Bunny Honey ClubBunny Honey/blog
Work with us
← back to indexblog / ai / shadow-ai-client-data-chatgpt-small-business
AI

Your team is pasting client data into ChatGPT right now

67% use AI at work through personal accounts. 18% of companies have a policy. That gap is your biggest data liability, and August 2 removes the excuse.

AH
Arthur HofFounder, Bunny Honey Club AI
publishedJul 10, 2026
read4 min
Your team is pasting client data into ChatGPT right now

Someone on your team pasted a client proposal into a free ChatGPT account this week to tidy up the wording. They were not being reckless. They were being efficient, and they almost certainly did not think of it as sending your client's comm

Someone on your team pasted a client proposal into a free ChatGPT account this week to tidy up the wording. They were not being reckless. They were being efficient, and they almost certainly did not think of it as sending your client's commercial terms to a third party under an agreement nobody in your business has read. Shadow AI is not a technology problem you can ban your way out of, it is the gap between the 67% of professionals already using AI at work through personal accounts and the 18% of companies that have any policy about it, and for a small business that gap is now the single largest unaddressed data liability you own.

August 2 makes it worse, because "we did not know our people were doing that" stops being a story you can tell.

The number that should bother you

67%use AI at work via personal accounts
18%of companies have any AI policy
65%of shadow-AI incidents expose customer PII
247 daysaverage time to detect the breach

The adoption and governance gap is the story. Roughly two thirds of professionals reach for AI through accounts nobody authorised, while fewer than one in five businesses has written down a single rule about it. Forbes has been covering the same pattern all year. Breaches involving shadow AI cost meaningfully more than standard incidents, take longer to find, and lean heavily toward exposing exactly the things you cannot afford to expose: customer personal data and intellectual property.

None of this requires anyone to be careless. It only requires the sanctioned path to be slower than the unsanctioned one.

What actually leaves the building

The abstraction "data" hides the problem. Be specific about what gets pasted into a chat box on an average Tuesday:

Client proposals with pricing and commercial terms. Customer records, to write a follow-up. Source code, to debug it faster. Contract language, to simplify it. HR notes and performance write-ups. Internal strategy documents, to summarise them for a meeting. Supplier costs, to model a margin.

Every one of those is a normal, reasonable thing for a competent person to want help with. Every one is also a thing you have contractual and regulatory obligations about. The tool is not the problem. The absence of anywhere safe to do it is.

Small businesses carry more of this risk than enterprises, not less

The enterprise security industry frames shadow AI as an enterprise problem, which is backwards on the thing that matters.

A 500 person company can survive a data incident. It has lawyers, insurance, a comms plan, and enough clients that losing a few is survivable. A 15 person agency that loses one client's trust over an AI leak often does not get a second chance. The absolute exposure is smaller. The proportional risk is enormous.

the asymmetry nobody prices in

You also have fewer places to hide. When a client asks how their data is handled, and increasingly they will, "our team uses whatever tools they like" is not an answer that survives a procurement questionnaire. This is the same lesson we learned the hard way reading a plugin that had been quietly sending our shell commands, including client project paths, to a third party for months. We wrote that one up in full: Vercel patched its plugin, ours kept sending data. The uncomfortable part was that nobody on our side did anything wrong. We just had not looked.

"We didn't know" expired on August 2

The regulatory floor moved this month. The EU AI Act's transparency obligations land on August 2, 2026, and while they are aimed at disclosure and labelling rather than shadow AI directly, they mark the point where informal AI use stops being invisible to regulators and clients. We covered exactly what applies in the EU AI Act deadline your chatbot still has.

The practical translation for a small business: you are now expected to know what AI is being used in your operation. Not to have solved it. To know. An organisation that cannot answer "which AI tools touch client data here" is announcing that it does not manage its own information flows, and that is a much worse look in front of a client than any individual mistake.

Banning it is the wrong move

The only thing that reliably works is making the sanctioned path faster than the shadow path. People route around obstacles, not around convenience.

What actually works

Write the short list of what can never leave. Not a policy document nobody reads. Five lines: client PII, credentials, contracts, source code, anything under NDA. Specific beats comprehensive, because specific gets remembered.

Give them a sanctioned tool that is genuinely better. A business account with proper data terms, or better, an internal assistant wired to your own data on infrastructure you control. This is the argument we keep making in stop buying SaaS and build the internal micro-tool, and shadow AI is the strongest case for it yet. If the approved thing knows your business and the shadow thing does not, adoption solves itself.

Ask, without consequences attached. The fastest audit available to you is asking your team what they actually use, in a conversation where nobody gets in trouble for answering honestly. Most owners are shocked by the list. That shock is the point.

Right-size the stack. Most of this can be covered for very little money, as we laid out in the €500 a month AI stack for a small team. The cost of doing this properly is far below the cost of one awkward client conversation.

Your people are going to use AI. That was decided for you. The only open question is whether it happens somewhere you can see.

— share
— keep reading

Three more from the log.