The STEM Workforce Report from SThree shows a clear picture: almost 3 out of 4 Dutch tech professionals use AI tools that have not been approved by their employer. Think of popular generative platforms like ChatGPT, Copilot, or Gemini. Of the respondents, 24% say they would not meet their deadlines without these tools.
Why do employees choose this 'shadow AI'? The three main reasons:
- Speed and ease of use: external AI tools are often more intuitive and faster than what is available internally.
- Lack of functionality in approved tools: many tools within the company are limited or outdated.
- Slowness and inefficiency of official alternatives: frustrations over cumbersome systems and long approval lines.
For many employees, it's simple: they want to do their job well and reach for the tools that work best, even if that is technically outside the rules.
The risks are piling up
As an entrepreneur, you need to know that the use of shadow AI is not due to ignorance. On the contrary: more than 80% of users acknowledge that these tools pose privacy and security risks. Think of unintended exposure of sensitive data, breaches of intellectual property, or errors or misinterpretations in AI output that can cause business damage.
Compliance conflicts can also arise. With the EU AI Act or NIS2, everything must be organized properly, and there is no room for experiments outside the lines.
Nevertheless, 51% of users say that the benefits outweigh the risks – a risky balance, especially for organizations without clear frameworks or backup systems.
For the entrepreneur, shadow AI is not an abstract technological issue. It touches the core of business operations: employees make technological decisions without consultation or governance, while the responsibility for data breaches or AI errors ultimately lies with the organization. An increasing portion of the work is done with uncontrolled means – and that undermines both compliance and quality.
Especially in smaller organizations, where IT departments are often limited, the risk is high that action is only taken when it is too late. The report also shows that only 63% of respondents indicate that their organization has formulated any AI policy at all, and that percentage is often even lower in smaller companies.
What you can do as an entrepreneur against shadow AI
The solution does not lie in banning or punishing. Shadow AI arises precisely from a gap between need and policy. The key lies in recognizing this reality and taking control.
Concrete steps that every SME can take right now:
- Inventory the AI usage within your organization – both formal and informal.
- Provide alternatives that are indeed safe and user-friendly.
- Formulate workable AI guidelines, including what is allowed and what is not.
- Ensure training and awareness so that employees understand the risks and can contribute to safe innovation.
- Establish safe testing environments where experimentation can occur without business risk.
These steps do not have to cost capital, but they do require involvement from the entrepreneur or IT responsible.
The message of the report is clear
AI usage in the workplace is a reality – regardless of whether it is officially allowed or not. The report from SThree makes it clear that professionals do not wait for policy but choose their tools themselves. Entrepreneurs would do well to take this seriously: those who do not provide direction lose control.
By integrating AI in a safe and strategic manner, your company remains competitive and compliant. But that starts with recognizing what is already happening and taking ownership of how you as an organization deal with AI.
