The Next Input — Issue #095

Stop "Shadow AI" Before It Fires You

Aaron Bost
December 02, 2025

In partnership with

⚡ The Briefing — 60 sec

NVIDIA announces new open AI models and tools for autonomous driving research
If you’ve never been in a car that actually drives itself, this might look like nothing. But once you’ve felt the wheel turn without you… it hits different.
NSW planning official used husband’s AI tool to fast-track hundreds of housing proposals
Using prohibited tools on the job is definitely not a nothingburger. Sucks for them, but rules are rules.
Google CEO warns the US is losing the AI race to China due to regulations
Same argument, new day. Regulation vs velocity. Someone’s always losing to someone.

🛠️ The Playbook — The AI Procurement Firewall

Mission Build a system that ensures staff only use approved AI tools—and flags risky or off-policy use instantly.
Difficulty Advanced
Build time 3 hours
ROI Prevents compliance breaches and shadow-AI creep without killing productivity.

0) Why This Matters

Every workplace right now has two categories of AI usage:

The official stuff leadership thinks people use.
The wild west people actually use—personal tools, side apps, extensions, random models.

The NSW planning scandal is a preview of what happens when “shadow AI” slips into decision-making.
This firewall solves that without turning into another corporate chokehold.

1) Architecture

Component	Tool	Purpose
Intake	Browser extension (Stytch SSO Enforcement)	Detect tool usage + authenticate users
Policy Store	Confluence / Airtable	Track approved + banned AI tools
Evaluator	Claude 4.5 Haiku	Classify risk level of observed tool usage
Compliance Layer	GPT-5-mini	Generate clean incident summaries
Notification	Slack + Email	Instant flagging for off-policy usage

2) Workflow

Browser extension logs whenever employees use an AI-adjacent domain or tool.
System checks tool against the Airtable “AI Policy Register”:
- Allowed
- Allowed with restrictions
- Prohibited
If usage is prohibited or high-risk, the event triggers a Haiku evaluation:
- what the tool does
- whether access could compromise data
- severity tier
GPT-5-mini drafts a simple incident note with next steps.
Slack notifies:
- user
- manager
- compliance
For low-risk tools, system suggests an approved alternative and lets work continue.

3) Example Prompts

Risk Classification (Claude 4.5 Haiku)

Classify this AI tool’s usage:
- What the tool does
- Level of data exposure
- Whether it bypasses policy
Return: Low, Medium, High.
Include a 1–2 sentence explanation.

Incident Summary (GPT-5-mini)

Write a clean incident summary:
- what tool was used
- why it’s off-policy
- suggested corrective action
Tone: concise, neutral, professional.

4) Guardrails

Do not block users mid-task—warn, then log.
Approved tools list must be reviewed weekly.
Avoid over-flagging harmless usage (Wikipedia summaries ≠ AI tool).
Keep employee names out of auto-generated reports until a human confirms severity.

5) Pilot Rollout — 3 hours

Build your Airtable “AI Policy Register.”
Deploy a lightweight browser extension with domain logging.
Test detection with 15 tools: ChatGPT, Claude, Perplexity, Midjourney, Poe, etc.
Run the Haiku classifier on captured logs.
Add the top five employee-safe alternatives into the policy.
Turn on Slack incident alerts for high-risk categories only.

6) Metrics

Number of flagged off-policy tools per week
Percentage of staff using only approved tools
High-risk incidents prevented
Time spent reviewing tool usage
Reduction in shadow-AI tools over 30 days

Pro Tip: Don’t fight shadow AI—redirect it. Give people approved tools that actually feel good to use.

🎯 The Arsenal — Tools & Prompts

Stytch SSO Enforcement · Authenticate usage + enforce tool access · https://stytch.com
Klu.ai · Centralised AI policy + usage analytics · https://klu.ai
Conductor · Risk scoring for SaaS + AI apps · https://conductor.one
Acronis CyberProtect · Endpoint monitoring for unauthorised tools · https://acronis.com

Copy-paste prompt block:

You are my AI usage risk evaluator.
Classify the tool:
- function
- data exposure level
- compliance conflict
Return: Low, Medium, or High.
Keep it tight.

💡 Free Office Hours

Want help implementing anything? Book a free 15-minute Office Hours slot—no sales pitch, just workflows solved.

→ https://calendly.com/aaron-cylentis/the-next-input-office-hours

Modernize your marketing with AdQuick

AdQuick unlocks the benefits of Out Of Home (OOH) advertising in a way no one else has. Approaching the problem with eyes to performance, created for marketers with the engineering excellence you’ve come to expect for the internet.

Marketers agree OOH is one of the best ways for building brand awareness, reaching new customers, and reinforcing your brand message. It’s just been difficult to scale. But with AdQuick, you can easily plan, deploy and measure campaigns just as easily as digital ads, making them a no-brainer to add to your team’s toolbox.

Learn more now.

🕹️ Game Over

Approve the right tools and the wrong ones disappear.

— Aaron Automating the boring. Amplifying the brilliant.

Subscribe: https://cylentisai.beehiiv.com/subscribe