Skip to main content

INV Group

Picture of Paul Zimmerman

Paul Zimmerman

INV Group Chief Communications Officer

03 July 2026

The question is whether you can see it

Banning or restricting AI tools may feel safe, but it can push usage out of sight. Professor Alan W. Brown argues that the real challenge is not preventing AI adoption, but creating safe, visible and governed routes for people to use it responsibly.

AI adoption is no longer waiting for permission.

Across the public sector, staff are already experimenting with tools like ChatGPT, Microsoft Copilot, Claude and other AI systems. Some are using approved tools. Some are using restricted tools. Some are using personal accounts. Some are using AI without calling it AI at all.

This is the new reality for public sector leaders.

The question is not whether AI is being used in your organisation.

The question is whether you know where, how, why and with what level of risk.

In conversation with INV Group, Professor Alan W. Brown, author of Making AI Work for Britain, described a workaround now emerging in high-integrity organisations:

“Our company doesn’t allow us to use some of those tools. It’s too dangerous. We work in a high-integrity field. So what we do is, we walk down to the coffee shop… we’re away from prying eyes and any monitoring. And then we look it up online.”

That is the shadow AI problem in miniature.

The organisation has not stopped AI use. It has simply moved it beyond visibility, beyond audit and beyond governance.

Locking tools down can increase risk

For many public sector organisations, the instinctive response to AI risk is restriction.

Block the tools.
Limit access.
Run a controlled pilot.
Wait for national guidance.
Allow only a small group to experiment.
Tell everyone else to hold back.

That approach is understandable. Public sector organisations handle sensitive data, deliver statutory services and support vulnerable people. They are rightly cautious.

But restriction is not the same as governance.

In some cases, excessive restriction can make the organisation less safe, not more safe. It can push AI use away from approved systems and into personal accounts, private devices and informal workarounds.

This creates a serious governance gap.

Leaders may believe they have reduced risk because they have limited official access. In reality, they may simply have lost visibility.

That is the uncomfortable truth of shadow AI.

The real risk is invisibility

The risk is not only that people use AI. The greater risk is that leaders do not know enough about that usage to manage it.

They may not know:

What tools are being used.
What data is being entered.
What prompts are being written.
What outputs are being copied into documents.
What advice is influencing decisions.
Which services are affected.
What controls are missing.
What audit trail exists.

This matters because AI is not just another productivity tool.

It can summarise policy, draft correspondence, interpret data, generate recommendations, write code, analyse complaints, support casework and reshape workflows. Used well, it can save time and improve services. Used badly, it can introduce bias, leak sensitive information, create false confidence, undermine accountability or damage public trust.

Public sector organisations cannot manage those risks if they cannot see them.

Staff are not the problem

It would be a mistake to frame shadow AI as simply a staff behaviour problem.

Most people experimenting with AI are not trying to break rules. They are trying to get work done.

They are under pressure. They have backlogs. They face complex processes, fragmented systems and rising citizen expectations. They can see tools that might help them draft faster, summarise faster, search faster, analyse faster and respond faster.

If the official organisation offers no safe route to use those tools, people will find their own routes.

That is not ideal, but it is predictable.

The job of leadership is not to pretend this is not happening. It is to create a governed environment where responsible use is easier than irresponsible use.

That means moving the conversation away from “AI is banned” or “AI is allowed” and towards a more mature question:

What kinds of AI use are acceptable, under what conditions, with what data, for what purpose, with what oversight and with what record of use?

Transparency builds trust

In Making AI Work for Britain, Alan makes an important point about algorithmic transparency in the public sector:

“The political cost is that such transparency will reveal imperfection. The strategic value is that it builds precisely the public trust that enables deeper and faster AI adoption.”

That line matters for shadow AI.

Some organisations may be reluctant to expose where AI is being used because doing so reveals uncertainty, uneven practice or gaps in control. But that visibility is precisely what makes better governance possible.

You cannot improve what you cannot see.
You cannot govern what you do not record.
You cannot build trust around systems that remain hidden.

Transparency does not mean pretending everything is perfect. It means being honest enough to understand what is happening, mature enough to manage the risks, and disciplined enough to improve over time.

From prohibition to governed adoption

The answer to shadow AI is not denial.

It is governed adoption.

That means giving people clear, safe and practical routes to use AI in ways that match the level of risk involved.

Not every AI use case needs the same level of control.

A staff member using AI to improve the wording of an internal meeting note is not the same as a team using AI to support decisions about adult social care, housing eligibility or children’s services.

A communications team using AI to generate draft campaign ideas is not the same as a customer service team using AI to respond to vulnerable residents.

A back-office summarisation tool is not the same as an automated workflow that affects statutory entitlements.

Good governance recognises those differences.

It classifies risk. It defines acceptable use. It creates approval routes. It records ownership. It monitors outputs. It provides escalation. It makes clear where human judgement must remain central.

That is how organisations move from hidden experimentation to responsible adoption.

Why public sector leaders need visibility

Visibility is the foundation of AI governance.

Before an organisation can control AI use, it needs to understand it. That means building a live picture of where AI is being used or proposed across services, teams and workflows.

That picture should answer basic but important questions:

Who owns the use case?
What problem is it trying to solve?
What data does it use?
Is personal or sensitive data involved?
Is it public-facing or internal?
Does it influence a decision?
Is there human review?
What supplier or model is involved?
How is performance monitored?
What happens if something goes wrong?

Without that visibility, AI governance becomes guesswork.

With it, leaders can make informed decisions. They can support low-risk experimentation, apply stronger controls to high-risk use cases, stop unsafe activity and scale successful patterns across the organisation.

That is the difference between unmanaged AI and governed AI.

The role of culture

Shadow AI is also a cultural signal.

It tells leaders that staff can see potential value, but do not feel there is a safe, trusted or useful official route to access it.

That matters.

If the official message is too restrictive, staff may disengage. If the official tools are too clunky, people may avoid them. If pilots take too long, teams may move ahead informally. If governance feels punitive, people may hide what they are doing.

Public sector organisations need to create a culture where people can raise AI ideas, declare usage, discuss risks and ask for guidance without fear of being punished for curiosity.

That does not mean anything goes.

It means responsible experimentation is treated as something to be managed, not suppressed.

Alan’s broader argument in Making AI Work for Britain is that the UK needs adaptive, learning-centred leadership if it is to make AI work in practice. That applies directly here.

Shadow AI thrives where organisations are slow, unclear or fearful.

Governed AI adoption depends on leadership, openness and trust.

From tool control to workflow governance

One of the mistakes organisations can make is to think of AI governance only in terms of tool access.

Who has ChatGPT?
Who has Copilot?
Who can use Claude?
Which websites are blocked?
Which suppliers are approved?

Those questions matter, but they are not enough.

The deeper question is how AI is changing workflows.

Where is AI being used to draft, summarise, classify, recommend, prioritise, escalate or automate? Where does it sit in the chain between citizen need and service response? Where does human judgement enter the process? Where is the audit trail? Where is accountability?

This is why AI governance needs to move beyond tool management and into workflow management.

For public sector organisations, the real challenge is not simply controlling access to AI tools. It is understanding how AI-enabled work is happening across services.

That is where the governance problem becomes operational.

How Arto helps

At INV Group, this is exactly why we are developing Arto through Invotra.

Arto is not simply another AI tool. It is designed to help public sector organisations manage and govern AI-enabled agents, workflows and automated processes.

Its role is to help organisations bring visibility, structure and control to AI adoption.

That means helping leaders understand where AI is being used, what risks are attached, who owns each workflow, what controls are in place and how activity can be monitored over time.

For councils and other public sector bodies, this matters because AI adoption will not happen neatly in one place. It will emerge across services, departments, suppliers, platforms and teams.

Without a governance layer, that activity can become fragmented and hard to control.

With the right governance layer, organisations can support innovation while maintaining accountability.

That is the balance public sector AI now requires.

The future is visible, governed and accountable

Shadow AI is not a temporary issue. It is a sign of what happens when powerful tools become available faster than organisations can adapt.

Trying to stop all informal AI use is unlikely to work. Pretending it is not happening is worse.

The better response is to create safe, visible and governed routes for AI adoption.

That means giving staff clear guidance.
It means giving leaders better oversight.
It means treating use cases differently according to risk.
It means protecting sensitive data.
It means preserving human accountability.
It means building audit trails.
It means learning from real usage.
It means creating systems that people actually want to use.

AI is already in your organisation.

The challenge now is to bring it into the light.

Because the answer to shadow AI is not denial.

It is governed adoption.