IT blocks ChatGPT on the corporate network. Safely handled, everyone assumes. A week later an employee is up against a deadline. He picks up his phone, opens ChatGPT on his personal account, and pastes in the passage he is stuck on, including the client's name and the case number.
The block is still on. The work has simply moved somewhere nobody can see it.
This is not the exception. It is exactly what a block does.
Blocking doesn't remove the risk, it relocates it
Blocking AI sounds like the safest choice. But it does not make your organisation safer, it makes the risk invisible. Cut off access and you do not get an organisation that has stopped using AI. You get shadow AI: personal accounts, personal phones, tools nobody approved. The data goes the same place it did before, only now with no visibility, no data processing agreement, and no one able to steer it.
Why the block is the reflex, and why it fails
When security gets in the way, it gets bypassed. That is not bad faith, it is how people work. The safe route has to be the easy route, or people choose whatever route gets the job done.
A block rests on an assumption: if I close the door, the use stops. But AI is not behind one door. It is on every phone, in every browser, behind every personal email address. You can close off the corporate network, but you cannot close off the phone in someone's pocket.
And there is a bitter side effect. By blocking, you push use toward the places where you have the least control. The employee using ChatGPT at work is visible. The employee using it on a personal phone because it is blocked at work is not. Blocking trades visible risk for invisible risk. That feels safer. It is the opposite.
What is actually happening
The numbers show how widespread this already is.
Microsoft and LinkedIn's Work Trend Index, based on 31,000 knowledge workers across 31 markets, found that 78% of AI users bring their own AI tools to work. At smaller companies it is higher, around 80%. People are not waiting for policy. They are solving their work with the tools they already know.
Nearly half of employees admit to using AI without employer approval, often on free versions where they share sensitive company data. And under pressure, people take chances: research by BlackFog found 60% of employees would take risks to hit a deadline.
At the same time, more than half are reluctant to admit they use AI for important work, not because they are doing something wrong, but because they worry it makes them look replaceable. A block reinforces exactly that. The use continues, just in silence.
It also shows up in real incidents. In 2023, Samsung restricted internal use of ChatGPT after engineers pasted confidential source code into the tool, where it could no longer be retrieved. The reflex was to ban it. But a ban does not answer the question the incident raised: people needed help in the moment they pasted, and the block does not provide that. It only moves the next paste somewhere darker.
The objection, taken seriously
Now the fair objection: "But we can't allow everything. Some tools simply don't belong anywhere near our data."
True. Not every AI tool is fit for sensitive company data, and an organisation may, and sometimes must, restrict particular tools. This is not an argument for a free-for-all.
But the choice is not "block everything" versus "allow everything". That is a false binary. The real choice is between blind blocking and active guidance. You can offer good, approved tools so people do not need to route around you. You can make it clear which data does and does not belong in an AI tool. And you can signal, in the moment, when something sensitive ends up in a prompt, so the employee can correct it.
That is not a free-for-all. It is keeping control where the risk actually appears, instead of closing a door people walk around.
What to do instead
Four steps that deliver more than a block.
- Offer a good, approved tool. If the safe route is as fast as the free chatbot, half of your shadow AI disappears on its own.
- Make the rules concrete, not abstract. Not "be careful with data", but clear examples of what does and does not belong in an AI tool.
- Signal at the moment of entry. Help the employee while they type, before sensitive data is sent, instead of searching logs for what is already gone.
- Measure where the risk sits. In aggregate, without tracking individuals: which data types, which tools, and whether the line falls after you change something.
That last point is the difference between assumptions and control. This is what that visibility looks like:
DeepSeek