Technology cannot fix people pasting secrets into ChatGPT
You have built the detection pipeline. You have deployed the gateway. You have configured local inference for sensitive workloads. You have a vendor assessment process and an audit trail. And then an employee opens a browser tab, goes to the free ChatGPT, and pastes a confidential customer list because they need to format it quickly.
No technical architecture can fully prevent this. Network controls can block AI domains, but employees have personal phones. DLP tools can scan clipboard activity, but that requires endpoint agents that many organisations resist deploying. The gateway only protects AI usage that flows through the gateway.
The human layer — policies, training, culture — is the last line of defence. And arguably the first. If your employees understand why AI data privacy matters, know which tools are approved, and find the approved tools easier to use than the unapproved alternatives, the shadow AI problem diminishes. Not to zero, but to a manageable level.
This module covers the organisational programme: the policy, the training, the measurement, and the culture change that make your technical architecture effective in practice.
