November 11, 2024 – As federal agencies expand their use of artificial intelligence (AI), unregulated or “shadow” AI usage introduces critical risks, including data privacy issues and operational vulnerabilities. Info-Tech Research Group’s recently published blueprint Improve Governance and Stakeholder Engagement to Curb Shadow AI offers federal IT leaders strategic guidance for strengthening governance frameworks and increasing stakeholder involvement. By promoting transparency and control over AI initiatives, Info-Tech's insights support responsible, compliant, and secure use of AI deployment across federal government entities.
“Shadow AI is the unsanctioned or uncontrolled use of AI tools that work outside of standard IT governance processes. Such practices have the potential to undermine public trust and the responsible adoption of AI in the federal government,” says Paul Chernousov, research director at Info-Tech Research Group. “With federal departments and agencies broadening their AI scope and scaling their AI efforts beyond initial ‘proof of concept’ investments, they face the challenge of managing the proliferation of shadow AI.”
Info-Tech’s blueprint outlines the significant governance gaps federal agencies must address to mitigate risks while maximizing AI benefits. As AI capabilities exponentially evolve, the firm advises that federal IT leaders must implement stronger data protection measures to maintain confidentiality and integrity in their data ecosystems. In cases where unauthorized AI usage has already occurred, Info-Tech recommends implementing retroactive controls to bring such uses within compliance frameworks.
In its Improve Governance and Stakeholder Engagement to Curb Shadow AI blueprint, Info-Tech identifies three main types of risks associated with shadow AI in federal agencies.
- Governance and Compliance Challenges: Shadow AI undermines federal regulatory frameworks by operating outside the established governance structures. Employees using unauthorized AI tools often bypass key approval processes, leading to non-compliance with data protection laws and federal regulations. Such unauthorized use complicates departments’ ability to ensure adherence to ethical AI principles and maintain transparency in decision-making processes, which could lead to the erosion of public trust in government operations.
- Operational Security Risks: Unsanctioned AI use introduces significant vulnerabilities to federal IT infrastructures. When staff input sensitive data into unapproved AI systems, it creates potential access points for cyber attacks and data breaches. These shadow systems often lack proper security protocols, exposing federal networks to malware and other cyber threats. The use of external AI platforms without proper vetting increases the risk of unauthorized data access and potential exploitation of government information.
- Data Management and Data Integrity Issues: Shadow AI compromises the reliability of federal data ecosystems by introducing unverified and unvetted information into official records. When AI-generated data is incorporated into government documents without proper review and validation, it could lead to the spread of inaccurate, biased, and factually incorrect information across departments and agencies. Over time, such gradual corruption of data integrity could significantly impact the accuracy of records, decision-making processes, and the overall quality of government services provided to citizens.
To mitigate these challenges, Info-Tech outlines the path to establishing a dedicated AI governance committee responsible for overseeing all aspects of AI adoption and usage. This cross-functional team, comprising members from IT, legal, and operational sectors, should be tasked with approving AI initiatives, managing associated risks, and enforcing policy compliance. Additionally, the firm explains that clearly defined acceptable AI practices, procurement procedures, and data handling requirements should be established across all applications within the federal agencies. Regular policy reviews and updates are essential for ensuring alignment with advancing AI technologies and emerging risks.
For exclusive and timely commentary from Paul Chernousov, an expert in the government sector, and access to the complete Improve Governance and Stakeholder Engagement to Curb Shadow AI blueprint, please contact pr@infotech.com.
About Info-Tech Research Group
Info-Tech Research Group is one of the world’s leading research and advisory firms, proudly serving over 30,000 IT and HR professionals. The company produces unbiased, highly relevant research and provides advisory services to help leaders make strategic, timely, and well-informed decisions. For nearly 30 years, Info-Tech has partnered closely with teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
To learn more about Info-Tech’s divisions, visit McLean & Company for HR research and advisory services and SoftwareReviews for software buying insights.
Media professionals can register for unrestricted access to research across IT, HR, and software and hundreds of industry analysts through the firm’s Media Insiders program. To gain access, contact pr@infotech.com.
For information about Info-Tech Research Group or to access the latest research, visit infotech.com and connect via LinkedIn and X.
Media Contact
Sufyan Al-Hassan, Senior PR Manager
Info-Tech Research Group
salhassan@infotech.com | +1 (888) 670-8889 x2418