Shadow AI and Democratic Accountability: The Governance Gap Institutions Are Not Seeing

As 'Shadow AI' spreads through everyday workflows, institutions face a growing governance gap that traditional oversight was never designed to manage.

The matrix code
Key takeaways
  • Shadow AI is already shaping critical decisions without oversight: Employees across organizations are using AI tools informally in daily workflows—from credit assessments to hiring decisions—without institutional visibility, governance, or accountability structures in place.
  • The risk is not AI adoption, but invisible accountability gaps: When AI-generated outputs influence decisions without transparency or traceability, organizations lose the ability to explain outcomes, assign responsibility, or ensure fair and consistent decision-making.
  • Effective AI governance starts with visibility, accountability, and operational alignment: Organizations must first recognize how AI is actually used in practice, establish clear accountability for AI-assisted decisions, and align governance frameworks with actual operational behavior rather than relying solely on formal policies.

Artificial intelligence is already embedded in decision-making across organizations—not through formal systems or enterprise deployments, but through something far less visible. It is happening quietly, within teams and across functions, and without oversight.

The problem is not that AI is absent from institutions. It is being used without being seen.

The invisible system inside organizations

Across Latin America, employees are using AI tools every day to perform tasks that shape real decisions:

  • A loan officer summarizes a credit file using an AI assistant
  • A human resources manager screens candidates through a generative AI platform
  • A public administrator processes sensitive data through a tool downloaded on a personal device

In most cases, these actions are not malicious. They are practical responses to pressure for efficiency and productivity. But they share one critical characteristic: they operate outside any formal governance framework.

This phenomenon is often described as “Shadow AI”—the use of artificial intelligence tools within organizations without institutional visibility, oversight, or accountability.

In practice, the issue is broader. In many organizations, there is no clear authorization framework for AI use at all. The result is not just unauthorized AI, but unregulated AI operating at scale.

A gap growing faster than governance

Recent data suggests this is not a marginal issue. A significant proportion of employees already share sensitive or confidential information with AI tools without organizational approval. At the same time, only a minority of organizations have clear internal policies governing AI use.1

This creates a structural gap: adoption is accelerating at the individual level, while governance capacity lags at the institutional level.

The consequence is not simply operational risk. It is a shift in how decisions are produced.

Outputs generated by AI systems, trained on data from different contexts, operating under external terms of service, and processed in jurisdictions unknown to the organization, are increasingly entering internal workflows as if they were verified human analysis. They are not.

This article is closely aligned with Isabel Velarde’s recent working paper “The Governance Gap Behind AI Deployment in High-Informality Economies,” Zenodo, DOI: 10.5281/zenodo.20217979

What institutions do not see

The most consequential aspect of this shift is not where AI is being used, but where it is not being recognized.

Many of the populations most affected by AI-assisted decisions are also those least likely to know such systems are involved. Workers in informal economies, individuals with incomplete financial records, or those with non-linear career trajectories are particularly exposed to misclassification when models trained on different socioeconomic contexts are applied to their data.

When an AI tool is used informally to inform a decision, the process becomes effectively invisible. The organization does not know the tool was used. The affected individual does not know that an automated system contributed to the outcome. The regulator has no mechanism to trace the decision. Visibility disappears at every level.

From governance gap to accountability gap

This is not only a question of internal controls. It is a question of accountability.

In any institutional setting, the legitimacy of decisions depends on a clear chain of responsibility. Someone must be accountable for the outcome, the criteria must be grounded in an identifiable framework, and those affected must have a way to question or contest the result.

Shadow AI disrupts all three simultaneously.

Decisions are shaped by tools that were never formally introduced, by criteria that were never reviewed, and by outputs that cannot be traced back to an accountable process. The result is a system in which authority is exercised, but responsibility is diffused or absent.

The issue is not that governance frameworks are failing. It is that they are being bypassed entirely.

“The greatest risk of Shadow AI is not the technology itself, but the disappearance of accountability. When decisions are influenced by systems no one formally governs, institutions lose visibility over how authority is exercised.”

Isabel Velarde

Why this matters for leadership

For business leaders, this is no longer a theoretical concern.

Every organization already has some level of informal AI use embedded in its operations. The question is not whether it exists, but whether it is visible and governed.

The absence of visibility creates multiple layers of exposure:

  • Decisions influenced by external systems without validation
  • Sensitive data processed outside institutional control
  • Accountability structures that cannot explain how outcomes were produced

At the board level, this translates into fiduciary risk. At the operational level, it affects the integrity of decision-making processes. At the reputational level, it raises questions that organizations may not be prepared to answer.

Ignoring Shadow AI does not reduce risk. It transfers it into areas where it cannot be measured.

A different kind of governance problem

Much of the current debate on AI governance focuses on regulating formal systems: those deployed, documented, and integrated into institutional processes.

Shadow AI represents a different challenge.

It is decentralized, informal, and embedded in everyday workflows. It does not appear in system inventories, does not pass through procurement processes, and does not trigger standard compliance checks.

Yet it is already influencing decisions with real consequences.

This creates a structural mismatch between what governance frameworks are designed to address and how AI is actually being used.

Where institutions need to look

Addressing this gap does not begin with new regulations or complex frameworks. It begins with recognition.

Organizations need to understand how AI is being used in practice, not only how it is intended to be used. This requires shifting attention from formal systems to everyday decision-making processes.

The first step is visibility. Without it, governance cannot exist.

The second is accountability. If AI contributes to a decision, there must be clarity on who is responsible for the outcome.

The third is alignment. Institutional policies, risk frameworks, and operational practices must reflect the reality of how decisions are made, not an idealized version of it.

The question institutions are not asking

The governance debate has focused on what organizations should require from AI systems.

The more urgent question is what organizations should require of themselves.

AI is already present inside institutions, shaping decisions in ways that are not fully understood, not formally recognized, and not systematically governed.

The issue is no longer adoption. It is accountability. And the longer it remains invisible, the more difficult it becomes to restore it.

Sources
  1. IBM Institute for Business Value AI Adoption Index,
    Cyberhaven 2023,
    Microsoft Work Trend Index 2024

Cover image: Markus Spiske on Unsplash

Disclaimer: The information provided in this article is solely the author’s opinion and not legal or regulatory advice—it is provided for educational purposes only. By using this, you agree that the information does not constitute any policy or institutional instructions. Do conduct your own research and reach out to governance and policy experts before making any compliance or framework decisions.

Tags
Isabel Velarde
Isabel Velarde

Isabel is a technology and investment expert with 20+ years across Latin America, the U.S., and Europe. As a practitioner and advisor to boards, investors, and multilateral organizations, she focuses on AI governance, algorithmic accountability, and gender equity, connecting capital allocation, ethics, and institutional oversight in complex markets.