow AI use actually put our SOC 2 certification at risk?

Yes, it can. SOC 2's Confidentiality and Logical Access criteria require you to demonstrate that you control where client data goes. If employees are sending client data to personal AI accounts with no audit trail and no data retention controls, that's a direct gap. SOC 2 auditors are increasingly including AI governance in their testing procedures.

Our team is small—do we really need a formal AI governance policy?

Size doesn't reduce the risk; it often increases it, because small firms have fewer controls to catch problems. If a single employee pastes a client's network diagram into a free AI tool, you've potentially violated your MSA's data handling clauses. A lightweight, practical policy backed by a platform with built-in controls is far more effective than a lengthy document nobody enforces.

Why can't we just add an acceptable-use policy and call it done?

Because research consistently shows that a significant portion of employees will continue using personal AI tools regardless of what the policy says—especially if approved alternatives are slower or less capable. Policy without tooling just moves the behavior underground and makes it harder to detect. The answer is giving people governed AI that's actually good enough to use.

How does BrioSync address shadow AI risk differently from just buying a standalone AI governance tool?

Standalone governance tools monitor and flag usage—they don't replace the underlying need for a capable AI. BrioSync puts governed, role-aware AI agents directly inside the platform your team uses for work: tickets, projects, CRM, finance. There's nothing to shadow because the approved tool already does what people were reaching for personal accounts to accomplish.

Run your services firm on one AI-native OS.

BrioSync is live — PSA, ITSM, CRM, HR, Finance & Procurement in one. Free plan · 14-day Pro trial.

Related reading