A significant disconnect is emerging between executive confidence and the reality of artificial intelligence use in British workplaces, according to new research from identity management firm Okta. The survey found that more than half of organisations experienced an AI-related security incident or near miss in the last year, yet many bosses remain 'blinded by confidence' about the extent of unauthorised AI tools being used by their staff.
This phenomenon, known as 'shadow AI', occurs when employees adopt generative AI platforms — such as ChatGPT, Microsoft Copilot, or other large language models — without formal approval or security vetting from their IT departments. The practice poses serious risks, including accidental data leaks, intellectual property exposure, and breaches of data protection laws enforced by the UK's Information Commissioner's Office (ICO).
For UK businesses, the implications are twofold. First, there is the immediate security threat: sensitive client information or proprietary code could be fed into unsecured AI systems, potentially leading to regulatory action. Second, the EU AI Act, which has extraterritorial reach, may apply to UK firms that handle data of EU citizens, creating additional compliance burdens. Dr. Eleanor Shaw, a technology governance expert at the University of Manchester, commented: 'The overconfidence we see in boardrooms is dangerous. Shadow AI is not just an IT issue — it is a governance and liability risk that could cost companies millions in fines and reputational damage.'
For consumers, the rise of shadow AI in workplaces could mean that their personal data is processed by unvetted algorithms without their knowledge or consent. This undermines trust in digital services and could lead to more frequent data breaches affecting UK households. The ICO has already warned that organisations must take 'reasonable steps' to prevent unauthorised use of AI tools, or face enforcement action under the UK GDPR.
On the economic front, the widespread but uncontrolled adoption of AI could stifle innovation in the long run. While shadow AI may offer short-term productivity gains, the lack of oversight means UK plc risks missing out on the benefits of a coherent, secure AI strategy. Smaller businesses, in particular, may struggle to balance the competitive pressure to adopt AI with the need for robust governance, potentially widening the gap between early adopters and laggards in the digital economy.
Experts advise that the solution is not to ban AI tools outright, but to foster a culture of transparency and provide approved, secure alternatives. 'The genie is out of the bottle,' said Dr. Shaw. 'The smartest organisations will acknowledge shadow AI exists, engage with their employees, and build guardrails that enable safe experimentation.'
Source: Okta