May 29, 2025 — Amid widespread layoffs in the consulting industry driven by automation and AI adoption, a growing number of consultants are creating unauthorized artificial intelligence tools—dubbed “Shadow AI” copilots—in a bid to retain relevance and secure their positions. The phenomenon is creating significant security blind spots and governance challenges for enterprise IT departments and security teams.
According to internal industry assessments, more than 74,500 shadow AI tools are currently operating across major consulting firms. These tools are typically built using Python scripts and third-party AI APIs, such as those from OpenAI, Anthropic, or Google, and are often deployed without oversight from IT or security teams.
These unofficial tools are being developed by employees under pressure to demonstrate productivity gains in the face of mass layoffs. Over the past 18 months, tens of thousands of consulting jobs have been cut globally as firms automate key tasks and reduce headcounts, particularly in research, analytics, and administrative support.
“What we’re seeing is a perfect storm,” said a cybersecurity leader at a global consulting firm who requested anonymity. “Employees are using AI to prove their value, but they’re bypassing governance controls entirely—leaving us blind to what code is running, what data is being processed, and where that data is going.”
Security experts warn that Shadow AI poses serious risks, including:
- Data leakage and compliance violations, especially under GDPR, HIPAA, and other regulatory frameworks.
- Unauthorized access to sensitive client data when tools integrate with internal platforms or cloud environments.
- Intellectual property exposure as proprietary methods and models are embedded into unmonitored AI services.
- Lack of auditability and version control, making forensic analysis or accountability nearly impossible in the event of an incident.
In response, some firms are beginning to implement AI usage detection tools, conduct code audits, and roll out governed AI development platforms to give employees secure alternatives. However, efforts remain uneven across the industry, and many firms have yet to establish formal policies to regulate internal AI development.
Industry analysts suggest that while the rise of generative AI is reshaping consulting workflows, firms must move quickly to close security gaps or risk regulatory consequences and reputational damage.
“Shadow AI is not just a tech story—it’s a people and process failure,” said one governance consultant. “Unless leadership proactively empowers employees with secure AI tools and training, these backchannel innovations will keep multiplying.”
The proliferation of Shadow AI tools underscores a growing tension in the professional services sector: the race to embrace AI innovation, and the urgent need to do so within a secure, compliant, and transparent framework.
