There is a conversation happening in professional services firms right now, and most leadership teams aren’t in it.
It goes something like this: a lawyer drafts a client letter using ChatGPT on their personal account. A CPA summarizes a financial report using a free AI tool before a deadline. An advisor pastes meeting notes into an AI transcription app without asking anyone. None of them think they’re doing anything wrong. Most of them think they’re being resourceful.
They are. That’s the problem.
This is what’s known as Shadow AI — the use of artificial intelligence tools outside of your firm’s awareness, approval, or oversight. It isn’t malicious. It isn’t unusual. It’s what happens when capable people find tools that make their work easier and use them, because nobody told them not to.
And in regulated industries where client confidentiality isn’t optional, “nobody told them not to” is not a defense.
What’s actually at risk
When your team enters client data into a free-tier AI tool, that data goes somewhere. Where it goes, how long it stays, and whether it’s used to train future models depends entirely on which tool, which account type, and what the terms of service actually say. Terms that most people have never read. Terms that vendors update regularly.
One professional conduct complaint. One client who finds out their confidential information passed through an unvetted AI system. One regulator who asks what your policy was. That’s when “we were figuring it out” becomes a very expensive sentence.
The good news
This is a solvable problem — and it doesn’t require a six-month consulting engagement or an enterprise compliance department. What it requires is an honest look at what’s actually happening in your firm, a clear set of decisions about what’s permitted and what isn’t, and a plan to communicate it.
Most firms can get there in half a day.
The ones who wait are betting that nothing goes wrong before they get around to it. In my experience, that’s not a bet worth making.
Clairity Consulting helps professional services firms build AI governance frameworks that are practical, tailored, and built to last. If you’re not sure where your firm stands, that’s exactly where we start.