Altitud
FR
Edition · 25 May 2026
All trainings

AI TRAINING

Shadow AI in SMEs: Finding It, Fixing It

Identify unsanctioned AI tools across your organisation and put lightweight, enforceable governance in place.

See if this training is the right one for your team, free diagnostic

Run the diagnostic
Format
workshop
Duration
6-10h
Level
literacy
Group size
4-16
Price / participant
€350-€900
Group price
€3K-€9K
Audience
Ops managers and IT leads at SMEs with 20-150 employees
Prerequisites
No prior AI expertise required; basic familiarity with company IT and data workflows is helpful

What it covers

This workshop helps ops and IT leads at small and mid-sized companies discover where AI tools are already being used without approval, assess the associated risks, and implement a practical governance response. Participants leave with a ready-to-use discovery survey, a lightweight acceptable-use policy, a sanctioned-tool list, an amnesty process for existing usage, and a monthly drift-check routine. The format combines facilitated discussion, hands-on policy drafting, and peer review across two half-day sessions.

What you'll be able to do

  • Design and deploy a discovery survey that surfaces AI tool usage across all business functions within one week
  • Classify identified tools by risk tier using a repeatable scoring rubric
  • Draft a one-page acceptable-use policy tailored to your organisation's size and risk appetite
  • Run a structured amnesty session that encourages honest disclosure without punishing early adopters
  • Schedule and execute a monthly drift-check routine to detect new unsanctioned adoption before it becomes a liability

Topics covered

  • Running a shadow-AI discovery survey across teams
  • Mapping risk exposure from unsanctioned tools (data leakage, compliance, vendor lock-in)
  • Drafting a lightweight acceptable-use policy for AI
  • Building and communicating a sanctioned-tool list
  • Designing an amnesty process to surface existing usage without blame
  • Setting up monthly drift checks to catch new shadow adoption
  • Aligning AI governance with GDPR obligations for SMEs

Delivery

Delivered as two half-day facilitated sessions (remote or on-site). Day one covers discovery and risk mapping; day two covers policy drafting and governance processes. Participants work in small groups on real scenarios from their own organisation. All templates, survey, policy, tool-assessment rubric, amnesty script, drift-check checklist, are provided as editable documents. Hands-on drafting accounts for roughly 60% of total time.

What makes it work

  • Pair the amnesty process with a clear sanctioned alternative so employees have an immediate path forward
  • Assign a named owner for the monthly drift check, accountability matters more than process sophistication at SME scale
  • Involve at least one non-IT business lead in policy drafting to ensure the language is practical and understood company-wide
  • Review and update the sanctioned-tool list at least quarterly as the AI tool landscape evolves rapidly

Common mistakes

  • Issuing a blanket ban on AI tools without an amnesty period, which drives usage further underground
  • Building a policy that is too complex for a small team to maintain, leading to immediate non-compliance
  • Skipping the discovery phase and assuming IT already knows every tool in use
  • Treating shadow AI purely as an IT problem rather than a cross-functional ops and people challenge

When NOT to take this

A 200-person enterprise with a dedicated security team and an existing software-approval workflow, they need a full AI governance programme with procurement integration, not this lightweight SME-focused workshop.

Providers to consider

Sources

Other trainings at this level

This training is part of a Data & AI catalog built for leaders serious about execution. Take the free diagnostic to see which trainings your team needs.

Run the diagnosticBook a call