Shadow AI has already arrived in most UK small businesses, often through browser tabs, SaaS tool sidebars, and helpful buttons that promise to improve text. Staff are using AI to rewrite emails, summarise meetings, polish proposals, and speed up admin tasks, frequently without approval, policy, or controls. This is shadow IT all over again, but faster and with better branding. The problem is not the technology itself, but unmanaged data movement into systems nobody has reviewed.

Noel Bradford explains why banning AI without offering safe approved routes will fail, why hope is not an AI governance model, and why businesses need practical data controls that give staff clear lanes: low-risk generic tasks, controlled handling of customer data, and hard stops for sensitive material. UK Government guidance and NCSC advice make clear that AI changes the threat landscape, but the basics still matter. This episode cuts through the hype to deliver straightforward guidance on approved tools, supplier checks, human review, and early mistake reporting. AI policy is not about stopping progress; it is about stopping progress from leaking your business into someone else's platform.