Shadow AI at work: how Indian IT teams are finding out which chatbots their staff already pasted company data into

https://www.itvoice.in/wp-content/uploads/2026/07/Copy-of-Redington-2026-07-17T112304.058.jpg

Somebody in your organisation used an AI tool last week that you never approved. That part is settled. What most IT managers cannot answer is which tool it was, what went into the prompt, and whether they could reconstruct any of it if a client auditor or a DPDP review asked next month.

The behaviour is ordinary, which is exactly why it spreads. A developer pastes a stack trace that happens to contain a live connection string. A support lead uploads a customer escalation thread to get a summary before a call. A pre-sales engineer drops a client architecture diagram into a free chatbot so the proposal writes itself faster. Nobody here is a bad actor. They have simply moved regulated data across your perimeter through a browser tab, without generating a single file transfer that your DLP would flag.

The scale tends to surprise people who look at it...

Copyright of this story solely belongs to itvoice.in. To see the full text click HERE

Read more