Shadow IT And AI Agents: How To Balance Democratization And Control
In this segment of “Office Optional with Larry English,” Larry discusses how to address the latest trend in Shadow IT: AI agents.
In this segment of “Office Optional with Larry English,” Larry discusses how to address the latest trend in Shadow IT: AI agents.
Capable of automating tasks and taking actions autonomously, AI agents promise to transform productivity. But they also revive one of IT’s oldest fears: shadow IT, the unsanctioned use of technology that operates outside of official corporate oversight.
The problem is prolific: According to a VentureBeat analysis, around 70 percent of ChatGPT workplace accounts aren’t authorized, and shadow AI applications are increasing at a rate of around five percent each month.
While shadow IT isn’t a new challenge, shadow IT in the age of AI agents comes with higher stakes. Unlike earlier tools with automation capabilities, AI agents are more powerful and proactive, empowered to take action on behalf of employees. They also expose previously overlooked vulnerabilities.
Before now, organizations benefited from security through obscurity — employees couldn’t access sensitive information simply because they didn’t know they had access to it or where to find it. Now, with a single prompt, employees can effortlessly pull up confidential files.
Why Shadow IT In the Age of AI Is A Big Problem
When employees adopt AI tools faster than IT and governance teams can keep up, they expose their organizations to a new level of risk, including data leakage, compliance violations and reputational and financial damage.
This puts leaders in a tricky spot. Employees will use these AI tools — sanctioned or not — because people will figure out the most efficient ways to work, even if they could face disciplinary action for doing so. And banning AI altogether would stifle innovation and undermine competitiveness. Not to mention that people will still find ways to use AI at work. Yet tightly controlling AI use also isn’t feasible. IT departments already struggle to keep pace with employee-driven AI adoption.
So how can organizations walk the line between control and innovation? The answer is to embrace, not fear, shadow IT. Through governed democratization, organizations can empower employees to safely use and build AI agents within structured and clear guardrails. When this happens, shadow IT comes into the light.
This approach should be central to every company’s AI readiness strategy. Ever since ChatGPT’s debut, most organizations have been playing catch up. Leaders must act now to get ahead before shadow IT’s risks become reality.
How To Democratize AI Agents Without Losing Control
Forward-thinking organizations won’t try to eliminate shadow AI. Instead, they’ll make shadow AI unnecessary by teaching employees to use AI tools safely and productively via governed democratization. The goal: To empower employees to build and deploy AI agents within clearly defined, well-managed guardrails. Here’s how:
1. Build structured governance around AI agents.
Think of governed democratization like a seatbelt that enables safe driving, not a brake that stops it altogether.
At a basic level, AI-specific governance models should define who can create agents, what tools they can use and under what permissions they operate. Going a layer deeper, this means implementing approved connectors, secure data access policies and agent action boundaries.
It’s also a good idea to prevent unauthorized downloads or local file storage — when people download documents to their machines, any existing file protections disappear. Finally, require agents to run under users’ existing permissions rather than system-wide credentials to keep secure data in the right hands.
2. Maintain central oversight, but decentralized access, of AI agents.
Like the citizen developer movement, where organizations empowered employees to create applications with low- or no-code platforms, modern leaders should take a federated approach to AI agents. This means keeping oversight of AI agents central, but allowing departmental “centers of excellence” to manage the access and building of AI agents for employees. This approach helps balance the need for control and compliance with innovation.
3. License AI agent builders.
Before granting access to agent-building tools, require employees to complete governance and security training. Once again, the citizen developer model provides a blueprint: Citizen developers can automate simple workflows but must go through IT for more complex or high-risk actions.
4. Provide secure enterprise-grade alternatives to public AI tools.
The simplest way to work around unauthorized use of public AI tools like ChatGPT is to stand up internal versions within your cloud tenant. Enterprise platforms from Microsoft and a few open-source platforms can be deployed quickly, providing similar functionality within secure corporate firewalls.
Pharmaceutical and financial clients at my company, Centric Consulting, have already done this to protect proprietary data while enabling experimentation.
5. Create internal AI marketplaces.
The future of AI governance might look like the current app ecosystem. For example, Microsoft’s Agent Store, announced earlier this year, provides an internal marketplace where companies can share, reuse and manage secure AI agents. In the near future, organizations will likely take inspiration from this, building their own private versions of agent marketplaces for employees to discover and adapt existing agents securely.
Treat Governance As An Innovation Enabler
To reap the rewards of AI agents and curtail risks from shadow IT use, leaders need governed democratization of AI agents that leans into trust and empowerment, not control. Big picture, leaders need to provide employees with the tools, training and clarity they need to innovate with AI agents safely.
Forward-looking CEOs already understand the business case: faster innovation, stronger talent retention, and a more competitive edge. The companies that win won’t be the ones that try to control or curtail AI use, they’ll be the ones that govern boldly and democratize wisely.
This article was originally published on Forbes.com.
We designed our IT strategy framework asset to help you align IT and business priorities for greater impact. Take the first step towards organizational alignment.
Are you ready to explore how artificial intelligence can fit into your business but aren’t sure where to start? Our AI experts can guide you through the entire process, from planning to implementation and governance. Talk to an expert
