Gardeo
FeaturesModelsPricingSecurityBlog
Request a demo
Back to Blog
April 15, 2026·2 min read

Shadow AI: The Invisible Risk in Your Company

What is Shadow AI?

Shadow AI describes the use of AI tools by employees without official approval or knowledge of the IT department. ChatGPT, Gemini, Claude, or Perplexity are used privately to complete work tasks faster. The problem: Personal data is often entered into prompts.

Why is this dangerous?

According to the Deloitte Switzerland study "The rapid arrival of generative AI in Switzerland" (2023, n=1,002), 61% of Swiss computer-based workers use generative AI on the job. But 61% report that their company has no clear policies for it. This gap creates significant risks:

  • Data protection violations: Personal data like customer names, email addresses, or contract data flows uncontrolled to US servers.
  • No accountability: IT doesn't know which data is being processed where.
  • Liability risk: The nDSG provides for personal fines of up to CHF 250,000.
  • Loss of trust: A known data leak can permanently damage business relationships.

Typical scenarios

  1. Email drafting: An employee copies a customer inquiry with full name and contact details into ChatGPT to generate a professional response.
  2. Document analysis: A lawyer uploads a contract with sensitive client data to an AI tool.
  3. Medical documentation: A doctor uses AI to formulate a diagnostic report, entering patient data in the process.

In all these cases, personal data leaves the controlled environment.

The solution: Don't ban it, secure it

An AI ban isn't realistic. The productivity benefits are too great, and employees will find ways to use AI anyway. Instead, you need a secure framework.

Gardeo provides exactly that:

  • Automatic pseudonymization: Personal data is detected and replaced before reaching the AI model.
  • Multi-LLM access: Over 20 models in one interface. No more reason to use private accounts.
  • Audit trail: Admins see who used what and when.
  • Model controls: Admins determine which models are available.

Steps to a Shadow AI strategy

  1. Assessment: Find out which AI tools are already being used.
  2. Create policies: Define clear rules for AI use.
  3. Provide a secure alternative: Offer an approved tool with automatic data protection.
  4. Training: Sensitize employees to data protection risks in AI use.
  5. Monitoring: Use audit logs to track usage.

Conclusion

Shadow AI is not a fringe issue. It affects every company that doesn't actively manage AI. The good news: With the right platform, a risk becomes an opportunity. Gardeo makes AI use secure, transparent, and nDSG-compliant.

Gardeo

Privacy-first AI. Hosted in Europe, made in Switzerland.

Product

  • Features
  • Models
  • Pricing
  • Security
  • Book Demo
  • Contact Sales

Company

  • Blog
  • System Status

Legal

  • Terms of Service
  • Privacy Policy
  • Data Processing Agreement
  • Fair Use Policy
  • API Terms
  • Imprint

Stay updated

© 2026 Gardeo. All rights reserved.