Most companies already have Shadow AI (even if they don't know it)
There is a scene that plays out over and over in startups, agencies, and growing companies across Spain. Someone on the team discovers an AI tool that saves them two hours a day. They install it, connect it to their work email, feed it a couple of internal documents, and start using it. They don’t ask for permission because there is no one to ask. There is no AI usage policy. No security lead. No protocol. Just a small team running at full speed to keep the business moving.
That tool, which no one has evaluated or authorized, now has access to client data, internal correspondence, and confidential documents. And the company doesn’t know it.
This has a name: Shadow AI. And according to the most recent data, 98% of organizations have employees using AI applications without oversight.
Why it happens (and why it’s no one’s fault)
Shadow AI doesn’t appear out of rebellion. It appears because AI tools are incredibly easy to use and solve real problems. A BlackFog study from January 2026 found that 86% of workers use AI tools at least once a week for professional tasks. 63% consider it acceptable to use them without approval if the company offers no alternative.
And in a 15-person startup, a 30-person agency, or a freelancer working alone, the reality is that nobody has time to evaluate whether that Chrome extension with AI is safe, or whether the assistant generating business proposals is storing client data on a server in another country.
Everyday scenarios that are already happening
The accountant who pastes billing data into ChatGPT to generate a summary. The designer who uploads internal briefings to a content generation tool. The developer who installs an autonomous agent on the company laptop because it automates tasks that used to take hours. They are all doing their jobs. They are all creating a risk that no one can see.
From chatbots to autonomous agents: the leap that changes everything
Until recently, Shadow AI was limited to employees pasting data into chatbots. The risk existed but was containable: an isolated data leak. That has changed radically with the emergence of autonomous AI agents.
The OpenClaw case
The most visible case is OpenClaw. An open source project that in three months became one of the fastest-growing repositories in GitHub history: over 215,000 stars, Mac Mini shortages in stores across the United States, and an exponentially growing user community.
Unlike a chatbot, OpenClaw can execute commands in your terminal, read and write files, browse the web, send emails, and connect to tools like Slack, Google Workspace, or the company calendar. All locally. No cloud dependency.
For a startup CEO or a freelancer who needs to multiply their execution capacity, the promise is irresistible. And many are already using it.
The cost of autonomy
The problem is that autonomy comes at a cost. In February 2026, Gartner classified OpenClaw as an unacceptable cybersecurity risk for enterprise environments. The data is striking:
- 20% of the extensions available on its marketplace contained malware.
- Over 42,000 instances were found exposed to the internet without authentication.
- A critical vulnerability allowed an attacker to take complete control of an instance with a single click on a link.
This has happened to Samsung. And to Disney. And it can happen to you.
Three Samsung engineers pasted proprietary source code into ChatGPT within the span of a month. Samsung responded by banning the tool. Then it had to reverse the decision because the ban didn’t work.
A Disney employee installed an AI extension to generate images. It was infected with malware. The result: 44 million internal Slack messages exposed.
The difference between a large company and a startup
The difference between these companies and a 20-person startup is not the type of risk. It is the ability to absorb the blow. Samsung has an incident response team, a legal department, and the resources to weather the crisis. A startup, an agency, or a freelancer does not.
For a small company, a single incident of this kind can mean losing client trust, paralyzing operations for weeks, or shutting down entirely.
The data from INCIBE confirms it: 60% of small businesses do not survive more than six months after a serious cyberattack. And the average cost of an incident for a small business in Spain ranges between 35,000 and 80,000 euros.
Banning AI is not the answer
The temptation is obvious: ban all AI tools and be done with it. But the research on this topic is consistent. Nearly half of employees admit they would continue using AI tools with personal accounts even after an explicit ban. Bans don’t eliminate Shadow AI. They push it further into the shadows.
This is especially relevant in startups and small teams, where the work culture is precisely about agility, experimentation, and autonomy. Telling your team they can’t use AI is like telling them they can’t use Google. It’s not going to happen.
What actually works: a clear framework
The alternative is having a clear framework. You don’t need a compliance department or a full-time CISO. You need three things:
- Know what tools your team is using.
- Establish basic rules about what data can be shared with them.
- Offer approved options that are at least as good as the ones they find on their own.
If the official path is more complicated than the unofficial one, the policy will always fail.
And if you’re a freelancer, the risk is 100% yours
If you work alone, there is no one else to blame and no one to share the impact with. Every AI tool you use with client data is your responsibility. Every credential you hand to an autonomous agent is your exposure. Every browser extension you install without reviewing is a door you open.
The NIS2 effect on freelancers and suppliers
If you work as a supplier to medium or large companies, the NIS2 Directive being transposed in Spain during 2026 requires these companies to audit the security of their supply chain. That includes you. Being able to demonstrate that you have minimum security practices in place can be the difference between keeping a client and losing one.