The trade press has been writing about "shadow AI" for a year. The framing assumes a familiar setup: a Fortune 500 company, a CISO, a procurement team, an enterprise tool catalog, and employees who keep finding ways around it. The headline numbers come from surveys of those companies. They are real, but they are not what's happening to a 12-person service business.

For a small business, the structure is different. There's no IT department for shadow AI to be the shadow of. The owner is the IT department. Which means whatever AI is running in the business is, by definition, the official AI policy, even if nobody chose it and nobody knows it's there.

This article is about that version of the problem. Not the enterprise version, the small-business version. What's actually flowing through unsanctioned AI right now, what's at stake, and a five-step audit you can run by yourself this week.

What the recent surveys actually show

The surveys are unsubtle. A study by Gusto found that 45% of US workers have used AI at work without telling their employer.1 A Salesforce survey put unapproved-AI-tool use at 55% of employees.1 A May 1 Help Net Security report found that 31% of users get no AI training from their employer at all.2 The Cloud Security Alliance reported in late April that 82% of organizations had discovered at least one AI agent or workflow that security or IT did not previously know about.3

An MSP analysis of 20 client environments published in April makes the small-business shape of this concrete. ChatGPT is present in 95% of those environments. Claude is in 55%. Average AI adoption is 44% of users. In a single month across those clients, 1,768 files were uploaded into AI tools: PDFs, Word documents, Excel sheets, presentations, with contracts, financial reports, and client records inside.4

The Okta enterprise buyer survey found that 65% of organizations had an AI agent security incident in the past year, and that only 14.4% of agents go to production with full security or IT approval.5 That last number is the one to sit with. The other 85.6% of AI work is happening outside whatever review process the business set up.

What "shadow AI" means in a 12-person business

It is not, mostly, employees sneaking around. It is people trying to do their jobs with the tools they know. The patterns repeat across industries.

Your front-desk person pastes incoming emails into ChatGPT to draft responses. Your bookkeeper uploads invoices and asks AI to extract line items. Your operations manager pastes customer call transcripts into a model to summarize action items. Your marketing person feeds your client list into an AI to draft personalized outreach. Your tech who handles the website pastes an error message into Claude to figure out what broke. None of this involves anyone getting permission. All of it involves customer data leaving your building.

The other half of the picture is the SaaS tools you already pay for. In the last twelve months, almost every business application has grown an "AI assistant" button. Your CRM has one. Your scheduling app has one. Your accounting software has one. Your helpdesk has one. The button works because the vendor wired up a model behind it. Your contract with the vendor probably says they can use your data to improve the model unless you opt out, and most owners haven't opted out, because they didn't read the terms when the AI feature got bundled in.

Add the two together and the situation is this: you have AI running on your customer data right now. Some of it is your employees pasting into chat boxes. Some of it is vendor-bundled features that activated when the vendor pushed an update. None of it is in your incident-response playbook because there isn't one.

What's actually at stake

Three things, in order of how often they bite small businesses.

Customer data exposure. When an employee pastes a contract into ChatGPT, that contract is now sitting in OpenAI's logs. Whether it gets used to train the next model depends on the version of ChatGPT (the consumer plan and the business plan have different defaults), whether the user remembered to toggle off training data sharing, and whether the company has a current data processing agreement on file. For most small businesses the answer to all three is "no idea." That has compliance consequences if your data includes anything covered by HIPAA, PCI, GLBA, attorney-client privilege, or just an NDA with a vendor.

Operational dependency you can't see. If your bookkeeper has been using ChatGPT to extract line items from invoices for six months, your accounting close depends on ChatGPT. When OpenAI ships a model update that changes the formatting, the close breaks. When OpenAI's API has an outage, the close stops. You didn't sign up for that dependency, but it's there.

Quality drift. AI output looks finished. It is not always correct. A sales contract drafted by an AI and copy-edited by your front-desk person is going out under your business name. The legal exposure is on the business, not on the model vendor. The piece on AI phone calls and TCPA liability is the same kind of structural problem in a different domain.

The five-step audit any owner can run this week

None of this requires a CISO or a security tool. It requires asking five questions and writing down the answers.

1. Ask every team member what AI tools they use for work

Plain question, plain answer, no judgment. Not "are you using AI" (people say no), but "what tools do you reach for when you need to draft an email, summarize a document, or look something up." Most people will name two or three things. Make a list. ChatGPT, Claude, Gemini, Perplexity, Copilot inside Office, Notion AI, the AI button inside whatever software they live in. You will find it broader than you expected.

2. For each tool, ask what they put into it last week

This is the data inventory. Get specific. "Customer email addresses." "A spreadsheet of Q1 sales." "A draft contract for the Henderson account." "The transcript of a call with our biggest client." Write it down. This is what's leaving your building. You can decide what to do about it once you can see it.

3. Audit the SaaS tools you already pay for

Open each business app you have a subscription for. Look at the settings page for anything labeled AI, intelligence, copilot, assistant, smart, or summarize. Note what's enabled by default. Note what data those features consume. This takes an afternoon and answers a question most owners cannot answer today: which of my SaaS subscriptions are now AI subscriptions in disguise.

4. Pick three categories of data that should never leave the building

For most service businesses the categories are: customer financial information, customer health information (if any), and anything covered by an NDA. Write the list down. Send it to your team in one paragraph: "These categories of data should not be pasted into any AI tool for any reason. If you need help with one of these, come to me first." That's not a policy document. It's the start of one. It works because it's specific.

5. Replace the worst offenders with sanctioned alternatives, not bans

Banning ChatGPT in a small business is unenforceable and counterproductive. Your team is using it because it solves real problems. The fix is to give them a sanctioned tool that does the same thing without the data egress. For most small businesses that means either a paid business-tier account on the same product (which has different data terms than the free consumer version) or a hosted tool that runs on infrastructure you control. The piece on the small business case for local AI inference covers what running it yourself looks like; the piece on AI agents for business covers the cloud-vs-local trade-off.

The owner's job here is not to become a CISO. It's to know what's actually running in the business so you can make decisions about it. Five questions, one afternoon, written down. That's the bar.

What this isn't

A few things this audit doesn't accomplish. It doesn't prove your data is or isn't being used to train models. It doesn't satisfy a regulator if you're already under one. It doesn't give you the kind of monitoring an enterprise SOC has. None of those are the right ask for a 12-person business. The right ask is "what is happening, and is the owner aware of it." If you can answer that, you are ahead of most small businesses in your peer group.

It's worth knowing how much of this is structural rather than personal. The numbers up top, 45% of workers using AI without telling their employer, 90% of employees regularly using personal AI tools for work tasks, are not a story about disloyal employees. They're a story about a tool that landed faster than the operating model around it. The audit is the operating model catching up.

The Bottom Line

  • The shadow AI problem in a small business is structurally different from the enterprise version. There's no IT department for it to be the shadow of, which means whatever's running is the official policy by default.
  • Recent surveys: 45% of US workers use AI at work without telling employers, 55% use unapproved tools, 95% of analyzed MSP environments have ChatGPT, only 14.4% of AI agents go to production with full security approval.
  • The exposure isn't malicious employees. It's people doing their jobs with the tools they know, plus SaaS vendors quietly turning on AI features inside subscriptions you already have.
  • Three risks: customer data leaving your building (compliance), invisible operational dependency on vendor APIs (continuity), and AI-drafted output going out under your business name (quality and legal).
  • The five-step audit: ask the team what they use, ask what they put into it last week, audit SaaS tool AI settings, write down the three categories of data that don't leave the building, replace the worst offenders with sanctioned alternatives.

If you want a second pair of eyes on what your team is actually doing with AI, that's the audit I run with clients. An afternoon walks back the worst exposures and gives you a written record you can act on. Connect on LinkedIn.

Keep reading: Anthropic Just Started a Consulting Firm covers the related question of who you hire when you decide to formalize this. What "Cybersecurity" Actually Means for a Business Your Size covers the broader security baseline. What AI Agents Actually Do For Small Businesses covers the alternatives to ad-hoc tool use.

Sources

  1. Worker survey numbers (45% Gusto, 55% Salesforce). Per coverage at Help Net Security (May 1, 2026) and follow-on reporting summarizing the Gusto and Salesforce surveys.
  2. 31% of users receive no employer AI training. Per Help Net Security, May 1, 2026.
  3. 82% of organizations discovered an unsanctioned AI agent or workflow. Per the Cloud Security Alliance, April 28, 2026.
  4. MSP environment analysis (95% ChatGPT presence, 55% Claude, 1,768 files in one month, 44% average user adoption). Per the DKB Innovative analysis of 20 client environments.
  5. 65% AI agent security incidents, 14.4% full-approval production rate. Per the Okta enterprise buyer survey on AI agent security.