/
3 mins read

Shadow AI at work: how Indian IT teams are finding out which chatbots their staff already pasted company data into

https://www.pexels.com/photo/focused-developer-at-dual-monitor-setup-36706459/

Somebody in your organisation used an AI tool last week that you never approved. That part is settled. What most IT managers cannot answer is which tool it was, what went into the prompt, and whether they could reconstruct any of it if a client auditor or a DPDP review asked next month.

The behaviour is ordinary, which is exactly why it spreads. A developer pastes a stack trace that happens to contain a live connection string. A support lead uploads a customer escalation thread to get a summary before a call. A pre-sales engineer drops a client architecture diagram into a free chatbot so the proposal writes itself faster. Nobody here is a bad actor. They have simply moved regulated data across your perimeter through a browser tab, without generating a single file transfer that your DLP would flag.

The scale tends to surprise people who look at it properly for the first time. Reporting from Cybernews experts on the European Data Protection Supervisor’s shadow AI warning describes unapproved AI use as a source of security blind spots, compliance failures, and outright data breaches, precisely because regulators and security teams lose visibility once data enters an unsanctioned system. Enterprise browser telemetry from LayerX puts numbers on it: close to 45% of enterprise users actively touch generative AI platforms, and roughly 71.6% of that access happens through accounts your identity provider has never seen.

Why your current stack is blind to this

The security architecture in a typical Indian mid-size IT services firm was built to watch files. Email gateway, endpoint DLP, a CASB pointed at sanctioned SaaS. Every one of those controls is looking for a document going somewhere it should not.

Shadow AI does not send documents. It sends clipboard contents, which is a very different problem. LayerX’s telemetry found that people who paste into GenAI tools average 6.8 pastes a day, and more than half of those include sensitive corporate data. From the network’s point of view, that is a text box, an HTTPS session, and a domain that resembles every other SaaS domain in your proxy logs. There is no attachment for the gateway to inspect and no file event for the endpoint agent to record.

CERT-In has been raising this since its 2023 advisory on AI language models, and returned to it in the March 2025 advisory on generative AI solutions, which tells organisations to be careful about what personal and sensitive information they feed into these tools. That guidance is advisory rather than binding. The Digital Personal Data Protection Act is not. Your obligation to protect personal data does not soften because the leak went out through a chat window instead of an SFTP job.

Run a discovery week before you buy anything

You do not need a new product to find out where you stand. You need five days and the logs you already collect.

Day What you check Where to look
1 Outbound hits to the main AI domains and their long tail of wrapper apps: chatgpt.com, gemini.google.com, claude.ai, copilot.microsoft.com, perplexity.ai DNS resolver and proxy logs, 90-day window
2 Which of those sessions authenticated through corporate SSO and which did not Identity provider logs compared against raw proxy hits
3 AI assistants and page-summariser extensions installed across managed endpoints MDM or endpoint agent inventory
4 Conversations with the three teams most likely to be doing this: developers, support, pre-sales Ask them directly, without opening with blame
5 Which of those workflows touch client data covered by an NDA or an MSA confidentiality clause Contracts and legal

By Friday you have an inventory. It will be longer than you assumed, and a large share of it will be personal Gmail accounts running on company laptops. That is the part worth taking to your leadership, because it converts a vague worry into something with a number attached.

Blocking everything is the reflex, and it fails

Ban the domains and the traffic does not stop. It relocates to personal phones, where you have no logs at all and no chance of building an inventory next quarter. The teams that handle this well reverse the order: give staff a sanctioned tool with a zero-retention agreement, tell them plainly what may and may not go into it, and only then start blocking the alternatives.

The reporting Cybernews has published on AI-related data exposure circles back to a consistent finding. The tools themselves are not the problem. Adoption has simply moved faster than anyone’s governance, and governance is the thing you can actually fix in a quarter.

The context here matters for Indian firms specifically. Seqrite’s research, covered on IT Voice, found that Indian IT companies face the highest concentration of credential theft attempts on the dark web, driven by their access to global systems and client intellectual property. An untracked channel where engineers hand source code and customer records to a third party with unknown retention policies sits directly on top of that exposure. Start with the log pull on Monday. The rest of the programme can wait until you know what you are dealing with.

Leave a Reply

Your email address will not be published.

Limited-Time Updates! Stay Ahead with Our Exclusive Newsletters.