Shadow AI is The New Shadow IT & Financial Institutes are Sleepwalking Into It

By Bradley Elliott, CEO at RelyComply

Someone at your institution is running a critical risk calculation from a laptop under a desk. You just don’t know which one.

That’s not a hypothetical. At a major bank, compliance teams discovered approximately 36,000 systems operating across the business, many running calculations that fed directly into financial decisions, some physically sitting under desks, invisible to IT and governance. It took years and a significant audit effort to surface them.

Now imagine that problem, except instead of rogue spreadsheets and outdated software, the tools are AI agents with access to internal data, personal Large Language Model (LLM) subscriptions such as ChatGPT or Gemini used to summarise sensitive client files, and model APIs called outside any sanctioned infrastructure.

The scale is bigger. The data exposure is worse. And most financial institutions, banks, fintechs, insurers, and asset managers alike, haven’t started looking yet.