‘Shadow AI’ poses growing boardroom cyber risk as staff feed company data into chatbots

Workers are putting sensitive company data into AI chatbots, creating a hidden cyber timebomb for firms rushing to embrace the technology, Zendata chief Isabelle Meyer warns

Staff are feeding company secrets into AI chatbots without realising where the data goes, leaving businesses dangerously exposed as they race to adopt the technology, one of the sector’s leading cyber executives has warned.

Isabelle Meyer, co-founder and chief executive of Zendata Cybersecurity, said the rapid adoption of AI across organisations had created a fresh layer of unmanaged risk, with many companies still failing to understand the scale of their exposure.

Meyer said employees are increasingly experimenting with AI tools outside formal company systems, entering business information into chatbots or external platforms without fully appreciating the implications for privacy, governance or security.

This unmanaged use of AI – known as “shadow AI” – is now one of the biggest emerging threats facing organisations across Europe, she said.

Speaking to Business Matters, Meyer said many businesses are embracing new technology faster than they can build the safeguards needed to protect themselves from cyber risk.

“Shadow AI is the biggest threat at the moment,” she said.

“What are you giving in the prompt? What are you ingesting? That is where we have the biggest threat at the moment, and most organisations don’t even know where their data is stored.”

“Everybody wants to use AI agents – insurance, law firms, banking, they all want to do it. But is your environment ready to incorporate it? Once it’s there, is it safe? And then you still need to pen test it.”

“It was like with the cloud. Everybody wanted to go on the cloud. Everybody rushed, and they all got on the cloud. Yes, it is more secure than on-prem, but it’s not hacker-free. You still need to protect it. And now it’s the same thing with AI.”

Meyer added: “Some companies will put in their entire financial information onto an AI platform. It’s not intentional. The employee thinks he’s doing the right thing, but maybe it’s also not understanding the impact of it.”

The warning comes as companies increasingly rush to integrate AI into day-to-day operations while also facing a more volatile geopolitical threat environment and a cyber landscape in which attacks are becoming easier to launch and harder to predict.

According to McKinsey’s 2025 global AI survey, 78 per cent of organisations now use AI in at least one business function, up from 55 per cent a year earlier, while 71 per cent regularly use generative AI.

Microsoft’s AI Economy Institute has also estimated that roughly one-in-six people worldwide now use generative AI tools, underlining how quickly the technology has moved into everyday work.

Meyer, who began her career in litigation in London before becoming a managing partner in Geneva and co-founding Zendata Cybersecurity, is trying to address that gap through a company focused on cyber resilience, incident response, risk assessment and the safe adoption of emerging technologies.

Zendata works with organisations across sectors to identify vulnerabilities, strengthen defences and help businesses understand how tools such as AI can be used securely rather than becoming another route for data exposure.

Meyer said cybercrime has become so accessible that attackers no longer need advanced technical skills to launch damaging campaigns. Ransomware tools can now be bought through the dark web quickly and cheaply, while automated scans leave organisations of every size exposed.

Smaller businesses are especially at risk because most assume they are too insignificant to be targeted, she warned.

And many larger firms are still treating cyber security as a compliance exercise rather than a live assessment of risk, she added.

“It’s not really about who you are and how big you are,” Meyer told Juliette Foster. “You need to put in your environment at least the strict minimum.”

Meyer also warned that geopolitics was reshaping the threat environment, with wars, diplomatic flashpoints and major international events creating opportunities for hostile cyber activity.

“The Russian-Ukraine war, complication in the Middle East, the G7 summit, the Olympics – these are all playgrounds for the threat actors, the hackers,” she said. “Cyber-attack is extremely efficient and extremely cheap compared to sending people on the ground.”

AI was also changing the defensive side of cyber security, helping teams process threat intelligence, reduce noise and support forensic investigations.

But technology had to be matched by governance, education and real-time adaptive defence. “Cybersecurity is about risk,” she said. “It’s not about tools. It’s about risk.”

Looking ahead, Meyer said businesses would need to prepare for quantum-resistant systems and vulnerabilities in satellite and space infrastructure.

“Whatever we are building now needs to be quantum resistant in the future,” she said. “If you’re looking at the next step in cybersecurity, we had physical security, we had cybersecurity, and now we have to think about cybersecurity in space.”

Watch Isabelle Meyer, co-founder and CEO of Zendata Cybersecurity, on Business Matters, airing on Bloomberg TV on Sunday 7 June at 9.30am on Sky 502, Sky Glass 505, Virgin 609 and Freesat 208.

READ MORE: Firms ‘wasting AI’ by using it to speed up bad habits. SDG Group’s Steve Crosson Smith says companies need to move beyond quick productivity wins and use AI to connect siloed data, expose bottlenecks and give leaders a clearer view of where to act. 

Do you have news to share or expertise to contribute? The European welcomes insights from business leaders and sector specialists. Get in touch with our editorial team to find out more.