Artificial intelligence tools like ChatGPT, Copilot, and other generative platforms are now part of everyday working life. Employees are using them to write emails, analyse data, generate reports, and speed up tasks.
But there is a growing issue that many Manchester businesses have not yet addressed: Shadow AI.
This refers to employees using AI tools without oversight, policy, or security controls. While it may improve productivity in the short term, it introduces serious risks around data protection, compliance, and intellectual property.
What Is Shadow AI?
Shadow AI is similar to shadow IT. It happens when staff use tools that are not approved or managed by the organisation.
For example:
- Uploading sensitive documents into AI tools for summarisation.
- Using personal accounts on AI platforms to process company data.
- Copying and pasting customer or financial data into prompts.
Most employees are not acting maliciously. They are simply trying to work more efficiently. The problem is that these actions can expose confidential data in ways the business cannot control.
Why This Is Becoming a Major Risk in 2025
The rapid adoption of AI has outpaced governance. Many SMEs across Manchester and the North West have:
- No formal AI usage policy.
- No visibility of which tools employees are using.
- No controls over what data is being shared externally.
At the same time, regulators and clients are becoming more aware of these risks. If sensitive data is exposed through AI tools, it may still fall under GDPR obligations, regardless of intent.
This creates a dangerous gap between how businesses operate and how they are expected to protect data.
The Real Risks of Shadow AI
1. Data leakage
Sensitive information entered into AI tools may be stored, processed, or used in ways you cannot control.
2. Compliance breaches
Uploading personal or financial data could lead to violations of GDPR or contractual obligations.
3. Loss of intellectual property
Internal processes, pricing models, or proprietary content could be exposed externally.
4. Inaccurate outputs
AI generated responses are not always correct. Decisions based on incorrect information can create operational or financial risk.
5. Lack of accountability
Without governance, there is no clear ownership of how AI is used or monitored.
Why Manchester SMEs Are Particularly Exposed
Smaller businesses often move quickly and adopt new tools without formal processes. This agility is a strength, but it also increases exposure to risks like Shadow AI.
Many SMEs do not have a dedicated CIO or CISO to oversee technology governance. As a result, AI adoption happens informally, without proper controls.
How to Get Shadow AI Under Control
The goal is not to block AI. Used correctly, it can deliver real productivity gains. The aim is to use it safely and strategically.
Here are the key steps:
Create an AI usage policy
Define what tools are allowed and what data can and cannot be shared.
Educate your team
Ensure employees understand the risks of entering sensitive data into AI systems.
Assess your data
Identify what information is confidential, regulated, or commercially sensitive.
Implement governance
Assign responsibility for AI oversight, whether through a CIO, CTO, or CISO function.
Review suppliers and platforms
Understand where data is stored and how it is processed by AI providers.
How North Signal Can Help
At North Signal, we are already helping Manchester businesses address emerging risks like Shadow AI. Our services include:
- Virtual CIO and CISO support to establish governance and oversight.
- Data protection and compliance reviews aligned with GDPR and industry standards.
- IT strategy development that incorporates secure and controlled AI adoption.
- Risk assessments to identify gaps in current processes and controls.
We help businesses strike the right balance between innovation and control.
Conclusion
AI is not a future risk. It is already embedded in how businesses operate today. The organisations that succeed will be those that adopt it with clear governance, strong data protection, and strategic oversight.
Shadow AI may feel invisible, but its impact can be very real.
Contact North Signal today to ensure your business is using AI safely, securely, and in a way that supports long term growth.
North Signal 