Half Your Team Is Already Pasting Client Secrets Into Ungoverned AI
Half of knowledge workers use unsanctioned AI tools; 39% have pasted confidential documents into them. For a discretion-based firm, that's existential.

Fifty-two percent of knowledge workers admit to using AI tools their company never sanctioned. Of the people using those unapproved tools, 39% have pasted in confidential company documents – including financials and contracts.
Those numbers are from Okta's "AI Agents at Work 2026" research, and they should stop a boutique advisory owner cold. The technology isn't dangerous in the abstract; the problem is that your entire business is a promise of discretion, and roughly two in five people using shadow AI have already fed it the kind of material that promise is about.
If you run a firm where the product is trust – strategic advisory, competitive intelligence, diligence, anything where clients hand you things they'd hand almost no one else – this isn't an IT hygiene issue. It's a threat to the one thing you actually sell.
This is not a hypothetical, and it's not the tool's fault
The instinct is to imagine a future breach. The data describes a present one. Among people using unsanctioned AI tools, Okta found 54% have shared internal messages and emails, 45% have shared HR information, and, again, 39% have shared confidential company documents. More than a fifth have pasted in login credentials and passwords, and nearly three in ten have shared banking and payment details.
Read those as behavior, not risk. This is what's already happening on ordinary Tuesdays, by good employees trying to do their jobs faster. Nobody is being malicious. Someone has a dense client contract to summarize, a deadline, and a chat window that will summarize it in nine seconds. The tool isn't the villain here. The absence of a sanctioned alternative is the whole story.
And the leaders mostly don't know. Okta found a stark perception gap: 65% of executives said their organization's AI usage policies are very clear, while only 43% of the employees actually using AI agreed. Your team and your leadership are living in different realities about what's allowed and what's happening. That gap is where confidential material walks out the door – not through a dramatic hack, but through the quiet distance between what a partner assumes and what an associate is actually doing at 6pm.
Why this is existential for a small firm specifically
A large enterprise that leaks a document has lawyers, insurance, a communications team, and a thousand other clients. A boutique advisory firm has its word. When a client gives you their board deck, their cap table, their unannounced deal, they're extending a personal trust that doesn't survive a "we had an incident" email. The asymmetry is brutal: it takes years to earn that trust and one screenshot in a third-party tool's logs to end it.
There's an obligation under this that predates any survey. Confidentiality isn't a feature you offer; it's a promise you made, on behalf of a client who assumed you'd keep their material inside the walls they handed it to you within. When a team member pastes that material into an ungoverned tool, the promise is broken whether or not anyone ever finds out. The client didn't get a vote. They trusted the firm, and the firm's tooling quietly widened the room without telling them.
Executives seem to sense the exposure even when they can't see the specifics. In Writer's 2026 enterprise AI adoption research, 67% of executives said they believe their company has already suffered a data breach because of unapproved AI tools. That's a belief, not a confirmed count – but when two-thirds of leaders quietly suspect it's already happened, "we'll deal with AI governance later" stops being a defensible position. Okta sells identity tooling and Writer sells enterprise AI, so weigh both sources. The behavior underneath, though, doesn't care who funded the survey. It's in your own logs whether or not a vendor counted it.
A ban is not a policy
The tempting response is prohibition. Block the tools, forbid the behavior, send the stern email. It won't work, and the perception gap tells you why. People are already using these tools because they're useful and the deadline is real. A ban doesn't remove the incentive; it just removes your visibility into it. You go from "shadow AI I could govern" to "shadow AI I've formally promised isn't happening," which is worse. Prohibition is how you convert a manageable risk into an invisible one.
The governance problem is genuinely unsolved at most organizations. Deloitte's 2026 State of AI in the Enterprise found only about one in five companies has a mature model for governing autonomous AI. Nobody has this fully figured out. But "hard" is not "optional" when the exposure is your core promise.
What a governed system looks like
You already do this everywhere else in your practice. You don't ban client files; you control who can open them, where they live, and what leaves the building. AI is a new door into the same room, and the work is to put the same discipline on the new door – not to brick it up.
That means giving people a sanctioned tool that's actually good enough to reach for first, so the useful behavior happens inside a boundary instead of outside it. It means being explicit about what class of material can go where, in language an associate under deadline can follow without a lawyer. It means knowing where client data flows – which tools, which retention, which terms – the way you already know who has keys to the file room. And it means closing the perception gap: a policy 65% of partners think is clear and 43% of the team can actually follow isn't a policy, it's a liability with good intentions.
Here's what that looks like on an ordinary Tuesday at a ten-person firm. There's one AI tool the firm pays for and stands behind, good enough that reaching for it is easier than opening a random chatbot. There's a one-page rule an associate can actually hold in their head – this kind of material is fine here, this kind never leaves our systems, when you're unsure you ask – written in plain English, not in the language of a data-processing agreement. Somebody owns the answer to "where does our client data actually go," the same way somebody owns the keys to the file room. And leadership checks, honestly, whether the team believes the rules are clear, rather than assuming it because a partner wrote them down once. That's not a security department. It's four decisions a small firm can make in an afternoon and revisit every quarter.
This is the shape of managed intelligence done right. The value was never in letting people use AI or stopping them. It's in building a governed place where a capable team can use powerful tools on sensitive material without the firm's core promise leaking out the side. Do that, and AI becomes a genuine advantage for a small firm. Skip it, and you've outsourced your most important promise to whichever chat window had the shortest path to your associate's deadline.
The firms that come through this well won't be the ones that moved slowest on AI. They'll be the ones that built a place their people could move fast without carrying the client's trust out the door.
The leak isn't coming. Check the logs. It's already here, and it's wearing your team's badge.
More from Consulting Operations

The Robot Isn't the Threat. The Squeeze Is.
Only 22% of tech workers fear being replaced by AI. Far more fear the squeeze — more work for the same pay. It's answerable, from both sides.

AI Didn't Make Me Faster. It Made Me Right More Often.
82% of tech workers say AI made them more productive. Whether it made the work better is a choice — and the research shows exactly how the two paths split.

The On-Ramp Didn't Close. It Just Stopped Being Free.
Most tech workers wouldn't recommend their field to a newcomer. The on-ramp is narrowing — but it's a filter, not a wall, and here's how you still get in.
Want help running a sharper practice?
Managed Intelligence handles the research and synthesis behind your client work – a living deliverable kept current, so more of your time goes where your name is on the line.
See Managed Intelligence