BrianOnAI logoBrianOnAI
Back to Blog

AI Governance

Your AI Strategy Has a Governance Gap. Here's How to Find It in 20 Minutes.

Brian Diamond
·
April 13, 2026
·
6 min read
AI GovernanceCAIOShadow AIEnterprise AI

The Brief

Last month I sat in a room with the leadership team of a $200M professional services firm. Smart people. Serious AI investment. A roadmap that would impress any board.

I asked one question: “Can you tell me every AI tool currently in use across your organization?”

Silence.

Then the CTO said approximately seven tools. The CFO said she'd heard about a few others. The Head of HR mentioned something her team had been piloting for six months that nobody else in the room knew about.

By the end of the week, we had identified 23 AI tools in active use. Eleven of them had never been reviewed by IT. Four of them had terms of service that allowed the vendor to use client data for model training. Two of them were handling information that fell under their regulatory compliance obligations.

This is not unusual. In fact, it's closer to the rule than the exception.

Shadow AI — the AI tools your organization is using that nobody has officially approved or reviewed — is the largest unmanaged risk in enterprise technology right now. It's not malicious. It's just what happens when powerful tools are cheap, easy to access, and solving real problems faster than governance can keep up.

The gap isn't strategy. The gap is visibility.

The Number

23 — the number of AI tools we found in active use at that $200M firm. Their CTO's estimate was seven. The delta between what leadership thinks is deployed and what is actually deployed is the governance gap in numerical form.

I've run this exercise across organizations of varying sizes. The ratio holds: actual AI tool usage is almost always a multiple of what IT and leadership believe it to be.

The Move

Run a shadow AI audit this week. It doesn't require a consultant or a platform. Here's the 20-minute version:

  1. Send a one-question survey to department heads: “What AI tools is your team currently using, including anything adopted in the last 12 months?” Anonymize it if you need honest answers.
  2. Pull expense reports for any SaaS subscriptions under $500/month from the last 12 months. AI tools at the department level almost always hide here.
  3. Check your browser extension policies. Individual ChatGPT, Claude, and Gemini integrations installed as browser extensions rarely show up in IT inventories.

Consolidate the list. You don't need to shut anything down yet. You need to know what you're working with.

That list is your AI governance starting point.

The Question

“If a regulator or auditor asked us to produce a complete inventory of every AI system touching our data or our clients' data, how long would it take — and how confident would we be in the answer?”

Take that into your next leadership meeting. The reaction in the room will tell you exactly how much governance work you have ahead of you.

Brian Diamond

About Brian Diamond

Brian Diamond is a fractional Chief AI Officer and founder of BrianOnAI, an AI governance platform, and Onaro, an AI spend intelligence platform. The CAIO Brief publishes every week for executives navigating AI leadership in real time.

LinkedInX/TwitterYouTube

Related Posts