Exploding interest in generative AI (or GenAI) drove organizations worldwide to invest an estimated $16 billion in the technology in 2023 alone. Though that is just 9% of total AI spending for the year, it’s a massive year-over-year increase and signals the renewed possibility that many feel about the latest wave of AI for driving digital transformation (DX) goals. This time feels different, given the foundations of cloud, data management, and processing power that are in place today compared with earlier AI waves. For some organizations, today’s AI and the DX results promise to represent not just a possibility but a survival necessity, given the concerns of 45% of CEOs who believe their business will not exist in ten years on its current path.

In response, business leaders are taking the lead on more AI purchase decisions—meaning, it’s the CRO advocating a sales automation purchase or the CMO adding to the martech stack. This is consistent with the overall “shadow IT” trend of technology purchases made by business units without oversight from IT. The growth of subscription-based SaaS applications allows nearly any business leader with a corporate credit card to buy and deploy technology solutions. According to Gartner, “business-led” IT makes up between 30% and 40% of what technology organizations buy.

To be clear, the majority of IT and business executives view business-led IT as generally positive. But concerns arise when the technology includes AI because the current hype is making business leaders vulnerable to believing vendor promises that the technical specs do not support. A knowledgeable IT expert could help business leaders parse fiction from reality when it comes to a vendor’s AI claims, but if an organization has stopped giving IT a consistent voice in business-led purchase decisions, you won’t get the chance.

CIOs need to change that. This era of AI creates the opportunity—as well as the necessity—for IT leaders to reposition themselves as DX partners with the business. There’s urgency here, to ensure AI doesn’t get pulled into the shadows, but instead stays part of a collaboration.

Why AI can’t thrive in the shadows

It has always been hard to differentiate hype from reality when it comes to unproven technology solutions. In the case of AI, there are so many solution providers claiming to offer “cutting-edge” or “market-leading” AI, it can be difficult for business leaders with limited technical expertise to know for sure what they are getting. Is it even AI or just a rules engine? AI or not, will it deliver on the promises of higher productivity and performance that so many vendors make, or is it more of a wait and see? And if it does deliver some value, does it exceed the costs of replacing the incumbent solution?

These are not trivial questions. Shadow IT has always come with the risk that the organization would spend more without effectively solving a defined business problem. Multiply that potential across an organization’s myriad functions and you end up with:

• Runaway application costs in the form of higher overall software licensing spending, duplicate spending, and underutilized functionality. As a case in point, research finds that marketing functions use on average only 33% of the functionality in their tech stack.
• General-purpose functionality hard-wired to one business unit. If business units buy their own technology and integrate it with their systems, it may address a business need in that function, but it will not be visible to or usable by anyone else. That is a problem if the solution provides general functionality that other departments also need and for which they are already paying.
• Shelfware, or solutions that a business department buys and implements but does not use. For example, a reported 42% of HR software implementations fail, meaning that the target end-users don’t end up adopting it.
• Expanded cybersecurity risks by giving third parties unmanaged channels into the wider enterprise network

AI brings an additional set of specific risks, such as:

• Exponential spread of errors. Given the promise of AI as a trusted copilot to increase productivity, an uncaught error in the training data or algorithm has equal potential to spread a mistake across the organization. Think of a chatbot mistakenly interpreting a customer service query or an unnoticed mistake in how the finance function runs a calculation.
• Lack of transparency. Certain techniques for designing or training AI can lead to “black box” solutions, whose decisions or recommendations are opaque. That is, they cannot be reverse engineered to allow business teams to understand why it’s making a certain recommendation. If those recommendations turn out to be biased against certain people, the business would be liable.
• Proprietary data or IP exposure. All AI requires data for initial training and to fine-tune or continuously update it for your business context. With the emergence of newer SaaS-based AI models, businesses can license core AI models and add their own data. Yet without data isolation and protection safeguards, it could become integrated into and exposed to other businesses—including competitors. Samsung learned that first-hand in March 2023 when an employee used ChatGPT to error-check proprietary code.

How to bring IT in from the shadows

The need to manage these shadow-AI risks provides IT leaders with an opportunity to reestablish themselves as trusted technology experts, advisors, and DX partners to the enterprise. The idea is not to recentralize IT under the authority of the CIO, nor is it about restricting AI adoption—neither of those scenarios is politically feasible nor desirable.

The goal instead is to reestablish the CIO and IT leadership as key partners to the business with broad oversight and a strong voice on AI decisions. Part of establishing leadership will be to define, gain consensus on, and enforce the organization’s standards for AI quality, ethics, and use.

Consider the following three steps to position IT as an AI partner and source of expertise:

Step 1: Take the lead on building an AI oversight committee

Every organization should have an AI oversight committee that includes representatives from IT and from every relevant business function. The purpose is to create an environment and process through which stakeholders can communicate and come to consensus over AI decisions. Having a formal process for sharing information likewise mitigates the potential for siloed functional purchases or for AI integrations that lack a clear business strategy or connection to the broader DX ambition. This enables more strategic, cross-functional, and business-value-driven investments.

Step 2: Identify and develop your AI talent

Each organization needs a pool of AI experts who have the knowledge, skills, and credibility to influence and help vet AI purchase decisions throughout the enterprise. Identify what skills and expertise you need for AI in general and specifically applied to the business. Then, identify who you have in your organization with existing acumen in those areas or the potential to develop it. Go a step further to understand the cross-over between AI expertise and business awareness or communication skills, as you will need AI experts with the ability to play a translation role between business functions and IT.

Once you know what skills you need, who you have, and where the gaps lie, work with HR to develop a talent development plan to build out your IT/AI/business talent capabilities. This likely will include elevating people who already have existing knowledge, developing others with potential, and bringing in consultants to help bridge any short-term gaps. Hiring may also be part of your plan, though be aware that you will pay top dollar for AI experts in today’s market.

Step 3: Play a long game

AI enablement is becoming a new normal for organizations, one that will continue evolving and changing as machines become trusted copilots for many technological and business tasks. For this reason, IT leaders must approach today’s challenge of keeping AI out of the shadows as more than a single-shot effort. AI, like DX, is not a project, but a new way of operating. The full shape of that change is not clear—and can’t be, because change will be continuous. What is clear is that the organizational needs and IP risks will shift as AI maturity grows. This will require IT to maintain a continuous program of knowledge building and upskilling as AI changes, skills become outdated, and new must-have capabilities emerge.