Matthew Gamble's Blog

The Data Will Be Exfiltrated

Matthew Gamble -

When organizations talk about managing AI risk, the response often starts with prohibition. Access to public AI tools is blocked at the firewall. Policies are updated to make expectations clear. Communications go out reminding staff that these systems are not approved for corporate use.

On paper, this looks responsible. It demonstrates action. It signals control.

The problem is that most AI bans do not meaningfully reduce risk. What they reduce is visibility.

The pressure that drove employees toward these tools in the first place does not disappear simply because access is restricted. Targets remain aggressive. Timelines continue to shrink. Expectations for speed and efficiency increase. When the demand for output stays constant and sanctioned tooling is limited or slower, people adapt.

That adaptation is rarely malicious. In most cases, it is an attempt to meet expectations with the tools available.

I have personally watched this dynamic unfold inside multiple organizations that had deployed a Next Generation Firewall and "tuned" it to block known AI platforms. From a technical standpoint, the controls were implemented correctly. The domains were categorized. Access was denied. Logs reflected enforcement.

What happened next was predictable.

Staff shifted to services that were not yet classified. poe.com became an immediate alternative because it was still accessible. Others switched from corporate wifi to LTE on their phones to work around the restriction, then switched back once they had what they needed. Some used personal devices entirely. The organization could point to firewall logs and demonstrate that access to certain domains was blocked. At the same time, AI usage continued through different paths.

The control reduced what leadership could see. It did not reduce the underlying behavior.

This is where the real risk emerges. When AI usage moves outside approved channels, data begins to flow into systems that have not been reviewed. Decisions are influenced by outputs that no one has validated. Leadership loses insight into how work is actually being performed and what information is being shared.

Today, the technical barrier to bypassing controls is even lower. An employee can take a screenshot with a personal phone, use image to text to extract the content, and query an AI system without ever touching the corporate network. From a monitoring perspective, nothing unusual may appear. From a data governance perspective, the information has still left the organization.

The data will be exfiltrated.

Not necessarily because employees are careless or malicious, but because friction and incentives matter. When approved tools are harder to access than unapproved ones, the path of least resistance wins.

This is why framing AI governance as a binary allow or block decision is flawed. Risk does not disappear when you prohibit a tool. It becomes less visible to the people responsible for managing it. Invisible risk is almost always more dangerous than acknowledged risk, because it removes the opportunity to measure, guide, and correct behavior.

If organizations want to reduce AI-related exposure, the more practical approach is to assume usage will occur and design around that assumption. Provide approved tools that are usable and accessible. Establish clear guidance on what data can and cannot be shared. Monitor patterns of usage rather than relying solely on domain blocking. Align controls with how work is actually performed.

This is not a question of whether sensitive data will eventually find its way into AI systems. It is a question of whether leadership chooses to create visibility into that reality or continue to rely on controls that provide the appearance of safety.

Risk that can be seen can be managed. Risk that is forced underground will surface later, usually under less favorable conditions.