Microsoft Warns of Shadow AI Risk, Yet Promotes “Bring Your Own Copilot” for Enterprise Users

While Microsoft continues to actively promote its Copilot tools for the corporate sector, the company has also begun warning of the growing dangers of uncontrolled “shadow” AI use among employees. A new report raises alarms over the rapid expansion of so-called “Shadow AI” — cases in which workers employ unauthorized neural networks and bots that have not been approved by their organization’s IT departments.

According to Microsoft’s findings, 71% of surveyed employees in the United Kingdom admitted to using consumer-grade AI services at work without the knowledge of system administrators, and more than half said they continue to do so on a regular basis.

The practice spans a wide range of tasks: nearly half of respondents use unapproved AI tools for business correspondence, 40% for preparing presentations and reports, and one in five for financial operations. These figures echo earlier studies showing that ChatGPT remains among the most widely used tools for such purposes.

Despite these concerns, Microsoft simultaneously promotes the concept of BYOC — “Bring Your Own Copilot.” Employees who already possess a personal Microsoft 365 subscription with AI assistant access are encouraged to use it in the workplace, even if their company has not officially adopted such technologies. In essence, Microsoft is endorsing the very behavior once criticized under the term “Shadow IT.”

The report’s authors note that only 32% of respondents expressed genuine concern about potential data leaks involving clients or company information, while a mere 29% recognized the possible cybersecurity threats. In most cases, the motivation for using third-party AI stems from habit: 41% of participants admitted to relying on the same tools at work that they use in their personal lives.

Despite Microsoft’s ongoing efforts to popularize Copilot, the reality remains less than favorable for the brand. ChatGPT continues to dominate the enterprise landscape, while Copilot adoption remains limited. As a result, Microsoft is, in effect, legitimizing shadow AI practices — so long as they direct users toward its proprietary ecosystem.

In conclusion, the report emphasizes that ungoverned AI adoption poses significant risks, particularly when consumer-grade systems are used in corporate environments. Microsoft insists that only professionally designed AI solutions, tailored to business requirements, can ensure the necessary standards of security, reliability, and compliance.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy