Alpha Software Blog

Filter by Category
show all


Shadow AI Is the New Shadow Analytics. We've Seen This Before.

Amy Groden

Shadow AI Is the New Shadow Analytics — And We've Seen This Before

Executives in a range of industries discussed Shadow AI at the recent Babson Executive SummitThis week I attended an executive summit run by Babson College in the Boston area, sitting across from leaders in pharma, tech, construction, and manufacturing. The conversations ranged widely, but one topic kept surfacing, sometimes cautiously, sometimes with real urgency:

Shadow AI.

Some companies had locked AI down completely. Others were actively encouraging experimentation. Several executives admitted they knew it was happening and had no clear plan for what to do about it. As I listened, I kept having the same feeling: We’re watching the same pattern play out again; this time, it’s faster, harder to detect, and far riskier.

Before my work in enterprise software, I spent years in the data analytics world, back when SAS and Cognos were the gatekeepers of business intelligence, and getting an answer to a business question meant going through IT. What's unfolding with AI today is a similar pattern I watched play out then. Just faster, easier, and with considerably higher stakes.

We've Seen This Movie Before

In the pre-self-service analytics era, getting a business question answered was a process. You submitted a query to IT, waited for a report, came back with a follow-up question, and waited again. For teams in sales, marketing, or finance, where decisions moved faster than IT queues, that model became unworkable.

So managers found a workaround: they exported data into Microsoft Excel and did the analysis themselves. What started as individual productivity hacks quietly became organizational practice. Critical data left governed systems. Spreadsheets got emailed, duplicated, and modified. Version control disappeared. Data visualization tools offered free trials to upload your file and get your data questions answered. "Shadow analytics" became the norm, not because people were careless, but because the official path couldn't keep up with how work actually happens.

IT didn't lose control of the data because of bad intentions. They lost control because friction often loses to urgency.

Now It's Happening Again

Some companies are attempting to manage AI the way they once tried to manage analytics: lock it down, restrict access, route everything through approved channels. And the same forces that defeated those controls are at work again: pressure for faster decisions, frustration with slow approvals, and excitement around tools that can answer questions instantly.

So people route around the system. The pattern is virtually identical. Only the technology has changed.

The Meeting You Didn't Govern

Professor Sebastian Fixson of Babson College ran a session on AI at the recent Executive SummitDuring one AI session run by Professor Sebastian Fixson, Faculty Director/DBA Program at Babson College, we had a great discussion around this subject and related topics.

One scenario I raised at the conference generated a strong reaction, likely because it's both entirely plausible and almost universally overlooked:

Imagine a pharmaceutical company with genuinely tight controls on its customer data: CRM access restricted, data warehouses secured, compliance processes in place. Now imagine a senior account rep joining a customer call on Zoom or Teams. They activate an AI note-taker. Or an AI transcription tool.

The customer hears, "This Zoom call may be recorded." But they're not necessarily thinking about what that actually means in 2026. An AI system is transcribing the conversation in real time. It's extracting insights. It's storing the results somewhere outside the systems your IT and compliance teams have any visibility into. And if the conversation touched on product roadmaps, future plans, or anything covered by an NDA, that information is now sitting in a third-party system that nobody in your organization approved. Likely, the notes or insights are being sent around and forwarded as follow-up materials.

No one in IT signed off on it. No one in compliance reviewed the vendor's data retention policy. It happened because it was easy, it was useful, and nothing stopped it.

The Spreadsheet-to-AI Pipeline

The second scenario is more familiar because it's just the Excel story with a new ending.

A company restricts AI usage. An employee still needs answers, faces a deadline, and has a problem that AI could solve in minutes. So they export the relevant data as a CSV, an Excel file, or a PDF and move it to a personal device, then upload it to ChatGPT or another AI tool. Insights are generated. Problems are solved. Nobody else knows it happened.

This scenario is the modern version of exporting sensitive corporate data into a spreadsheet, but the risk profile is fundamentally different. The data doesn't just leave your network, it's uploaded to an external system, processed by a third-party model, potentially retained depending on account settings, and generates outputs that may be confidently wrong in ways that are hard to detect. I'd call this shadow data movement, and it may be a bigger problem than shadow AI itself, precisely because it's invisible until something goes wrong.

This Time It's Different

There are new risks with shadow ai we've never seen before.The Excel era created real problems: data duplication, version chaos, decisions made on stale numbers. Those were costly. But AI introduces two risk layers that shadow analytics never had.

The first is exposure at scale. When someone exported data into a spreadsheet, it left the building in one file. When someone uploads data to a consumer AI tool, it's processed by infrastructure your organization doesn't control, under terms of service most employees have never read, with data retention policies that vary widely. The exposure isn't just a copy, it's a copy that may persist, be referenced, or in some configurations inform model behavior.

The second risk is subtler and potentially more dangerous: AI doesn't just store data, it interprets it. Shadow analytics gave you bad numbers, and you could usually find the error.

Shadow AI gives you fluent, confident answers that look right, even when they’re wrong.

That’s a very different kind of risk. It doesn’t just create errors. It creates misguided decisions at scale.

The Real Problem Isn't the Technology

Workflow is key problem in the ai eraAfter a week of these conversations in meetings, I kept arriving at the same conclusion: this isn't a technology problem. It's a workflow problem.

Employees aren't trying to undermine security protocols. They're trying to do their jobs, hit their numbers, and keep up with expectations that have accelerated faster than the systems meant to support them. When the official path is too slow or too restrictive, they create their own. They always have. The tools change; the behavior doesn't.

The companies that navigate this well won't be the ones that ban AI, or ignore it, or throw an acceptable use policy at the wall and hope it sticks. They'll be the ones willing to ask a harder question: how do we give people the speed and flexibility they need without losing visibility and control over our data?

That probably means rethinking how data is accessed in real workflows, not just in controlled systems. It means recognizing that "point-of-work" data—what gets said on calls, what gets pulled in the field, what gets discussed in meetings—is where the actual risk lives. And it means building or adopting governed paths to AI-powered insight that are fast enough to compete with the unsanctioned alternatives.

The more interesting strategic question is whether enterprise software vendors get ahead of this. Will they build AI governance into their platforms rather than leaving organizations to bolt it on after the fact? Some are starting to. Most aren't there yet.

The winners won’t be the companies that control AI. They’ll be the ones that redesign workflows to safely harness it.

The Pattern Holds

Shadow IT. Shadow analytics. Shadow AI. Each wave followed the same logic: when official systems don't match how people actually work, people change the system, with or without approval.

The difference this time is that it's happening faster, the stakes are higher, and the consequences are harder to detect until they're already consequential. You can lock down your systems perfectly and still lose control of your data in the moments when work actually happens. The risk isn’t in your systems; it’s likely in your workflows.

If you're seeing this happening in your organization, you're not alone. The question was never whether it's happening. The question is whether you can get ahead of it before it becomes invisible.

------------------------------
Written from experience in enterprise analytics and enterprise software. Views are my own.
AI, strategy, cios, IT Governance
Prev Post Image
Supply Chain Workflow Automation: Industry Examples & Processes

About Author

Amy Groden
Amy Groden

Amy Groden-Morrison has served more than 15 years in marketing communications leadership roles at companies such as TIBCO Software, RSA Security and Ziff-Davis. Most recently she was responsible for developing marketing programs that helped achieve 30%+ annual growth rate for analytics products at a $1Bil, NASDAQ-listed business integration Software Company. Her past accomplishments include establishing the first co-branded technology program with CNN, launching an events company on the NYSE, rebranding a NASDAQ-listed company amid a crisis, and positioning and marketing a Boston-area startup for successful acquisition. Amy currently serves as a Healthbox Accelerator Program Mentor, Marketing Committee Lead for the MIT Enterprise Forum of Cambridge Launch Smart Clinics, and on the organizing team for Boston TechJam. She holds an MBA from Northeastern University.

Related Posts
Project Prometheus and Manufacturing AI: What Jeff Bezos’ $6B Bet Means for the Industry
Project Prometheus and Manufacturing AI: What Jeff Bezos’ $6B Bet Means for the Industry
Industry 4.0 in 2026: 5 Manufacturing Operations Shifts Leaders Must Prepare For
Industry 4.0 in 2026: 5 Manufacturing Operations Shifts Leaders Must Prepare For
Why Traditional ERP Systems Fail: Fixing Data Integrity for Better ROI
Why Traditional ERP Systems Fail: Fixing Data Integrity for Better ROI

The Alpha platform is the only unified mobile and web app development and deployment environment with distinct “no-code” and “low-code” components. Using the Alpha TransForm no-code product, business users and developers can take full advantage of all the capabilities of the smartphone to turn any form into a mobile app in minutes, and power users can add advanced app functionality with Alpha TransForm's built-in programming language. IT developers can use the Alpha Anywhere low-code environment to develop complex web or mobile business apps from scratch, integrate data with existing systems of record and workflows (including data collected via Alpha TransForm), and add additional security or authentication requirements to protect corporate data.

Comment

Contact

Alpha Software
70  Blanchard Road
Burlington, Ma  01803
781-229-4500

Help When You Need It

Alpha Support

Documentation

User Forum

Recent Posts

Social

               
© Copyright 2026 Alpha Software Corporation. All Rights Reserved.