Your Staff’s Secret AI Habit
Shadow AI is everywhere. Here’s why staff hide it, what leaders can do about it, and how to turn it into measured productivity.
Shadow AI is common because policy, training, and culture have not kept up.
Transparent, encouraged AI use delivers measurable gains when governed and measured.
Use the Economic Reform Roundtable moment to move from rhetoric to practice with a 90-day plan.

We are walking into the Australian government’s Economic Reform Roundtable, where productivity is the headline act. It is invite-only. The agenda explicitly includes using data, digital, and AI to lift living standards.
Business is already framing AI as a practical lever for growth. As the Business Council’s Bran Black put it, “AI can help us work smarter, not harder.” He also calls AI “our next big lever for economic growth.”
Shadow AI is already inside your company
Employees are adopting AI faster than governance can catch up. Software AG’s global study suggests that around half of employees are using unapproved tools. TELUS Digital’s 2025 survey found 68 per cent of enterprise AI users access assistants through personal accounts, and 57 per cent admit to entering sensitive data.
KPMG and the University of Melbourne report that 57 per cent of workers hide AI use, often presenting AI-generated content as their own. Only 47 per cent say they have received any AI training.
Why hide it? Slack’s Workforce Index points to stigma. Nearly half of desk workers are uncomfortable telling managers they used AI, citing “cheating,” “less competent,” and “lazy” perceptions as top reasons.
On the street, anxiety is real. ABC profiled Australians who say, “We all got AI-ed,” and “I don’t know what I’m going to do now.” These are small quotes with big signals for leaders.
The real upside when you bring it into the sunlight
Where companies intentionally encourage and measure AI use, the gains are tangible. A field experiment with 5,179 support agents found that generative AI increased issues resolved per hour by about 14 per cent on average, with the most significant boosts for novice workers.
Developers show similar effects. GitHub’s controlled studies report up to 55 per cent faster coding on specific tasks with AI pair programming, alongside higher satisfaction.
Large rollouts point the same way. The UK civil service Copilot trial reported about 26 minutes saved per user per day, roughly two weeks a year.
This is not a theory. It is a management choice. You either have hidden usage with unmanaged risk or open usage with policy, training, measurement, and compounding productivity.
What the Roundtable means for you
Treasury’s productivity brief puts data, digital, and support for AI adoption on the national to-do list. That is helpful cover for CEOs to move from pilots to scale. The brief lists “supporting the adoption of AI” as a work in progress.
At the same time, Australia’s public trust in AI is shaky, which explains the cultural friction you will see inside firms. KPMG’s 2025 study finds only 36 per cent of Australians are willing to trust AI, despite the growing use of AI.
Your job as CEO
Remove secrecy by making disclosure normal and safe.
Protect customers and intellectual property by steering staff to approved tools with proper data guardrails.
Demand measurement, not hype. If AI is saving time, it should show up in cycle times, throughput, or customer outcomes.
A final reminder from the regulator’s playbook. The Australian Information Commissioner advises organisations not to enter personal information into publicly available generative AI tools. Set the bar there, then provide secure alternatives.
“Attendance is by invitation only.” Use that line from the Roundtable page as a reminder. Most of us will read outcomes in the media. Do not wait for communiqués. Build your own AI productivity plan now.
Operationalising AI without the creep of Shadow AI
Publish a one-page AI Use Standard that staff can follow
Turn on safe defaults before you train anyone
Train for how work is done, not what AI is
Start where the evidence is most substantial and the risk is low
Measure it like any other transformation
Create a “no paste” perimeter for sensitive data
Stand up an AI Champions network
Replace ban lists with bright lines
Policy footers and signatures that normalise disclosure
30-60-90 day plan you can copy
1) Publish a one-page AI Use Standard that staff can follow
Plain language rules: what is allowed, what is never allowed, and how to disclose usage in deliverables.
Copy the OAIC principle in your words: “Do not paste personal or sensitive information into public AI tools.” Link to your approved alternatives.
Add a short disclosure line for docs and emails, for example, “Assisted by approved AI for drafting and summarisation.”
Reference frameworks without jargon. The NIST AI RMF and its Generative AI Profile give you a checklist of risk controls to adapt.
2) Turn on safe defaults before you train anyone
Provide a sanctioned AI workspace with SSO, audit logs, and data controls. Do not make workers choose between speed and safety. TELUS and others show that when you do not, they use personal accounts and paste sensitive data.
Block known public AI endpoints from corporate networks if you have no enterprise contract, and route usage through your secure proxy or approved apps.
3) Train for how work is done, not what AI is
90-minute role-based clinics: prompts that match your processes, how to cite sources, privacy red flags, and when to stop and ask a human.
Teach the social norm. Use Slack’s findings to name the fear: colleagues might think AI use is “cheating” or “lazy.” Make it explicit that responsible AI use is expected, and show what good looks like.
4) Start where the evidence is most substantial and the risk is low
Customer support: aim for first response drafting, knowledge lookups, and tone coaching. The NBER study’s 14 per cent lift for agents is your benchmark.
Software: pair programming, test generation, boilerplate. Use GitHub’s task-level speedups as a starting assumption, then validate with your repos.
Knowledge work: meeting summaries and first drafts. The UK trial’s 26 minutes a day is a pragmatic target for email, notes, and document prep.
5) Measure it like any other transformation
Baseline key workflows, then A-B test teams with and without access. Track cycle time, throughput, error rates, customer CSAT, and rework.
Steal Microsoft’s measurement pattern: compare users and non-users by outcome, not just usage tallies.
Publish a monthly “AI gains” dashboard and celebrate wins to reduce the secrecy tax.
6) Create a “no paste” perimeter for sensitive data
Classify data into three buckets and wire in DLP. If content is confidential or personal, route it only to enterprise AI with data residency and retention controls. OAIC guidance backs you here.
7) Stand up an AI Champions network
One volunteer per team who runs office hours, curates prompts, and escalates risks. Use the NIST profile to keep a simple risks log: inputs, outputs, bias checks, and human review steps.
8) Replace ban lists with bright lines
Disallow AI for regulated judgments or legal advice unless a licensed professional signs off.
Require citation for facts and a human read for anything externally published.
Keep a short allow list of tools and use cases. If staff need something else, they can propose it with a two-minute form.
9) Policy footers and signatures that normalise disclosure
Add a standard line in proposals and board papers that makes provenance normal, not shameful. This is how you unwind the “lazy” stigma quickly, in public.
10) 30-60-90 day plan you can copy
Days 1 to 30: Publish your one-pager, turn on an approved AI workspace, run three role-based clinics, and instrument two pilot workflows.
Days 31 to 60: Expand pilots to two more teams. Launch the “AI gains” dashboard. Champions collect and share five high-value prompts per team.
Days 61 to 90: Move from pilots to policy. Add disclosure footers, lock down public endpoints, and present measured gains to the exec. Tie year-end incentives to transparent, compliant adoption.
“AI can help us work smarter, not harder.” Put that on the first slide of your internal roadshow, then prove it with your own numbers.
References
Australian Government Department of the Treasury. (2025). Economic Reform Roundtable. https://treasury.gov.au/review/economic-reform-roundtable
Australian Government Department of the Treasury. (2025). Economic Reform Roundtable: Productivity [PDF]. https://treasury.gov.au/sites/default/files/2025-08/overview-productivity.pdf
Business Council of Australia. (2024, September 5). AI consultation is a step in the right direction. https://www.bca.com.au/ai_consultation_is_a_step_in_the_right_direction
Business Council of Australia. (2025, June 2). Business Council unveils Australian AI report to secure leadership by 2028. https://www.bca.com.au/business_council_unveils_australian_ai_report_to_secure_leadership_by_2028
Business Council of Australia. (2025, June 2). Accelerating Australia’s AI Agenda. https://www.bca.com.au/accelerating_australias_ai_agenda
Business Council of Australia. (2025, August). Productivity Commission provides the right middle ground on AI regulation. https://www.bca.com.au/productivity_commission_provides_the_right_middle_ground_on_ai_regulation
Brynjolfsson, E., Li, D., & Raymond, L. (2023). Generative AI at Work (NBER Working Paper No. 31161). National Bureau of Economic Research. https://www.nber.org/papers/w31161
CFO Dive. (2023, April 6). AI boosts productivity 14%: NBER case study. https://www.cfodive.com/news/ai-boosts-productivity-nber-case-study-generative-workforce/649110/
GitHub. (2024, May 13). Research: Quantifying GitHub Copilot’s impact in the enterprise with Accenture. https://github.blog/news-insights/research/research-quantifying-github-copilots-impact-in-the-enterprise-with-accenture/
KPMG Australia. (2025, April 29). Global study reveals Australia lags in trust of AI despite growing use. https://kpmg.com/au/en/media/media-releases/2025/04/global-study-reveals-australia-lags-in-trust-of-ai-despite-growing-use.html
Microsoft WorkLab. (2023, November 15). What Can Copilot’s Earliest Users Teach Us About Generative AI at Work? https://www.microsoft.com/en-us/worklab/work-trend-index/copilots-earliest-users-teach-us-about-generative-ai-at-work
Financial Times. (2025, June 10). UK civil servants who used AI saved two weeks a year, government study finds. https://www.ft.com/content/7c2aa19d-4c92-490d-bb35-f329a246fe5b
NIST. (2024, July 26). AI Risk Management Framework: Generative AI Profile. https://www.nist.gov/itl/ai-risk-management-framework
NIST. (2023). Artificial Intelligence Risk Management Framework (AI RMF 1.0). https://www.nist.gov/publications/artificial-intelligence-risk-management-framework-ai-rmf-10
OAIC. (2024). Guidance on privacy and the use of commercially available AI products. https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/guidance-on-privacy-and-the-use-of-commercially-available-ai-products
OAIC. (2024). Guidance on privacy and developing and training generative AI models. https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/guidance-on-privacy-and-developing-and-training-generative-ai-models
Slack. (2024, November). Fall 2024 Workforce Index: Executives and employees are investing in AI, but uncertainty is holding back adoption. https://slack.com/blog/news/the-fall-2024-workforce-index-shows-executives-and-employees-investing-in-ai-but-uncertainty-holding-back-adoption
Software AG. (2024, October). Half of all employees are Shadow AI users (via SecurityWeek summary). https://www.securityweek.com/the-shadow-ai-surge-study-finds-50-of-workers-use-unapproved-ai-tools/
TELUS Digital. (2025, February 26). Survey reveals enterprise employees’ use of shadow AI [Press release]. https://www.businesswire.com/news/home/20250226490609/en/TELUS-Digital-Survey-Reveals-Enterprise-Employees-Are-Entering-Sensitive-Data-Into-AI-Assistants-More-Than-You-Think/
Thompson, P. (2025, April 28). Researchers asked almost 50,000 people how they use AI. Over half of workers said they hide it from their bosses. Business Insider. https://www.businessinsider.com/kpmg-trust-in-ai-study-2025-how-employees-use-ai-2025-4
ABC News. (2023, December 3). ‘We all got AI-ed’: The Australian jobs being lost to AI under the radar. https://www.abc.net.au/news/2023-12-04/australian-jobs-being-lost-to-ai/103123682

