REQUEST A TRIAL
back to blog

AI, shadow IT and secure communications

AI, shadow IT and secure communications

Are your employees sharing sensitive information via AI? A secure comms platform ensures confidential information can’t be leaked 

A recent survey caught our eye, about the use of AI and how often sensitive information is shared when it shouldn’t be. As well as concerns about sharing commercially sensitive or confidential information, it also raises another question.  Could your organisation be in the running for a GDPR/ICO fine?  If your employees are using a personal AI/LLM such as ChatGPT, you could well be.

The survey, reported by The Register: https://www.theregister.com/2025/10/07/gen_ai_shadow_it_secrets/, found that 22% cut and paste sensitive information (e.g. Personally Identifiable Information PII subject to Data Protection laws).  A whopping 82% do so from a personal account – meaning there is no oversight for the business.  And although ChatGPT is currently the most popular AI/LLM app by some considerable margin, Microsoft is looking to gain market share, and is reportedly to start supporting personal Copilot account usage in enterprise environments – so more unmonitorable data leaking out to who knows where.

If all of this sounds depressingly familiar to data/cyber security specialists, that’s because it is exactly the same issue as the use of consumer instant messaging apps. Remember the numerous instances of MPs’ disappearing WhatsApp messages debacle? https://www.armourcomms.com/2025/04/11/secure-communications-providing-the-right-tools-to-do-the-job/  

A secure communications platform, that is designed to be Secure by Design and Default from its inception, protects any sensitive and/or confidential discussions that take place within its secure comms ecosystem.  This includes preventing any of the conversations being copied and pasted into other applications, including AI/LLM apps.

Employees have a long track record of using the most convenient tools they can lay their hands on to do the job – such unauthorised solutions (often referred to as shadow IT) are the scourge of the IT department and CISOs everywhere. The danger is that in the rush to get the job done, staff may forget that once information has been shared with their personal AI account, it is effectively leaked, for the AI app to use and share with the world. If organisations are to avoid a GDPR fine of 4% of global turnover, they need to get ahead of the curve, fast.

 Central management of users significantly mitigates the risks

As the IT department knows all too well, a lack of central management of users spells trouble. Not only is there the risk of sensitive data being shared inappropriately, but social engineering attacks are proliferating, with cybercriminals assuming false user identities in order to gain access to enterprise systems. A centrally controlled communications platform, where only those that are invited can join (and to do so, must authenticate securely), mitigates many of the risks associated with impersonation-based attacks, and provides the organisation with the oversight required to comply with data protection and operational resilience regulations.

For handling sensitive, higher assurance conversations and data, instant messaging apps must be Secure by Design and Secure by Default. For example, the use of crypto protocols such as identity-based encryption will ensure a user really is who they say they are, and so prevent impostor-based attacks. Without built-in security features, with default settings to control users and data, instant messaging apps are prone to human error as well as deliberate mis-use. Not least of this, is cutting and pasting information and sharing it with third party applications, and the organisation subsequently losing control of the copied data.

Award-winning Armour secure communications

The Armour® Secure Communications Platform (multiple recipient of the SC Awards Best Communications Security Solution) provides an alternative to consumer grade applications. The platform brings together a quick-to-deploy, easy-to-use solution that can be used on both mobile devices and desktops, with enterprise security features not provided by mass-adoption collaboration products or free-to-use consumer apps. It protects data throughout its lifecycle, providing all elements of mobile communications/collaboration including voice, instant messaging, and video conferencing, encrypting data both at-rest and over-the-air.

The Armour Secure Communications Platform offers total data sovereignty within a controlled environment where all users are centrally managed and enrolled.  Users can only enrol once invited to do so by their Administrator.  Once their device is enrolled, the user authenticates to the communications app in their usual manner (which can include in-built biometric readers) and only then can they use the service.

As a trusted third-party system, the Armour Secure Communications Platform can be used for sensitive conversations, safely segregated from the IT infrastructure used for everyday communications.

Armour Secure Comms Platform provides control of users and data

  • Complete central control over users and data – only those invited by an administrator can use the platform.
  • Armour centrally controls the ability to cut and paste information, significantly reducing data leakage to AI/LLM apps such as ChatGPT, MS Copilot and others.
  • Multi-domain, multi-organisation structure with strictly siloed security means that Armour can augment and broaden secure communications and collaboration capabilities.
  • Corporate Confidential, OFFICIAL, OFFICIAL SENSITIVE, NATO RESTRICTED, and higher assurance collaboration can be provided securely via Armour Cloud extending to include desktops, workstations and unified comms systems (such as office phone systems).
  • Alternatively, the Armour installation can be hosted and managed on-premises to give the organisation total data sovereignty.

The Armour Mobile app is every bit as engaging and easy to use as consumer and mass-adoption collaboration apps, which typically results in high adoption rates amongst our clients (reducing any reliance on shadow IT).

To learn more about how The Armour Secure Communications Architecture and Platform could help your business to avoid data leakage, and GDPR fines, download a copy of our white paper: https://armourcomms-25743375.hs-sites-eu1.com/

  • AI, shadow IT and secure communications
  • AI, shadow IT and secure communications
  • AI, shadow IT and secure communications
  • AI, shadow IT and secure communications
  • AI, shadow IT and secure communications
  • AI, shadow IT and secure communications
  • AI, shadow IT and secure communications
  • AI, shadow IT and secure communications
Armour Comms
GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.