Portal sales@wiru.co.za Whatsapp (JHB) 010 595 0000 (PTA) 012 111 8300 (FS) 051 011 8500 (NC) 053 007 2100
Modern office workspace with technology
Business Strategy

Your Staff Are Already Using AI. The Question Is Whether You Know What They're Doing With It.

RM
By Riaan Maree (CTO)
March 06, 2026 Approx. 6–9 minute read

Somewhere in your business right now, a sales manager is pasting a customer's contract into a free AI tool to get a summary before a meeting. A junior accountant is asking ChatGPT to explain a tax clause that was flagged on a client return. Someone in HR has uploaded a draft policy and asked an AI to "tighten the language." Whether you have an AI strategy or not, you have AI in your business. The only question is whether you know what's leaving the building when it happens.

This is uncomfortable to sit with, and most leadership teams I talk to skip past it quickly. They prefer to discuss AI as a future decision — something to be evaluated, piloted, governed. The framing is reassuring because it preserves the illusion of control. But the timeline has already moved. The decision in front of most businesses is not whether to adopt AI. It is whether to acknowledge what's already happening and shape it, or to keep pretending the conversation is still theoretical while the practice quietly outruns the policy.

I've come to believe that the businesses that do well over the next few years are the ones that start from this honest position rather than from a clean-slate strategy document. And once you start there, almost everything you assumed about how to "roll out AI" turns out to be backwards.

1

The first thing you discover isn't an AI problem

When you accept that AI use is already happening, the first instinct is to write a policy. Don't paste customer data into public tools. Don't upload contracts. Sanitise before you send. These are reasonable rules, and you should write them. But the policy itself is the easy part, and it's not the part that matters most.

What matters is what you discover while writing it. You discover that nobody has a clean answer to the question "where does our customer data actually live?" You discover that there are folders on your shared drive that haven't been touched in four years and that nobody is sure who owns. You discover that the boundary between "internal" and "confidential" was never really defined — it was just understood. You discover that half of what people are pasting into AI tools is data they shouldn't have had quite such easy access to in the first place.

This is the real value of taking shadow AI seriously. It is a forcing function. It surfaces a generation of accumulated information mess that the business has been able to ignore because nothing was reaching into it at the speed an AI does. Suddenly, the question of who has access to what — and whether that file is current, draft, or abandoned — becomes urgent in a way it wasn't before.

Data security and governance concept
Data governance becomes critical when AI enters the workflow
Expert Insight

"The companies that get this right treat the policy moment as a chance to clean house, not just to draw lines. The ones that get it wrong write the policy, file it, and continue to assume that the data underneath is in better shape than it is."

2

The second thing you discover is that your instincts about governance are wrong

The reflex, once leadership accepts that AI is in the building, is to centralise it. Form an AI committee. Pick a tool. Lock down everything else. Channel all use through a sanctioned platform with the right guardrails.

I understand the instinct, and there is a small piece of it that's correct — you do need a single sanctioned tool with proper data handling, and you do need to make it the easy default. But the broader move toward centralisation is almost always the wrong one, because it doesn't actually solve the underlying problem. People didn't start using shadow AI because they wanted to break rules. They started using it because the work in front of them was tedious and the tool was right there. If your sanctioned alternative is harder to access, slower, or limited to certain departments, the shadow use simply continues.

The counterintuitive answer is that you have to make the sanctioned tool more available than the unsanctioned one. Every department, every role, every level. Not because everyone needs AI for their job today, but because the moment someone needs it and your tool isn't easier than the free alternative, you've lost them.

Team collaboration and distributed AI adoption
Distributed adoption outperforms centralized control
Expert Insight

"Centralised AI teams also tend to produce centralised AI use cases — usually the obvious ones, usually the ones the executive team can already see. The interesting use cases come from people two and three levels down who know exactly which fifteen minutes of their day are being wasted on something a model could handle."

You will not find these from the top. You find them by giving access broadly and watching what people build.

3

The third thing you discover is who your champions actually are

In every business I've worked with, the people who turn out to be most useful in shaping AI adoption are not the ones leadership would have predicted. They are rarely the most senior people in their department, and they are almost never the IT team. They tend to be mid-career operators who are fluent in the actual texture of their work and impatient enough with its inefficiencies to experiment.

These people exist in your business already. They are probably already the shadow AI users. The shift, once you've accepted the reality of what's happening, is to stop treating them as a compliance problem and start treating them as the natural seed of your adoption strategy. Bring them into the conversation. Let them show colleagues what they've figured out. Let them tell you which workflows are obviously broken and which are quietly fine.

AI champions leading digital transformation
Your best champions may surprise you
Expert Insight

"This works better than top-down training programmes for a reason that becomes obvious once you see it: someone three desks away who solved a problem yesterday is more credible than a consultant who solved one in a different industry last quarter. Peer demonstration compounds. Mandates do not."

4

The fourth thing you discover is that none of this is really about AI

By the time you've worked through the data hygiene, the access patterns, the unexpected champions and the reality of distributed adoption, you start to notice that you've been dealing with management problems — not technology ones. Process clarity. Decision rights. Accountability for outcomes. Honesty about what work is and isn't being done well today. These are the things that determine whether AI lands cleanly or makes a mess.

The model itself is the cheapest, fastest-changing, most replaceable part of the entire equation. Whatever tool you pick will be obsolete within a year. The organisational changes you make in process — the data you cleaned up, the access you rationalised, the conversations you had about what tasks should and shouldn't be automated, the trust you built or didn't build with anxious staff — those will outlast every model upgrade.

Organizational transformation and management
Management fundamentals matter more than technology choices
Expert Insight

"This is the part that the AI industry's marketing actively obscures. The pitch is always about capability: what the new model can do, what the new agent can automate, what's coming in the next release. The reality on the ground is that capability has been ahead of organisational readiness for at least eighteen months and the gap is widening."

Whether your business benefits from any of it depends almost entirely on the unsexy work of getting your own house in order.

What This Leaves You With

The honest framing of AI adoption is not "should we do this?" It is "this is already happening in our business, mostly invisibly, mostly without the safeguards we'd want — what do we do now?" Starting from that position changes everything that follows.

It pushes you to clean up your data because the alternative is data leaking out one prompt at a time. It pushes you to make the sanctioned tool genuinely easy because the alternative is being routed around. It pushes you to find your real champions instead of appointing nominal ones. It pushes you to be honest with anxious staff about what's changing and what isn't, because evasion just drives the use further underground.

None of this is dramatic. None of it produces a launch announcement. But it is, as far as I can tell, the work that actually matters. The businesses that take it seriously will spend the next few years quietly compounding the benefits. The ones that don't will keep waiting for an AI strategy that, in any meaningful sense, is already overdue.

Exclusive Articles in Your Inbox

Get articles like these in you inbox via our montly newsletter.

Products

Contact Us

WIRUlink Pty Ltd
Unit 44A, 7th Floor,
114 West Street,
Sandton,
Gauteng, 2196
(JHB): 010 595 0000
(PTA): 012 111 8300
(FS): 051 011 8500
(NC): 053 007 2100
: 010 595 2222
: accounts@wiru.co.za
: sales@wiru.co.za

About Us

WIRUlink is a licensed telecommunications service provider using the latest fibre and wireless technologies to offer data and voice services to homes and businesses in South Africa...
Read more

ispa-logo Legal Documents
Product Brochures