Phoenix Tree mark Phoenix Tree ← All insights
Governance/May 28, 2026/6 min read

The Shadow Stack: the AI your team already runs

Three AI subscriptions, three different cards, zero policy. The tools showed up before anyone decided they should. Here is how to find what is already running — and bring it under control without killing the momentum.

By Jason Evans · Founder, Phoenix Tree

Every business owner I sit down with tells me a version of the same thing: "We are not really doing AI yet." Then we open the books. There is a writing assistant on the marketing manager's browser, a transcription tool the sales team expenses individually, and a chatbot someone in operations pasted last quarter's customer list into to "clean it up." None of it was approved. None of it is on a policy. All of it is running right now.

That is the shadow stack — the ungoverned AI already inside your company. It is not a hypothetical risk on a slide. It is live, and it is touching your data today.

Why it is a governance problem first

The productivity story is real, but it is the second story. The first one is about data. When an employee pastes a contract, a customer record, or a pricing sheet into a public model, that information has left the building — and depending on the tool's terms, it may be training the next version of someone else's product.

You cannot write an incident report about a system you did not know existed. The danger of the shadow stack is not that people are using AI. It is that no one with accountability can see it, measure it, or shut it off.

The question is not whether to adopt AI. It is whether you adopt it on purpose, or it adopts you.

How to surface it

You do not need a forensic audit to start. You need a calm, blameless inventory. In the first week of an engagement we map exactly this:

  • Every AI tool in use, named — not categories, actual product names.
  • Who pays for each one, and on whose card.
  • What data each tool can see, and where that data goes.
  • Which workflows now quietly depend on a tool no one chose deliberately.

The goal of this pass is not to catch anyone. It is the opposite — the people using these tools found real value, fast, on their own. That instinct is worth keeping. You are just putting a frame around it.

Bringing it under control

Once the stack is visible, the fix is rarely "ban everything." It is to replace the riskiest tools with private equivalents, write a short usage policy your team will actually follow, and turn on identity, access, and audit logging so the next tool that shows up is one you can see. Enterprise security discipline, applied to a business your size — not bolted on after an incident.

Done well, the team keeps the speed they discovered and you get the control you need. That is the whole job: strategy before tools, always.

Want to see your own shadow stack?

Book an AI assessment →