AI Governance
Shadow AI: Your Employees Are Pasting Secrets into ChatGPT (How to Stop It in 2026)
July 1, 2026 · 6 min read
Most “AI policy” documents are unenforced. The leak is already happening in the prompt box — here’s how to actually close it.
Shadow AI is the use of public AI tools — ChatGPT, Claude, Gemini, Copilot — by employees without the security team’s knowledge or controls. It is not a future risk; it is the default behaviour in most organizations today. People paste stack traces, config files, customer records and source code into a chat box because it makes them faster, and every one of those prompts crosses the corporate boundary into a model you do not operate.
Why shadow AI is uniquely hard to control
Roughly a third of the data employees put into AI tools is sensitive, and source code is the single most-leaked category. Three properties make it slippery:
- It looks like normal browsing. The prompt is just HTTPS traffic to a reputable domain — nothing a firewall flags.
- It often happens off-network. A large share of usage is on personal devices and home connections your tooling never sees.
- It is conversational. Secrets are pasted mid-sentence in a debugging question, not attached as a labelled file a DLP rule can catch.
Why network DLP and “just block it” both fail
Blocking ChatGPT outright pushes the behaviour onto personal devices, where you have zero visibility — Samsung learned this in 2023. Network DLP proxies require the prompt to travel to a vendor to be inspected, and certificate pinning in modern apps quietly defeats interception. Both approaches fight the user instead of helping them, and neither produces the evidence an auditor now asks for.
A local-first fix that meets people where they work
The control that actually holds is one that runs on the device, before the prompt leaves. Prompt Guard scans the prompt locally, redacts secrets and PII into reversible placeholders, and lets the model answer normally — the real secret never leaves the machine. It guards the terminal (a one-line wrapper), blocks secrets inside interactive Claude Code, and redacts pastes in the browser. Because it is open source, you can read exactly what it treats as a secret.
Turn the control into evidence
Stopping the leak is half the job; proving you stopped it is the other half. Every redaction or block becomes an audit record mapped to ISO 42001 and EU AI Act Article 12 — so “we have an AI usage policy” becomes “here is the logged, enforced control.” See the deeper dive on how Prompt Guard latches ISO 42001 evidence.
Close the shadow-AI gap
Explore Prompt Guard →Frequently asked questions
- What is shadow AI?
- Shadow AI is the use of public AI tools such as ChatGPT, Claude or Gemini by employees without security oversight or controls. The main risk is sensitive data — secrets, source code, customer records — being pasted into models the organization does not control.
- How do I stop employees pasting secrets into ChatGPT?
- Outright blocking pushes usage onto unmanaged personal devices. A more effective approach is a local-first redactor that strips secrets and PII out of a prompt on the device before it is sent, so people keep using AI while sensitive data never leaves — and each prevented leak is logged as compliance evidence.
- Why doesn’t network DLP catch AI data leaks?
- Network DLP proxies must sit in the path of the prompt to inspect it, and certificate pinning in modern apps defeats interception. They also miss the large share of AI usage that happens off the corporate network on personal devices.