What should you do if an employee uses an unapproved AI tool?
Short answer
A quick answer first, then the fuller context below.
If an employee uses an unapproved AI tool, treat it as a governance incident rather than a disciplinary shortcut: contain the data risk, capture what happened, review the output, and fix the policy gap before it spreads.
Detailed answer
The fuller context, trade-offs and practical steps behind the short answer.
When an employee uses an unapproved AI tool, slow the problem down
An employee using an unapproved AI tool is usually a sign that the firm has demand, unclear boundaries, or a workflow pain point. Handle it quickly, but do not turn it into a panic exercise. The aim is to understand what data went into the tool, what output came back, who relied on it, and which control failed.
For professional services firms, this matters because a small shortcut can create client confidentiality, privilege, data protection, audit trail, quality review and accountability issues. A proportionate response protects the client, the employee and the firm.
The safest first response is containment, evidence and review
The practical answer is: pause further use, preserve the facts, assess the data exposure, check any client-facing output, and decide whether the incident is a training issue, policy gap, vendor-risk issue or formal breach. Do not delete the evidence before the firm understands what happened.
- Stop repeat use: ask the employee and team not to use the tool again until the review is complete.
- Record the facts: tool name, account type, prompt or uploaded data, output, date, workflow, client or matter, and who saw or used the result.
- Classify the data: client confidential data, personal data, privileged material, regulated advice, internal-only information or low-risk public material.
- Review reliance: check whether the output was copied into advice, emails, research notes, analysis, claims handling, financial models or client documents.
- Fix the control: update policy, approved-tool lists, training, access controls and escalation routes.
Find shadow AI risk before it becomes client risk
What to check before deciding whether it is a breach
The key question is not simply whether AI was used. The key question is what the tool received and whether the firm can still evidence control over the work. A public brainstorming prompt is a different risk from uploading a client contract, witness statement, claim file, audit working paper or board pack into a public AI service.
Use a simple triage:
- Data sensitivity: Was client, personal, regulated, privileged or commercially sensitive information entered?
- Tool status: Was it approved, configured for business use, covered by a data processing agreement, and set not to train on firm data?
- Retention and access: Can prompts, files or outputs be retained, reviewed by the vendor, or shared across accounts?
- Client impact: Did the output influence advice, decisions, communications, pricing, due diligence, compliance work or claims handling?
- Evidence: Can the firm reconstruct the prompt, output, review steps and final human decision?
If the answer points to personal data exposure, client confidentiality risk, privilege risk or incorrect client-facing work, involve the relevant senior owner early. For regulated firms, that may include the COLP or COFA, MLRO, DPO, risk partner, compliance lead, SMF accountable person or equivalent governance owner.
How to respond without encouraging hidden AI use
A purely punitive response can push AI use underground. A better operating model separates deliberate misconduct from unclear policy, weak tooling or unmet workflow demand. The firm still needs consequences where someone knowingly ignored clear restrictions, but it also needs a route for staff to ask for safe alternatives.
In practice, the response should include:
- a short incident note in the AI use register or risk log;
- a quality review of any work product affected;
- a decision on client notification, regulator notification or DPO review where relevant;
- an update to the approved AI tool list and blocked-tool guidance;
- a plain-English reminder of what staff may and may not put into AI systems;
- a route for requesting approved automation or AI assistance.
Put a workable AI governance route around staff demand
What a good AI policy says about unapproved tools
The policy should be short enough for people to use, but specific enough to remove guesswork. It should name prohibited data types, approved tools, permitted use cases, review requirements, escalation contacts and the incident route for accidental use.
A useful clause does not say only "do not use unapproved AI". It also tells people what to do if they already have. For example: stop using the tool, do not delete records, tell the named AI or risk contact, share the prompt and output, and wait for a review before using the result.
For legal, finance and insurance teams, include examples that match real work: client emails, contracts, claim notes, policy documents, due diligence reports, regulated advice, board papers, complaints, financial models and personal data extracts. Generic examples are easy to ignore.
How Pattrn Data would operationalise the fix
The fix is usually a small control system, not a large policy project. Start with an approved-use matrix, a one-page intake route for new AI ideas, a shadow AI incident log, and a review standard for outputs that may affect clients or regulated work.
Then turn repeat incidents into workflow evidence. If employees keep using public tools for first drafts, summarisation, research or data cleaning, the firm probably needs safer internal routes for those tasks. Governance should make safe use easier than risky improvisation.
Build safer AI workflows around the jobs staff are already trying to do
Conclusion
If an employee uses an unapproved AI tool, the right response is calm containment plus a concrete governance fix. Capture the facts, protect client data, review any output, decide whether notification is needed, and close the route that made the shortcut attractive in the first place.
FAQs
Direct follow-up answers written for searchers, buyers and internal decision makers.
Should we discipline the employee straight away?
Not before understanding the facts. If the rule was clear and deliberately ignored, HR or management action may be appropriate. If the rule was unclear, the better first fix may be policy, training and safer tooling.
Do we need to tell the client?
It depends on what data was entered, whether confidentiality or privilege was affected, and whether the AI output influenced client-facing work. Treat this as a risk and compliance decision, not a marketing decision.
Should we ban all public AI tools?
A blanket ban is sometimes necessary for sensitive workflows, but it often fails in practice unless staff have a safe alternative. Define prohibited data, approved tools and review steps instead.
What should go in the incident record?
Record the tool, account type, prompt or uploaded material, output, affected client or matter, people involved, review decision, corrective action and any notification decision.
Who should own the response?
The named AI governance owner should coordinate it with the relevant risk, compliance, legal, data protection and business leads. Ownership should be clear before an incident happens.
Need help implementing this?
If this question points to a live process, policy or supplier decision, the next step is usually to turn the answer into a controlled plan. These services are the most relevant starting points.
AI governance consulting
Create policies, approval routes, ownership and controls that teams can actually use day to day.
AI governance consultingSecure AI implementation
Put privacy, supplier review, data boundaries, testing and staff guidance into the implementation plan from the start.
secure AI implementationAI workflow automation
Turn repeatable admin, client service and reporting work into controlled workflows with clear human review points.
AI workflow automation support