A Ban Is Not A Plan
Your firm is already running on AI you can’t see. A ban doesn’t end that.
Somewhere in your firm right now, a smart, loyal, overworked person is pasting a client document into a chatbot they pay for personally, on a tab they'll close before lunch. They are not careless. They are not malicious. They are trying to do good work faster, the way good people always have.
And depending on what's in that document, they may have just breached confidentiality, waived a privilege, or handed protected client data to a vendor whose terms of service nobody at your firm has read.
The trade every professional firm is unknowingly making
For most companies, shadow AI is a productivity story with a security asterisk. Your people quietly wired AI into their workday faster than any official rollout ever could, and the worst case is usually embarrassment.
Right now, in a private tab, one of your people is pasting a client’s file into a chatbot to save twenty minutes. The data is already gone — out of your control, into a system you don’t run, under terms nobody read, maybe training a model you’ll never audit. There is no undo. And every minute you treat this as someone else’s problem, it is happening again, on a login you can’t see, against the one duty your license depends on. The math is inverted. The exact same behavior that makes shadow AI productive is the behavior that gets a professional in front of a licensing board.
Consider what "just getting a first pass" actually involves. A client's contract, tax position, or financial records leave your controlled environment. They enter a system you don't administer, under an account you don't own, governed by terms you didn't negotiate, possibly used to train a model you'll never audit. The associate saved twenty minutes. The firm took on a liability that doesn't expire and won't show up on any dashboard.
This is not a hypothetical risk waiting for the technology to mature. It is the default outcome of how the tools work, multiplied by how many of your people are already using them. The productivity is real. The exposure is real. They are the same event.
The lie that makes it worse
So you do the obvious thing. You send the email. Effective immediately, no AI tools without IT approval. You feel responsible. You've addressed it.
You've made it worse, and here's the part that should keep you up at night: you've made it worse in writing.
A ban does not stop the behavior. Everyone who works with knowledge workers knows this. The associate who was pasting documents into ChatGPT on their work laptop now does it on their phone, on a personal account, off your network entirely, with even less chance you'll ever see it. You haven't closed the gap. You've pushed it into a place where you have zero visibility and zero recourse.
But you've done something worse than fail. You've created a record. You identified the risk, declared it prohibited, and then did nothing to make compliance possible or to detect violations.
When that pasted client document eventually surfaces — in a discovery request, a breach disclosure, a board complaint, a malpractice claim — it no longer surfaces as an accident. It surfaces as a known risk you chose to manage with a memo. "We had a policy" is not a defense. It's an admission that you understood the danger and declined to do anything real about it.
For a regulated professional, a ban you can't enforce isn't protection. It's evidence.
We have run this exact movie before
None of this is new. It just moves faster now.
A decade ago it was called shadow IT. People used personal Dropbox accounts and unsanctioned apps because the official tools were slow and the work needed doing. Firms that responded with bans learned the same lesson every time: you cannot policy your way out of a tool people love. The behavior went underground. The data went with it.
The firms that actually solved it did the opposite of banning. They figured out why people were routing around the official tools — usually because the sanctioned option was clumsy or slow — and they closed that gap by giving people something good and blessed and safe to use instead.
Shadow AI is that same lesson at ten times the speed, with your clients' confidential information riding along. The professionals who lose here will be the ones who treated it as a discipline problem. The ones who win will treat it as what it actually is: a signal, written by your own people, telling you exactly which tasks AI is good at and exactly where your current setup is failing them.
Bring It Into the Light
You have two true things at once. Your people are more capable with these tools than your official position allows. And you cannot see, secure, or stand behind almost any of what they're doing. The instinct to ban resolves the discomfort and solves nothing. Here is the harder, better play.
Give them something safe before they find something risky. Shadow AI exists because the unsanctioned tool beats the sanctioned one. So sanction a good one. A capable, paid, properly-configured tool with real data protections closes the gap that drives people into private accounts. You cannot compete with "nothing" — and right now, nothing is what your official toolset offers.
Run an amnesty, not an audit. Ask your people what they're already using and what they've already built, with the explicit promise that the goal is to make it safe, not to punish them. The workflows already running in your firm are a map of where AI creates value and where your client data is exposed. You want that map drawn by you, with the lights on, before it gets drawn for you in a complaint.
Draw the confidentiality line in plain language. Your people don't need a forty-page policy. They need to know, concretely, what may go into an AI tool and what may never — and they need a sanctioned place to do the permitted work. The duty was always yours. The tools just made it easier to breach by accident.
So write the memo. Ban the tools. Send it firm-wide. Your people will read it, nod, and switch to their phones. The work doesn’t stop. It just leaves your sight. Months from now, in a deposition or an audit or a call from a client who found their own file on Google, you’ll learn what they’ve been doing all along. You can find out now, while you can still do something about it. Or you can find out then. Those are the options. There is no version where it stays hidden and stays fine.
Your obligation to your clients didn't change. The number of quiet, well-meaning ways to violate it did.