ChatGPT, Copilot, DeepL or Midjourney – AI tools have long since found their way into offices, often without the IT department’s knowledge. Experts call this phenomenon ‘shadow AI’, and it is growing rapidly: according to recent studies, shadow AI is already a reality in almost every company in Switzerland, yet very few have established a formal framework for it. What begins as a pragmatic efficiency solution becomes a genuine security risk – if no clear rules are in place.
History is repeating itself. A good ten years ago, IT departments were battling against private Dropbox accounts and WhatsApp groups being used for business purposes. Today, companies face a similar but far-reaching challenge: shadow AI.
This refers to the use of AI tools – ChatGPT, Gemini, DeepL, Midjourney and many others – by employees without the knowledge or approval of IT management. There is rarely any malicious intent behind it. Anyone who drafts emails, summarises minutes, debugs code or translates texts on a daily basis simply reaches for the most effective tool available. And today, that is often an AI. For many employees, it is simply pragmatic: if a tool makes the work easier, it is used. But what boosts efficiency at the individual desk often undermines the entire IT governance structure in the background.
In many companies, however, this happens without clear guidelines or technical integration into the corporate IT system. The usage remains invisible – and this is precisely where the phenomenon of shadow AI begins. The technology itself is not the problem. The challenge arises where powerful tools come into contact with sensitive corporate data – without clear rules. The IT department often looks the other way, whilst sensitive data has long since left the protected infrastructure.
Traditional shadow IT usually involves storage space or additional software. With shadow AI, the difference is fundamental: anyone who copies a confidential draft strategy, customer data or protected source code into a public AI tool potentially relinquishes control of that information permanently.
Public, free AI services often use user input to train their models. Unlike a database, this ‘learned’ knowledge from a Large Language Model (LLM) cannot simply be deleted at the touch of a button. Furthermore, security incidents related to shadow AI have risen globally from 28% (2023) to 55% in 2025 (source: NZZ). The curve is rising steeply.
The benefits of AI in day-to-day work are undisputed. It allows texts to be structured more quickly, information to be summarised, and initial drafts to be produced in no time at all. For many tasks, AI acts as an additional digital assistant. At the same time, new questions are arising regarding the handling of data.
Employees often enter content into prompts that they consider unproblematic – such as internal documents, project information or extracts from emails. With public AI services, however, it is not always clear how this data is processed or stored.
Data protection law plays a particularly important role in this regard, especially in Switzerland. Since September 2023, the new Data Protection Act (nDSG) has been in force in Switzerland, imposing significantly stricter requirements on the handling of personal data and the transfer of information abroad. When sensitive content is entered into public AI services, a situation can quickly arise in which data leaves the company – without those responsible being aware of it.
Only a third of companies using AI have clear data protection policies in place for handling AI-supported applications. Conversely, this means that two-thirds lack a legal framework, even though the tools have long been in use. Without a clear overview of the tools being used, it becomes difficult to manage the use of AI or to document it in a traceable manner.
For management, this is not an abstract compliance issue. It is a concrete liability issue.
Many employees assume that the data they enter into an AI tool is treated confidentially. In practice, this is often not the case with free services. Free versions of popular tools – including DeepL Free – generally use text inputs to improve their models.
When data is entered into a public AI model, it can become part of the training process. Put simply: the information feeds into the model’s ‘knowledge’ and cannot be specifically removed later. In a multi-tenant system (public cloud), there is a theoretical risk that fragments of your trade secrets could resurface through skilful ‘prompt engineering’ by third parties.
Even well-intentioned data protection promises from providers rarely align exactly with the Swiss legal framework. Only enterprise contracts or private cloud solutions with a clear data processing agreement offer the protection required by the nDSG.
The instinctive reaction of many IT departments is to block AI domains at the firewall. This may sound like a way to maintain control, but it actually leads to less transparency. In practice, blocking AI URLs at the firewall level simply results in employees switching to personal devices or public Wi-Fi hotspots. The work gets done regardless – but the IT department loses all visibility and control.
There is another factor to consider: according to a recent survey of cybersecurity experts by the market research institute Sapio Research, the unauthorised use of generative AI tools is seen as the greatest internal threat. The reason: it is not the AI itself that is the security problem, but the uncontrolled external connections it creates. What the IT department cannot see, it cannot protect – and every external service that employees use unnoticed is a potential blind spot in the security strategy.
In today’s working world, a ban also sends a signal to skilled professionals: here, we do not work with the best tools available. In times of skills shortages, this is not an insignificant consideration.
Companies wishing to actively shape the use of AI face two key challenges. The first is organisational: clear rules are needed for the use of AI tools. An AI policy defines which applications may be used, which data may be processed, and what responsibilities apply when using AI.
However, the technical perspective is at least as important. Many companies are finding that public platforms do not always meet their requirements for data protection, compliance and control. In this context, one term is becoming increasingly important: data sovereignty. This refers to a company’s ability to retain control at all times over where data is stored, processed and used. This issue becomes particularly crucial with AI applications. When prompts, documents or internal knowledge data end up in external systems, organisations lose some of this control.
That is why many companies are exploring alternative approaches, such as AI solutions in a private cloud or within a controlled infrastructure. The principle: the power of modern language models – within a closed, controlled infrastructure in Switzerland. Data does not leave the organisation’s own sphere of control. Prompts are not used to train external models. The solution can also be integrated with internal documents, manuals or company data, enabling the AI to access company-specific knowledge – without disclosing it externally.
The transition from shadow AI to a structured AI strategy usually begins with a simple realisation: the technology has already arrived in the company. The question is no longer whether AI is being used – but how. Which tools are already in use? Which use cases offer real added value? And which data requires special protection? On this basis, clear guidelines can be defined – both organisationally and technically.
The use of AI in business raises many questions: Which tools are appropriate? What data can be processed? And how can the benefits of AI be realised without compromising security and compliance?
MTF supports companies in using AI in a structured and responsible manner. Our AI Advisory Services help define clear guidelines for the use of AI – from developing an AI policy to integrating it into existing processes and security frameworks.
For organisations wishing to use AI productively whilst maintaining data sovereignty, MTF also offers private cloud AI solutions from Swiss data centres. In this way, sensitive data remains within the controlled infrastructure, whilst companies simultaneously benefit from the possibilities of modern AI.
Shadow AI is not a problem – but a signal
Shadow AI does not arise from rule-breaking, but from efficiency. Employees who independently seek out better tools are not a security problem – they are a sign of innovation. The only question is whether a company utilises this signal or ignores it.
Those who define clear guidelines today and provide a secure technical alternative turn an uncontrolled risk into a genuine competitive advantage. Data remains in-house, productivity rises, and employees can work with a clear conscience.
The first step is often easier than expected: clear rules for working with AI.