The market is changing rapidly, especially in terms of technological developments. Artificial intelligence (AI) has become a central theme in this context. Despite AI’s popularity, many organisations have not yet developed formal AI-strategies. There are no guidelines for the ethical, legal, and safe use of AI tools within an organisation. In contrast, employees are taking the initiative into their own hands and starting to use generative AI-tools such as ChatGPT and Gemini independently. This leads to the phenomenon: ‘Bring Your Own AI’ (BYOAI), where employees use generative AI- tools without supervision or formal authorisation from the organisation. However, organisations must move from BYOAI to a controlled AI-strategy.
I had the opportunity to interview an AI operator, Jurgen Gankema. Gankema supports organisations with AI inspiration sessions and pathways to help organisations understand and successfully integrate AI into their strategy and operations. The conversation revealed opportunities and challenges of BYOAI in organisations, such as the opportunities and risks of BYOAI and how they can be controlled.
Using BYOAI: a blessing for the employee?
BYOAI refers to using generative AI-tools, such as ChatGPT and Gemini, without formal management approval. These AI-tools are often free and increasingly accessible to individuals, which allows employees to use them quickly. While organisations lag in implementing AI-strategies, employees enjoy the advantages, such as automating tasks and increasing productivity. However, these short-term gains obscure long-term data security and compliance risks. Gankema notes, “You just start working more productively, your work becomes more fun. The emails you normally have to write, now you just type much faster. These are simple examples.”. While BYOAI offers advantages for individual employees, organisations may face significant risks, for example in terms of data security and compliance, which need to be carefully managed.
BYOAI risks: data and compliance
While it brings advantages for employees, it brings risks and challenges for organisations. Gankema emphasises that there are risks with BYOAI: “Is that you see that a lot of people already start working with AI themselves within an organisation … they bring their own private accounts, but that ensures that there is no strategy behind it from the organisation. They do not know what is happening in the workplace with those tools. People are not trained to work with them. That only brings risks.”. The use of generative AI-tools present risks for data security and compliance. Generative AI-tools can store and process data in ways that organisations are unaware of, such as personal data or information about unreleased products. Employees may unknowingly share confidential information with AI systems. Gankema notes, “I think the biggest danger in this is that as an organisation you do not have visibility into data compliance and how it is being managed. That just all eludes you and if you want to get visibility on that, you have to make sure you have a good strategy.”. Without an approved strategy, organisations have no visibility into what is happening in the workplace, which makes it a major risk that can lead to data breaches and legal issues.
I think the biggest danger in this is that as an organisation you do not have visibility into data compliance and how it is being managed. That just all eludes you and if you want to get visibility on that, you have to make sure you have a good strategy.
Why are organisations lagging in AI adoption?
Despite the advantages and urgency to develop an AI-strategy, organisations remain hesitant. Gankema sees that organisations do not yet have enough knowledge on how to safely implement an AI-strategy, as well as the fear of resistance in the organisation. According to Gankema: “From organisations, this can just create serious resistance if my job suddenly disappears, and what should I do with my staff and how am I going to announce that (…). Also, a piece of fear … because of that they think, we will wait a bit until it is clearer.”. This approach is understandable, but waiting for clarity is risky. It slows down the growth of an organisation, but also increases exposure to risks that a well-defined AI-strategy could help reduce.
In addition, Gankema gave another perspective on BYOAI, namely that organisations should be happy with employees bringing their own AI-tools to work: “I think as an organisation, if you have to deal with employees bringing their own AI-tools to the workplace, you should actually be very happy with the staff you have running around. It shows that people in the workplace are very innovative and open to change and willing to just work much more efficiently.”. While organisations should be happy to have innovative employees, it is essential that they work within the controlled AI-strategy.
Organisations do not yet have enough knowledge on how to safely implement an AI-strategy, as well as the fear of resistance in the organisation.
Implementing a controlled AI-strategy
As an organisation, you want to move from BYOAI to a controlled AI-strategy, but why is that important?
Ultimately, as an organisation, you want to get rid of Bring Your Own AI to work.
Gankema notes that: “Ultimately, as an organisation, you want to get rid of Bring Your Own AI to work. As an organisation, you want to be the one to make sure this is no longer necessary. People need to use the tools you provide them with, what you have visibility into, what you can monitor.”. While Gankema suggests that BYOAI should be removed from the workplace, it could rather be replaced with a controlled AI-strategy. According to Gankema, this strategy should have four elements. Firstly, Ethics, this looks at how ethical it is how AI is applied. Secondly, Legal Compliance, this involves AI-tools complying with legal requirements. Thirdly, Data Compliance, this involves making guidelines on how to manage compliance around data. For example, the storage and processing of data. Lastly, Change Management, because of the changes it also has an impact on the organisation where employees need to feel heard and supported. This is where it is also helpful for organisations to adopt paid AI subscriptions for businesses to have more control and security over how data is used and processed. While these elements provide a solid foundation, it is crucial that organisations act quickly to implement a controlled AI-strategy. Although BYOAI offers advantages to employees, they may not realise that it creates risks for organisations. With a well-developed AI-strategy, employees can retain the same advantages while ensuring organisations’ data security and compliance.
Acknowledgement Statement
This blog is part of the student writing competition in the Management Consulting Master Program at the School of Business and Economics.